Online consumers care more about convenience than card fraud,[From Online card fraud not our problem? — Retail Fraud]
This is exactly what I told American Express when they phoned to offer me identity theft insurance yesterday. As I told the chap who called, I love my Amex BA card, but if someone steals the number and starts using it at Bolivian porn sites, I don't care, because it's Amex's problem and not mine. That's the beauty of credit cards. But does it lead to what economists term "perverse incentives" (which are nothing to do with Bolivian porn sites)? In other words, are people like me careless with their card details, thereby leading to more fraud, because we don't bear any responsibility for it? I certainly wouldn't pay for much in the way for fraud protection either.
A security vendor is trying to sell transaction monitoring services directly to consumers, a technology that until now has been offered primarily to banks.[From service-mobile-phone-fight-fraud-targets-consumers – PaymentsSource Article]
This doesn't work for me, because if fraudsters use my credit card number to buy a car in Kazakhstan while I am in England, I don't care: it's the bank's problem, not mine, which is precisely why I value my credit card so highly and charge everything I possibly can on it.
Tackling fraud is one of the areas where technology might lead to innovation, irrespective of the incentives. There are plenty of people with ideas in this field..
Credit card fraud continues to be an issue, for banks as well for consumers. I remember 15 years ago they had photos on credit cards, I am not sure why they stopped doing that, that seems to be a simple solution to reduce fraud.[From Blogging Innovation » The Need For Credit Card Innovation]
It seems like it should reduce fraud, but it doesn't. Retailers put the cards into terminals to get a decision, they don't want to be part of the loop. If the issuers required retailers to accept liability for cards that were used by the wrong person (ie, not the person who is in the picture) then they wouldn't take the cards. Photos sound like a good idea, but they are non-starter.
Think about the RFIP credit card, the idea makes sense since all you need to wave your card at the cashier and the chip supplies the card’s number and expiry date through radio waves and print our a receipt. There is no opportunity for criminals to copy it since the card remains in your pocket during the purchase… You can easily set up a gate antenna to scan people’s car when they walk past.[From Blogging Innovation » The Need For Credit Card Innovation]
Actually, you can't. We had custom-built equipment for testing the cards in the UK, and I can tell you that in order to read one of these cards from 50cm away, you need an antenna a metre across and you have to pump out so much energy that laptops in the vicinity will reboot. It's not a practical attack, and even if it is was, it would only enable you to make counterfeit magnetic stripe cards, not counterfeit contactless cards. And many card issuers now use alias PANs, so if you make a counterfeit magnetic stripe card, the hosts will reject them.
Should we put warning signs on credit cards the same way we do for tobacco? Why not?[From Blogging Innovation » The Need For Credit Card Innovation]
That's a pretty fun idea! We should have the same warnings on banknotes as well: "Warning: there is no gold in the Bank of England, this fifty pound note actually represents an interest-free loan from you to the government" or something similar.
And then there are cards that have magnetic strips can be written upon. The two-accounts-in-one card allows user to press a button to switch the card from one account to another. Second, he showed a security-enabled card that kept both the magnetic stripe and the human-readable number on the front of the card obscured until a security code was entered in.[From Blogging Innovation » The Need For Credit Card Innovation]
These are cute, that's true, but they're not a path to the future. Magnetic stripes are read-only, and the stripe details are stolen from the terminals anyway, so while this may cut down on fraud from cards that are lost or stolen but not yet reported missing, it won't make much difference to fraud overall. There is plenty of evidence to support this view.
Members of a criminal gang that stole card details by tampering with chip and PIN terminals at petrol stations throughout southern England have been jailed… The four men fixed the chip and PIN devices in various petrol stations last year in order to copy the electronic data from customers' credit and debit cards… They then used this information to make fake magnetic stripe cards that could be used fraudulently overseas in countries yet to introduce chip and PIN. According to the BBC, the nine-month fraud caused losses totalling £725,000.
The gang's mastermind, Theogenes de Montford, was sentenced to four-and-a-half years' imprisonment at at Southwark Crown Court after pleading guilty to conspiracy to defraud and conspiring to possess articles for use in fraud. When he was arrested, police found details for 35,000 cards on his laptop.[From Finextra: Chip and PIN fraud gang members jailed]
Crazy name, crazy guy. Next time I play World of Warcraft, by the way, I fully intend to be Theogenes de Montford. This is not a UK phenomenon, but is happening around the world. For example, just as happened in the UK, criminals in Canada have begun to target the POS terminals rather than the cards.
Police believed as many as 10 businesses may have been victimized when pin pads were stolen and switched with fake ones. A map detailing target areas was found by officers who arrested some of them at a local hotel… The trailer was found with hundreds of fake credit cards and equipment to make more, preventing what police said at the time could have been millions of dollars of losses. Police believed thieves took data to the trailer and used the information to create the phony cards.[From New wave of crime]
I assume that Canadian banks have adopted ICVV for their cards to defend against this kind of skimming and PIN theft and will soon mandate DDA migration to support both contactless transactions and to defend against SDA cloning, so we don't need to worry about them, but it would be good if everyone (ie, the US) would move to EMV (or perhaps even post-EMV), so we can start taking the stripes (and the embossing) off of cards. You don't need to be much of a technological visionary to see which technology is important for this path.
…instead of a PIN, use the cell phone as a PIN. So if someone steal the data on your card but without the cell phone activation, it will not work. This is an easy solution. The cell phone will also allows real time checking on spending and provide summary of spend and warns you about over spending. With a card (and a cell phone), I can view real-time data on my spending (or the spouse of children). Any warning will be posted on my Facebook page and informing both the account holders and the supplementary card users. That’s how to make spending social. I like this idea.[From Blogging Innovation » The Need For Credit Card Innovation]
This begs the question of why not just use the phone and forget about the card (!) but I think this kind of innovation is very promising: that is, the idea of using platforms such as Facebook instead of creating platforms specifically for cards and payments. I had a discussion about this a few days ago with a friend who is with a startup that is using Facebook for retailer loyalty programmes, developing Facebook apps instead of custom platforms.
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]