Debit cards and credit cards have become an integral part of our daily lives. In September 2016, there were 1.3 billion card transactions which amounted to £57.4 billion. But, what exactly makes up our payment cards and how secure are they when we use them?
There are three different things a potential fraudster would be looking to get their hands on:
- The magnetic strip
- The chip
- The long card number (PAN), along with the expiry date and 3 digit security code.
Front of a payment card:
The chip carries an equivalent to what’s on the magnetic strip. When you put the chip into a machine to make a payment, that information is then transmitted the same way as a magnetic strip. If the data is not properly protected in transit, it can be stolen.
Chip and pin machines (also known as PDQ's) are very difficult to hack or physically manipulate, which makes them less of a target for criminals. These chip and PIN machines have so much effort put into protecting them that they are basically bullet proof.
Long card number/Expiry date/Security code
The easiest way for fraudsters and hackers to get this data is to simply wait for us to input it into a website. Using different types of Malware, they’re able to obtain sensitive data and use it for their benefit.
Back of a payment card:
The magnetic strip
The magnetic strip is located on the back of the card, at the top. The magnetic strip contains everything a criminal needs to be able to clone your card. Within the data stored is your long card number, the expiry date and your 3 digit security code.
Before the days of chip and PIN, merchants would swipe your card down the side of a machine. The data was then transmitted away to complete a transaction. If this transmission was intercepted by a third party, they would be able to steal your cards data.
They could do this by manipulating the physical point of sale terminal. The introduction of chip and PIN all but wiped out this form of payment fraud.
Online based fraud is rife in today's world. In 2016, 277 banks and businesses recorded 173,000 instances of fraud in the UK, which equates to 473 cases every single day.
They used to have to physically take the card and then spend it. Now somebody can sit in a cafe with a WiFi connection and steal as much data as they like. It's much more difficult to prosecute them and they can't be seen because its all done remotely.