17 Aug 2006
Banking industry body Apacs is examining new technology options to combat the growing threat of card-not-present fraud.
Instances of card-not-present fraud increased 21 per cent last year, costing banks £183m, and Apacs says the figure will be higher this year.
‘Card-not-present fraud is the fastest rising type of fraud,’ said as Apacs spokeswoman. ‘We would be daft not to consider solutions, and there are a few under review at the moment.’
Apacs declined to give exact details of the systems it is examining, but confirmed it is looking at a personal authentication system called Gridsure that creates one-time dynamic PINs or passwords every time it is used.
Users will simply need to remember ‘a shared secret’ which will be easier to recall than a four-digit PIN, according to creators Stephen Howes and Jonathan Craymer, who have recently signed a two-year deal with PricewaterhouseCoopers to market the system.
‘We have not rejected the idea, but there are a couple of other ideas around,’ said the Apacs spokeswoman.
‘For card-not-present fraud the route we are more than likely to go down is a variation on what Barclays has done.’
Barclays said earlier this month that it is to issue stand-alone card readers to all online banking customers over the course of next year to tighten security (Computing, 3 August).
Richard Weber, director of Cambridge University’s statistical laboratory, tested the Gridsure system and believes it could ultimately replace chip-and-PIN.
‘The systems in existence already [that generate one-time PIN] mean carrying around a list of numbers, having numbers sent to your mobile phone or carrying some kind of electronic device, he said. ‘This system purely works on the fact that you have remembered something and it is absolutely viable that it can replace chip-and-PIN.’
Michael Alculumbre, managing director of Protx, the largest independent payment service provider in the UK which handles more than £200m worth of transactions every month, is also considering Gridsure.
‘We’re in the early stages of talking to them but we’re very interested in adopting the system,’ he said.
Apacs was the driving force behind the February chip-and-PIN deadline which shifted fraud liability to merchants not using the technology. It released figures this week saying the technology has reduced counterfeit fraud by a quarter.
What do you think? Email us at feedback@computing.co.uk
Further reading:
Barclays to tighten web security
All of the aforementioned technologies seem to be 100% vulnerable to man-in-the-middle-phishing attacks in which a criminal relays authentication information in real-time to a bank. Some US-based banks have already experienced such attacks.
Posted by: George in New York, NY 30 Oct 2006
Have your say on this article
Newsletters
Latest stories from Security Technology
Latest videos
You may also like
Security Technology jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
