Credit card fraud rising
A recent study has found credit
cards fraud has continued to grow in Australia
FOR most businesses in the retail sector, credit
cards are a fact of life. Unfortunately, so is card-related
fraud.
For a long time, credit cards fraud has been low
in Australia, compared with similar countries, but
there are signs that it is on the rise.
According to the Australian Payments Clearing Association,
16.7 transactions out of every 100,000 using credit
cards last year were fraudulent, up from 14.8 per
100,000 the previous year. But a remedy might be in
sight, with the banks recently beginning planning
for the introduction of a system called "chip
and PIN" that promises improved security.
The new generation of cards will mean that instead
of the customer signing a receipt to say they have
paid for their goods, they will have to enter a four-digit
Personal Identification Number (PIN), as for an Eftpos
transaction. The chip in the card will contain encrypted
information that will help to determine if the card
is genuine, and will verify the PIN.
The aim of the technology behind the system is to
ensure that the person using the card is the legitimate
owner. The chip has enough memory space to eventually
accommodate other information to improve security
as well, such as biometric identifiers.
But the introduction of this technology does not
signal the end of card fraud, according to Carl Clump,
CEO of international e-commerce security firm Retail
Decisions, who points to the British experience as
a useful guide for Australia.
"The UK introduced chip and PIN-style security
measures for credit
cards several years ago, so that a numerical password
was needed for face-to-face purchases," he says.
"Even before the new system was in place, we
saw fraudsters migrating to e-commerce, where all
that is needed is the card number and other information
on the card itself.
"We believe that fraudsters in Australia are
already moving the same way they did in Europe. Credit
card fraud is big business, international in reach
and highly mobile in outlook. The key players are
very smart, and are always looking for weaknesses."
Customer-not-present, or CNP, fraud requires only
the card number, and the big targets are sales by
telephone, websites or TV. Card numbers are obtained
by theft of cards, illegal copying of the numbers
by a low-level employee in a retailer, or hacking
directly into the computer networks of banks. A new
trend, however, is criminals attaching card number
"skimmers" (which can be easily bought over
the web) to Automatic Teller Machines.
Several Australian banks have already seen their
ATMs attacked in this way. Last year, a gang of Swedish
fraudsters broke into an Ikea store and secretly installed
skimmers on the cash registers.
Traditionally, the main targets for online card fraud
have been high-value items such as plasma TVs, computers,
iPods and mobile phones. However, in the past few
years fraudsters have widened their net.
"We recently saw a case in the UK involving
large quantities of disposable nappies that had been
bought online with fraudulent card numbers,"
Clump says.
He also points to store gift cards as another common
target for CNP fraud, especially the cards of large
chains offered through websites.
"Some retailers are very wary of international
credit cards," Clump says. "They sometimes
respond by simply refusing to accept online transactions
using cards from other countries. That's not necessarily
the right thing to do. The real answer is to use methods
that focus on identifying suspect numbers."
Clump's company offers a subscription-based service
call ReD Shield to combat CNP fraud, integrating databases
of lost or stolen cards, "warm" or suspect
numbers, and sophisticated mathematical analysis.
The system provides updates on emerging scams and
new targets for organised fraud.
More finance news:
|
