Skimming Archives - Payment Processing News
December 2nd, 2013 by Elma Jane

Europay, Mastercard, and Visa (EMV) standards. Considered safer and widely used across Europe and other nations, the chip-based cards require insertion of the card into a terminal for the duration of a transaction, a break here from our traditional swipe-and-buy behavior. That’s just one way in which EMV changes things here… but it’s not the only way, nor is it the most important way. By way of reminder, October 2015 is the date by which all restaurants and other merchants are due to have implemented these standards, or potentially be liable for counterfeit fraud, which primarily reflects a shift from magnetic-stripe credit cards to chip cards.

The main driver in the EMV migration is card-related financial fraud.  As an example, and traditionally, card fraud in the United Kingdom has always been considerably higher than here in the States, primarily because the U.K. previously used offline card authorization as opposed to the online card methodology used here. As losses due to fraud rose steadily in Europe, despite the best efforts of global law enforcement agencies to reduce it, the pressure to find a solution built around some alternative authentication strategy mounted. From this concern, EMV was born.

Is it working? Recent statistics from the European Central Bank (ECB) revealed that, despite growing card usage, fraud in the Single Euro Payments Area (SEPA) – a mature EMV territory that includes all 28 members of the European Union,  Finland,  Iceland ,  Liechenstein,  Monaco and Norway,  – fell 7.6% between 2007 and 2011. This decline is underpinned by a slowdown in the growth of ATM fraud as well as a 24% drop in fraud carried out at point of sale terminals. The 2008 Canadian roll-out of Chip and PIN had a dramatic impact on fraud there. Card Skimming had accounted for losses totaling $142 million, but that figure dropped to $38.5 million in 2009, according to figures provided by the Interac Association. Some critics point to the fact that most of this decrease comes in the form of face-to-face card fraud, and that criminals merely shift their focus onto some other area that is less anti-fraud focused. Still, there are positive gains and as technologies improve, more successes are sure to follow.

Part of the reason why the U.S. not embraced  EMV sooner is because our  fraud problem, while significant, has typically been among the lowest rates in the world among highly developed economically mature countries. Much of that is due to the online authentication methods at work here. Here at home, our online authentication methodology permits authorizations to be done in real-time, thus thwarting a significant percentage of the fraudulent attempts at the point-of-sale, the best place to stop fraud. Our online authentication methods also incorporate multiple fraud and risk parameters as well as advanced neural networks that are ‘built-in’ to the approval process. It’s been a highly effective system that works well, when compared to most alternatives. The effectiveness of our authentication processes has helped fuel the resistance to full EMV adoption here. However, the EMV migration has gained momentum to the point where it is only a matter of time. The truth is that, despite the gains in preventing credit card fraud, and despite the best efforts of EMV’s backers to push acceptance through, global adoption of the EMV standard is still considerably less than 100%.

In England’s old offline authentication method, credit card transactions were gathered together at specific times- typically, at the end of the business day- and then batched over to the card issuers for authorization. It’s a method that gave those committing fraud a significant time lag between the transaction and the authorization, and this time lag contributed greatly to the higher levels of fraudulent activities in England. However, for Europe and for much of the rest of the world, adoption of the EMV technologies changes things dramatically, at least in terms of authentication protocols for both online and offline purchases. During an offline transaction using the EMV chip card, the payment terminal communicates with the integrated circuit chip (ICC), embedded in the payment card. This is a break from the old method which involved using telecommunications to connect with the issuing bank. The ICC / terminal connection enables real-time card authentication, cardholder verification, and payment authorization offline. Alternatively, in an online EMV transaction, the chip generates a cryptogram that is authenticated by the card issuer in real time.

Posted in Electronic Payments, EMV EuroPay MasterCard Visa, Financial Services, Near Field Communication, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

October 15th, 2013 by Elma Jane

Banking and payments technology provider FIS and City National Bank, a private and business bank, have partnered to pilot FIS’s Cardless Cash Access at City National ATMs in Los Angeles, New York City and San Francisco. The solution lets consumers stage an ATM transaction from their mobile devices.

City National plans to introduce the emerging technology to clients in its three largest markets early next year, according to an FIS announcement, continuing FIS’ rollout of the solution at banks and ATMs in key U.S. locations.

FIS said Cardless Cash Access securely authenticates a user on his or her smartphone. The consumer then uses the phone to select the account and amount of the withdrawal. At the ATM, the consumer scans a QR code on the ATM screen and, within seconds, the cash is dispensed and an e-receipt is sent to the phone.

Consumers continue to look for innovative new ways to engage with their financial institutions via mobile devices, FIS Mobile, said in the release. At the same time, they demand additional security to keep their information safe. Information from Cardless Cash Access is maintained in the cloud, so card data cannot be accessed if the consumer’s phone is lost or stolen – making this a faster, safer, more secure way to make a withdrawal.”

To decrease fraud, FIS said, security within Cardless Cash Access is provided through the app’s authentication and registration of a user’s smartphone, which the company said eliminates card skimming risk and fraud incidents for banks and their clients.

With the proliferation of debit and access to cash at the point of sale, financial institutions are looking for ways to expand the utility of the ATM,” Senior vice president and head of product strategies, Vince Hruska, City National Bank, said in the release. “Cardless Cash Access not only provides a secure and easy way to obtain cash from an ATM, but introduces to the client a new way of looking at ATM use.

Posted in Financial Services Tagged with: , , , , , , , , , , , , , , , , , , , , ,

July 15th, 2013 by Admin
e-commerce PCI security

Cyber Crime InfoGraphic by Vericode.

Today anyone can have an e-commerce web site set up in mere minutes. There are a lot of open source e-commerce solutions that allow a web site owner to establish a site very easily, some require just a few clicks to get going. Once you have your color scheme chosen and your navigation all set a decision on how to accept payments is inevitable. e-commerce payment gateways allow your site to connect securely to a payment processor to accept your electronic transactions. These digital transactions can be used by hackers to target your site and your customers credit card information and much more. Whether the data targeted is stored on the merchants network or on the customers mobile device, business need to implement a cyber security strategy. Read more of this article »

Posted in Credit Card Security Tagged with: , , , , , , , , , , , , , , ,