Credit card fraud on the rise

FOR most businesses in the retail sector, credit cards are a fact of life. Unfortunately, so is card-related fraud.

For a long time, credit card fraud has been low in Australia, compared with similar countries, but there are signs that it is on the rise.

According to the Australian Payments Clearing Association, 16.7 transactions out of every 100,000 using credit cards last year were fraudulent, up from 14.8 per 100,000 the previous year. But a remedy might be in sight, with the banks recently beginning planning for the introduction of a system called "chip and PIN" that promises improved security.

The new generation of cards will mean that instead of the customer signing a receipt to say they have paid for their goods, they will have to enter a four-digit Personal Identification Number (PIN), as for an Eftpos transaction. The chip in the card will contain encrypted information that will help to determine if the card is genuine, and will verify the PIN.

The aim of the technology behind the system is to ensure that the person using the card is the legitimate owner. The chip has enough memory space to eventually accommodate other information to improve security as well, such as biometric identifiers.

But the introduction of this technology does not signal the end of card fraud, according to Carl Clump, CEO of international e-commerce security firm Retail Decisions, who points to the British experience as a useful guide for Australia.

"The UK introduced chip and PIN-style security measures for credit cards several years ago, so that a numerical password was needed for face-to-face purchases," he says.

"Even before the new system was in place, we saw fraudsters migrating to e-commerce, where all that is needed is the card number and other information on the card itself.

"We believe that fraudsters in Australia are already moving the same way they did in Europe. Credit card fraud is big business, international in reach and highly mobile in outlook. The key players are very smart, and are always looking for weaknesses."

Customer-not-present, or CNP, fraud requires only the card number, and the big targets are sales by telephone, websites or TV. Card numbers are obtained by theft of cards, illegal copying of the numbers by a low-level employee in a retailer, or hacking directly into the computer networks of banks. A new trend, however, is criminals attaching card number "skimmers" (which can be easily bought over the web) to Automatic Teller Machines.

Several Australian banks have already seen their ATMs attacked in this way. Last year, a gang of Swedish fraudsters broke into an Ikea store and secretly installed skimmers on the cash registers.

Traditionally, the main targets for online card fraud have been high-value items such as plasma TVs, computers, iPods and mobile phones. However, in the past few years fraudsters have widened their net.

"We recently saw a case in the UK involving large quantities of disposable nappies that had been bought online with fraudulent card numbers," Clump says.

He also points to store gift cards as another common target for CNP fraud, especially the cards of large chains offered through websites.

"Some retailers are very wary of international credit cards," Clump says. "They sometimes respond by simply refusing to accept online transactions using cards from other countries. That's not necessarily the right thing to do. The real answer is to use methods that focus on identifying suspect numbers."

Clump's company offers a subscription-based service call ReD Shield to combat CNP fraud, integrating databases of lost or stolen cards, "warm" or suspect numbers, and sophisticated mathematical analysis. The system provides updates on emerging scams and new targets for organised fraud.
news source : http://www.news.com.au/business/story/0,23636,23444881-14327,00.html