Card fraudsters find fertile new territory

Chip and pin was launched amid a fanfare of publicity in late 2004. At a cost of over £1bn, the technology was supposed to stop card crime in its tracks. But less than three years later, it seems the fraudsters are back with a vengeance and British cardholders under attack as never before.

The latest figures from the Association for Payment Clearing Services (Apacs) make sobering reading. Card fraud went up 26 per cent year-on-year to £264m in the first half of 2007.

Apacs says criminal gangs are finding new ways to target cardholders by using stolen or cloned plastic overseas. While chip-and-pin technology marginally cut domestic-based card crime by 4 per cent in the first six months of this year to £155m, card fraud outside the UK jumped by 126 per cent to £109m.

"A couple of years ago, criminals were mainly stealing cards and card details for use in UK shops and cash machines," says Mark Bowerman from Apacs. "But today, because of chip and pin, they have been driven overseas."

Gangs are using bugging devices on till terminals to capture the magnetic-strip information on debit and credit cards, including pin numbers. Counterfeit cards are then used in countries that have yet to upgrade to the new technology, where cash machines do not need to detect the presence of a microchip to authorise withdrawals. These machines simply read the magnetic strip on a card, where data is still stored.

Around £16.7m was spent by card fraudsters in the US – where there are no plans to introduce chip and pin – on cards issued in the UK, according to Apacs. Other countries where cloned plastic is being used regularly include Morocco, Argentina and Canada.

Cloned card usage is also common in continental Europe – including countries such as Spain, Sweden and Romania – where the banking industry has set itself a target of 2010 for completing chip-and-pin rollout.

"The technology is not reducing card crime," says fraud expert Ross Anderson at the University of Cambridge Computer Laboratory. "Before you were only using your pin at cashpoints; now you are using it everywhere – and how are you meant to spot a fake card terminal or one which has been tampered with?"

Apacs says most countries – apart from the US – have plans to introduce chip and pin. But even if the technology does spread worldwide, experience suggests fraudsters merely focus on weak links in the chain.

Cardholders should clearly take steps to protect themselves when making purchases, for example by always keeping their credit or debit card within sight, and shielding the keypad when inputting their pin.

Also on the rise is card fraud committed online, by mail or phone, which soared by 44 per cent in the first six months of this year to a total of £137m. This form of theft is called CNP fraud – "cardholder not present".

"The playing field is getting ever bigger for fraudsters as more retailers are accepting online payments," says Apacs' Mr Bowerman.

Security experts advise people shopping and banking online to have up-to-date anti-virus software and firewalls in place and to only use websites displaying a locked padlock or unbroken key symbol in the bottom left of the screen.