The big bank cyber cover-up

15 04 2015

Something that I have long suspected (and been aware of) is that banks don’t like admitting when money goes missing. It doesn’t matter if it is their money, or yours and mine, the point is if anything goes missing it looks bad for an institution that is supposed to be your secure holder of money. It really doesn’t matter the circumstances either, be it with a dodgy employee doing something naughty at the cashier’s desk, or customers being subjected to cybercrime and fraud, the fact is the bank won’t report it…This thought of mine is backed up by a statement made by the City of London Police chief Adrian Leppard, claiming that he believes up to 80% of online crime goes unreported. Have a read of this article in finextra http://www.finextra.com/news/fullstory.aspx?newsitemid=27226

The challenge

So why is cybercrime growing so massively? The simple fact is, something I’ve been complaining about for a long long time now, is that no matter what you do, you cannot secure something that is inherently not secure. What do I mean? Well card details are not secure. They are printed on the thing, nothing sophisticated is needed to get hold of card details at all. This means card schemes, banks, payment service providers, online payment gateways, businesses, all have to spend vast amounts of money on trying to prove that those card details (at the point of a purchase) are in the hand of the owner. The simple fact that I can get those card details so easily, means that for a person willing to undertake some cyber fraud or card fraud in general, it’s easy, it’s a weak point in the system.

My point is proven even when you add technology upon technology upon technology. Just look at the recent issues with Apple Pay. Apple, claiming the system is so secure is actually not a million miles away from the truth, if Apple could secure the card details that were added to the device, but since these are not secure in any way shape or form, it’s easy to just add other peoples card details to my own Apple device and away I go…

The solution?

The solution is so blatantly simple it frustrates me. Move away from Cards! We don’t move away from cards because of the cost of the card scheme infrastructure, an infrastructure that is so massively outdated in today’s cyber world. Card schemes are simply easy pickings for cyber fraudsters.

When I say move away from cards, I don’t mean just replace the physical card with your phone, ala Apple Pay, I mean ditch the scheme itself. There really is no need for a card to be required in a transaction, this is proven by a number of mobile payment technologies out there that move away from card schemes and look at their own scheme effectively, utilising “e-money”. These businesses / schemes have a massive opportunity to provide security that simply removes fraud, build technology built with modern day living security in mind, and all of a sudden, the fraudster’s life is much much harder. If you detach from the dependency on a card scheme, you have payment systems that are secure, you reduce fraud, you reduce risk, and you drastically reduce the cost of a transaction for a business, and ultimately the cost of products / services consumers purchase.

The only issue, business adoption, educating businesses of the benefits to them, the cost savings and the difference in user experience. That’s the massive challenge, something why mobile payment start-ups are failing. Business owners simply don’t have the time to be educated on this stuff….

So the company that cracks that nut, could get a new scheme out there and start reducing the levels of cyber-crime….Sure the banks eventually will like that idea!

Advertisements

Actions

Information

3 responses

15 04 2015
Max J. Pucher

Hi Andrew, the problem is a legal one. Today the card user or the card issuer is responsible for misuse in most cases. Make the one who accepts the card responsible and automatically businesses will use the most secure payment scheme.

15 04 2015
Andrew Smith @Tapsley

Hi Max, that’s not right. In the UK the business is responsible for the chargeback. They suffer massively but have no other choices.

15 04 2015
Andrew Smith @Tapsley

And to add to that point Max, businesses are out of pocket in a big way. http://www.finextra.com/news/fullstory.aspx?newsitemid=27228

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: