Preventing Online Credit Card Fraud

If you are accepting online orders and would like to greatly reduce your exposure to credit card and check fraud, implementing protective measures can reduce online fraud by approximately 80%.

Please note: Some of the techniques contained below require a working knowledge of .cgi scripts and HTML coding. We cannot provide technical support or explanations for non-members. However, most competant webmasters will be able to easily implement these tools and techniques.

This material is adapted from a series of articles written by the founder of AntiFraud.Com that originally appeared in the online newletter The VirtualPromote Gazette.

The Internet is the perfect environment for every crook, thief, and pickpocket to ply their trade with almost complete anonymity. Being in the online software business, I have seen a tremendous increase in fraudulent purchases made with stolen credit card information. In many cases, the thief has more complete and current information about the actual cardholder than the credit card company. In some cases, credit card numbers that receive an approval number turn out to be totally fictitious numbers -- based on the algorithm used to produce authentic numbers.

I recently formed an alliance with a large merchant account provider specializing in providing credit card merchant accounts for Internet and Home-Based businesses. Through working closely with the credit card companies and other online merchants, I know the bottom line is this: You, as a merchant, are the one who is going to get stiffed! The cardholder is not responsible for more than $50 of fraudulent purchases. The issuing bank of a stolen credit card really doesn't care because they will simply charge the merchant back for any fraudulent purchases, plus a $10-$15 charge back fee. In fact, the issuing banks actually make $50 on these situations. They get the $50 from the cardholder (the cardholder's obligation), then they charge back each and every merchant for all the fraudulent charges.

So why is this situation getting so bad? Technology! Yes, the very same technology that allows us to have a profitable online business also allows others to rip us off. The advent of free, web-based, non-ISP e-mail addresses such as @hotmail.com, @usa.net, @juno.com and the hundreds of e-mail forwarding addresses afford a credit card thief a perfect veil to hide behind. The free e-mail addresses can't be traced back to the real owner;it usually takes a court order to get an e-mail forwarding service to disclose customer information. For those of us in the software, subscription or membership business, the e-mail address is the only point of contact we have. That address is where our products are shipped.

To make matters worse, there are now underground software programs available that can generate an unlimited number of mathmaticaly valid, yet fictitious credit card numbers. Combine that with complete anonymity and it spells big trouble for any business conducting online commerce. In addition, there are newsgroups out there that actually post stolen credit card data. So someone picks your pocket now and ten minutes later all your data is available world-wide.

So, what can you, as a merchant, do to protect yourself -- short of not accepting online credit card orders? Over the last few month, my company has had to establish certain procedures for all online orders:

1. No order is accepted unless complete information is provided including full address and phone numbers.

2. We no longer accept any order originating from a free, web-based, or e-mail forwarding address -- the customer must provide an ISP or domain based address: one that can be traced back to a "real" person.

3. Since the list of these types of e-mail addresses is growing daily, we check every e-mail address by going to a browser and putting a www in front of the domain. Try this with joesmith@cyberdude.com -- you will see that www.cyberdude.com puts you on I-names' (150+ free e-mail domains) homepage. We don't accept orders unless the e-mail/domain is a legitimate website or ISP -- something that can provide definitive identification of the e-mail address in question. This method is not fool-proof. When in doubt, go to step number 4.

4. If in doubt, we call the phone number listed on the order. We have alerted many cardholders that their card information was being used by making this phone call. On the other hand, the party on the other end may have never heard of the "customer." This results in a call to the issuing bank of the credit card to alert their fraud department.

5. We use the HTTP_USER_AGENT and REMOTE_ADDR code on all our order forms. This line works with most form handlers such as FormMail, cgiemail and others. The exact syntax varies with the form handler, but it provides information about the computer used to send the order, including the IP address. The IP address can then be traced to its owner -- usually an ISP. You can then contact the ISP System Administrator and inform them of the illegal activity. Members of AntiFraud.com are provided an automatied way to do this. Check the documentation for your particular form handler or cgi script for implementation of this input field.

6. Virtual Checks -- we receive a great number of orders via online virtual checks. While this has greatly increased our sales, the same cautions prevail. Having been burnt a few times, we now call the account holder's bank and verify the account number, account holder's name and current funds to clear the check before processing the order.

The Front Line of Defense

Isn't the policy of rejecting orders from free, web-based, or e-mail forwarding services a little severe?

After receiving several dozen credit card charge backs resulting from fraudulent orders placed exclusively through free, web-based, or e-mail forwarding addresses, we established the policy of not accepting orders from any of the over 700 such e-mail domains.

We have NEVER had a fraudulent order placed through a standard, ISP-based e-mail address. Conversely, EVERY fraudulent order has come through the free, web-based, or e-mail forwarding services.

Although adding the HTTP_USER_AGENT, REMOTE_ADDR line to your form handler to capture a "customer's" IP address helps, sometimes this information really isn't very useful. There are several sites that a crook can log onto before proceeding to any of the web-based e-mail services that offer total protection of your identity -- when you log onto one of these sites -- you are reissued a random IP address and they keep absolutely no logs of this. Hence, I can log onto one of these sites, go to the hotmail site and send e-mail, or go to a site to buy something, with absolutely no possibility of being traced.

If someone places an order using a standard, ISP based e-mail address such as joe@ix.netcom.com, it is fairly easy to track this individual. However, it is very difficult to track the identity of someone using one of the free e-mail services -- and if they know what they are doing,it is absolutely impossible.

All we are asking for, as a merchant, is positive identification. Would you accept a check from someone using someone else's ID? Would you accept a credit card purchase if someone signed a different name to a charge slip than was listed on the card? Virtually everyone who has a free, web-based, or e-mail forwarding address also has a tracable ISP or domain based address. That is the address I accept for online orders -- nothing less.

Has the screening of all orders cut into your sales?

No. The vast majority of people using the free e-mail services use an ISP to access the Net. Every ISP I know of issues at least one e-mail address with every account. So onlinefraud@hotmail.com (which one of my employees, a Mr. John Smith of 111 main street) recently registered in about 30 seconds, also has a legitimate, more easily traceable ISP issued address. We simply inform our customers that we don't accept orders through free e-mail services and ask them to use their standard, ISP issued address. We do this by placing a link on our order forms to the redflag.htm. Members of AntiFraud.Com are provided an automated way to screen against this ever growing list. Granted, there are some honest folks out there who really, truly don't have anything but a Juno.com account -- so guess what - they can call us to place the order (yes, we have caller ID on our phones).

Are there problems with real-time ordering processing?

There are many services out there that offer (for a fee or percentage) to process your orders in real-time, while the customer is logged onto the site. The first question you need to answer is whether you need to use such a service. If you are selling any hard goods that are physically shipped to an address, the answer is no. Legally, you can not even charge the customer's card until the order has been shipped. However, the option of real-time processing is very attractive to software vendors or subscription services. This convenience does have its risk.

Many real-time order processors do absolutely no pre-screening of orders. If the credit card goes through verification, the order is processed and the "customer" is immediately given a serial number or subscription user name. You, as the merchant, won't ever find out about the fraudulent nature of the order until you receive the chargeback. Yes, these services will tell you they use the Address Verification Service to insure the address provided is what the credit card company has on record, but that does not mean that onlinefraud@hotmail.com is the actual owner of that card. I am currently working with a couple of real-time processing services that are installing the same fraud prevention measures that are available to members of AntiFraud.com

The last area of concern is shipping orders out of your own country. I can sum this up with a few short sentences. Make absolutely, positively sure that you have a legitimate order before shipping anything, including soft goods, across the border. Regardless of the circumstances, regardless of the proof you may have, regardless if you have a signed confession from the crook who stole your goods through a fraudulent order, if that order went across the border, you can basically kiss it good-bye. It's hard enough here in the states to get the proper authorities to do something about credit card fraud. Try getting the authorities in a foreign country to pursue such a matter!

To sum up the situation I believe fraud committed against merchants conducting online transactions is increasing dramatically, and will continue to do so. However, there is no need to panic. While many years ago it was safe in most places to leave your house with the doors unlocked, that is no longer true. While only six months ago is was safe to blindly accept any online order, that is no longer true. But, like locking the doors to your house, protecting yourself from online fraud is really not that big a deal. Some common sense, and a few specialized tools, policies and techniques usually will do the trick.

Thwarting More Advanced Thieves, and Those From Abroad

I have recently seen an increase in the number of fraudulent orders originating from European Educational Institute domains. This is probably being conducted by college student/hackers who gain access to the school's e-mail servers.

On these types of orders, call your credit card processor, give them the first 6 digits of the card number and ask for the name and phone number of the issuing bank. If you receive an order from Romania and the Card is issued by the "First National Bank of Chicago," I would think twice about processing the order.

Unfortunately, this type of fraud is ever-changing, ever-evolving. You circumvent one method and they discover a new one. I will post revelant news to AntiFraud.com as new trends become visible. To be instantly updated with this news, please consider becoming a member of AntiFraud.Com. On one front -- the site we have been working on is up and ready to assist you. But on the other front, it seems certain criminals out there are getting a little smarter when it comes to committing online fraud. If I didn't know better, I would swear these guys must have read my previous articles and have adjusted their methods to compensate.

However, there is no reason to panic. In any criminal activity there are usually three classes of perpetrators. First, you have you rank amateurs who are easily thwarted with simple precautions. Then you have "small-time hoods" who, while a little more proficient than the rank amateurs, are not much more of a threat. Then you have the professionals. These guys do this for a living and have enough smarts to outwit the precautions that deter the others. Fortunately, their numbers are few.

You may recall some of my previous suggestions for preventing the majority of online fraud. We no longer accept any orders from a free, or web-based, or e-mail forwarding address. This list is currently over 1500. Secondly, unless we recognize the e-mail domain as being from one of the large ISP's such as ibm.net, mci2000.com, earthlink.net, etc., we always go to a browser and put a "www." in front of the e-mail domain to look at the website associated with that domain. We make a determination from there where to check further. We also use coding on our order forms that captures the IP address of the sender.

So how has the game changed? We have encountered 3 different cases of this during the last two weeks. I am not making any accusations nor condemnations, nor am I suggesting that you refuse to accept orders from the individual cited in the example below. I am merely stating facts as we discovered them. You will have to draw you own conclusions. OK -- my lawyers say I can continue now:

On February 21, 1998 at 1:53a.m. EST, an individual placed an order for our Web Promotion Spider software using the name of Alex Williams from Nashville, Tennessee. "Alex" placed his order using a Master Card and the e-mail address of dknight@dknight.com. Since this is neither a free nor an ISP based e-mail address, I went to http://www.dknight.com. As of Sunday, March 01, 1998, the page had nothing more than an "under construction, come back later" notice.

This made me a little uneasy so I quickly went to http://antifraud.com/ipcheck.htm to do a WhoIs on the domain name of "dknight.com". I quickly found this domain is registered to a Mr. Fahad Al Blehed with both phone and fax numbers of 000-000-0000. This made me even more uneasy so I used the same form to WhoIs the IP address he was using at the time he placed the order. You know, it's funny, the IP address of 195.34.28.87 belongs to the PTTNET Dialup Network -- out of Moscow, Russia.

Now, you can call me paranoid or overly suspicious, but I sort of doubted that Mr. "Alex Williams" of Nashville, TN, was over in Russia placing an order for web promotion software for a site that barely existed. A quick call to VISA/Master Card security confirmed the card number provided belonged to neither "Alex Williams" nor "Fahad Blehed." The card was immediately put on hold while the actually card holder could be contacted and, needless to say, I did not process the order.

Had I processed the order, I would have been out not only the $100 software but also a $15 chargeback fee when the actual card holder disputed all the charges. So, was all the extra effort worth it? It took me less than 3 minutes to complete all the steps above, including the call to VISA. I saved a $115 plus a blemish on my merchant account record. Let's see, $115 for 3 minutes of work, that works out to $2,300 per hour. My corporate attorneys barely make that much :-)

In another case, we received an order from a shihwai@acsshell.net. This domain belongs to a Mr. Chong Shihwai of Shihwai Networks located in West Caldwell, NJ. Unfortunately, there is no such person. However, the individual that does live at the WhoIs-identified address for this domain has received over a half-dozen invoices from Internic for domains the real culprit has registered and is using as fronts to commit credit card fraud. In our case it was a stolen VISA card from Australia. The poor guy in West Caldwell has received hundreds of phone calls from merchants trying to track down Mr. Shihwai.

As a side note, I went the extra step in all these cases and contacted the System Administrators of both the hosting services and the ISPs to alert them to the illegal activity being conducted by these individuals. Hopefully, I stopped them from victimizing too many other merchants.

Review all the steps we use on our AntiFraud.Com site. Take an extra step or two if you are at all suspicious. You might save yourself and many others from getting burnt by these guys. If you would like additional tools and technology to automate these techniques, please consider becoming an active member of AntiFraud.Com. And, be careful out there.

Technorati Profile

Boeing laptop stolen, putting 382,000 at risk for identity theft

CHICAGO -- A Boeing Co. laptop containing the names and Social Security numbers of 382,000 workers and retirees has been stolen, putting the employees at risk for identity theft and credit-card fraud.

The theft, which the company confirmed Tuesday, was the third such offense in over a year.

Files on the computer also contained home addresses, phone numbers and birth dates. Some of the files listed salary information.

"It's very disturbing to us when things like this happen, and there are certain steps you can take right away ... but we realize we need to go above and beyond those," said Tim Neale, a spokesman for Chicago-based Boeing.

The laptop was stolen earlier this month when an employee left it unattended, Neale said. He would not reveal where the theft happened, but said no proprietary, customer or supplier data were on the computer.

The computer was turned off when it was stolen and a password is needed to log on to its desktop, Neale said Wednesday.

"It's not necessarily an easy task to access the information there," he added.

Boeing began contacting current and former employees Tuesday night, Neale said.

Boeing will provide credit-monitoring services for three years for those affected by the latest theft, Neale said.

There is no evidence that any of the previous thefts have resulted in wrongdoing, he said.

A Boeing laptop containing information on roughly 160,000 current and former employees was stolen in November 2005. Then, in April, a laptop containing information on 3,600 employees and retirees was stolen.

Neale would not say whether any disciplinary action has been taken against the employee involved in the recent theft. However, he acknowledges that in each of the incidents company policy was violated.

"It's frustrating because obviously you don't want to see this happen," he said.

Banks roll-over on smart card roll-out

AUSTRALIA'S banks are positioning themselves for the final run to introduce smart credit cards after years of baulking at the cost of phasing out magnetic-stripe technology in favour of microchips.

The manoeuvring is being influenced by the federal Government's $1.1 billion welfare Access Card project, but fresh questions have arisen over whether or not smartcards will provide consumers with significantly improved protection from credit card fraud.

Banks have claimed major victories in cutting credit card fraud thanks to the implementation of crime busting computer systems that use neural networking technology to detect illicit transactions.

Visa Australia head of business development Vipin Kalra said computer systems enabled banks to almost halve the cost of credit card fraud over the past five years.

Credit card fraud rates had been cut from up to 0.05 per cent of total Australian credit card sales five years ago to less than 0.03 per cent, Mr Kalra said.

The most common forms of fraud were skimming and counterfeiting, he said.

The Australian Payments Clearing Association agrees that the highest card fraud losses by value stem from skimming and counterfeiting, but estimates 2006 credit card fraud at 0.039 per cent of card transactions, or $87.4 million.

"We've seen a big drop in fraud in Australia over the past couple of years," Mr Kalra said.

"(The drop is because of) the banks' ability to put a lot of monitoring systems in place so they can track activities on the card. Those systems are now starting to show their benefits."

ANZ Bank widely advertised its Falcon neural network as part of a campaign to establish its security credentials.

Falcon identifies anomalous credit card transactions and is one of three platforms the bank uses to manage credit card fraud.

The others - Eagle and Hunter - are merchant-oriented systems to track fraudulent credit card applications.

ANZ general manager of consumer cards Nick Reade said these systems had helped the bank cut credit card fraud by 60 per cent in the past five years.

He cited examples where Falcon detected the use of a stolen credit card before the cardholder knew his wallet had been purloined because of changes in the buying patterns detected by the bank's systems.

Systems such as Falcon were an important part of ANZ's drive to establish itself as the most security conscious Australian bank, he said.

"Pretty well everything we do nowadays we communicate that we take fraud very seriously," Mr Reade said. "A lot of our own internal research on what's important to customers - drivers of satisfaction, drivers of usage of credit cards - increasingly (show) what's coming out as number one is security."

Mr Kalra said the fraud-fighting capabilities of computer systems such as Falcon meant banks had not been under pressure to implement smart credit cards.

Microchip-enabled credit and debit cards have long been touted as an important tool in the fight against payment fraud by Visa.

Many Australian banks have argued that the costs of implementing smartcards was greater than the cost of fraud.

"We have to get (to smartcards) but because fraud is under control within the banking industry there isn't a huge urgency to just turn over all the cards over night," Mr Kalra said.

Commonwealth Bank general manager of product and market development Brian White said the success of crime-fighting technologies meant consumers were unlikely to notice big reductions in creditcard fraud following the introduction of smartcards.

"(With smartcards) the consumer on the street has the confidence that he's consistent with the current standard. Does that mean today he's at risk as a consequence? Well the data shows he's not measurably," Mr White said.

Mr Kalra's and Mr White's comments were made at the launch of the Australian Smartcard Users' Forum (ASUF) last week.

ASUF members include the big four banks. It was founded to pressure the federal Government to use private-sector payment networks to process transactions associated with the $1.1 billion welfare Access Card.

ASUF chair and NAB regional general manager for specialised businesses Bruce Munro said the group would work to manage any consumer concerns if banks were seen to be lagging behind the federal Government on using smartcards to protect consumers from fraud.

"One of the reasons we put the forum together was to try and manage perceptions like that," Mr Munro said.

"Another risk, I suppose, is that the use of a chipped Access Card may have some negative connotations that we have to manage for our own roll-outs,"

ANZ's Mr Reade declined to comment on the activities of his competitors but said smartcards would play an important role in protecting consumers from fraud such as credit card counterfeiting.

ANZ has issued 1 million smartcards and has a goal of converting all 3 million ANZ cards smartcards within a year.

The CBA, NAB and Westpac are yet to announce smartcard roll-out timetables.

Credit card is ticket to fraud

The head of a Mumbai-based shipping company became the latest victim of online credit card fraud last month when miscreants used his account to buy thousands of rupees worth of airline tickets.

In a police complaint, Captain Ramesh Giridharilal Gulati, 67, chairman and managing director of Crystal Shipping Company Private Limited, said that “thieves” charged about Rs83,300 on his Standard Chartered card between November 8-11 when he was on an overseas trip to the Far East. The kicker is that the card was in his possession at the time of the “theft”!

Gulati, a Cuffe Parade resident, said, “I was shocked when I received my credit card statement for Rs83,296.40 on November 17. During my absence from India, someone had misused my card between November 8-10 to make 11 different transactions. The transactions were made to purchase airline tickets.” Gulati had gone on a business trip to Manila via Dubia on November 5. He returned to Mumbai on November 11.

“On November 10, I thought I had lost my card while checking out of the hotel in Manila,” he said. “I called my staff to call up Standard Chartered to report a lost card. However, during my transit period at Dubai airport on November 11, I found my card in my travel pouch. I informed the bank on November 13 that I had found the card. However, they had cancelled my card.”

Gulati received a statement for his old card on November 17. It listed 11 transactions - six on November 8, one on November 9 and four on November 10 - all for purchasing online tickets from various airlines.

The father of two then called the bank’s credit card division to report the “discrepancy”. The bank told him that they would investigate his complaint, and it would take a month’s time. On November 18, Gulati filed a complaint with the Azad Maidan police station. Prakash Khanvilkar, senior police inspector with the Azad Maidan police, said, “We have received a written complaint, but we cannot comment at this time. The case is under investigation.”

A spokesperson with Standard Chartered Bank on DN Road, also refused to comment, saying, “We cannot comment as it is under investigation.”

Avoiding Credit Card Fraud

November 24, 2006

Avoiding Credit and Charge Card Fraud

A thief goes through trash to find discarded receipts or carbons, and then uses your account numbers illegally.

A dishonest clerk makes an extra imprint from your credit or charge card and uses it to make personal charges.

You respond to a mailing asking you to call a long distance number for a free trip or bargain-priced travel package. You're told you must join a travel club first and you're asked for your account number so you can be billed. The catch! Charges you didn't make are added to your bill, and you never get your trip.

Credit and charge card fraud costs cardholders and issuers hundreds of millions of dollars each year. While theft is the most obvious form of fraud, it can occur in other ways. For example, someone may use your card number without your knowledge.

It's not always possible to prevent credit or charge card fraud from happening. But there are a few steps you can take to make it more difficult for a crook to capture your card or card numbers and minimize the possibility.

Guarding Against Fraud
Here are some tips to help protect yourself from credit and charge card fraud.

Do:

• Sign your cards as soon as they arrive.
• Carry your cards separately from your wallet, in a zippered compartment, a business card holder, or another small pouch.
• Keep a record of your account numbers, their expiration dates, and the phone number and address of each company in a secure place.
• Keep an eye on your card during the transaction, and get it back as quickly as possible.
• Void incorrect receipts.
• Destroy carbons.
• Save receipts to compare with billing statements.
• Open bills promptly and reconcile accounts monthly, just as you would your checking account.
• Report any questionable charges promptly and in writing to the card issuer.
• Notify card companies in advance of a change in address.

Don't:

• Lend your card(s) to anyone.
• Leave cards or receipts lying around.
• Sign a blank receipt. When you sign a receipt, draw a line through any blank spaces above the total.
• Write your account number on a postcard or the outside of an envelope.
• Give out your account number over the phone unless you're making the call to a company you know is reputable. If you have questions about a company, check it out with your local consumer protection office or Better Business Bureau.

Reporting Losses and Fraud
If you lose your credit or charge cards or if you realize they've been lost or stolen, immediately call the issuer(s). Many companies have toll-free numbers and 24-hour service to deal with such emergencies. By law, once you report the loss or theft, you have no further responsibility for unauthorized charges. In any event, your maximum liability under federal law is $50 per card.

If you suspect fraud, you may be asked to sign a statement under oath that you did not make the purchase(s) in question.

For More Information

The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit www.ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

Credit Card Fraud

Credit card fraud falls to record low

Thursday July 07, 2005 11:55 - (SA)

By Stephen Gunnion

Credit and debit card fraud is at a record low, despite growing volumes of transactions globally. A recent breach of security at a third-party card-processing plant in the US, which compromised up to 40-million card numbers globally, is unlikely to alter the statistics, says credit card company Visa.

Visa says industry efforts to combat fraud are paying off as card issuers tighten payment-processing security.

Jim Devlin of Visa's fraud department for central Europe, eastern Europe, the Middle East and Africa region (Cemea) says that last year only 6c of every $100 spent with credit cards was lost to fraud.

Counterfeit cards remain the highest contributors to fraud, at 47%, followed by lost and stolen cards at 29%, Devlin says.

Simon Dean of the same Visa fraud department says MasterCard, Visa and American Express, the three largest credit card companies, have aligned standards to which banks have to adhere to protect account holder information.

Despite this, the "phishing" of account holder information by the US card processor highlighted a flaw in the system.

Phishing is when customers' personal information, including account details and PIN number, is collected to conduct fraudulent transactions on internet and telephonic transactions.

About 22-million of all the account numbers at risk globally were of Visa cards, while about 14-million were of MasterCards.

Devlin says the effect of the US breach on customers was minimal, with about 20000 accounts compromised but not necessarily affected by fraud.

Last month, Visa said only 6000 of its South African account numbers had been compromised, and a number of those had expired.

MasterCard said 6000-7000 of the total number of MasterCards that had been exposed to risk were for South African accounts.

At the time only one South African account had been affected.

Standard Bank, SA's biggest credit card issuer, had identified about 1500 credit card customers who could potentially be affected, and all accounts were replaced with new ones as a security precaution.

"It was a highly unfortunate incident and one that hasn't done the industry any benefit," Dean says. He says while the financial loss from the card compromise in the US was small, the damage to the reputation of credit card companies was large.

"The last thing Visa would want is for the internet and e-commerce to be deemed insecure. The protection of data is most important," he says.

Dean says the US card compromise was still the subject of an FBI investigation in the US and it was still unclear how it happened.

Customer data that should not have been stored had been stored by the processor, he said.

Under an industry-wide security programme, banks, merchants and card processors have to adhere to certain security standards.

Dean says the move to chip-based cards will reduce fraud even further as it will take the responsibility away from merchants to ensure cards are authentic. Chip cards had successfully addressed this in France, where they were introduced in the 1990s.

Growth in card fraud between 1993 and 2003 had prompted the UK to move quickly to chip cards, Dean says.

But Devlin says it would be years before chip-based cards were rolled out world wide. Merchants would need special chip readers before the system was implemented.

Business Day