Credit card fraud places a major cost burden on the payments industry and, hence the buying public. In Australia, fraud payouts and investigations cost the banks over $400m. Worldwide, it’s over $5 billion. So, given today’s secure technologies, why is card fraud still tolerated?
The more cynical might say that they haven’t fixed it because they can pass on the cost to their customers (you all know who “they” are). But the payments market is in a rapid state of flux as evidenced by how quickly contactless payments took hold, so the time is right for innovators to solve this problem.
The problem with today’s payment technology is that it was never designed for today’s mobile and cloud-based world. The technology was designed over 30 years ago to protect in-store card-present transactions. There have been a few modern enhancements, like contactless and EMV chips, but the underlying security paradigm remains.
When you swipe or insert your card in a terminal then enter your PIN, an encrypted authorisation message is sent to the card issuer for verification. The issuer then sends back a message approving or declining the transaction. That’s all well and good, but it only protects against fraud when the card is present.
For card-not-present transactions on the internet, there is no equivalent solution. If the card PAN and CVC are captured, they can be reused to fraudulently authorise purchases from internet merchants. There’s also “man-in-the-middle” and “man-in-the-browser” fraud, which involves capturing and then reusing the card details from websites or replacing the destination details where funds are deposited.
And so, for as long as electronic payments and security are based on plastic card technology, fraud will continue to thrive.
Securing peer-to-peer (non-card) payments is easy: there are plenty of secure technologies available. The bigger challenge is to develop one security process that secures all payments, including card payments. Card payments currently make up 98% of all in-store and online retail payments, so unless the solution encompasses cards, the impact on costs and fees will be minimal.
But it is solvable. In fact, it’s been solved by Bluechain.
Bluechain is built on a brand new security paradigm that eliminates unauthorised card use, man-in-the-middle, and man-in-the-browser fraud. But what is so revolutionary about Bluechain’s security solution is that it works just as effectively with the old card technology as it does with the latest peer-to-peer mobile payment systems.