Credit card security – A chicken and egg story

by sekureservices

America leads the world in credit-card processing security fraud. The United States accounts for 47% of global credit and debit card fraud, even though it is responsible for only 27% of the total volume of purchases. The amount of fraud based on stolen card numbers in the United States is around $14 billion a year.

Unlike European in the US we have minor reservations, when a sales clerk swipe a card at a check-out instead of doing it personally on a shielded POS terminal while keying in a PIN number. Handing over a credit card to a waiter in a restaurant, who disappears out of sight for five minutes before returning with a printed statement for signature verification, is now considered one of the most important security flaw associated with credit card processing.

America remains the only major developed country not having embraced secure “smart cards”, still relying majorly on antiquated magnetic stripe credit cards that encode their sensitive data in magnetic stripe. Copying data embedded in a magnetic strips is easier and quicker than ever with a majority of office supplies distributor offering a compact and very cheap card strip readers  making it extremely easy to duplicate and scam credit cards.

Inevitably, credit card fraud has dropped dramatically where payment process involve the  “chip-and-pin” cards. As tougher security measures have come into effect around the world, fraudsters have begun to focus their credit-card scams more than ever on the United States where there are still many store owners who haven’t migrated there POS devices with the new one that support  the chip and pin.

Hacking into a credit-card processor’s database is another profitable approach for criminals. Meanwhile, fitting clandestine magnetic-stripe skimmers on petrol pumps and ATM machines has become increasingly common. And the old standby of using “phishing attacks” over the phone or the internet—to con individuals into parting with their card’s security details—remains as widespread as ever.

Stolen credit-cards details are sold in bulk, ranging in price from ten cents to nearly a dollar per card. According to Symantec, a major supplier of security software, published that by far the most popular category of data lifted from data hacking was credit-card data where the individual’s name, the 16-digit account number, the expiry date including the 3 digit number printed on the back intended to validate the card holder online allow to duplicate the credit card.

The answer, of course, is for American card companies to do what Europeans have deen doing for over ten years and start issuing chip-based credit and debit cards replacing the vulnerable magnetic strip cards at a faster rate. Unfortunately, the stores have had little incentive to replace their POS payment terminals with smart-card readers while banks have been reluctant to issue smart cards while the stores are refusing to accept them.

The problem is compounded by the fearsome competition in America between card-issuers for free-spending customers. Few banks are willing to force card-holders to change their habits for fear of antagonizing them. For their part, merchant’s fear it would take years to recoup the investment needed to upgrade their terminals and build new communications infrastructure. We have a classic chicken and egg scenario. Till the banking industry gets their act together and unit in this effort to enforce merchants in the required investment for accepting the “Chip and Pin” cards America will remain the haven for credit card fraud.