Taking chip-and-PIN further

Contactless payments and near-field communications are the next steps for card technology

Wireless pinpads are widely judged to have been a success

This month marks the two-year anniversary of chip-and-PIN credit and debit cards in the UK.

The technology is widely seen as a success, and face-to-face card fraud levels are down 47 per cent since 2005.

But further developments are needed to keep up with increasingly sophisticated scam techniques. For example, card-not-present crime is still on the rise: up 16 per cent in 2006 and now valued at £213m annually.

“Chip-and-PIN has given a lot of confidence to customers and it has been very successful in reducing face-to-face fraud,” said a spokesman for Apacs, the banking industry group.

“But the level of counterfeit transactions made online and abroad is still increasing.

“And as chip-and-PIN becomes more available in Europe, UK-issued magnetic stripe cards have been used by fraudsters in countries such as the US.”

Fraud using the magnetic stripe is one of the biggest problems, and card issuers are struggling to find a solution, according to Deloitte security and privacy services director Nick Seaver.

“Banks could totally eliminate both the stripe and the number printed on the front of the cards ­ which are two valuable pieces of data for fraudsters,” he said.

“But then customers would have to have another magnetic stripe, to use in countries that do not have chip-and-PIN, so it is security versus convenience.”

Two-factor authentication schemes ­ where a user needs both something they have and something they know ­ are a key element of some of the big banks’ attempts to address online card-not-present fraud.

Barclays, Lloyds TSB and Royal Bank of Scotland (RBS) all have two-factor systems that give customers automatically-generated one-time passcodes, to use in conjunction with the password they already know. And Nationwide is due to start a three-month trial covering one million customers next month.

“The readers provide an additional layer of security to protect our members from fraud by authenticating the customer as genuine,” said a Nationwide spokeswoman.

“The initiative will not strengthen the use of chip-and-PIN, but uses the technology in another way,” she said.

The problem with two-factor schemes is their impracticality, said EA Consulting Group director Robin Bearne.

“The fact that each issuer of cards will use a different authentication device means that a customer with three cards could end up with three different devices in their pockets,” he said.

Alongside banks’ anti-fraud schemes, there are two main developments for the next generation of payment cards.

Contactless systems enable users to hold their card up to a reader to take money out of a cash machine or make low-value payments.

In July, Barclaycard started issuing a multi-function card including standard chip-and-PIN, Oyster travel card and Visa “wave and pay” contactless payment.

RBS is also rolling out the technology to customers in the London trial area. And Lloyds TSB started a multimillion-pound pilot in January, ahead of plans to create a cash-free environment for the 2012 Olympics.

The chief benefit of contactless payments is efficiency, said Mastercard head of strategy Oliver Steeley. “Contactless is a way to balance risk, with speed and convenience,” he said.

The other main development is near-field communications (NFC) ­ a wireless technology based on a storage “tag” inside a device, such as a mobile phone, that can be used as a car key, electronic wallet, ticket or travelcard.

The big mobile companies are developing a global standard for the technology. In the UK, O2 is working with two banks - First Direct and Lloyds TSB ­ to provide cashless payments and mobile banking services.

“Customers are demanding alternative ways of communicating, and a richer mobile experience is an integral part of the strategy of our clients in the banking sector,” said O2 channel business manager Mark Coby.

Chip-and-PIN: the numbers