Credit card fraud costs banks millions of pounds each year
A credit card with a digital display that randomly generates a security code is being launched as a way of combating fraud, reprting Jane Wakefield for the BBC. Oberthur Technologies is currently in discussions with UK banks about rolling out the technology and will have cards “in the hands” of consumers in France by the end of the year.
One expert said a different design for credit cards was overdue. “In some ways, it’s surprising it has taken so long for this to appear,” Prof Alan Woodward, a cybersecurity expert from Surrey University, told the BBC.
The card provides an extra layer of security by replacing the static printed three-digit security code on the back of the card with a mini screen which displays a random code that changes automatically every hour.
It is powered by a thin lithium battery designed to last for three years.
“The technology has existed for some time so now it will be a case of persuading card processors that it is worth doing,” said Prof Woodward.
“It may be costly for card operators as some extra infrastructure will be required to ensure our cards stay synchronised with the operator, but it happens already for many banks with the dongles they issue for login.”
One drawback of the card is that customers will no longer be able to memorise their security code and will need to check the card every time they want to make an online purchase.
French banks Societe Generale and Groupe BPCE are preparing to roll the cards out to customers, following a pilot scheme last year and there are also pilot schemes in Mexico and Poland.
According to the UK’s Financial Fraud Action, credit card fraud in the UK totalled £755m in 2015 and the Office for National Statistics said that there were 20,255 victims.
There are several ways that fraudsters get hold of credit card details – from the online theft of data to skimmers that are attached to cash machines.
Skimmers – often homemade devices – that are attached to a cash machine, can steal information from the card’s magnetic strip and pin code with the help of a fake ATM pin pad or web camera.
Over time, the design has become more sophisticated with the advent of so-called shimmers – that are able to gather information from the card’s chip. Scammers are also now able to inject malware directly into cash machines
In response, banks are working on new authentication solutions, based on biometrics – regarded as a more secure way to identify customers.
But a recent study from security firm Kaspersky Labs suggests that cybercriminals are already planning to exploit these new technologies.
It found at least 12 sellers offering skimmers capable of stealing victims’ fingerprints. Other underground sellers are already researching devices that could obtain data from palm, vein and iris recognition systems.
David Emm, principal security researcher at Kaspersky, said the Motion Code card would “reduce the window of opportunity” for a thief with a stolen card but added it would be a stronger proposition if the security code was generated on “another device”.
“Banks should consider applying a multitude of cybersecurity solutions to minimise unauthorised access to such information,” he said.
“Consumers must also be aware of their digital footprint, installing security updates promptly, using strong and unique passwords, applying caution when using public wi-fi networks and not revealing too much information about ourselves online.”