The U.S. has overtaken France as the number one place where fraudsters can convert U.K. credit and debit card details into cash, according to a U.K. banking trade group.
To blame is the absence in the U.S. of “chip-and-pin” technology, where credit and debit cards with an embedded microchip are authenticated with a PIN (personal identification number) during purchases and cash-machine withdrawals, said Jemma Smith, spokeswoman for the Association of Payment Clearing Services (APACS).
As a result, fraud involving U.K. cards overseas jumped a staggering 126 percent for the first six months of this year over the same period last year, according to the latest figures from APACS, released on Wednesday. On a brighter note, domestic fraud conducted during face-to-face transactions fell 11 percent, the group said.
Criminals often commit fraud by copying the magnetic stripe on the back of a card and obtaining a person’s PIN. They do this by installing “skimmers” — unobtrusive devices attached to a cash machine that read a person’s card details, as well as using small cameras to capture PINs, Smith said.
But most U.K. banks block transactions on cash machines with cards that lack the microchip, which prevents someone from making a fake card with the magnetic stripe details captured from the skimmer, she said.
The U.S., however, has not deployed chip-and-pin technology, so criminals are capable of withdrawing money from cash machines there. In 2006, U.S.-based fraud using U.K. cards amounted to £16.7 million (US$34 million), Smith said.
France used to be a prime destination, but is now less so as the country has mostly replaced its own proprietary chip-and-pin technology with the one now widely used through Europe, Smith said. Other countries where U.K. card details were frequently used are Spain and Italy.
APACS also reported a 44 percent rise in number of card-not-present frauds, where credit-card details — obtained through phishing or other scams — are used to buy goods online where the merchant never sees the card. But merchants and card companies are trying to shore up their e-commerce security.
About 20,000 U.K. merchants, which represent about a third of those who do business online, have integrated an additional password check into their sites, Smith said. The systems, including MasterCard SecureCode and Verified by Visa, directly connect a cardholder with the issuer for password verification before a transaction.
The systems reduce the possibility that retailers will get charged when the credit-card company reclaims money from the retailer for processing a fraudulent transaction.