News Column

EMV cards to shield banks from fraud

February 2, 2014

Esmond Shahonya Special Correspondent -1

As the migration to the use of EMV card technology takes shape in Kenya , banks are eyeing the new technology in hopes of reducing losses incurred through credit and debit card fraud. The Kenya Bankers Association has set March 14 as a tentative deadline for the introduction of magnetic stripe cards. EMV was developed by the leading card operators Europay, MasterCard and Visa to ensure security of card systems and ease of payment globally. In Kenya , the migration to chip-and-pin cards will be relief for banks and their clients, who have been victims of fraud. Credit card fraud remains a painful issue for both. READ: Fraud, fears stalk mobile banking During the 2012 festive season, a number of banks experienced a wave of debit and credit cards fraud, which saw customers' card details compromised and millions of shilling stolen. The fraudsters used an old technique of card skimming to steal from ATMS in various parts of the country. The losses to fraud in Kenya's financial institutions rose to Ksh1.6 billion ( $18.8 million ) for the first nine months of 2013, as compared with just Ksh655.6 million ( $7.71 million ) reported in the first nine months of 2012. READ: Kenyan banks lose $18.8m to savvy fraudsters Globally, the statistics are mind boggling. Credit and debit card fraud hit a record $11.27 billion in 2012, according to the Nilson Report, which tracks global payments. It means that tech-savvy criminals are always constantly finding new ways to exploit the credit and debit card systems. Though credit card skimming may appear as an old means of harvesting card data, the notable fact is that this technique has undergone mutations such that it poses a danger to the very existence and operation of the magnetic strip cards. Card skimming involves using a data harvesting gadget to collect card information from clients who visit targeted ATM machines. Skimming equipment relays this information to remote servers of criminals who then use the stolen data for variety of fraudulent transactions. Chip-based cards are more secure than magnetic strip-based cards. The chips are hard to clone, stores information required to, authenticate, authorise and process transactions. This is the same type of information that is stored on the magnetic strip. Once you swipe the card, you must enter a PIN to complete the transaction. The information on the embedded chip is encrypted. This adds to the level of security. The information on the magnetic strip is not encrypted. When you swipe the card, the information is delivered straight on a computer in plain text. Everything is laid bare for thieves and fraudsters. A magnetic-strip card swiped in a point of payment that has skimming devices will reveal key data to a fraudster. The most critical data that hackers and fraudsters go after is, the CVV code, card expiry date, credit card number, PIN and name. Once a hacker has this data, the card can be used for online shopping or other fraudulent transaction. Software and sophisticated equipment for card skimming readily available in a black digital market spread over the Internet. The fraudsters have even set up websites where they trade in stolen credit card data. Esmond Shahonya is a Nairobi - based ICT analyst.

For more stories on investments and markets, please see HispanicBusiness' Finance Channel

Source: East African, The

Story Tools