Safety in numbers? Early experiences in the age of chip and PIN

Abstract

Signatures are no longer accepted as validation for card payment in the UK since Valentines day. There are now 127 million Chip and PIN Cards in Britain. And Debit Card spending has overtaken cash spending for the first time ever in 2005. Chip and PIN has been applauded for bringing fraud right down. According to APACs, fraud from counterfeit cards is down 25% to £96.8 million in 2005. But card-not-present (CNP) fraud is now rising. It increased by 21% and caused losses of £182.2 million in 2005. Chip and PIN is useless in the face of CNP transactions. Research is being done into whether remote handheld readers could allow cardholders to authorise their transactions remotely. In the meantime, banks and retailers are verifying the cardholder's address on the telephone to reduce fraud as well as performing security code checking. Most of us are now very familiar with the requirement to prove our identity to an IT system. For many, it is a regular task on PCs, mobile devices and online services. However, authenticating ourselves has been a more long-standing requirement in a more general scenario – namely the use of debit and credit cards when we want to get access to our money or pay for purchases. Swiping cards and signing for purchases has been a routine act for many shoppers. Unfortunately, vulnerabilities in this approach have increasingly been exploited by criminal groups, with predictions that annual losses would rise to £800 million by 2005 if changes were not introduced to combat fraudi.