The Fraud Blog with Tracy Kitten

Why Card Fraud Grows Missing the Mark on Secure Card Tech Will Haunt Any Issuer
Why Card Fraud Grows

Payments card fraud is a growing concern for U.S. card issuers, yet few have taken dramatic steps to fight it.

See Also: Addressing the Identity Risk Factor in the Age of 'Need It Now'

Last week's announcement that major card brands and domestic issuers are joining forces to create an EMV Migration Forum reflects at least some interest in enhancing payment-card security.

Enhanced transaction anomaly detection and behavioral analytics are helping. ... But they're not enough. The real answer to card fraud is enhanced card technology. 

The forum, an independent, cross-industry organization, hopes to serve as a catalyst for wider adoption of chip-card technology. The group plans to support EMV implementation steps required for global payment networks, regional networks, card issuers, processors, merchants and consumers.

We'll have to see if the forum jump-starts an organized U.S. movement away from mag-stripe cards and toward EMV cards, an essential component of the fight against POS fraud.

Chip cards that conform to the Europay, MasterCard, Visa standard are inherently more secure than mag-stripe cards because the data stored on them cannot be skimmed. EMV chips are microprocessors that use cryptographic algorithms to enable dynamic authentication through a sequence of encrypted exchanges with EMV-enabled card readers. Thus, card data contained on chips is encrypted, so it cannot be read in the clear. Mag-stripes, on the other hand, cannot communicate dynamically with card readers. Transactions are authenticated by simply reading information stored in the stripe, where data is not encrypted.

It's clear the U.S. needs to get away from mag-stripe transactions: Both Visa Inc. and MasterCard have issued EMV migration dates, and Discover recently followed suit.

But the card brands have been focused on EMV for credit, not debit.

Visa says transactional complexities surrounding debit, as well as questions about interchange and fraud incentives offered by the Durbin amendment to Dodd-Frank, are primarily to blame.

Still, with debit fraud increasing, why would we continue to use card technology with known fraud vulnerabilities? We can see from other markets that enhancements in payments technology, such as the chip, do improve security, subsequently reducing losses related to card skimming and POS network attacks.

Yet many institutions don't seem to have much interest in chip technology at all. Our own survey of top fraud trends shows many banking institutions are suffering from increased incidents and losses linked to debit fraud, but few seem to care about EMV.

Some 84 percent of participants in our Faces of Fraud survey said they had suffered some sort of payment-card fraud within the last 12 months. But when we asked which types of fraud they felt best equipped to prevent, only 41 percent listed credit and debit fraud. And when we asked about EMV, 63 percent said they had no EMV strategy in place.

EMV: The Answer to POS Card Fraud?

From the Michaels craft store POS attack to the suspected POS network breach that hit the restaurant chain Penn Station, financial institutions are struggling to figure out just what they can do to enhance security through a channel they don't control.

Enhanced transaction anomaly detection and behavioral analytics are helping institutions to more quickly trace points of compromise. But they're not enough.

The real answer to card fraud is enhanced card technology.

I wish I could pinpoint why the majority of U.S. banking institutions have little interest in EMV, especially from a debit perspective. Perhaps it's because other fraud issues are viewed as more pressing.

Regardless, the time for action is upon us, and I'm hopeful some of the initiatives being spearheaded by many of the nation's largest institutions will have a trickle-down effect.



About the Author

Tracy Kitten

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 20 years' experience, Kitten has covered the financial sector for the last 13 years. Before joining Information Security Media Group in 2010, where she now serves as director of global events content and executive editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network