Criminals not put off by chip and PIN

gallery

Banks and retailers must not let the initial success of chip and PIN go to their heads and dilute their active stance in the fight against card fraud, analysts warn.

Criminals have been busy since the introduction of the verification technology, turning their attention instead to other channels to sidestep the increased security measures.

While overall fraud has decreased, the level of cardholder not present (CNP) transactions, such as those carried out by telephone, mail order and on the Internet, showed a marked increase of more than £32 million in 2005, according to statistics released by the Association for Payment Clearing Services (APACS).

This negative figure somewhat overshadows the announcement of almost £60 million in fraud reduction during the same period, attributed mainly to the introduction of chip and PIN.

Teresa Jones, a senior research analyst at Butler Group, was recently a victim of chip and PIN crime. She feels that the industry's view has been slightly distorted by the initial reduction in some types of card fraud.

"I get the impression there's not quite enough urgency because chip and PIN has cut fraud by x. It made everyone's lives less complicated to a certain extent so people have taken their eyes off of the ball a little bit. But criminals are criminals and will find ways of doing wrong even if we make one side more complicated."

Jones cited a recent example she heard about on the continent, where the country in question sends a text to the card holder to authenticate certain transactions. She feels the UK could benefit from this method and, in addition to embracing two-factor authentication, should share best practice in the fight against fraud.

"It is a challenge," she added.

"People shouldn't just think we've solved the problem so we'll be ok for years. But it's just a question of time before a mastermind finds their way around the system. Industry needs to be one step ahead somehow."

Academia is certainly aware that criminals will use more sophisticated techniques to match the evolution of technology. The University of Warwick, for example, has created a PED cradle, initially designed for people with visual impairments, which distorts the view of those attempting to 'shoulder surf' to obtain PINs.

Boots started piloting the innovation in May this year. In the same month as the pharmacy chain announced its plans to step up the fight against card crime, petrol giant Shell was rocked by a chip and PIN scam that stole one million pounds from customer accounts.

Experts weren't that surprised by the incident.

"Research report after research report confirms a growing lack of consumer confidence in banking online, and the impact of further breaches affecting a mainstream payment system like Chip and PIN could be devastating," said Andrew Moloney, senior product manager at RSA Security's consumer solutions division.

"What this theft proves is that no one technology solution can be relied upon to prevent card or online fraud."

Email to a friend

Print this page