Community

Great article Dominique, many thanks.

We at the European Association for Secure Transactions (EAST) are constantly focussing on the 'faster fraud' issue that you mention.  More does certainly need to be done to protect consumers, particularly from APP scams.  Unlike with card skimming, the APP fraud risk is mainly with the consumer, a point that is now being widely discussed across Europe.

Better late than never!  A positive step taken to haul the U.S. in the right direction.  To quote from the Visa press release:  ".......The U.S. is the only country in the world that has not committed to either a domestic or cross-border liability shift associated with chip payments."  Here's hoping that such a liability shift will also be extended to ATMs.........

.....and what about phone security?  I'm guessing that the majority of people with smart phones do not assiduously install an anti-virus application, and then keep it updated.

It's all very well to forward the SMS to a friend, but what if it is forwarded to a different cell phone by a trojan?  Easy money!  While I accept that mobile phones have a wider role in less developed economies, it seems as if the risks related to such cash withdrawals may have been discounted in favour of customer convenience. Now time will tell.............

".....the hardware is poorly constructed and cannot encrypt card data, opening up an opportunity for crooks posing as merchants."

The skimming fraternity have shown great agility in the past, both at ATMs, POS terminals and unattended payment terminals.  This just sounds too easy.

I agree with the Finextra verdict............the same idea using encrypted card data, and a Chip card reader, would be a lot better - except in the USA of course, until they adopt EMV! 

I am not at all surprised by the way that the NFA has presented these figures.  My headline would have been something more like:  'UK Public sector loses £21 billion in fraud, 55% of the overall annual total'.  The NFA (a public sector organisation?) glosses over this by saying that 'in part this is due to more diligent reporting'.  I'm still spinning from that one (apologies for the pun).

The published UK budget deficit (ONS) for December 2010 is £16.8 billion, with total net debt of £2322.7 billion.  In this age of austerity, significantly reducing public sector fraud losses would make a huge impact on the budget deficit, thereby reducing the needs for cuts elsewhere. 

The financial services industry is possibly the most diligent in trying to drive down fraud losses by investing in fraud prevention measures, and has seen some great success, partly due to the roll out of 'Chip and PIN' or EMV cards and terminals.

Instead of making excuses, it woul be nice if the public sector would invest a little more to seriously tackle this massive annual fraud loss figure........thereby (hopefully) reducing the austerity squeeze on the long suffering tax payer.

My feelings are in line with the Finextra verdict - as it is possible for criminals to launder stolen and stained banknotes back into circulation despite the fact that 'a stained note is probably a stolen note' (see http://www.banknotewatch.org) even if banknotes were fitted with this circuitry, there is a high probablity that it would still be relatively easy for high quality counterfeits to be introduced into circulation. 

I'm not sure that every person accepting banknotes from a consumer would diligently scan every note with a reader to make sure that it was genuine............in the case of the person who accepted the 'Santa Christmas Bank' bill, I think that we can safely assume that no such scan would have taken place and, even if it had done, the womain would have assured the cashier that this was normal .  Great technology, but loads of practical issues with effective implementation.

Maybe it is the beginning of the end for the magnetic stripe?  Particularly if other European countries follow suit - as fraudsters perpetrating card skimming in Belgium look elsewhere.

Once replacement cards are eventually issued as 'Chip only', it's likely that the restrictions on use in EMV countries outside Europe may be lifted and there will be a new global interoperability standard......EMV.

This certainly brings more pressure on the US, but then already their cardholders are unable to use their 'stripe only' cards at many European payment terminals, as well as at an increasing number of payment terminals outside Europe.

....and earlier this week China UnionPay announced that from 2015 Chinese banks will no longer issue magnetic stripe cards, just Chip cards, and the upgrade process has already started.......

....and the recently published 7th SEPA Progress report states that from 2012 onwards, all newly issued SEPA cards should be issued, by default, as “chip-only” cards.

Belgium appears to be ahead of the curve, and heading in the right direction.

You see more on this on my blog on this website posted today and called "Now you can see why you should protect your PIN at an ATM!"  It also provides a direct link to the video

The European experience also highlights the CISC point about ‘displacement’, as well as an eventual decline in losses.   The latest European ATM Crime Report published by the European ATM Security Team (EAST) shows that ATM related skimming incidents peaked in 2008 when 90% of ATMs in Europe were reported as EMV compliant.  The first (albeit marginal) year on year drop in reported incidents was recorded in 2009. 

European ATM related skimming losses also peaked in 2008, with a total of €484 million reported, before dropping 36% to €310 million in 2009.   

In 2009 73% of these losses were international, that is fraud committed outside national borders by criminals using stolen domestic card details, and 27% were domestic.   

It will be interesting to see what the 2010 figures for Europe show when published.  94% (366,707) of Europe’s ATMs were reported EMV compliant by end 2009.  A breakdown by country is freely available from the EAST website.

Of course EMV adoption is not fully effective as long as magnetic stripes remain on EMV cards, and cloned counterfeits can be used globally at non-EMV payment terminals, and for other types of payment transaction.  That point has already been discussed in a related blog on this website……………

The results of the EAST research poll carried out in January and February 2010 showed that 60% of the respondents were in favour of action being taken to address this risk as follows:

28% indicated that they would be happy to contact their bank to have the stripe on their card activated before travelling outside Europe;
12% indicated that they would be happy to carry a Chip only card, and to apply for a separate stripe card should they need to travel outside Europe;
20% agreed with both approaches.

The remaining 40% didn't agree with either approach.

This followed on from the EAST Poll conducted at the end of 2009 which indicated that 60% of respondents felt that European EMV cards should not hold sensitive cardholder data as standard in a magnetic stripe, although feedback was received highlighting practical issues with removing the stripe