Blog

Several years ago, the UK led the way in cutting fraud for cardholder present transactions by introducing EMV which many of you will know as "Chip and Pin". After phasing out the swiping of cards with customers signing for transactions and requiring people to use their PIN to confirm a transaction, fraud was cut overnight. Sadly it wasn't a total success as although we stopped fraud over in the UK, fraud of UK cards moved abroad. This is because outside the UK, not all countries have rolled out EMV even to this day. On the plus side, as these countries roll out EMV, we will become even more protected.

Separately, in cardholder not present transactions, for many years now, we have been trying to combat both credit / debit card fraud (both online and over the phone transactions) and online banking fraud.

The method adopted for online card transactions was 3D Secure which many of you will know by the names given by the card companies - namely Verified by Visa and Mastercard SecureCode. The system works by allowing you to register your card for the service the first time you use a site that supports the technology. You register using security details from the card as well as personal details. After setting your password, the idea is you enter that password before completing a transaction on a future purchase. This service hasn't managed to achieve what it was designed to do for a number of reasons :-
- The screen you enter the password into is usually a frame inside the window of the site you are purchasing from meaning it is hard to tell if it isn't something setup to harvest passwords.
- If you check the frame source or the location you are redirected to, it isn't the website of the site you are shopping at, the card issuing bank or the root card provider (Visa, MasterCard, etc) which leads to suspicion from the end user that it may be a phishing site.
- You don't need to enter a lot of information to reset the password generally. All that is often required is details from the card (which a fraudster would already have) as well as a few personal details such as date of birth and mother's maiden name (which the fraudster also may already have or could be found online using social networking sites for example).

The methods adopted for online banking vary from bank to bank. Some have implemented a system where you get sent a reader which you slot your card into, enter your PIN, enter the number shown on screen when logging in / performing a transaction and it gives you a number to enter back into the system. Others send you a small device with a single button on which gives you a number to enter. Both of these methods add additional cost to the bank in sending the devices out and the customer must carry them around if they want to perform transactions in multiple places.

Phone transaction currently do not have a reliable way of stopping fraud taking place.

Credit / Debit Card with Integrated Keypad
Credit / Debit Card with Integrated Keypad
A few technologies have been entering the marketplace in recent years to combat fraud either in some or all of these transaction types. The most promising is one the BBC has been reporting on today - Credit card code to combat fraud. This technology has been in development for several years now and been available in a few forms for the last few years. The way it works is simple: You try to perform a transaction (phone, online or online banking) or login to online banking and it asks you to enter your "one time code". This is done by entering your PIN on a little keypad on the back of the card and then the display shows you the number to type in. This is transmitted back to the issuing bank and because the issuing bank has the same algorithm and unique details of that card, they are able to check if the details match up and either accept or deny the transaction based on the result.

The above would basically eliminate cardholder not present fraud overnight if it was globally implemented because it would require the fraudster to have possession of the card AND know the PIN. The likeliness of them meeting both of these criteria is unlikely and thus you have stopped fraud via 3 methods with one system.

The limiting factor stopping roll out of these cards is the cost to produce the cards which is mainly limited by the company who invented the technology. If several big issuing banks begin roll out, though, the cost will likely drop so it is not much more expensive than producing a standard card, leading to global adoption.

(This will not be published)
[CAPTCHA Image]
Get New Image

I am a technology enthusiast living up in Carlisle, Cumbria in the UK and am the managing director of Its Elixir which sells Henna Hair Care Products and Ear Candles, Craig Brass Systems which creates and custom develops quality software and LonsdaleNET which delivers high speed wireless and fibre optic broadband in Cumbria.