31 July 2014

PCarroll

Pat Carroll - ValidSoft

72 | posts 256,004 | views 37 | comments

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...

Could EC3 help Europol see sense?

25 January 2013  |  4535 views  |  0

This month, we saw Europol’s launch of EC3, the new European Cybercrime Centre that aims to be at the heart of combating cybercrime in the EU.

As I blogged back in July 2012, it’s fantastic the EU recognise cybercrime as a serious enough issue to warrant a dedicated centre. In my opinion EC3 can help protect Europeans and businesses against mounting cyber-threats by focusing on illegal online activities carried out by organised crime groups, especially attacks targeting e-banking and other online financial activities. My thoughts on this initiative are that it is a perfect backdrop against which to promote an awareness campaign to educate and fight fraud, whilst as an industry we move to a new paradigm of fraud detection and prevention.

Europol being at the centre of EC3, my confidence was somewhat eroded by Europol’s recommendations for preventing cybercrime on cross-border card fraud. Although Europol is not EC3, it does directly influences its workings. So what did Europol say?

Europol’s statistics reveal that card fraud on EU issued cards is a hefty 1.5 billion euros a year. A good chunk of this - 600 million euros to be precise - is attributed to card-present (CP) fraud, the vast majority of which is perpetrated outside of the EU, in non EMV-compliant countries.

Now what Europol suggests, is that all EU issuing banks should geo-block EU issued EMV cards. In short, this  means cards should not be allowed to work in non-EMV countries without the magnetic strip being explicitly reactivated.

I have to disagree with this recommendation. It’s a blunt instrument which loses sight of the bigger picture.

What is not being taken into account within this report is that EU issuing banks already lose large amounts of their travelling customers through aggressive cross-border decline policies. Those using practices such as “travel flags” still incur administrative costs and the wrath of their customers and ultimately provide no guarantee that the card will not be blocked and can also be exploited by fraudsters. There is a cost to banks and their customers today from excessive cross-border declines which does not feature in the aforementioned 600 million euros.

The solution is surely less cross-border declines, not more. This doesn’t mean that the fraud problem will be ignored. Security technology exists today to tackle this problem from both sides, namely, fraud prevention and false-positive (decline) reduction. Importantly, the technology does not require the EU banking industry to break the fundamental tenant of universal acceptance or to incur ever more overheads which will, eventually be passed onto the consumer.

The way the security solution can work is to use Proximity Correlation Logic (PCL) as one of the multiple factors of authentication. By using a mobile phone, PCL can detect if a cardholder is not where the transaction is being made in non-EU countries. What’s more, the solution has been granted a prestigious European Privacy Seal given its strict adherence to EU data protection legislation.

Rather than banks spending more at the back-end on investigations and card re-activations, we should be looking to reduce both cross-border fraud and excessive declines at source.

The purpose of EC3 is to encourage discussion about the best possible security solutions to fight cybercrime, but these discussions need to take into account business practicalities and consumer convenience. I urge the centre to rethink Europol’s recommendation on cross-border CP crime as a prime example of collaborative thinking in the fight against cybercrime.

TagsCardsSecurity

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Pat

Securing Transactions Means More Than Just Authentication

10 July 2014  |  2145 views  |  0  |  Recommends 0 TagsSecurityPaymentsGroupInnovation in Financial Services

'Trust but Verify' : Trust in Data Protection and Mobile

13 June 2014  |  2234 views  |  0  |  Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

Chip and Skim Cards: Renewed Need for Layered Authentication

03 June 2014  |  1989 views  |  0  |  Recommends 0 TagsCardsSecurityGroupInnovation in Financial Services

How do we achieve 'The Holy Grail' in contactless payments?

28 February 2014  |  2172 views  |  0  |  Recommends 0 TagsMobile & onlinePaymentsGroupInnovation in Financial Services
name

Pat Carroll

job title

Founder/Executive Chairman

company name

ValidSoft

member since

2011

location

London

Summary profile See full profile »
Throughout his career, Pat has been at the forefront of industry thinking, representing organisat...

Pat's expertise

What Pat reads
Pat writes about

Who is commenting on Pat's posts

Andrew Smith