Can smart cards reduce payments fraud and identity theft?

In the United States, when a consumer presents a payment to a merchant, the merchant typically makes a request for authorization before accepting the payment. Personal information, such as an account number, address, or telephone number, are often enough to initiate a payment. A serious weakness of this system is that criminals who obtain the correct personal information can impersonate an honest consumer and commit payments fraud. ; A key to improving security-and reducing payments fraud-might be payment smart cards. Payment smart cards have an embedded computer chip that encrypts messages to aid authorization. If properly configured, payment smart cards could provide direct benefits to consumers, merchants, banks, and others. These groups would be less vulnerable to the effects of fraud and the cost of fraud prevention would fall. Smart cards could also provide indirect benefits to society by allowing a more efficient payment system. Smart cards have already been adopted in other countries, allowing a more secure payments process and a more efficient payments system. ; Sullivan explores why smart cards have the potential to provide strong payment authorization and thus put a substantial dent into the problems of payments fraud and identity theft. But adopting smart cards in the United States faces some significant challenges. First, the industry must adopt payment smart cards and their new security standards. Second, card issuers and others in the payments industry must agree on the specific forms of security protocols used in smart cards. In both steps the industry must overcome market incentives that can impede the adoption of payment smart cards or limit the strength of their security.

The Evolution Of Smartcard And EMV Migration In Bahrain

Within the improvement of Information Technology era, many business enterprises, academia institutions and banks in various regions around the world are enthusiastic and looking into the future by producing an all-in-one smart card with Europay, MasterCard and Visa (EMV) protocols for their employees, students or customers. This smart card can be used in different fields such as ID card, debit/credit card, transportations, healthcare, communication networks, loyalty, etc., with high level of security.  This paper gives the reader an overview of the evolution of smart card and the important benefits derived over the existing traditional magnetic stripe card. The paper aims to study the following five key elements: Importance of EMV, EMV Implementation in Bahrain, Obstacles and Constraints, Customer Satisfaction, and EMV Future in Bahrain.  The results of the study reveals that Bahrain is on its approach towards the EMV migration and will definitely be ready for rollout in the coming few years. It was also demonstrated that even though adopting EMV smart card technology may cost the organization a lot, it would be on the other hand very beneficial to them in many different aspects. Furthermore, it was provided that moving toward smart card in general will differentiate Bahrain and will put her among the leader.  This paper can be used as a basis for further researches to improve specific aspects of the evolution of smart card and EMV Migration in the Kingdom of Bahrain or elsewhere. It will also provide a useful input for other local banks and/or organizations that have not proceed towards smart card adaptation yet

New Card Technologies in Retail Banking: Competition and Collaboration in the 1990s

This thesis examines the alternative bank card technologies being considered for retail banking in the UK in the 1990s. Influential organisations suggest that this technology needs updating, and various new technologies are being developed. The thesis identifies the most influential organisations within four groups considered key for retail banking technology: the technology supply industry, the adopting industry, the market and other key players. The observations and analysis in this thesis are based on information provided by each of these four key groups, through written Surveys, face-to-face and telephone interviews, and from a range of written sources. A selection of past and present bank card trials are also described, with particular focus on the introduction of smart card technology. Results confirm that the innovation process in the retail banking industry accords with a highly interactive model, with feedback loops throughout the innovation process. The adopting industry is seen to follow the innovation process in the opposite direction to that experienced in manufacturing industry. Thus, smaller incremental innovations eventually lead to more radical changes which effect complete systems change on a national basis - a ‘reverse cycle’ model of innovation. The thesis analyses the evolution of competitive and cooperative strategies, particularly between banks and their collective organisations, building societies and retailers. The thesis concludes that the dominant institutions driving card technology innovation and standards globally are the international debit and credit card corporations Mastercard, VISA and Europay, operating through their organisation EMV. In the UK, the major clearing banks, and their ABACS organisation, and the large retailers are also key actors. The thesis suggests that smart card is the most likely to be adopted

Host card emulation with tokenisation: Security risk assessments

Host Card Emulation (HCE) é uma arquitetura que possibilita a representação virtual (emulação) de cartões contactless, permitindo a realização de transações através dispositivos móveis com capacidade de realizar comunicações via Near-Field Communication (NFC), sem a necessidade de utilização de um microprocessador chip, Secure Element (SE), utilizado em pagamentos NFC anteriores ao HCE. No HCE, a emulação do cartão é efetuada essencialmente através de software, geralmente em aplicações do tipo wallet. No modelo de HCE com Tokenização (HCEt), que ´e o modelo HCE específico analisado nesta dissertação, a aplicação armazena tokens de pagamento, que são chaves criptográficas derivadas das chaves do cartão original, críticas, por permitirem a execução de transações, ainda que, com limitações na sua utilização. No entanto, com a migração de um ambiente resistente a violações (SE) para um ambiente não controlado (uma aplicação num dispositivo móvel), há vários riscos que devem ser avaliados adequadamente para que seja possível materializar uma implementação baseada no risco. O presente estudo descreve o modelo de HCE com Tokenização (HCEt) e identifica e avalia os seus riscos, analisando o modelo do ponto de vista de uma aplicação wallet num dispositivo móvel, que armazena tokens de pagamento para poder realizar transações contactless

Payment Terminal Emulator

Atualmente, os pagamentos em dinheiro estão a tornar-se menos populares. No entanto, poucas pessoas conhecem a complexidade que se encontra por detrás da inserção do cartão no terminal PoS (ponto de venda), introdução do PIN e recolha do recibo). Esse processo de pagamento é implementado pelas empresas FinTech, que fornecem aos bancos e comerciantes terminais PoS prontos para uso. A fase mais cara e demorada da integração da solução de pagamento é a certificação do software do terminal. Neste trabalho, consideramos o protocolo de comunicação entre um cartão inteligente e um terminal PoS baseado nas especificações internacional EMV (Europay Mastercard Visa), juntamente com suas vulnerabilidades conhecidas. Para melhorar o processo de certificação numa empresa FinTech em Portugal, um software independente foi sugerido para emulação do fluxo de pagamento de EMV completo. Neste trabalho, apresentamos os detalhes sobre a implementação da aplicação 3C Emulator.Nowadays, cash payments are becoming less popular and few understand, what a complicated process stands behind the habitual inserting the card into PoS (Point-of-Sale) terminal. This payment process are implemented by FinTech companies, that provide banks and merchants with ready-to-use PoS terminals. And the most expensive and time-consuming phase of payment solution integration is is the certification of terminal software. In this work we consider communication protocol between a smart card and a PoS terminal based on EMV (Europay Mastercard Visa) international standard, together with its known vulnerabilities. In order to improve the certification process in one Portuguese FinTech company, standalone software for emulation of full EMV transaction workflow is suggested. We present details about implementation of 3C Emulator application

The Forgotten Signature: An Observational Study on Policy of Securing Identity in Prevention of Identity Theft and Credit/Debit Card Fraud at Retail Store POS Terminals

Identity theft and credit and bank card fraud is increasing in America and worldwide. Given the current statistics of its prevalence and practices around the world, many in government are starting to take critical notice due to its impact on a nation’s economy. Limited amounts of research have been conducted regarding the practices of applying the Routine Activities Theory (Cohen & Felson, 1979) to better equip store managers in understanding the critical need for capable and effective point of sale guardianship for in-store prevention of credit or bank card fraud due to identity theft. This research has used qualitative observational studies to investigate the presence of or lack of capable guardianship at point of sales transactions in large department stores where a majority of in-store credit and bank card fraud loss occurs. Findings conclude an overwhelming lack of capable guardianship at retail store POS terminals