Avivah LitanI’ve been spending some time with U.S. bankers lately and learned that good old fashion ATM skimming attacks are on the increase. And this time the attacks don’t represent one-off events where a skimmer or two are placed on a few ATM machines. Instead, there is strong evidence of Eastern European gangs conducting well-organized and larger-scale attacks that involve sticking skimmers on lots of ATM machines, Point-of-Sale and gas-pump card readers all within a defined geographical area. States like Indiana seems to be getting more than their fair share of such attacks.
http://atmmarketplace.com/article.php?id=11918&na=1
http://www.wlfi.com/dpp/news/crime/lafayette-area-debit-cards-affected-in-security-breach
These and other similar events are driving increased interest in debit card fraud detection system; however it’s difficult for banks to tune these systems so that they don’t inconvenience good customers by rejecting legitimate transactions. Perhaps Chip cards will be implemented in the U.S. sooner than expected, if these trends continue.
Category: Uncategorized Tags:
2 responses so far ↓
1 Stephen Wilson April 28, 2010 at 4:47 pm
“Perhaps Chip cards will be implemented in the U.S. sooner than expected, if these trends continue”. That would be excellent.
One thing I’ve never understood is why the total cost of merchant enablement for EMV in the US (said to be some $16B or more) is cited as a barrier to implementation. It’s not like that’s a lump sum that needs to be invested before anyone gets any payback. There are incremental benefits to be had from chip-enabling all new credit & debit cards (for let’s say $2 each conservatively).
Surely most new ATMs have a chip reader built inside them by now. So we could peg back skimming right away without spending a nickel on merchant terminals for the time being.
Chip generated digital signatures is also the best way by far to counter replay attack in Internet CNP transactions. So we could see communities of online merchants accepting chip-secured payments to turn the tide against ID theft and online card fraud. For pure play cyber merchants, there is no hardware cost in enabling their “stores” to accept chip payments!
Stephen Wilson, Lockstep, Australia.
2 Avivah Litan April 29, 2010 at 10:22 am
Great points. As you rightly cite, there are indeed incremental benefits to be gained and many new readers are already chip-enabled. We have to start somewhere.
The fraud managers I speak with at card issuers are all for chip cards. They just have to get their management on board to pay for it. The costs of card replacements have become a major item so perhaps there will be more appetite to pay for chip cards.
The fraud detection systems can only go so far. And as you also rightly point out, chip generated digital signatures are the best way to counter Internet transaction attacks – whether CNP or any other online transaction.