Online Credit and Debit Card Security Report
by Berislav Kucan - Thursday, 17 April 2003
Independent market analyst Datamonitor, released a new report focused on the situation of online credit and debit card security. E-Commerce payment volumes will continue to increase in coming years, and the analysts predict those surpassing 200 billion Euros by 2007. With this rise, we will see a coincident rise in online card fraud. The report covers the past, present and future of the card scheme security initiatives. The following couple of paragraphs explain the situation related to card scheme security initiatives and card fraud.

Card scheme security initiatives explained

In recent years eCommerce consumer payment volumes have ballooned. Due to consumers' appetite for purchasing a wide range of goods and services online Datamonitor estimates that European consumer online spend i.e. the value of goods and services purchased and paid for online using any payment mechanism, in 2002, amounted to almost EUR40 billion. Yet, despite this impressive growth there is some concern that rising online card fraud is deterring some consumers from transacting online or from doing so as frequently as they would like. The major card schemes such as Visa, MasterCard and Maestro have sought to address this problem by developing security initiatives that make it more difficult to use a credit or debit fraudulently online. Most recently the card schemes have launched Verified by Visa, MasterCard SecureCode and Maestro's eCommerce.

Card not present (CNP) fraud is on the increase

Although it is widely believed that credit cards remain a safe way to purchase goods and services online, it is also recognised that online card fraud is on the increase. For example, Visa USA has revealed that fraud related to eCommerce now accounts for 10 per cent of the fraud it records despite eCommerce accounting for only five per cent of sales volumes. Card not present (CNP) fraud, of which online fraud is a component, is also rapidly increasing in significance. According to Visa EU statistics, CNP fraud now accounts for 23 per cent of total card fraud up from eight per cent in 1997 and 20 per cent in 2000.

Authentication in the online environment is problematic

In an offline environment credit cards can be authenticated at the point of sale. The merchant verifies that the individual making the purchase is also the person to whom the card belongs by checking the signature the cardholder provides with that on the reverse of the card. If the signatures match, and the card is verified, the sale is agreed. In an online environment, and indeed via other channels such as mail order and over the telephone, authentication is more difficult. The merchant is unable to see the card or to verify a signature. This weakness gives rise to CNP fraud since ultimately anybody can provide anybody else's credit card details and assuming the card has not been reported lost or stolen and the funds are available, the sale will be agreed.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th