:: SECURITY

Credit card fraud remains unbeatable
Friday, March 01 2002
by Andrew McLindon

Send story to a friend
Print this Story
Credit card fraud will never beaten, but can be fought vigorously with a range of IT measures, says an expert from the world's largest private software firm.

Peter Dorrington, principal initiatives manager at SAS UK & Ireland, told ElectricNews.Net that while it is not possible to completely eliminate credit card fraud, a range of future and current IT applications will make it much harder to carry out. "No IT-based system will ever be 100 percent secure, but we can make it so that casual fraud is nearly impossible and the professional fraudster finds it very tough to engage in such fraud," he commented.

Credit card fraud amounted to close to STG300 million in the UK in 2000 and the recent conviction and imprisoning for four years in Ireland of a credit card fraudster has shown that despite recent security measures introduced by retailers, banks and card issuers it remains a serious issue for businesses and financial institutions.

Common methods of carrying out such fraud include ID theft, skimming (the copying of card details on to a data reader), which occurred in the Irish case, and the generation of fake card numbers.

According to Dorrington, one of the main difficulties in combating credit card fraud is that the fraudsters always manage to keep one step ahead of the security people. He cited the example of the introduction of numbers in the signature block on the back of a credit card. These numbers were supposed to act as a second barrier to fraud, particularly in combating "card-not-present" fraud, as the numbers were not contained in the card's magnetic strip. However, fraudsters were able to get around this by using a hand-held strip reader linked to a Palm Pilot, which meant that both numbers could be recorded at the same time and then used to clone a card.

Moves have also been made by some organisations to combat on-line credit card fraud by introducing controlled payment numbers (CPN), which is the generation of a random credit card number for each on-line transaction. Dorrington commented that while such moves were welcome as they eliminated the possibility of skimming, there still remained the problem of people forging documentation when applying for such cards.

But Dorrington said that initiatives have been taken that could reduce the level of credit card fraud. Among these is the introduction of biometrics, which is the use of unique personal characteristics such as fingerprints, voice print and iris prints to identify that the person is who they say they are. Although biometrics could be a major factor in combating credit card fraud, introducing such systems into retail outlets will be costly and Dorrington estimated that it could be another five years before they are widespread.

In the meantime, Dorrington said that SAS is working on improving current analytical approaches to detecting credit card fraud. "What SAS does is analyse the transactional data so that fraudulent patterns can be identified and new business rules in handling credit card applications and payments can be introduced," he remarked. Dorrington added that Internet retail giant Amazon has managed to cut its on-line fraud in half by introducing such a system.

SAS is also working on a text mining system that will identify word patterns associated with fraudulent behaviour or lying. "For example, there are many Web sites that offer advice on how people can repair their credit rating by answering forms from banks in certain ways. Our system would scan for similar wordings on applications and look for word patterns associated with being deceitful," he explained. However, the system is probably at least two years away from mainstream use.

SAS employs around 20 people in Ireland and its customers here include AIB Bank, Bank of Ireland and the Revenue Commissioners. SAS has over 8,500 employees globally and revenues in 2000 of over USD1 billion.


:: MORE NEWS from SECURITY

© Copyright ElectricNews.Net Ltd 1999-2002.