Although cardholders are usually the focus of concern in matters of card fraud, there
are other stakeholders in the establishment, use and maintenance of smartcards. These
stakeholders are (1) cardholders; (2) merchants; (3) Acquirers; and each of these has
roles, responsibilities and risks in operation of the card system.
Research indicates that we can all do more to defeat criminals, particularly where
basic security measures are involved. Statistics, such as the following [8], are particularly
alarming and highlight the need for cardholders to be aware of the risk and impact
if they fail to protect their PIN number and card details:
• 25% of all UK residents have disclosed their PIN to someone else, exposing them
to heightened risk of fraud and potentially making them liable for any card fraud
losses they may suffer;
• 27% of Britons use the same PIN for all their cards and the average adult has four
cards each;
• 44% of people still allow their cards out of their sight (in restaurants and bars for
example) when settling a bill;
• 51% of online shoppers do not fully appreciate that the start of a website address
changes from ‘http’ to ‘https’ when they enter a website made secure for purchasing.
The key recommendation for cardholders is that they should be security conscious
and take all practical precautions when undertaking a card payment. Cardholder
complacency is still a large factor in card fraud levels. While card issuers are unlikely
to acknowledge vulnerabilities, in order to avoid adverse reputational impacts, increased
cardholder awareness of the risks and impacts associated with known vulnerabilities
in the Chip and PIN system, will ensure that they become less complacent.
The large variety of card terminals makes it difficult for a cardholder to identify
one that has been tampered with, but there are other ways they can notice fraudulent
actions, for example by being familiar with merchant best practices. This would allow
them to raise alarms with other staff members if suspicious behaviour is observed,
e.g., swiping a card prior to inserting it into a card terminal or watching a PIN
being entered. Cardholders should also check their credit card and current account
statements to identify any illicit transactions. One measure to limit exposure for a
debit card linked to a current account is to establish a second account containing a
smaller balance for use in card transactions.
No comments:
Post a Comment