Stories
Slash Boxes
Comments

SoylentNews is people

Online Card Fraud Up As Thieves Avoid In-Store Payments

posted by on Sunday February 05 2017, @02:32AM   Printer-friendly
from the solution:-pay-only-in-rutabegas dept.

Arthur T Knackerbracket has found the following story:

Deterred by the security capabilities of chip cards for in-store payments, thieves have resorted to stealing credit-card numbers and passwords or opening new accounts with false credentials to use in making online payments for purchases, according to recent studies. Botnets also comprise some of the biggest increases in online card fraud.

"We predicted this [online fraud increase] would happen following [chip] cards in the banking industry years ago," said Mike Lynch, chief strategy officer at InAuth, a vendor of mobile and browser security products. (InAuth was recently purchased by American Express, but will remain a subsidiary.) Other countries, including Canada and Australia, also saw big jumps in online card fraud after chip cards were adopted, he said.

Lynch said the online fraud increase is probably higher for financial institutions than for merchants, but merchants are more open about the problem and discuss it more freely. "Banks don't typically want to disclose fraud," he said.

The amount of dollars put at risk by online fraud went up 55% from the second quarter of 2015 to the second quarter of 2016, according to the Pymnts.com study. That was a jump from $4.90 to $7.60 per $100 of online sales. For luxury goods alone, the dollars at risk were $12.10 per $100 in sales in late 2016.

Botnets were behind many of these attacks. The rate of attacks by botnets increased by 47% for the same period for all goods and by 87% for luxury goods alone, Pymnts.com said.

-- submitted from IRC

Original Submission

 
This discussion has been archived. No new comments can be posted.
Online Card Fraud Up As Thieves Avoid In-Store Payments | Log In/Create an Account | Top | 9 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by sjames on Sunday February 05 2017, @11:54PM

    by sjames (2882) on Sunday February 05 2017, @11:54PM (#463226) Journal

    Some of the chips the banks did not select for use in credit cards are capable of enough processing to require passwords and to sign transaction records presented to them.

    The system they SHOULD use would have the card reader acting as a serial connection to the chip. In store purchases could be handled entirely by a POS or the customer might prefer to enter a password and a transaction limit using his own device and then slot the card so the POS can present it with a transaction record to sign.

    Online sales would simply require that the customer somehow sign a transaction record using a key the bank will recognize. One such way would be a dirt cheap USB card interface (dirt cheap since all it needs to do is provide power and a serial port to the chip) and their credit card.

    Since the transaction is driven by the chip on the card, there's no need to trust the PC OR a POS terminal.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2