Plans to cut card fraud 'too complex'

The UK is in danger of over complicating fraud prevention systems and alienating genuine customers, it was claimed today.

The warning from security firm The 3rd Man follows an Apacs announcement that it is working with banks, retailers, trade associations and others to trial next-generation fraud prevention systems to combat card-not-present fraud. 

One of the proposed schemes will require cardholders to insert their chip and Pin card into a hand-held card reader to enter their Pin, as they would do in a store.

On confirming the Pin, the reader generates a unique one-time passcode which the cardholder provides, when prompted, for authentication with the cardholder's bank.

However, Paul Simms, chief executive at The 3rd Man, said: "With the introduction of chip and Pin in 2006, strides have been made with fraud prevention overall, particularly for retailers, but the problem must be put into perspective.

"Many retailers already comfortably manage the threat and do so with little or no impact on their genuine and honest customers. Why conjure up further techniques to alarm and confuse genuine consumers?"

Other proposed systems include 3D-Secure, which requires a password to authorise transactions, and Token-Based Authentication, which challenges the cardholder to input another passcode generated by a hand-held unit.

Both approaches are being promoted heavily by Apacs and the banking industry, but Simms warned against this approach.

"This is not so much about preventing fraud as it is about shifting blame. And there have been precedents," he said.

"Take chip and Pin for example. On 13 February 2006, if a card was swiped in a store and a signature obtained at the time of authorisation, the majority of the risk lay with the card issuer.

"After 14 February, with chip and Pin now mandated, the real issue is that the risk of fraud lies with either the retailer or the cardholder, not the bank.

"Bank led initiatives are all useful in preventing fraud, but the justification to implement must be based on the discounted rates that the banks have agreed to give retailers as inducements.

"Retailers must remember that these measures alone will not solve card-not-present fraud."

Copyright ©v3.co.uk

complexcutfraudplanssecuritytotoo