The battle against cyber thieves has reached a "stalemate" and card companies will have to spend millions over the next decade just to keep up with the criminals, according to security experts at Visa and MasterCard.
According to a Reuters report, John Shaughnessy, SVP for fraud prevention at Visa USA and Suzanne Lynch, VP for security and risk services at MasterCard, told a conference that organised crime rings were successfully using the Internet and crimeware programs to counteract anti-fraud technologies implemented by card issuers.
They claim that these organised gangs are helped in many cases by former Soviet KGB cryptographers.
Visa's Shaughnessy says FBI data showed the number of Internet-related credit-card crime reports rose 66% in 2004 and the average reported loss associated with online scams tripled to $2,400 from $800 in 2003. Part of the increase reflects the rise of business done via the Web, but part of it also reflects the increasing sophistication of the fraudsters.
But Shaughnessy and Lynch also blame problems within the payment chain itself for the increase in online card fraud, such as breaches at merchants and third party processors. In April this year HSBC notified over 180,000 of its customers in the US of a data security breach at a retailer that could have allowed fraudsters to access their personal financial information, while a massive security breach at Atlanta-based payments processor CardSystems in May potentially exposed more than 40 million credit cards - of all brands - to fraud.
According to the Reuters report, Shaughnessy claims that of all the breaches reported, had the third party been in compliance with association rules, they probably wouldn't have been hacked.
He says Visa and other card companies are looking at ways of protecting data so that even if a consumer's credit card information was compromised, it would be useless to a criminal. But he says it will take investments of millions of dollars over a number of years to develop a secure system.