Financial Fraud Action (FFA) UK, the finance industry’s national anti-fraud group has observed an increase in successful criminal activity in the first half of 2013, with physical theft of cards using increasingly complex techniques on the rise.

I thought Chip and PIN was going to stop fraud?

Fraud is like an air bubble under a plastic sheet; if you try to squash it, it moves rather than disappears. The 2004 introduction of Chip and PIN in the UK and other European countries helped to eliminate the use of cards that had been stolen from wallets, or cloned. The old magnetic strip and signature model was easy to fiddle; copying a chip is harder than a magnetic strip (although not impossible) and getting hold of a PIN number is more difficult than scrawling an ineligible signature.

So Chip and PIN worked?

Well sort of. Lost/stolen card fraud dropped from £114.4 million in 2004 down to £44.4 million in 2010, although it had risen again more recently. And counterfeit card fraud dropped from £129.7 million in 2004 to £96.8 million in 2005 but it actually peaked at £169.8 million several years later in 2008, which was overall the highest year on record.

Fraud sounds a bit more like whack-a-mole than an air bubble…

The point is it’s not going away. Last year saw the first overall increase in fraud on UK issued cards since 2008, having risen 14% from 2011 to 2010. The FFA saw £216.1 million stolen via fraud in the first half of 2013, a rise of 17%. Of these losses, £18.1 million went to Card ID theft, up 24% in the first half of 2012, and in the whole of 2012 it showed the largest proportional increase, having risen 42% on 2011.

But if you don’t have a PIN how can you impersonate them?

Getting the PIN has become a priority and scammers have gone so far as to call customers pretending to be the bank, and telling them to call the number of the bank’s fraud line and cancel their card. By not hanging up the call and playing the sound of a fake dial tone, the scammer can pretend that they are the bank when the target dials the bank’s number. They then ask for details including the PIN and send a fake courier to collect the card.

Is that bad news for the banks then?

No that’s bad news for everyone else. Since the migration to Chip and PIN, liability now lies with the merchant, in the case of non-Chip cards, or the card owner, in the case of Chip cards. Card owners wear the obligation to prove they were not involved or present. Banks have washed their hands of liability. While finance firms are still active in trying to reduce fraud, the cost burden is in theory lighter, potentially lightening the motivation to react to new threats. Whether regulators will offer any assistance in clamping down on the new criminals remains to be seen.