If your card has been stolen or cloned and a crook has either got hold of — or deduced — your PIN, your world can turn upside down in an instant.[From SAM DUNN: Chip and pin is not foolproof yet banks blame customers | Mail Online]
Well, this is certainly true. Although chip and PIN cards actually can’t be cloned (the magnetic stripes on the back of them can be counterfeited, but this has always been true), I particularly liked this take on the banks’ response:
It also turns a blind eye to a PIN having been illegally read — most likely by high-tech software undetectable by the ordinary human eye.[From SAM DUNN: Chip and pin is not foolproof yet banks blame customers | Mail Online]
Most high-tech software is, presumably, detectable by the ordinary human eye. I hadn’t realised that you needed an extraordinary human eye to detect some of it though, so I can see where the author is coming from. This is all, of course, nonsense. I might sneak my high-tech software into the POS terminal at your local supermarket, and that might help me to get your card number and PIN, but those details are insufficient to create either a counterfeit magnetic stripe card (or at least they should be for issuers who have set the chip ICVV correctly) or a clone of your chip card.
If your card is stolen and the thief has your PIN, and you genuinely didn’t have it written on the back of the card, then it’s a pound to a penny that they got the PIN by looking over your shoulder in a shop or by having a camera at an ATM. The sophistication of criminals with respect to ATMs is particularly impressive and it has forced the banks to take action. When I last nipped in to the “banking lobby” at my local branch, so that I could use an ATM in the warm and dry, I noticed something new: there was a sticker on the ATM telling me that the machine had been “fitted with a device to prevent card fraud”. This led me to wonder why they didn’t send me a sticker to put on my new debit card telling me that the card had been “fitted with a device to encourage card fraud” (viz, a magnetic stripe).
I have no idea why my debit card has either a magnetic stripe or embossing, and it’s not clear to me why it has my name and bank account number on it either, and I don’t know why it has a signature strip on the back when I don’t want to use it for signature transactions under any circumstances. (Rather oddly, I also notice that the EMV configuration of my splendid payments watch says that it is configured to allow signature transactions, even though there is nowhere on the watch to put a signature strip!)
The U.S. currently accounts for 47% of global credit and debit card fraud even though it generates only 27% of the total volume of purchases and cash[From U.S. Leads the World in Credit Card Fraud, states The Nilson Report | Business Wire]
If we really want to cut down card fraud then we need to start taking the stripes off of the back of cards and the numbers off of the front of them. (I will blog some more about this tomorrow.) The US will undoubtedly see the same dynamic as the UK when it comes to the migration to chip: yes, fraud will go down but the fraudsters won’t go away. They will switch from ATM and counterfeit fraud to online fraud. Having said that, it was surprise to learn that US criminals are as conservative as US banking institutions, as in the US…
Criminals still target checks more than other types of payments.[From Payments Fraud Remains High]
So why carry on using them? Like most foreigners, when I lived in the US I was surprised by the extent to which checks are used. Off the top of my head, I couldn’t even hazard a guess at when I last wrote a cheque in the UK. But I digress. The cost of card fraud in the US is enormous, but it’s a small fraction of the transaction value, so it is tolerated. And as it is tolerated, it has continued to evolve as an industry.
The gang was split into different cells, with certain groups responsible for stealing or modifying terminals, while others made large withdrawals from ATMs. Yet another group specialised in the installation of cloning devices and cameras on banking terminal overlays.[From Finextra: Mounties bust C$100m card fraud ring]
So now that the US is going to migrate to chip (albeit chip and signature) we should expect to see a fall in this sort of scale card counterfeiting a few years from now. Let’s talk a little more about the US migration tomorrow.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers