Thursday, August 20, 2009

Card Fraud Expected to Increase in US...Yet We're Still Typing and Hackers are Still Swiping!



Aug 19, 2009 (Datamonitor via COMTEX) - excerpts in blue

Card fraud is expected to increase in the US with the country still no nearer to introducing the chip and PIN technology which has proved successful in Europe.

With fiscal pressures particularly evident in the current economic climate, technology vendors are rushing to pilot alternative solutions to the costly chip and PIN option.

Editor's Note:  This might sound a little too simple, but an obviously less costly solution to Chip and PIN technology would be the elimination of signature debit.  PIN Debit for every debit transaction.  Simple, easy and not at all costly.  Signature Debit Fraud is more than 10 times higher than PIN Debit fraud.  Besides, it's the preferred form of payment by both consumers and merchants alike. 






Chip and PIN increases CNP (Card Not Present Fraud) fraud.  Fraud is like water in that it finds the path of least resistance.  If it finds resistance it moves to where there is none.

Chip and PIN resists fraud at brick and mortar locations, but increases the opportunity for fraud to occur where Chip and PIN is not required...which is in the CNP world.  (i.e. Online Shopping)

Therefore, let's turn our attention as to how we can increase resistance.  First question I have is why on earth is "signature" debit used for E-Commerce.  What signature are they talking about?  Where do I sign?  Typing your card number into a box does not constitute a signature in my book.




Signature Debit is "offline debit" and was not designed for "online shopping."  On the other hand PIN Debit is "online debit" and "Online Debit for Online Shopping" sounds like a perfect fit to me.






It makes more sense to use PIN Debit's encrypted and built-in two factor authentication anyway. 

So I say simply eliminate the use of "offline debit" for "online shopping"


Doing so would provide for the elimination of typing credit and/or debit card numbers into a box in a web browser.  Typing is the cause.  Hacking is the effect.  But let's take it a step further.  It's not just about two-factor authentication.  It's about eliminating the CNP environment altogether.

With HomeATM, when the cardholder swipes their card, (Card Present) the cardholder data is "instantaneously" encrypted "inside our device", and thus provides complete "Zone 1 through Zone 5" true "end to end" encryption.  We now have an environment that is "exponentially" more secure than typing.

By eliminating "typing" and mandating "swiping" we have eliminated the CNP (path of least resistance) environment and the the threats posed by phishing, cloned bank websites, malware and DNS Hijacking are eliminated as well.  





It's really not that difficult a concept to comprehend.  I suppose I can make it sound more technical...the formula to secure transactions is: 2FA E2EE 3DES DUKPT 




(Two-Factor Authentication, End to End Encryption,
Triple Data Encryption Algorithm
Derived Unique Key Per Transaction...see, simple!)
Not?  Here's a primer:
3DES, DUKPT & E2EE Explained



The article continues:

With the recent adoption of chip and PIN technology in Canada and Mexico, following its successful adoption in Europe, fraudsters are expected to increasingly target the US market.  (especially the CNP market)




A recent survey by Actimize found that around 66% of bankers, card issuers or payment processors anticipate US card fraud levels to increase. As the number of cases of attempted fraud threatens to rise in the US, local banks, card issuers and payment processors will come under increasing pressure to find a solution that reduces their liability. (how about 2FA E2EE 3DES DUKPT?)






Knowing which technology solution to choose is not a simple decision, (au contraire...there's a very simple solution when it comes to CNP fraud.  Eliminate the CNP environment by providing consumers with a device that allows them to prove "card presence" with the  swipe of a card.) with many factors such as the current infrastructure and IT budget likely to drive the final determination.

Fraud prevention and detection solutions are expensive
, and it is hard to say that they guarantee business development. However, a lack of detection/prevention from fraud attempts may lead to even more significant costs within banks.

Fraud losses comprise not only the actual amount that is stolen, but also labor costs related to investigation and managing fraud cases. 
These costs can be up to
five times higher than the stolen amount, and are rarely published by
banks. As such, identifying a suitable alternative to the costly chip
and PIN solution is a sound strategic move.





Editor's Note 2:  Stop with this "fraud prevention and detection" jargon.  It's the wrong mindset.  We should be talking "elimination."  Eliminate typing, Eliminate CNP environment and you done.  Simply admit to the fact that the web is not safe and have consumers utilize the same process used to access "cash" at an ATM.  Swipe their card, enter their PIN. 







There is only one PCI 2.x certified device in the world specifically designed for E-Commerce, and our Slim version (depicted in all the pictures) can be had for as little as $12 each in quantity. 

Banks could give it away at a fraction of the cost they are spending to give away Smokey Joe Grills, or other useless (when it comes to securing transactions) promotions.  And it would attract online banking customers like typing attracts hackers!

Our device would enhance a financial institution's reputation, create a branding strategy and secure more business and more customers for their financial institution.  How?  Here's how...







Slim is perfect for online banking log-in,
Ideal
for a financial institutions internal P2P money transfer application and
More secure than any current payment mechanism available for online shopping.  Want proof?  Here ya go:







Aug 14, 2009





Commissioned by CashEdge in June 2009, the survey polled more than 850 consumers nationwide aged 18 years and older who use online banking capabilities. These respondents described themselves as bank customers (76 percent), credit union ...












Jul 29, 2009





So if I wanted to open a portal for dissatisfied online banking customers, I would use a uniquely positioned product to ensure my customers security. I'm thinking Swipe vs. Type here. Then I would think...how many potential customers ...












Aug 05, 2009



But HomeATM has gotten the price down to the point that banks could literally give them away...thus empowering their online banking customers to not only log-in securely but pay bills in real-time, send or receive money in real-time and ...






Aug 17, 2009





The first step to prevent online banking
fraud is to secure the log-in process. It's not a difficult concept to
comprehend. Instead of giving away Smokey Joe's, Toasters, Fans,
Tupperware, etc. banks need to start giving away something ...






 
















Reblog this post [with Zemanta]

Disqus for ePayment News