Thursday, December 10, 2009

Duh! Chip and PIN Doesn't Prevent Card Not Present Fraud!

What an enlightenment!  Chip and PIN doesn't prevent CNP Fraud.  Gee...I wonder why?  I'll tell you.  Read on... (or look at the graphic on the left)



I blogged earlier in the day about the rampant growth of Card Not Present (CNP) Fraud.  Well Chip and PIN is "Card Present." (CP)  CNP fraud is the result of ramping up security on CP. Hackers,  like water, find the path of least resistance.



When you think about it, it makes absolutely NO SENSE to ramp up security in the brick and mortar world (with Chip and PIN) when the bad guys can simply go online with stolen credit and debit card numbers and make fraudulent purchases. Especially when you consider that the vast majority of these stolen debit and credit card numbers are obtained because we continue to foolishly "type" (enter) our card numbers into boxes located in browsers on merchant check out sites.



It's nuts. It's like watching someone dive into a section of the Amazon River and, in seconds, be torn to shreds by a school of piranhas...and then diving in yourself seconds later.



No...better yet, it's like reading in the paper that over the last year, 285 million people have had their butts chewed off by these terrible phish and then thinking, hey I'm up for a swim!  I can't help but think that if a "school" of piranha can't teach people to stay out of the water, then it's time to put on the dunce cap the next time you "type your card numbers" (yes entering them is the same thing) into a box in a browser. 



Here's more on the rampant rise of "Card Not Present" Fraud.  




Chip and PIN doesn't prevent card fraud. Fraudsters find joy in card-not-present transactions instead.



Editor's Note:  Wow!  Think about that headline for a second.  Chip and PIN doesn't prevent fraud?  Yes it does...studies have empirically proven Chip and PIN reduces fraud.   It simplydoesn't prevent "Card Not Present" Fraud because people can't insert their card into a card reader and enter their PIN on the Internet. (yet) 





Card-not-present (CNP) fraud, which involves online shopping, increased by 25 percent in the 12 months to June 2009, according to new data from the Australian Payments Clearing Association. 



CNP fraud has been shown to grow exponentially in international markets where banks and other card issuers have rolled out chip cards to replace their less secure magnetic stripe equivalents.It has also occurred to some that fraudsters are still able to commit  fraud on magnetic stripe cards at ATMs.



I don't mean to sound like a totally sarcastic smart ass, but...here goes!



Gee...I wonder if it has "occurred" to anybody that unless we transform the web into a "card present" environment, fraudsters are still going to be able to commit "card not present" fraud? 



Even if we were able to wave a magic wand and instantaneously eliminate every magnetic stripe card from existence, then provide EVERY consumer with a Smart Card...and EVERY Retailer with a Chip and PIN reader worldwide, "Card Not Present" fraud would continue to rise because...?




We are STILL TYPING our card numbers into boxes in browsers! 



C'mon people...it's not that hard to figure out...is it?  If you want to eliminate Card Not Present Fraud we have to eliminate the "Card Not Present" environment...BY INSERTING OUR CARD INTO A READER! 



If the card wasn't "present" we wouldn't be able to insert it would we? 
(If it was a "cloned card" the fraudster would still need to know the PIN) 
If they knew the PIN, it would be because the card owner fell victim to ATM Skimming/Hidden Camera

Hack which would still vastly reduce the existing rate of "Card Not Present" Fraud. 






The article continues...A report by APCA released this week showed that fraud has grown by more than 200 percent in the last three years.







Payments fraud on credit and debit cards in Australia continues to experience double digit growth, despite ongoing moves by the financial services industry to enhance security, such as the introduction of chip cards. (Again...DUH!) That's because although CNP transactions are only about 10% of the worlds transactions, they constitute about 50 percent of all card fraud!





Investment in chip-based cards has often been touted as the solution to skimming fraud, but skimming still grew by 5.1 percent last financial year."Chip transactions at the point of sale are already commonplace, but we estimate it will take another three years before the rollout is complete," said Chris Hamilton, chief executive officer of APCA



Editor's Note:  And then what?  Internet Card Not Present Fraud will magically start decreasing?  The ONLY way to ELIMINATE CNP fraud is to eliminate the CNP environment.  And yes...HomeATM has a Smart Card Reader version of our PCI 2.x certified PIN Entry Device (our next gen version can be seen in the video below)






Continue Reading







Disqus for ePayment News