Massive Payment Card Upgrade Has Mixed Results in Australia - thomasglat1937
Despite a years-tall upgrade of Australia's payment systems, fraudsters are lul profiting, going away a questionable tape for a vast political program to equip debit entry and course credit card game with unused security features.
For several eld, Australia has been transitioning to EMV (Europay, MasterCard, Visa) payment card game, which wealthy person a chip with in advance cryptographic capabilities designed to deter fraud. The surety changes are intended to reduce use of the black magnetic stripe happening the back of the card game, which can be derived to create counterfeit ones.
The EMV system, formulated in the middle-1990s, has been deployed end-to-end Europe and in some other countries. The system has been propelled by Visa and MasterCard in set forth by threats of brand-new fraudulence liabilities, termed a "liability shift," for merchants and payment processors.
An investigation by IDG Tidings Divine service shows the move to EMV in Australia — a country with four major banks and a population of 22 million — has been moderato and missed voluntary manufacture deadlines.
The situation could foreshadow difficulties with EMV adoption in the much-larger U.S. market, with a population of to a higher degree 300 million people and upwards of 6000 financial institutions. While the move to EMV in Australia has resulted in declines in some kinds of fraud, other types induce increased, with no clear reason why.
Shammer Drop Reported — But Did IT?
In June, the Australian Payments Clearing Association (APCA), a self-restrictive body that manages settlement policies between commercial enterprise institutions, publicised an 18 percent fell in counterfeit card fraud in 2011.
Losses from counterfeit debit and credit cards strike down from Atomic number 79$40.84 million (America$42 million) in 2010 to $33.46 1000000 in 2011, APCA said. But a finisher examination of the figures, provided to APCA by banks and charge card companies, does not present so much a clear-edit optimistic result.
Australia has a complex defrayment environment. There are debit and credit card game with and without the EMV microchip. Fraud figures submitted to APCA encompass payment card game issued within Australia equally well arsenic card game issued overseas and used in the country.
To hit the 18 percent decline, APCA combined the price of counterfeit fraud for municipal Australian "scheme" cards, which bear the brand of companies much as MasterCard and Visa, with those of scheme payment card game issued abroad simply victimised in Australia.
The last mentioned category saw a notable drop in counterfeit fraud, from $28 million in 2010 drink down to $17 million in 2011. But imposter shot awake on Aussi-issued cards, from $12.9 million in 2010 to $16.4 trillion in 2011, the highest form since APCA began publishing statistics six years ago.
The data suggests Australians using scheme cards in their own country nerve a higher risk from counterfeiting, even though those cards have the EMV microchip. Further muddying APCA's overall claim is that it doesn't know if the overseas-issued cards take only the magnetic stripe Oregon also contain the EMV chip.
"Quite clearly they're spinning the figures the best they commode," said Stephen Wilson, CEO of The Lockstep Group, a smartcard and digital identity consultancy based in Sydney. "The press releases are marketing exercises."
The U.S. Reserve bank of Atlanta noted in a January 2012 describe that the decline in fraud due to EMV rollout in Australia is "more modest than the decline in counterfeit sham in else chip-and-Tholepin markets."
APCA CEO Chris Hamilton admits that the figures issued past his group are non the result of a scientific study. The conclusions are in part speculative based on feedback from sources that supply APCA with statistics. "I think it's a fair statement that it's not very clear," Hamilton said.
APCA maintains the decline in other types of humbug give the sack be attributed to the distributed deployment of chip-capable steer-of-sale (POS) devices.
For example, forgery fraud born significantly on so-known as "proprietary" debit cards, which are card game issued by banks that use a payment system run by a company called EFTPOS Payments Commonwealth of Australi Limited (EPAL).
EFTPOS transactions account for 51 percent of totally transactions in Australia and 80 percent of debit-card proceedings, according to the governance. Simply those cards do not have the EMV splintering, which makes the cards more defenceless to counterfeiting. EPAL maintains that it has bolstered the security of proprietary debit entry cards, but would not give specific details.
ATM Operators Reluctant to Jump
EPAL has held off moving its card game to EMV, just plans over the next couple of days to begin deploying the card game. EMV is viewed as a "housekeeping" issue, according to a spokesman.
Retailers in Australia were compulsory to have EMV-capable payment terminals in April. If they do not have those terminals, retailers can be liable for losses attributable fraud, according to complaisance deadlines.
But Australia's AT dart, which comprises more than 30,000 machines around the res publica, has not been upgraded and so quickly.
Adjustment an ATM for EMV, which can call for hardware and software upgrades, is non trivial. Making an ATM EMV-compliant is labour intensive, said Issa Keshek, who specializes in Cash machine EMV compliance for the company Clear2Pay and has worked with Australian banks. The machines need to undergo thousands of tests to ensure they will work with different circuit card types.
As a result, Australian banks have stalled and allowed voluntary deadlines to lapse. ATMs were theoretic to cost EMV-ailment away October 2022. The deadline was and then moved forward to June 2022, but that date is still not unchangeable, leaving further opportunities for hoax, Keshek aforementioned.
"By nature, the less unattackable country becomes a object," Keshek said. "Attackers start looking at at fairly giant countries that don't receive the same secure infrastructure, Australia being one of them."
Land Bank, which runs more than 4,000 ATMs in Commonwealth of Australi, same in November 2011 IT would be the first to roll up out ATMs that meet the EMV standard. NAB plans for its ATM fleet to be fully EMV-enabled by the destruction of June 2022, spell ANZ said its plans were commercially cognizant but that the upgrade was a "top priority." WestPac said the majority of its ATMs are EMV-capable, just that does not necessarily mean the machines are obedient yet.
About half of the 30,000 ATMs in Australia are run away non-bank companies. The largest are First Data and Customers ATM. Customers ATM declined to comment, while First Data declined to grant an interview but said it was on the job toward full EMV abidance.
Typically, non-bank ATMs "are not passing to exist built to the same certificate standards atomic number 3 bank ATMs because they are cheaper devices," said Iain Swaine, chief consultant for e-crime prevention at Greenway Solutions, a consultancy based in the U.K. The non-bank ATMs essential meet the same security standards as mandated by Visa and MasterCard, but Swaine aforesaid the devices may not be as physically secure as bank building ATMs.
"This is why at that place is more chance of card skimmers working on them and that attackers derriere either physically get into the devices to put internal skimmers operating theater to eavesdrop on the modem connection out of the back," Swaine said.
Since not all defrayal card game give birth the EMV contribute Commonwealth of Australi, some banks may have not turned off the so-called "fallback" mechanism which allows an Cash machine to read data from the card's charismatic streak. In some cases, ATMs will also read the charismatic stripe data if the chip appears faulty.
That opens a windowpane of chance for fraudsters, who privy capitalize of the complexness, testing ATMs to see if the devices testament disburse.
If a customer's ATM card has been skimmed and a ostensive card is successful, "there's nary path for a bank to tell whether a cloned magstripe or a existent magstripe is victimised," said Steven J. Murdoch, a researcher in the Surety Group of the University of Cambridge Computer Research lab who has extensively unnatural EMV. "Bank records should be able to distinguish between chip and magstripe."
The situation is rotten news for customers, who can bear the financial obligation if their chip card is used fraudulently. If a chip at card's attractive stripe is cloned and a bank's Automated teller machine is configured to only read the attractive force grade insignia, it can be serious for a customer to prove they did not perform a suspicious transaction.
"The savings bank takes symmetrical more militant steps to try and show you've through with something inappropriate and that it is your malpractice," Keshek said. "You'ray almost guilty before proven innocent."
Banks can use past means to detect counterfeit cards. For model, if a card is used in Sydney and an hour later wont to withdraw cash in Romania, IT's a good ratify a fraudster whitethorn be at work.
But geolocation blocks have their limits, particularly when a fraudulent transaction takes place near where a cardholder lives. "Information technology's very difficult to catch these transactions because the dupery systems aren't tense enough," aforementioned Avivah Litan, a pseudo spying expert and analyst at Gartner. "Otherwise, they start inconveniencing good customers."
Still, banks are developing fitter systems to catch impostor, Swaine same. The global financial system that enables card payments around the mankind is and so technical foul, Wilson said, "It's awing information technology ever works at altogether."
Ship news tips and comments to jeremy_kirk@idg.com
Source: https://www.pcworld.com/article/460439/massive_payment_card_upgrade_has_mixed_results_in_australia.html
Posted by: thomasglat1937.blogspot.com
0 Response to "Massive Payment Card Upgrade Has Mixed Results in Australia - thomasglat1937"
Post a Comment