Numerous types of card fraud have been developed over the years and are regularly committed throughout the world. The most prevalent and commonly known type is counterfeit card fraud. However, as new banking channels have opened up, for example internet, phone banking and e-commerce, and the boom in credit card use, crime has migrated to seek any opportunity to attack these new and immature transaction methods.
The losses associated with these attacks has risen drastically over the past couple of years, and counterfeit fraud has now been overtaken as the most costly type of card fraud by a newer method, that of Cardholder-Not-Present (CNP) fraud. In the UK last year, CNP fraud was responsible for losses of £116.4m – more than any other type of card fraud.
CNP transactions are performed remotely, when neither the card nor the cardholder is present at the point-of-sale. CNP transactions take many forms such as orders made over the phone or internet, by mail order or fax. In such transactions, retailers are unable to physically check the card or the identity of the cardholder, which makes the user anonymous and able to disguise their true identity. Fraudulently obtained card details are generally used with fabricated personal details to make fraudulent CNP purchases. The card details are normally copied without the cardholder’s knowledge, taken from discarded receipts or obtained by skimming. This means that while the three or four digit Card Security Code on the back of cards can help prevent fraud where card details have been obtained, it does not prevent fraud on cases where the card itself has been stolen.
Ironically, another reason CNP fraud is on the increase is because of the advent of EMV smart cards – a technology that was introduced to tackle counterfeit fraud. The major advantage of smart cards is the increased security they provide. The chip technology uses sophisticated processing techniques to identify authentic cards and make counterfeiting extremely difficult and expensive. Combining this with a PIN is a proven system for combating fraud as it provides the two-factor authentication of ‘something you have’ (the smart card) and ‘something you know’ (the PIN). This makes the probability of fraudulent transactions taking place in an ordinary retail environment extremely low.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.