Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Security

Group

Innovation in Financial Services
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

An article relating to this blog post on Finextra:

Over 100 indicted in huge New York ID theft ring takedown

New York authorities have indicted 111 people - including bank tellers - accused of participating in an identity theft scam that saw counterfeit credit cards used to steal more than $13 million.

See article

What's really mind-boggling about the NY card-skimming fraud

News that 111 people were arrested last week in New York in a US$13 million card fraud scam was a useful reminder of just how easy it still is to skim credit card details in the US. NYPD Commissioner Raymond Kelly was quoted as saying: “Thieves have an amazing knowledge of how to use technology . . . The schemes and the imagination that is developing these days are days are really mind-boggling.'

In fact there was nothing sophisticated about this crime, just “traditional” skimming of customers’ credit card details which could be used either to manufacture false credit cards or for online purchases. This is a lot easier in the US where credit card companies don’t use the microchips common in European cards, but those chips don’t prevent, for example, the use of stolen credit card details for online purchases.

As I have argued before, the financial industry’s main focus should be on preventing fraudsters from using stolen data. Technology can already show that an individual (in fact his/her mobile phone) is not in the US when his/her credit card is being used at a POS in New York. Technology can do so in total respect of privacy laws, through anonymous correlation, and in a way that is totally invisible to the customer before such withdrawals and purchases are authorised. Technology can also support additional strong transaction authentication and verification methods, namely through an automated call to that phone can immediately confirm that fact, and – if the card holder rejects the transaction – alert the issuing bank to block the card.

And if the fraudsters have gone to the lengths of swapping the sim card or automatically forwarding calls to the customer’s mobile number on to a number of their own, that can also be detected. The level of authentication can be tailored to the transaction type and size, and can even include voice biometrics for added security if the card issuer wants to use it.

The key lies in real-time detection, prevention and immediate resolution enabled by the empowered customer. The security technology industry has a job to do in encouraging customers to question just how it is possible in 2011 for a skimming scam like the one uncovered in New York to be so profitable on such a scale. That really is a mind-boggling thought.

4906

Channels

Security

Group

Innovation in Financial Services
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (7)

A Finextra member
A Finextra member 11 October, 2011, 08:08Be the first to give this comment the thumbs up 0 likes

"Technology can already show that an individual (in fact his/her mobile phone) is not in the US when his/her credit card is being used at a POS in New York."

Erm, Not sure I want a card processor (or anyone really) having real-time access to my movements via mobile phone location records.

Report abuse
Pat Carroll
Pat Carroll - ValidSoft - London 11 October, 2011, 10:07Be the first to give this comment the thumbs up 0 likes

As I explained in an earlier blog on EU Data Privacy, using mobile telephony to improve security for multiple aspects of banking can offer consumers around the world huge gains in terms of improved security and customer service. But those consumers – as well as banks, retailers, mobile telephony companies, regulators and governments – need to feel absolutely confident about the protection of individuals’ privacy, if these exciting opportunities are going to be realised.

And that is why security companies should go through the complex process of applying for a Privacy Seal from EuroPriSe.

European data privacy laws are arguably the most stringent in the world. That should be great news for companies that meet them when those companies come to offer their services around the world.

Report abuse
Nick Collin
Nick Collin - Collin Consulting Ltd - London 11 October, 2011, 11:17Be the first to give this comment the thumbs up 0 likes

The lesson to be learned is quite clear - the US must migrate to EMV chip.

Report abuse
A Finextra member
A Finextra member 11 October, 2011, 13:16Be the first to give this comment the thumbs up 0 likes

"European data privacy laws are arguably the most stringent in the world."

Perhaps, but they're not worth much if the politicians then decide to share it in places where the data is less well protected:

http://en.wikipedia.org/wiki/Passenger_Name_Record#Regulation_of_PNR_transfers_between_the_USA_and_the_European_Union

 

 

Report abuse
Pat Carroll
Pat Carroll - ValidSoft - London 11 October, 2011, 14:30Be the first to give this comment the thumbs up 0 likes

The bank, or card processer always knows where you are (at an ATM or POS) – our technology simply confirms this, or in the event that we refute it we never say where the person is, so the bank only works with the information it already has.

Report abuse
A Finextra member
A Finextra member 11 October, 2011, 14:47Be the first to give this comment the thumbs up 0 likes

So your company tells a card processor if the transaction is more likely to be good or bad?

I imagine the criteria you base your decision on are secret, but one thing that would help you immensely would be to know if the card holder's mobile phone agrees with the card on current location?

Again, I want as few people as possible to have access to information on my movements.  Not sure how many other peopel are like me (probably more in the UK now following the phone hacking scandal!).

I could however see a system being build, with some safeguards, doing as you suggest.  But as you wrote, that is a new trust relationship and would also require a change in the law (I'm thinking in terms of the UK).

Already some cards have other safegaurds - such as requiring a user to contact the issuer or go online and tell the issuer that they are going abroad (good idea, as long as the client knows about this beforehand - a friend of mine didn't, went to HK and found himsefl in trouble - luckily he had just enough cash to call the issue to get the card unblocked).  And issuers have been known to call card owners mid shiopping to query 'unusual' purchases (but then we get ot the question of how does the card issue and the holder mutually authenticate each other?).

Report abuse
Pat Carroll
Pat Carroll - ValidSoft - London 12 October, 2011, 13:04Be the first to give this comment the thumbs up 0 likes

Don’t want to breach the rules of engagement of the blog site by going into commercial detail. Briefly we sit as an additional layer of security alongside existing risk engines – the technology already is in place. We check the proximity of the origination of the transaction to the cardholder through the global mobile network. If in proximity then we simply “confirm” what the bank already knows. If we “refute” we never declare where the phone is. Bank has much better quality information to base its decision on whether to accept or decline the transaction. On the privacy front we are fully compliant with UK Data Protection & Data Privacy laws, as we are from an EU Data Privacy regulation perspective also.

 

Report abuse
Join the discussion
Pat Carroll

Pat Carroll

Founder/Executive Chairman

ValidSoft

Member since

17 Mar 2011

Location

London

Blog posts

79

Comments

40

More from Pat

This post is from a series of posts in the group:

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

See all
Community
See all blogs »
Innovation in Financial Services 

The Hunt is On for AI Synergies in Private Equity Portfolio Companies

Drake Paulson

Drake Paulson

Innovation in Financial Services 

What Do Post-Trade investment Operations Entail?

Parth Prafulbhai Sonara

Parth Prafulbhai Sonara

Innovation in Financial Services 

On International Water Day, How can Fintech Stem the Flow of Climate Change?

Nameer Khan

Nameer Khan

Innovation in Financial Services 

What benefits could ISO 20022 bring to trade finance?

Richard White

Richard White

Now hiring

See more