Combating cardholder not present fraud

April 2005 Access Control & Identity Management

Of the security issues facing banks everywhere, prevention of card fraud has always been a high priority, and is set to grow even further in importance. The level of card fraud has risen significantly over recent years, caused in the main by the explosion in the number and usage of payment cards and the associated high level of organised card crime activity. For example, over the past decade, fraud losses on UK-issued plastic cards have risen from £96,8m to a staggering £402,4m a year. And these figures do not take into account the `soft' costs related to card fraud, such as tarnish to reputation and potential legal costs.

Numerous types of card fraud have been developed over the years and are regularly committed throughout the world. The most prevalent and commonly known type is counterfeit card fraud. However, as new banking channels have opened up, for example Internet, phone banking and e-commerce, and the boom in credit card use, crime has migrated to seek any opportunity to attack these new and immature transaction methods.

The losses associated with these attacks have risen drastically over the past couple of years, and counterfeit fraud has now been overtaken as the most costly type of card fraud by a newer method, that of cardholder-not-present (CNP) fraud. In the UK last year, CNP fraud was responsible for losses of £116,4m - more than any other type of card fraud.

CNP transactions are performed remotely, when neither the card nor the cardholder is present at the point-of-sale. CNP transactions take many forms such as orders made over the phone or Internet, by mail order or fax. In such transactions, retailers are unable to physically check the card or the identity of the cardholder, which makes the user anonymous and able to disguise their true identity. Fraudulently obtained card details are generally used with fabricated personal details to make fraudulent CNP purchases.

Ironically, another reason CNP fraud is on the increase is because of the advent of EMV smartcards - a technology that was introduced to tackle counterfeit fraud. The major advantage of smartcards is the increased security they provide. The chip technology uses sophisticated processing techniques to identify authentic cards and make counterfeiting extremely difficult and expensive. Combining this with a pin is a proven system for combating fraud as it provides the two-factor authentication of 'something you have' (the smartcard) and 'something you know' (the pin). This makes the probability of fraudulent transactions taking place in an ordinary retail environment extremely low.

By making cardholder present fraud so difficult through the introduction of smartcards, it is predicted that CNP fraud will increase further, along with other forms of fraud such as advanced Internet fraud techniques like phishing. At the same time, levels of e-commerce and Internet banking continue to rise and more and more transactions are performed without the physical presence of the user or card.

Two factor authentication is key

Banks are having to face up to the realities of the modern highly connected world, which now provides a vast array of opportunities for banks to interact with customers. It has meant that whether as a consumer or a business, the number of transaction channels is now extremely varied and continuing to grow, yet it is not a scenario that all banks are fully prepared for.

At the moment the maximum level of security available to consumers for e-transactions is user ID and password authentication. However, this is already seen as being inadequate for securing financial transactions. Instead, pioneering banks and credit card providers are turning to the obvious candidate for reducing CNP fraud, the EMV smartcard.

In terms of the technology behind the unconnected smartcard readers, it is the introduction of a common standard that is the most important innovation. APACS, in association with MasterCard, released specification standards for unconnected smartcard readers that have allowed leading manufacturers to offer products for mass consumption at a commercially viable cost.

The security benefits are clear to see. The inclusion of a smartcard in every financial transaction will add a crucial second layer of authentication. This two-factor authentication process of something you have as well as something you know should dramatically reduce fraud.

The move towards two-factor authentication for all transactions using smartcards is an important example of a security model that is able to grow organically and embrace and integrate new transaction technologies and channels, as and when required. This kind of flexible, yet secure and dependable system, is key for today's advancing e-business world and, crucially, is now a commercial possibility.

For more information, visit www.thalesgroup.com





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Unlock data insights and integration
Gallagher Access Control & Identity Management Products & Solutions
Gallagher Security announced the release of its security site management software, Command Centre v9.20, which enables integration with Microsoft Entra ID, a cloud-based identity and access management system that provides seamless synchronisation of cardholders across systems.

Read more...
Gallagher Security opens Cape Town office
Gallagher News & Events Access Control & Identity Management
Acknowledging a significant period of growth for the company in South Africa, opening a second office will enable Gallagher to increase its presence across the region with staff based in Johannesburg and Cape Town.

Read more...
Securing access against unwanted visitors
Intelliguard Access Control & Identity Management Residential Estate (Industry) Products & Solutions
In today's residential estates and complexes, one of the biggest concerns is preventing unauthorised access, while ensuring a smooth and convenient experience for residents and approved visitors.

Read more...
Smart access for a safer community
neaMetrics Suprema Access Control & Identity Management Residential Estate (Industry) Products & Solutions
Suprema's BioEntry W3 integrates AI-powered facial authentication into a sleek design that prioritises security, privacy and user experience, and even allows users to store their facial templates on their mobiles instead of external devices.

Read more...
Effortless and secure visitor management
Secutel Technologies Access Control & Identity Management Residential Estate (Industry)
Secutel Ventures has introduced SecuVisit, an access control solution designed to simplify visitor management while enhancing security. With two innovative components onboard, SecuVisit ensures seamless visitor check-ins anytime, anywhere.

Read more...
Glovent’s SOS Suite triple protects estate residents
News & Events Access Control & Identity Management Residential Estate (Industry)
One hundred and fifty-three years since the world’s first panic button was introduced in New York City, Glovent offers estate residents three different ways of summoning emergency assistance at the touch of a button.

Read more...
Security professionals gather at Integrate 360
Gallagher Access Control & Identity Management News & Events
Gallagher Security’s Integrate 360 brought together some of the best minds in security, innovation, and technology for two days full of insights, demonstrations, and future-focused discussions.

Read more...
Suprema showcases enterprise security at Integrate 360
Suprema News & Events Access Control & Identity Management
Since 2006, neaMetrics, Suprema’s distributor in Africa, has worked closely with Gallagher, building a robust partnership resulting in seamless integration between Suprema’s advanced biometric readers and Gallagher’s security management platform.

Read more...
New ASSA ABLOY facility opens in South Africa
ASSA ABLOY South Africa iDSystems Impro Technologies Access Control & Identity Management News & Events
ASSA ABLOY announced the opening of its new facility in Durban, South Africa. This new site unites IDS and Impro operations, bringing both manufacturing plants under one roof to create a hub for innovative access solutions.

Read more...
iProov achieves FIDO Remote Identity Verification certification
News & Events Access Control & Identity Management
iProov, iiDENTIFii’s technology partner in Africa, is the first to achieve the new, global certification in face biometric identity verification from the FIDO Alliance, an open industry association whose mission is to reduce the world’s reliance on passwords.

Read more...