#SafeCard: Ukraine’s answer to cyberthreats targeting cardholders

Abstract

This paper reviews the project #SafeCard that was implemented by the Ukrainian Interbank Payment Systems Members Association (EMA) with the financial support of the US Embassy in Ukraine. The project spanned 2016–17 in Ukraine. Its aim was to minimise the level of fraud of payment instruments and ATMs. A number of political and economic factors in Ukraine have contributed to a significant growth in cybercrime schemes targeting bank clients. The main threat to Ukrainian cardholders is the use of social engineering methods that aim to complete operations in a card-not-present (CNP) environment (voice phishing (vishing), SMS phishing (smishing) and phishing websites), along with skimming and cash trapping in ATMs. Threat analysis and forecast was conducted, a common vision for the future was agreed and the following main objectives were determined: 1) To improve Ukraine’s criminal legislation; 2) To raise awareness among Ukrainian citizens; 3) To improve capacities of criminal justice professionals to obtain and check information in banks; 4) To improve the knowledge and skills of criminal justice professionals and their cooperation with banks; 5) To raise awareness among prosecutors and judges. This was the first implementation of a project on this scale in Ukraine. As well as meeting the desired challenges, the project also resulted in a hugely positive experience and strengthened the synergy of public–private partnerships. This paper describes the project and the final results. The author hopes that readers will gain some insights that will be beneficial for work to prevent payment fraud in their own countries.