Wednesday, February 6, 2013

Emerging Markets can lead in reducing Credit Card Fraud

It is only natural for us to get concerned when the media is full of reports of credit card fraud (Fraud ring busted, Indian credit card industry hit with INR30Cr fraud), especially when so much effort is made by the industry to convince us that electronic payments are safe.  I agree that card payments are basically secure, with fraud at less than 50 basis points (0.5%).

Having said that, there are a few facts that are disconcerting
  • Some of the card data was stolen from POS infrastructure: Payments at POS terminals should be secure.  The best practice is for:
    • End-to-end encryption of card data, i.e., card data is encrypted from the point it is swiped to the point it is processed (your bank)
    • It is best for the merchant / acquirers to not store card data
  • It is necessary for acquirers to continue to upgrade POS terminals provided to merchants to ensure that weak points in the chain get strengthened.  It is only natural for fraud to migrate to the weakest elements.
  • Talking about fraud migrating to the weakest link in electronic payments, it is inevitable that electronic commerce / online stores will show up in most fraud cases.  This is because the de-facto method of payment at online stores is via 'Card-Not-Present' mode.  Card-Not-Present is when the merchant cannot verify whether the customer is in possession of the card being used for the transaction.
    • When card data is fraudulently harvested, the easiest place to use stolen card data is at online stores
    • While online stores take a lot of effort to detect such fraud (thru' two-factor authentication, intelligence in back-end systems...), there are always some countries whose laws are not as stringent as others.  Again, fraud migrates to countries with lax authentication laws.
  • While it is easy to parade Chip-n-PIN / smart cards as the silver bullet to prevent such fraud, Card-Not-Present payment mode at online retailers will continue to be the backdoor that fraudsters will exploit.
  • Magstripe is not the only bad boy, Card-Not-Present mode of payment deserves some of the blame as well.
Link to a related article by Doug King, Atlanta Fed

Ending on a positive note, one (among many) thing that the industry can do is to work towards supporting Card-Present (or some variant thereof) payment mode at online stores.  Technology leaders have been working on such solutions and can roll them out if the industry commits to  it.  Emerging markets who have traditionally leaped-frog technology due to lack of legacy can play a leadership role here.  India can set the tone by issuing contactless cards to support Card-Present payments online.

Another initiative would be have a deadline for retiring all POS terminals that do not support end-to-end encryption.  Payment Networks, such as Visa and MasterCard, can take a lead on this.

Would love to hear your thoughts on this.

Wednesday, October 24, 2012

New twist in payment card security

The security breach at Barnes & Noble stores is noteworthy, because of the interesting twist in this story.  We in the payments industry have always believed that online payments were the hairy ones, with payments made at stores safe and secure, especially when you enter your PIN.

The breach at Barnes & Noble retail outlets occurred due to tampered PIN Pads (in less than about 10% of their stores).  Guess what, their online stores are safe and secure.

Key takeaway points to retailers:
  • Nothing is intrinsically safe or unsafe
  • You have to work to make your systems safe, and keep them that way
  • Fraudsters are always out to get you (sounding paranoid, huh!)
Please drop in a note of any other noteworthy points from the above news item.  Would love to hear from you.

Tuesday, November 23, 2010

Card Payments in Turkey: Trends in contactless and mobile payments

This is the last part of a two-part series about card payments in Turkey.  The first part of the series provided a market overview.  This post looks at trends in contactless and mobile payments.
When it comes to contactless space, Turkey is the second country in Turkey after the UK. Number of contactless credit cards have almost reach % 6 of the total number and it seems that the growth will continue. Garanti Bank leads the market here and there are unconfirmed plans that they will migrate all the card portfolio into contactless cards.

Card payments in Turkey: Market Overview

Turkey is a trend-setter in the card payments space.  Understanding what is happening in Turkey could help us understand our own markets.  

Mr Burak Ilgicioglu is the guest writer, and provides an overview of the market and trends there.  Burak has been working on card payment systems since 1994. He has worked for 4 different banks and 2 different payment processors and still working for a bank as the card payment systems analysis manager in Turkey.  He is married with 2 kids. His main areas of interest are smart cards, contactless systems, Visa & MasterCard systems, networks and regulations. He is the creator of the blog focused on contactless systems :

Thursday, October 21, 2010

Visa India

Have you heard of Visa India?  I came across a news article today referring to such a company.  When you visit the Visa site and select India, you go to Visa South Asia section.

I am not trying to make a big deal of this innocuous article.  Given the background about NPCI, quite a few folks whom I interact with suggest that a Visa India (similar to Visa Europe) is a reasonable market response. 

Sunday, September 19, 2010

Interview with Prof Das re: Cashless Payment System in India

The response and discussions triggered by Cashless Payment System in India - A roadmap has been marvelous.  Discussions among payments professionals [in India] have invariably gravitated to debating either suggestions in the report or the broad press coverage the report received.  For sure, the report has helped bring the spotlight to the niche area of electronic payments and its role in an emerging market.

While Prof Das, the author of the report, has been understandably busy, he took some time off to talk with Mr Manju Murthy.  Please find below the excerpts of the conversation:

MM: Why did you feel there was need for this report?

Friday, September 3, 2010

Review of report: Cashless Payment System in India

This post reviews Cashless Payment System in India - A roadmap authored by Prof Ashish Das, IIT Mumbai and Ms Rakhi Agarwal.  This report is a well researched and comprehensive report which is a must read for payments professionals, those who focus on India and others as well.  The report is unbiased and credible as the authors objective has been to identify factors to deliver an effective and efficient retail payment tender for India.  As a professional addressing opportunities in India, I have been waiting for this report for a while now.  The 104-page report did not disappoint.  While I normally do not have much patience (or attention span) for long documents, this report was an easy and quick read.  I encourage you all to read this report.

The summary of the findings are: