Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
Editor's Blog and Industry Comments

Chip and PIN fails to stem card fraud explosion.

13 March, 2008
Fraud on credit and debit cards is soaring once again to reach a record high.
Card fraud rose by 25% last year and the losses amount to £535 million despite the much vaunted introduction of the Chip and PIN system.

Authentication expert GrIDsure argues that the news clearly shows existing approaches designed to tackle fraud are simply not working.

Card not present (CNP) fraud now amounts to more than half of all card losses both in the UK and abroad at £291m. GrIDsure argues that this is indicative of the flawed reliance on Chip and PIN as the primary means to tackle fraud but the Association of Payment Clearing Services (Apacs) appears to still be promoting Chip and PIN as the answer.

"Chip and PIN is fine as a starting point to address high street fraud, but while we still have cards with magnetic stripes and static PINs, fraud will continue to increase," said Jonathan Craymer, Chairman, GrIDsure. "As the latest figures show, Chip and PIN is doing nothing to address fraud overseas or from transaction online or via the phone. The USA, for example, is showing no signs of moving to Chip and PIN, and with e-commerce still on the rise, addressing only high street fraud is a major oversight."

"It is time the industry woke up to the reality that fixed PINs are simply not secure enough. Fraudsters are always going to be looking for new ways to make money, but there are simple, incremental changes that can be made to improve the existing system now. It is absurd to suggest that we're getting better at tackling fraud, we need to take firm action right now to stop these fraudsters in their tracks," continued Craymer.

So what should be done?

Well GrIDsure offers a few top tips for banks and card companies to help prevent fraud:

* Ensure the full security potential of the chips on cards is used EVERY time purchases are made rather than reverting back to the magnetic strip

* Replace fixed PINs (or passwords) with more secure 'one-time' codes, which only work for each individual transaction.

* Employ a range of additional security measures that really work.

GrIDsure suggest that Verified by Visa and SecureCode password-protected schemes may help â€" but again only if the fixed passwords are replaced by 'one-time' codes.

The authentication expert also recommends that mobile phones should be used to offer a range of additional (out of band) security solutions (alongside or in addition to 'code generator' devices).

Craymer added. "Adopting these three policies would, in our view, help to create a system which will be as simple to use and secure over the web or phone, as over the counter, and actually make the original £1.1bn investment in Chip & PIN pay off in terms of card fraud reduction."
Bookmark and Share