CREDIT cards issued in Australia are being skimmed in increasing numbers and used to commit fraud here and overseas.
Old-style magstripe cards cannot be validated by the chip and PIN systems used widely around the world, but some card issuers permit their use for customer convenience.
As a result, insecure cards are prized by international criminals.
"If you use an Australian credit card in some countries, it is likely to be blocked," Lockstep Consulting smartcard and security expert Stephen Wilson says.
"This is because acquiring banks understand there is so much fraud in some jurisdictions that the card has become compromised."
Australian Payments Clearing Association chief executive Chris Hamilton says that local banks are developing plans for the introduction of chip and PIN.
There is no industry mandate on the switch, but APCA has established a Chip For Australia forum to co-ordinate the migration of autoteller, eftpos and credit card systems from magnetic stripe to chip technology.
Meanwhile, Stephen Wilson says card skimming at autotellers is only the tip of the iceberg. Organised crime gangs use matchbox-sized portable devices - bought online in bulk - to collect information from hundreds of magstripe cards at a time.
"It's so much easier for a criminal to bribe someone than try to tamper with an autoteller," Wilson says.
"Typically, they give a device to an attendant at a late-night service station or convenience store and get him to swipe customer cards for a while.
"Then they come back, pay the going rate and walk out with several hundred credit cards in a memory stick."
Industrial-scale card theft is an inevitable response to changing fraud opportunities, chief executive Carl Clump says of Retail Decisions, a payment card company that specialises in retail card fraud prevention.
By the time British financial institutions rolled out chip and PIN-protected cards in 2005, "the fraudsters had already changed their business model", Clump says.
Three years before, "they knew chip and PIN was going to curtail the opportunities for fraud with lost or stolen cards", he says. "So they turned their attention to card not present (CNP) - where the retailer never sees the piece of plastic behind the transaction nor, indeed, the cardholder." Lucrative CNP environments include mail or phone orders, interactive television purchasing and online shopping.
"CNP fraud is romping away," Clump says. "British statistics indicate that for the first six months of 2007, total card fraud was up 15 per cent compared with the same period in 2006.
"Lost and stolen fraud was down 15 per cent.
"On the other hand, CNP increased by 44 per cent. So CNP now represents 50 per cent or more of total fraud in Britain."
APCA's figures suggest a similar story. In 2006-07, domestic and overseas CNP fraud on Australian-issued cards reached $40 million. In contrast, total fraud committed with lost or stolen cards cost $16 million.
Frost and Sullivan industry analyst Simon Hayes says local consumers have not pushed for greater card security because they're not generally held liable for fraudulent transactions.
"There has always been a lack of enthusiasm here for chip cards with PIN because there's nothing in it for consumers," he says.
"People don't like being ripped off, but if it happens they're reasonably confident the banks will reimburse them."
Banks generally charge the fraud back to the merchants, so they also have been quite slow to move on more secure systems.
No comments:
Post a Comment