£1.2bn in card fraud across the EU, despite introduction of chip-and-pin

Despite the introduction of "chip-and-pin" security, payment card fraud across the European Union cost some €1.5bn (£1.2bn) in 2012, according to the latest figures from Europol.

While chip-and-pin has helped to reduce card fraud since its introduction, card fraudsters have instead used EU cardholders' information to commit fraud outside the EU and in cardholder-not-present transactions, for example orders over the internet or on the phone.

Chip-and-pin protects cards by encoding data in an encrypted format on the chip, and requiring a four-digit code to process cash machine requests and transactions. Because they use the chip instead of a magnetic stripe, they are harder to copy.

However, while the UK and the rest of the EU have chip-and-pin infrastructure, making it more difficult for card fraudsters to operate, much of the rest of the world still relies on old technology, which remains in the magnetic stripe of EU-issued chip-and-pin smartcards.

As a result, instead of targeting EU-based institutions, card fraudsters have increasingly used stolen or cloned cards overseas where chip-and-pin has yet to be introduced. Favoured destinations include the US, which is the largest source of EU card fraud, Brazil, Colombia, the Dominican Republic, Russia and Mexico, which all still rely on the unencoded, unprotected magnetic strip.

Organised criminals have also developed sophisticated new tools to enable them to copy card details and pick up the four-digit PIN codes when people use their cards at compromised cash machines. Furthermore, card-not-present transactions lack some of the security procedures that physical transactions enjoy.

The number of debit and credit cards in issue across the EU now tops 726 million.