By Ryan Whelan
This week, the Association of Payment Clearing Services (Apacs) released figures announcing that fraud on credit and debit cards soared by 25% last year and reached a record high, with losses of £535m. Card Not Present (CNP) fraud now amounts to more than half of all such losses at £291m.
We’re led to believe the banks are doing everything in their power to protect our money and identities, but most of us know of at least one person that has fallen victim to credit or debit card fraud, if not actually experienced it first-hand. In fact, only last week I received a call from my mother telling me that money had been taken from her account and spent in China – but of course, she’s never been to China!
Coincidentally, my mother has the dubious pleasure of banking with Barclays, which has recently issued all of its customers with PINsentry - a real step forward in online security, claims Barclays. I would beg to differ, as I’m sure would most Barclays customers. It is so ‘secure’ that even the holder of the account cannot access their funds without possession of both the calculator lookalike device and their card, which does not bode well in a world where our pockets are already filled with mobile phones, wallets, keys and MP3 players.
PINsentry works by asking the user to insert their card and PIN code, and in return they are provided with a one-time eight digit code to log on with. As with many of the new methods being introduced, including SecureCode by Mastercard and Verified by Visa from Visa, PINsentry might add a small layer of additional security, but in doing so it also compromises usability.
This method has also forced a number of users to resort to pre-generating and carrying around a set of valid codes for when they are not at home – which is hardly great from a security point of view either. The emphasis here appears to be solely on blocking fraudsters rather that making life simple and more secure for the account holder.
Chip and PIN may have tackled fraud at the checkout, but it’s clearly failing to keep up with trends in online shopping. As such, we are currently forced to use two methods to authenticate ourselves; Chip and PIN on the high street and 'fixed' password-based systems online.
Yet Apacs appears to still be promoting Chip and PIN as the catch-all answer to fraud despite the revelation by Cambridge University researchers of successful attempts to obtain PIN and credit card details by hacking Chip and PIN terminals.
Come on Apacs, wake up, admit defeat, and try finding another solution to fraud that doesn’t just force the problem back on the user!
Just wait till the number of account defections that Barclays has suffered becomes public knowledge.
Other banks are introducing similar systems but Barclays as the biggest first mover has a lot to lose.
Posted by: Foogler | 14 March 2008 at 20:29
Massive increase in fraud crimes should make the government and banks realise that their data protection and Chip and PIN systems are failing to deter fraudsters. Rather than combating these systems are diverting fraud to other sectors.
This shows that fraud will continue to grow until they exploit ID KEY system described on website www.xwave.co.uk to make signature and PIN systems reliable and foolproof. ID KEY and PIN system will deter fraud crimes while Chip and PIN system diverts fraud to other sectors.
Fake documents have made our signature system unreliable while skimmers and pin-hole cameras etc. have made PIN system unreliable. We have option to make signatures reliable by personalising them with ID stickers and option to use Card Key Code to make PIN system reliable to make use of stolen and skimmed cards meaningless. By ignoring to exploit this system banks are only letting fraud crimes grow.
ID KEY system will eliminate the need for us to protect our personal and card details since fraudsters will be deterred from misusing these stolen details.
Proposed ID KEY can be treated as a reliable international ID card because it will personalise signature and PIN number to only the right individuals in any country.
From these details it is obvious that fraud crimes will continue to grow until proposed KEY and PIN system is exploited.
Posted by: Roger | 15 March 2008 at 00:18