Banking security has been a very hot topic as of late after two major system glitches from two leading banks, BPI and BDO. Representatives of both banks had to testify in front of the Senate and reassured that customer data is safe and the situation was under control at any point in time. But how safe are our transactions really?
Part of the move towards more secure banking environment is the shift towards the European MasterCard Visa (EMV) chip technology for card transactions. The BSP extended their deadline, which was originally set to 1st of January, 2017, to June 2018 for issuing EMV compliant cards to all clients. Local banks frequently claim that credit card fraud will largely be eliminated by the shift to the EMV technology and away from old magnetic stripes on all credit cards. So why are there still so many fraudulent transactions being reported even though most of the big banks already shifted to the new technology?
Let’s first have a quick look at different types of credit card fraud. The better you understand how scammers can use your data, the more measures you can take to protect yourself.
Cards with only a magnetic stripe are more prone to data theft because the data on the stripes is not encrypted and static. Fraudsters could easily skim data off your cards, embed the details onto a blank card and use it for all kinds of transactions. EMV is going to be safer in that regard as the chip holds your data encrypted and creates unique transaction codes that cannot be used again. If a hacker stole the chip information from one specific point of sale, typical card duplication would never work because the stolen transaction number created in that instance wouldn’t be usable again and the card would just get denied.
When the UK, one of the earliest adopters of EMV technology, switched to the technology it saw a 75% decrease in credit card fraud at brick and mortar stores over 8 years. Fraud, however, did not disappear but merely moved to online transactions, more elaborate ATM fraud, and to other markets where EMV technology wasn’t implemented yet. MasterCard recorded a 54 percent decrease in counterfeit fraud costs among its EMV-ready merchants from April 2015 to April 2016. Conversely, they also saw a 77 percent increase in counterfeit card fraud year-over-year among merchants who had yet moved to EMV or were in the process of doing so.
This is where the banks have clearly failed to educate their consumers. In fact, banks and credit card issuers primarily benefit from EMV. Retailers who do not adopt EMV readers (or are using older point-of-sale terminals) leave consumers susceptible to curb fraud. Because of the high cost of most EMV readers, many small businesses are unable to adopt them. Merchants then require customers to swipe their cards, which means the chip-technology is not being taken advantage of. Even more important is understanding the EMV fraud liability shift that also benefits banks and creates a headache for smaller merchants. If a merchant has not yet updated their payment terminals to be able to accept EMV-compliant cards, the merchant would be liable for the fraudulent transaction. This can be very costly for smaller merchants that want to offer card payments but have not yet updated to the newest technology.
A very popular way that scammers try to obtain credit card information in the Philippines is public networks. If you connect your phone or laptop to such a network in, for example, a hotel or a restaurant, be very careful with entering personal information. Understanding how your payment cards work is the first step towards protecting yourself from fraud and to actually enjoy the convenience of electronic payments.
A version of this article also appeared in the Manila Times.