Plastic card fraud has become a significant issue not only in the United States but also worldwide. Fraud levels can be measured in the tens of billions of dollars each year or higher when the various stakeholders that are involved in the losses associated with fraudulent transactions measure their total costs. A merchant loses not only the revenue and profit related to a sale, but the product itself, and possibly higher transaction fees when fraud occurs frequently in its business. A merchant must also incur the costs associated with investigating certain types of fraudulent transactions. Credit card associations like the VISA® and MASTERCARD® associations cover some costs associated with fraud but the credit card issuers incur significantly more costs, including costs associated with refunding the amounts charged to a card holder account, investigating possible fraudulent transactions and issuing new plastic cards if a significant breach of security has been identified. When the total costs of fraud are measured among all the parties involved in financial transactions, the losses are staggering.
Plastic card fraud has also opened up a market for all sorts of fraud detection and educational services. Neural network software to detect and hopefully prevent a fraudulent transaction from occurring costs card issuers and their processors millions of dollars to operate. Educational seminars to teach card issuers, merchants, and card holders on how to better safeguard the information that can be used to commit identity theft and plastic card fraud also cost card issuers millions of dollars. Existing security standards, like the Payment Card Industry (PCI) Data Security Standard, while being excellent network and system security practices also require merchants to take extra measures to safeguard the information they possess and these measures cost merchants millions of dollars to implement. An entire industry has been created to protect the static data used in today's plastic card transactions. All told, billions are spent and still fraud levels continue to increase. These increases are due not only to defective security; rather, plastic card programs continue to utilize static data that, if obtained, can be used to commit plastic card fraud.
Over the years, the industry has continued to layer additional static data on credit, debit, and ATM transaction cards. Pin numbers and card security codes have been implemented to help address specific issues of security but criminals continue to adapt their schemes to steal this information. Social engineering attacks like “phishing” are successful because they can target large numbers of people to obtain this static data. The use of holograms and new logos to help prevent counterfeit cards from being used has added to the costs of plastic cards. The plastic card industry has focused on preventing the use of static data rather than adopting a means of implementing some level of dynamic information into these transactions.
Some in the industry have viewed smart cards as one possible solution to this static data problem. The contact and contactless smart card standards and the hardware integrated into the smart card, the point of sale (POS) device, and the authorization process have adopted methods to include some dynamic data in the transaction authorization process. When implemented on a massive scale, for example the Chip and Pin systems common in Europe, these standards have been effective in the local prevention of fraud. For example, the Chip and PIN system in the United Kingdom is a government-backed initiative to implement the EMV standard for secure payments. In this initiative, banks and retailers replace traditional magnetic stripe equipment with smart card technology, where credit/debit cards contain an embedded microchip and are authenticated automatically using a PIN. When a customer wishes to pay for goods using this system, the card is placed into a “PIN pad” terminal (often by the customer themselves) or a modified swipe-card reader, which accesses the chip on the card. Once the card has been verified as authentic, the customer enters a 4-digit PIN, which is checked against the PIN stored on the card; if the two match, the transaction completes.
This kind of smart card technology has been shown to decrease certain types of fraud, an example being fraud associated with counterfeit cards, but fraud in total has continued to rise. This is due to the fact that smart cards are only implemented on a scale necessary to affect fraud regionally. Criminals can target other regions that still rely on the static information common to the vast majority of plastic cards in circulation or they can perform more “card not present” transactions, as in internet purchases or mail order transactions. Smart cards also suffer from having to continue to support the predominate point of sale reader technology deployed worldwide, i.e., magnetic stripe.
Implementing smart cards on a scale necessary to significantly affect fraud levels requires billions of dollars to be spent by merchants or governments to add the new point of sale readers, update the point of sale software, and add the processing functionality for all stakeholders that deal with financial transactions. There are an estimated 20,000,000 magnetic stripe readers in the field today. Replacing these readers with smart card readers would be a huge investment.
An improved and more cost-effective solution for preventing plastic card fraud is desired.