Card skimming as become a major threat for banks and people. We use our cards to pay for a dinner at restaurant, home deliver for pizza, cab driver and etc. It happens every day there are millions of transactions taking place. The criminals can easily steal our card information -Identity Theft. The hackers can buy the small device named "Skimmer" in the on-line preferably E-bay, the other attracting aspect is that, these skimmers are cheap to buy; they might cost less than 100 pounds and it would get delivered within couple of working days. A waiter in the restaurant or the pizza delivery person who ever has your card can just skims your card right through the skimmer and you wouldn't even know that. It only takes few seconds, the card is returned back and you wouldn't have any clue that you have been robbed until it's too late.
Apparently the hacker downloads all the information from the skimmer to the computer. The obtained data contains the name of the card holder, expiry date and the 16 digit card number. This information is more than enough for the hacker to purchase any item through telephone. At the other end the magnetic scanner with the skimmer can be causes more corruption. With the use of magnetic scanner, in other words credit/debit card encoder the obtained data can be inserted into the blank card. Now this blank card can be used in any store or even in an ATM.
RFID embedded credit/debit card skimming:
We use our credit/debit card for our day today use - it happens in UK and all around the world, millions of time every day. Contactless cards make the way easier for the thieves to steal our 16 digit credit/debit numbers and successively use it in any store. The antenna in the chip broadcasts the information to the reader which is concurrently transferred to the system. After obtaining all the relevant data the hacker can feed the information to a blank card and successively use it any store.
Working: Earlier the security experts were concerned about the swipe of the card skimming, but now wave of the card and skimming is done - its RFID. For speedy and effortless sales soon every card will have these RFID chip in it. All these can be vulnerable to hacker's technology. The hacker can just walk past the people and rip of all the security data from them and they wouldn't know that they have been stolen. Eventually the hacker will have hundreds and hundreds of card information in his laptop.
Contactless cards finally pave a transparent path for the hackers to skim cards even without touching them. As technology grows there is always a black hole open up for the hackers. Hackers always find a unique way to steal our identity.
After obtaining all the information the hackers can clone the card and then can they charge the items and finally the victim is landed up with big bills.
This is how card skimming and cloning works in contactless cards.
Analysis:
It's been observed that 30 to 40% of the population have contactless cards and there is 200 million in circulation in the market. The hackers can walk around a huge crowd like football stadium, huge malls or crowded shops and they can loot the numbers and circulate the information through e-mail to anyone in the world.
This is a promising theft. The security experts working for banks and government have never seen a RFID skimming circumstances to steal information this is caused because the breach can be go invisible. This is a grand breach.
Stolen Identity - On line Transactions:
The world leading companies in payment processing and card fraud prevention have noticed a huge raise in fraudulent transactions using internet. Even the world famous payment fraud preventing retailers and payment processors have undergone a huge chargeback in recent days.
There are millions of transactions taking place daily. The two major transaction methods are
Call Centre i.e. Customer Service (or) Marketing and Sales team - Telephone Transactions
On-line Web transaction
After reviewing Data Breach reports of 2011 it's been observed that the transactions done by telephone have contributed high fraud while web transactions have minimum fraud transactions.
The given graphs show the transactions over web and call centres.
It has been observed that there are lots of bogus transactions done when hackers' calls up and pays for his item by providing all fake information then on-line transaction. Deny rate increased as tight rules impact migration on the web. Revenue is lost has customers migrate to web and are denied by tight rule set. From the time identity theft brought into practise by the bad guys there has been lots of commotion in payment transactions.
Fraud rules are quiet tight on web where 3D secure is in place a fraud is under control. 3D secure is nothing but a XML based code of behaviour which is used in bringing extra security for all the transactions done in on-line. This was proposed by visa to upgrade protection for internet payments. This was later embraced and Master card and so on.
This 3D secure protocol is brought into action when the XML code sent over SSL connection waiting for Clients authentication - which is verification and confirmation of client and server through digital certificates. If SSL is compromised then 3D security becomes null.
Deny Rate:
Transaction denial rate must be concentrated. TIGHT RULES WILL ALWAYS HURT THE WEB SALES. It is also observed that fraud transactions have taken place when the registered card has been lost or stolen.
The below given graph show the denial rate due to tight rules in web transaction.
Recommendations:
Discrete strategies for web transactions and customer services
Overhaul of rates currently in place, focussing on increasing revenue in web transactions and high fraud rate in customer services.
Data quality must be improved from Customer Service Transactions
The Card fraud detection service requires automated chargeback data to include in daily monitoring.
Immediate Recommendations:
Customer services must send correctly populated data to reduce false positive and reduce chargeback's.
New set of rules for web and call centre concentrating on revenue and reducing on chargeback rate.
All the fraud data must be sent on a habitual basis for monitoring and reporting
In order to retain its privilege customers, the organization must produce a clean list of accredited VIP customers' data to always accept the payment.
Data quality with accurate e-mail address and telephone number (preferably landline) entered correctly
Also, call centre staffs must encourage customers for on-line sales rather than paying over phone.
Current denial rate in both telephone and web transactions:
The below given graph show how the fraud rate can be controlled by following the immediate recommendations for call centre as well as web transactions.
