Beating Card Fraud

Have you ever been annoyed by your credit card company calling up unexpectedly to query a purchase? Of course it can be irritating to be questioned about a perfectly legitimate transaction, and it can be even more annoying when the company is unable to contact you directly, and decides to shut the card down. It’s very inconvenient if this happens in the middle of a trip abroad, for instance, but flagging up and investigating unusual payments is a vital part of the drive to beat card fraud.

Card issuers DO care about fraud as it can cost them an awful lot of money; they ARE doing something about it and they invest valuable time as well as money to fight it. Data monitoring is an important part of the process. Card companies are constantly monitoring your card transaction data looking for patterns and anomalies relating to how much you spend and where and when you use your card. This transaction data is carefully analysed, not by getting someone to laboriously pore over all your card transactions manually, but by using the latest technology to scan through huge amounts of data, quickly, thoroughly and automatically, and to report on anything that looks unusual or suspicious.

For example, if you live in London and normally use your card there, they will notice if you suddenly buy something in Glasgow, and the anti-fraud system will flag it up. That’s why card providers recommend that you inform them when you are travelling abroad. A quick call to your card provider before you travel could save an awful lot of hassle during your trip. If you have a long-established habit of using the card for medium price purchases and suddenly make a splurge on a very expensive item, they will notice that too. The card companies are also aware of geographical fraud hot-spots and will take additional interest in all the transactions occurring there, also of merchants and websites with unusual levels of fraudulent activity.

Another important way that card users are protected from fraud is by the microchip technology embedded in the card itself. Chip&PIN or EMV technology is of course already standard across Europe and provides a better level of security for card users there. The system has been mandatory in Europe since 2006, during which time there has been a dramatic reduction in the rate of card fraud.  The Chip&PIN system was introduced to solve the widespread problem of ‘skimming’ scams, where fraudsters illegally scanned the magnetic stripes on old-style cards and then used the skimmed data to create new ‘cloned’ cards. Chip&PIN replaces the old system of magnetic stripes, signatures and swipes with an embedded chip containing the PIN (Personal Identification Number), a four-digit code known only to the cardholder, which cannot be scanned by skimmers.

Although Europe adopted Chip&PIN technology eight years ago, the USA still clings doggedly on to the old magnetic stripe system, and is unlikely to start phasing in the new technology until 2015.  This reluctance to embrace the new system can be explained by two factors: firstly, consider the enormous cost of the change-over to the card issuing companies and to the merchants.  Quite apart from the costs of running the IT projects to change over to EMV, think about the hardware costs. 

A traditional magnetic stripe card costs about $.25 while a chip card can cost $1.25 to $2.50.  Magnetic card readers typically cost about $20 in volume purchases while a chip reader costs about $40; with a PIN keypad, that can rise to about $100.  The second factor is that the US has a history of low card fraud rates compared to the rest of the world. Unfortunately this enviable record is now threatened by the illegal activities of fraudsters and skimmers who know they can’t operate in Europe any more and so now target card users in the US.  The infamous Target security breach of 2013 in which personal data belonging to 70 million of the store’s customers was compromised may also spur the US on to address its outdated technology.

Another factor which will probably speed up the adoption of the Chip&PIN system is a forthcoming change to US law affecting the rules about card fraud liability.  On October, 2015, liability for domestic and cross-border counterfeit fraud card-present POS (Point of Sale) transactions will shift to the acquirer, either the merchant or the card issuer, if they are unable to process an EMV transaction. The liability shift does not extend to transactions generated from automated fuel dispensers for another two years,  to allow more transition time to account for the higher costs of the hardware required to change the equipment at the fuel pump.

The net result of these changes will be a huge incentive to both merchants to and card issuers to adopt Chip&PIN, and they should be making plans NOW to ensure they meet the deadline. After October 2015, if a customer turns up with an EMV card and the merchant does not have an EMV reader, then that merchant, rather than the issuing bank, will have to take the financial hit  if the transaction has any problem caused by fraud. Technology marches on, however, and it is not impossible that the US may by-pass Chip&PIN technology completely and go straight to NFC (Near Field Communication), meaning that the plastic card system would be ditched in favour of payments made by devices such as smart phones.

Footnote: in the meanwhile, here are some simple things you can do right now to make yourself more secure from fraud when using a credit or debit card:-

• Always shield your PIN when making an in store purchase or ATM withdrawal
• Check you are on a secure site when shopping online. You can do this by looking at the http address at the top left of the screen. If the site is secure you will see the locked padlock or unbroken key symbol in your browser window
• Use a credit rather than a debit card for online shopping
• When paying in a restaurant do not allow the waiter to take your card out of your sight
• Report the loss of a card promptly
• Don’t write down passwords and PIN numbers: memorise them instead