Card Related Frauds and EMV Cards

The recent Great E Banking Fraud in which $45 million was withdrawn in cash through ATMs after modifyng card data in the back end systems has triggered a fresh debate on how the security can be improved in card usage.

According to various surveys it is reported that 27% of the card holders around the world have experienced fraud in the past five years (See here). The average loss has been however int he region of $400. The current $45 million fraud is an exception since the modus operandi was to remove the card limit. Another observation is that frauds are significantly lower in Europe and are higher in US.One of the reasons for this is that Europe has migrated to Pin and Chip technology (EMV-Europay, Master, Visa standard) while US is still in the Magnetic Stripe technology.

Security experts have been telling that even the EMV cards are not immune to frauds but all experts agree that there is a significant additional layer of defense present in EMV cards which make it a little more difficult for the fraudsters to misuse than the MagStripe cards.

In India RBI has  already advised Banks to move to EMV technology but has not yet made it mandatory except for international cards.

These observations indicate that had ATMs been enabled for accepting EMV cards, the Great E Banking Robbery would have been difficult to execute. Part of the blame for using insecure technology therefore lies on the Banking system.

Instead of only blaming the back end processors, Banks need to fortify the front end technology for card acceptance since the point of sale devices can also be compromised with malicious codes and negate all security measures in the back end.

Costs are definitely a consideration for Banks. Presently it is stated that card frauds in US is around $8.8 billion as against a card usage of around $2.1 trillion. May be the insurance industry is still capable of absorbing the losses at this level but not taking measures to mitigate the loss prospects by hardening the front end card acceptance technology would be a criminal negligence on the part of Banks.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Crime. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.