New wave of microchip credit cards – to tackle fraud
Local banks are looking into the costly task of switching from the current credit card format to one embedded with a microchip. Chief Manager of Commercial Bank's Card Centre, Lakshman Perera told The Sunday Times FT that in order to bring down fraud levels, it is better for banks to go into this.
However, according to him, the initial cost involved will be enormous. In 2006, the government urged banks to consider introducing microchip embedded credit cards and now MasterCard and Visa, two of the largest global companies that manage credit cards, are also putting pressure on local banks.
The government's push was instigated by an incident in 2006 in which credit card information was fraudulently acquired or 'skimmed' from the UK and millions of rupees were subsequently withdrawn from automated teller machines (ATM's) in Sri Lanka. It was feared that the money was going into the wrong hands.
If banks are to comply, ATM's and point of sale machines island wide will have to be upgraded. Thusitha Suraweera of the Commercial Bank's Card Centre said that credit cards currently in use have a magnetic stripe which is susceptible to skimming. In other words, fraudsters are able to capture the information contained in the stripe through the use of another small pocket sized electronic device. They are then able to create another credit card and use it to perform transactions. Suraweera said banks cannot identify if the data from the transaction is from the genuine card or from the cloned card. Microchip credit cards will have the same information contained in the magnetic stripe of current cards but in addition, they will contain secret keys, codes, encryption algorithms and other security features designed to prevent fraud.
With microchip credit cards, fraudsters do not have the technology to clone the chip. "If such a thing happens, the system is designed in a way that it can be detected immediately." The magnetic stripe credit cards have been in circulation for the past 30 years. Suraweera explained that for this region, Malaysia has been subject to the mass scale credit card fraud. "Fraud levels in Malaysia were so high that they mandated to go into the chip environment," he said. "The guys who commit fraud then move out of Malaysia and into other countries like Australia, India, Hong Kong, Singapore, Macau and Sri Lanka where data of cards used in certain places have been compromised."
In addition to upgrading the ATM's and point of sale terminals, the way in which credit cards are created will also have to be upgraded since cards will have to be embedded with the chip. MasterCard is mandating these changes in the region whereas Visa is 'encouraging its members.' According to Suraweera, Visa is saying it is a business decision due to the high costs involved with the banks. In other words, if credit card fraud is a critical problem, it would be prudent for banks to shift to the new technology. In addition, the card business is split into two parts, the issuer and the acquirer who is the partner that owns the ATM terminal and processes the transaction. "If one party has the chip technology and the other does not, the party without the technology has to take the hit."
Currently, the UK is using the microchip embedded credit cards. Malaysia, South Korea, Japan and Hong Kong are also extremely advanced on chips. The US has so far rejected the use of microchips but as Suraweera pointed out the US has a far better law enforcement system for catching criminals engaging in credit card fraud. "Law enforcement in Sri Lanka is still not that good." Furthermore, a microchip credit card will cost around US$1.5 to US$2. "With the income disparity between Sri Lanka and other countries, the cost is high for us but not for them."
Suraweera says banks will eventually have to adopt this new technology or risk being left behind. "It will take about a year and a half to two years but things have to start moving. There has to be acceptance for it to start moving." He also said that the government must give banks some incentives and tax concessions, considering the staggering costs of undertaking such an operation. Chief Manager Perera said that fraud levels have not been enormous unlike in Malaysia but said in the coming year, the bank will start looking at the cost factors and get pricing from hardware and software vendors. "It's a total technical change." (NG)