Technology

Research findings of the European ATM Security Team (EAST) indicate that Fraud-related ATM crimes in Europe jumped 149 percent in 2008, compared to the year prior, and resulted in  485 million (709 million) in losses  (Berrong, 2009). This has raised an overwhelming concern, both in Europe and across the globe. Various groups of information security experts are advising consumers on how to recognize some of the most popular ATM fraud schemes and how to avoid becoming victims. Among the security weaknesses identified include storing information on magnetic stripe, which is simple to copy and counterfeit. To address this problem, smartcard technology has been adopted. Smartcards, also known as Chip and PIN cards or Chip cards, have a microchip embedded in the card. A microchip (also called an integrated circuit) is a unit of packaged computer circuitry (Berrong, 2009). They are made such that they have both logic and memory. This has seen a significant reduction on the incidences of card fraud in the UK, but still losses from fraudulent card use are witnessed (Burns  Weir, 2008).In this paper, I will explore in detail the context of smartcard introduction and describe the types of fraud that remain a threat to cardholders and other stakeholders in the card system.

In Great Britain, nearly 20 of the adult population has been targeted as part of a credit or debit card scam, (Burns  Weir, 2008). Comparing UK with the whole of Europe, a research by European Security Transport Association (ESTA) shows that UK citizens are twice likely to become victims of card fraud. Even according to the media, introduction of smartcard technology in the UK is flawed and has failed to reduce levels of card fraud. These reports call for stern measures to end card fraud as it not only costs the banking industry but also the cardholder, who experiences loss of time, inconvenience, worry and frustration while a fraudulent incident is being investigated.

The UK Payments Association (APACS) has identified five different categories of card fraud (Burns  Weir, 2008). These include counterfeit card fraud, where counterfeitcloned cards are made by altering and re-coding validly issued cards or by printing and encoding cards without permission from the card issuing company. In this kind of fraud, the cardholder is unaware whether the details of the card are being skimmed, and only notices upon seeing illicit transactions in hisher statement.
An employee in a retail outlet may use a skimming device to copy data from the cards magnetic stripe so it can be used to encode a counterfeit card. This is known as skimming. It can also occur at the machine where a skimming machine has been fitted.

The other form of fraud occurs when fraudsters steal a card from a cardholder or use a lost card to obtain goods and services. This takes place if the cardholder takes time to report the loss or theft of card to the card issuer.

Mail non receipt fraud is the other type of fraud. It occurs if card is stolen when it is in transit from the issuing bank or building society to the cardholder. This is because it takes time for the cardholder to realise that a card has not arrived.

If a cardholder is not present, fraudsters may obtain the details of the cardholder and can use these to pay for goods or services over the internet, phone, fax or mail order. This is referred to as Card Not Present (CNP) fraud.

Card ID theft is another form of fraud which occurs when a criminal obtains an individuals personal information and uses this to open or access card accounts in that individuals name.

Among the main factors contributing to the high card fraud levels in the UK is cardholder complacency (Burns  Weir, 2008). This may be described as a situation where the card holders are satisfied but unaware of the possible card fraud mechanisms. As such, increased cardholder awareness of the risks and impacts will enable them to take all practical security precautions when undertaking a card payment.

Burns  Weir, 2008 indicate that large variety of card terminals makes it difficult for a cardholder to identify one that has been tampered with. There is need to inform the cardholder of other ways to notice fraudulent actions, such as familiarizing them with merchant best practices. This will enable the cardholder to easily notice suspicious behavior (Burns  Weir, 2008) such as swiping a card prior to inserting it into a card terminal or watching a PIN being entered. The cardholders will also be able to look their current account statements to notice any illegal transactions as a result of card fraud.
It is also advisable for merchants to be vigilant and to monitor transactions and any suspicious staff activities. This is because they are the prime target (Berrong, 2009) for fraudsters. The banking industry must also take stern measures to protect their merchants. Burns  Weir, 2008 identifies those measures as checking references when hiring new staff, adequate protection of systems which hold customer and transaction data and careful investigation of all customer concerns about staff undertakings on card transactions.

For online transactions, merchants should employ the use of AVS- Address Verification System, (Burns  Weir, 2008). This is a system that allows retailers to compare the billing address supplied with that associated with the cardholder and Card Security Code (CSC). Using AVS, merchants can hence cross check a special security code held on the back of the card. This is an effective measure in controlling card fraud especially where the cardholder is not physically present i.e. CNP frauds.
The merchant acquirer refers to the bank retained by the retailer to process payment card transactions on their behalf (Burns  Weir, 2008). They are responsible for paying the merchant for the transactions they process. To minimize smartcard fraud, they have adopted the use of fraud detection software that detects patterns that could be due to fraudulent activity. This can be useful in investigating unusual patterns of transactions.

Owing to these increased cases of magnetic stripe credit and debit card fraud, the success of card technology must heavily rely on smartcards. However, since fraudsters will continue getting creative to exploit technology and social conditioning to devise attacks on chip technology, proper security measures on the use of smartcards should be put in place.

At times the chip technology may fail to function, which calls for the use of a magnetic strip as a fallback. This permits fraudsters to circumvent a number of the safeguards provided by smart card technology (Burns  Weir, 2008). In this case, the Chip and PIN does not fully address counterfeit card fraud- fraud made possible through the theft of card details in transit or from loststolen scenarios. With the implementation of these measures, a significant reduction in card counterfeiting is likely to occur, but as long as magnetic stripes are in use counterfeiting will remain a viable option for fraudsters.