Chip cards fail to prevent banking fraud boom

Card-not-present (CNP) fraud, which involves the use of stolen credit and debit card details to make telephone and online payments, increased by 25 percent in the 12 months to June 2009, according to new data from the Australian Payments Clearing Association.

CNP fraud has been shown to grow exponentially in international markets where banks and other card issuers have rolled out chip cards to replace their less secure magnetic stripe equivalents.

It has also occurred despite Australia's relatively small eCommerce market, and despite the fact that fraudsters are still able to commit skimming fraud on magnetic stripe cards at ATMs.

A report by APCA released this week showed that fraud has grown by more than 200 percent in the last three years.

Payments fraud on credit and debit cards in Australia continues to experience double digit growth, despite ongoing moves by the financial services industry to enhance security, such as the introduction of chip cards.

Investment in chip-based cards has often been touted as the solution to skimming fraud, but skimming still grew by 5.1 percent last financial year.

"Chip transactions at the point of sale are already commonplace, but we estimate it will take another three years before the rollout is complete," said Chris Hamilton, chief executive officer of APCA.

Credit and charge card skimming fraud is still a $45 million business, forcing banks to step up security at ATMs. The Commonwealth Bank recently announced a raft of new measures designed to stem the problem, including anti-skimming devices across its ATM network and voice activated telephone alerts for suspected fraudulent credit card transactions.

"Fraudsters and thieves are unfortunately becoming more and more sophisticated and bold in their methods" said Ross McEwan, group executive of retail banking services with the Commonwealth Bank.

Greg McAweeney, general manager of Rabobank direct banking arm RaboPlus told ITNews he's surprised how long it's taking the Australian market to deploy chip-based cards and terminals.

"The criminals now have three years to go and make hay, and ultimately those costs get passed on to consumers, because someone has to bear the brunt of it."

Although consumers ultimately bear the cost of online payments fraud, McAweeney says many are blind to the actual size of the problem. 

"Not all of the data is published here, and there isn't any meaningful consumer education on it" he said.

Need more data?

UK payments body APACS, in contrast to Australia's payments clearing association, publishes a wider set of data on payments fraud - including data on online banking fraud losses, something Australian banks have refused to disclose.

APCA's Hamilton would not be drawn on whether the association has asked its members to supply data on online banking fraud, but said the organisation is "having discussions with them as a group, and the card schemes and other organisations like the Australian Bankers' Association, about how to improve the data collection".

Hamilton said the UK collection represents the "high water mark" of reporting, but there are issues with industry willingness to disclose and data comparability that stand in the way of similar reporting in Australia.

But he acknowledged the time taken to disclose data (currently up to six months), could be improved. "I'm not really happy with how long it takes."

McAweeney believes regulation may be required to improve the situation.

"One of the reasons APACS in the UK produce more data is not because they want to, they were actually forced to by a range of lobby groups that ran a constant campaign to get the data."

APCA is encouraging merchants to play a role in preventing fraud by comparing the signature of the sales slip to the back of the card, checking to ensure the card hasn't been tampered with in any way, and taking extra steps to verify the cardholder's identity when accepting card payments over the phone or Internet.

Consumers can help protect themselves by keeping the pinpad covered when entering their PIN, staying alert for anything suspicious when using ATMs, and following up with their financial institution if anything seems out of the ordinary.

APCA says a consumer awareness initiative to reinforce the importance of consumers protecting their PIN will be launched in early 2010.