Back in the middle of September, (see below) I blogged about a rash of PIN numbers that were stolen by Russian and Ukrainian skimmers via the rigging of ATM machines in Dubai. As a result, it caused Lloyds TBS to announce a switch-over to Chip and PIN last December. (also linked below)
Now word comes that the National Bank of Abu Dhabi has officially announced that all banks will be required to introduce Chip and PIN. You will find the link to the story, an excerpt, and some of my comments below:
Now word comes that the National Bank of Abu Dhabi has officially announced that all banks will be required to introduce Chip and PIN. You will find the link to the story, an excerpt, and some of my comments below:
Chip and PIN system to be introduced - The National Newspaper
In a move to thwart widespread credit card fraud, banks will start introducing a “chip-and-pin” system to replace the traditional magnetic security strip.
Editor's Note: Yes, but if the magnetic stripe is still on the back of the card it can be easily skimmed and cloned. Therefore the "increased security" is only applicable in "card present" situations. Otherwise the data contained on the magstripe can be lifted, and cloned for use overseas and online.
Back to the story:
"The introduction of such technology has proved to be extremely successful in other parts of the world in reducing card fraud, particularly in Europe,” the Central Bank said.
Editor's Note: That may or may not be true as the "flip-side" of the story is that overseas fraud was 14 times higher and last week, it was reported that more than 1 in 4 Brits have been a victim of credit or debit card fraud. Fraudsters, like water, seem to find the path of least resistance, which is another reason to be surprised at the banks pushing of the "least resistant" platform, known as signature debit.
They say that the argument against switching to a Chip and PIN system in the U.S. is the cost. But I say there's a more cost-effective approach. We don't need to spend the $15 plus billion to make the switchover when we could do it for nothing by pushing PIN based transactions over signature debit. At the same time we'd vastly increase the security of our transactions, and drastically reduce the instances of card cloning, especially in "card not present" situations by requiring the entry of a PIN, which is the preferred payment mechanism by both consumers and merchants anyway.
Signature is 15 times higher than PIN Debit? No wonder banks are pushing signature debit. It makes for complete non-sense. Common sense dictates the the push for PIN Debit , both in retail and on the web. Regarding the web, in it's current "card not present" state, there's not only more fraud, but cloned cards can be used almost at will. So you'd think even the banks would "get it." Especially based on the fact that they already seem to be PIN-heads. I'll try again:
"A PIN based transaction would be both "dually authenticated" and, with HomeATM, provide the added security of End-To-End Encryption. (E2EE)" Question: If PIN Debit fraud is 15 times LOWER in retail (a card present space) what are the numbers in a "card not present" environment, such as the web? I can only speculate. The fact that e-commerce transactions are all software based, (and fraud is 92 times more likely to be associated with software vs. hardware) provides me with evidence that the time for swiping your card and entering your PIN in a PCI 2.0 tamper proof PIN Pad , (thus making it "card present") has arrived.
But, seemingly, for now anyway, the bank's are focused on pushing/steering American consumers towards a fraud-centric payment mechanism that is 15+ times more likely to induce fraud, depending on the environment. Without doing research, I'm willing to bet that while the Interchange Fees contribute, it's the overdraft fees that are the main ingredient behind their recipe of pushing signature debit. I thought the Fall of Wall Street was supposed to teach us some truths about greed. Talk about "lie-ability."
Anyway, getting back to the story: Chip-and-pin cards rely on a personal number, usually four digits, rather than a signature, and are thought to be harder to defraud. All banks will be required to introduce the new technology, according to a statement from the Central Bank yesterday, although no timetable was given.“This is in line with global industry trends intended to reduce the risk of debit and credit card fraud.
Chip-and-pin technology has been used widely in Europe for many years, and was introduced in Britain in 2004. There is still some debate about its effectiveness, although according to a British government website, counterfeit and fraud were reduced by nearly £60 million the year after its introduction. Last week, a senior Dubai police officer told The National that its introduction could prevent increasingly sophisticated credit card fraud... (click here to continue reading)
Related Stories:
Russian Hack Creates "Rush On" Changing PIN's in Dubai
Sep 15, 2008 -Dubai — Some banks in the UAE have slashed the daily cash withdrawal limit of ATM users by almost half after hackers, who police said were from Russia and Ukraine, used counterfeit bank and credit cards to steal funds from customer ..
Chip and PIN Coming to Dubai
Dec 22, 2008 -Chip and PIN Coming to Dubai - Decision to switch based on recent hack and rise in card related fraud. Many banks across the UAE experienced a concerning rise in the
instances of card related fraud in the latter part of ...
In a move to thwart widespread credit card fraud, banks will start introducing a “chip-and-pin” system to replace the traditional magnetic security strip.
Editor's Note: Yes, but if the magnetic stripe is still on the back of the card it can be easily skimmed and cloned. Therefore the "increased security" is only applicable in "card present" situations. Otherwise the data contained on the magstripe can be lifted, and cloned for use overseas and online.
In my opinion, that is why I think it is a mistake for banks to be pushing "signature debit" over "PIN Debit" here in the states. Sure, they might be making a killing on overdraft fees today, but what's getting lost in translation is that they are leaving everyone else in the world open to fraud.
Back to the story:
"The introduction of such technology has proved to be extremely successful in other parts of the world in reducing card fraud, particularly in Europe,” the Central Bank said.
Editor's Note: That may or may not be true as the "flip-side" of the story is that overseas fraud was 14 times higher and last week, it was reported that more than 1 in 4 Brits have been a victim of credit or debit card fraud. Fraudsters, like water, seem to find the path of least resistance, which is another reason to be surprised at the banks pushing of the "least resistant" platform, known as signature debit.
They say that the argument against switching to a Chip and PIN system in the U.S. is the cost. But I say there's a more cost-effective approach. We don't need to spend the $15 plus billion to make the switchover when we could do it for nothing by pushing PIN based transactions over signature debit. At the same time we'd vastly increase the security of our transactions, and drastically reduce the instances of card cloning, especially in "card not present" situations by requiring the entry of a PIN, which is the preferred payment mechanism by both consumers and merchants anyway.
"While the cost of making the switch to Chip and PIN in America would be exorbitant, we could simply require the use of PIN's here in the States which would go a long way to combating fraud and cloned cards"But I guess, in the long run (and I'm being extremely facetious here) it makes more sense for the banks to push "signature debit" in order to make their $35 overdraft profit on a "$4 Big Mac and Coke" purchase than to diligently prepare for the storm that is approaching. Banks have known for years that PIN Debit is more secure than signature debit. So I have to agree with Avivah Litan when she says:
"Signature-based transactions are definitely less secure, so it's really outrageous that banks are steering customers to use signatures rather than PINs simply because it generates more fee income," says Avivah Litan. One major retailer confided to her that fraud on signature-based debit purchases at his company's stores is 15 times higher than for transactions authorized by a PIN.
Signature is 15 times higher than PIN Debit? No wonder banks are pushing signature debit. It makes for complete non-sense. Common sense dictates the the push for PIN Debit , both in retail and on the web. Regarding the web, in it's current "card not present" state, there's not only more fraud, but cloned cards can be used almost at will. So you'd think even the banks would "get it." Especially based on the fact that they already seem to be PIN-heads. I'll try again:
"A PIN based transaction would be both "dually authenticated" and, with HomeATM, provide the added security of End-To-End Encryption. (E2EE)" Question: If PIN Debit fraud is 15 times LOWER in retail (a card present space) what are the numbers in a "card not present" environment, such as the web? I can only speculate. The fact that e-commerce transactions are all software based, (and fraud is 92 times more likely to be associated with software vs. hardware) provides me with evidence that the time for swiping your card and entering your PIN in a PCI 2.0 tamper proof PIN Pad , (thus making it "card present") has arrived.
But, seemingly, for now anyway, the bank's are focused on pushing/steering American consumers towards a fraud-centric payment mechanism that is 15+ times more likely to induce fraud, depending on the environment. Without doing research, I'm willing to bet that while the Interchange Fees contribute, it's the overdraft fees that are the main ingredient behind their recipe of pushing signature debit. I thought the Fall of Wall Street was supposed to teach us some truths about greed. Talk about "lie-ability."
Anyway, getting back to the story: Chip-and-pin cards rely on a personal number, usually four digits, rather than a signature, and are thought to be harder to defraud. All banks will be required to introduce the new technology, according to a statement from the Central Bank yesterday, although no timetable was given.“This is in line with global industry trends intended to reduce the risk of debit and credit card fraud.
Chip-and-pin technology has been used widely in Europe for many years, and was introduced in Britain in 2004. There is still some debate about its effectiveness, although according to a British government website, counterfeit and fraud were reduced by nearly £60 million the year after its introduction. Last week, a senior Dubai police officer told The National that its introduction could prevent increasingly sophisticated credit card fraud... (click here to continue reading)
Related Stories:
Russian Hack Creates "Rush On" Changing PIN's in Dubai
Sep 15, 2008 -Dubai — Some banks in the UAE have slashed the daily cash withdrawal limit of ATM users by almost half after hackers, who police said were from Russia and Ukraine, used counterfeit bank and credit cards to steal funds from customer ..
Chip and PIN Coming to Dubai
Dec 22, 2008 -Chip and PIN Coming to Dubai - Decision to switch based on recent hack and rise in card related fraud. Many banks across the UAE experienced a concerning rise in the
instances of card related fraud in the latter part of ...
0 comments