Payment Cards (Cards) are special cards issued by financial institutions (FIs) to customers to enable them access funds in either their bank or credit accounts, make payments by electronic fund transfer, and access ATMs. Most FIs in Ghana issue Visa, MasterCard, E-Zwhich and Gh-Link cards, whilst others issue their own proprietary cards.
Cards have many benefits, but their use come with associated risks. With the increase of non-cash payment systems, cards are gradually becoming one of the primary payment media in Ghana. As their use increases, so does the likelihood of fraud activities.
Payment Card fraud (PCF), which is a form of identity theft, is defined as gaining unauthorized access to someone’s card information and using it for financial gains. PCF can either occur offline or online. It is offline when the fraudster uses a physical card for unauthorized transactions. It is online when it occurs via internet, phone or fax; where only card details are needed during transactions.
Aside the billions of dollars lost globally due to PCF, consumer confidence in non-cash payments systems and the reputation of card-issuers are also affected. According to Unisys Security Index, PCF compared to terrorism, health and safety, is the number one fear in U.S.A.
PAYMENT CARD STATISTICS
According to the 2017 World Payments Report, card transfers were the leading digital instruments in 2015. The total number of debit & credit card transactions reached 287 billion in 2015.
According to the Bank of Ghana (BOG) Payment Systems Oversight, Annual Report, about 9.4 million cards were issued by banks in Ghana in 2016 alone. The total volume of card transactions in 2016 was about 54.3 million, amounting to GH¢14.2 billion in total value.
According to The Nilson Report, US$ 22.80 billion was lost globally due to fraud in 2016 and predicted, this will increase to US$ 32.96 by 2021.
Incidence of PCF do occur in Ghana but are barely reported and thus receive less media publicity. According to BOG, PCF was one of the main cases of the 1,001 reported fraud incidence in Ghana in 2016.
HOW FRAUDSTERS OBTAIN CARD INFORMATION
Fraudsters steal cards to obtain information to commit fraud. PCF is most often a result of a lost or stolen wallet or purse. Friends, relatives and co-workers can also steal personal information for same. Fraudsters look over the shoulders of unsuspecting individuals who are performing transactions to obtain personal information. They can also search through garbage for pieces of personal information.
Criminals can hack into electronic databases of merchants, card processors, or payment gateway service providers to gain access to customer personal information that can be used to commit PCF. They can also intercept mail to steal newly issued payment cards details and bank statements.
Fraudsters can create genuine-looking emails or SMS that appear to be from legitimate sources to persuade card users to provide sensitive card and personal information.
The data held in the magnetic strip on the back of some cards can be skimmed (copied) and used to make purchases where the card itself is not present. It can also be used to manufacture cloned cards.
Fraudsters search for sensitive personal information of their victims on social networks to commit identity theft. Also, since most individuals use the same passwords for different accounts, if fraudsters can get your user credentials for any of your social media accounts, they have a good chance of gaining access to your bank account and any other sensitive system.
Corrupt, dishonest and disgruntled employees with access to sensitive data can expose card related information to fraudsters.
THE SOLUTION
Consumers need to be properly educated on the need to provide adequate security for their cards.
Merchants need to verify the validity of payment information by checking both the cardholder’s identity and the card’s authenticity.
Fraud should be suspected if the user involved is a first-time shopper, ordering unusual quantities of items, buying items with high resale value or performing multiple transactions on one card in a short period.
Technology solutions can be employed to prevent and detect fraud. The Europay, MasterCard and Visa (EMV), Chip and PIN standard needs to be adopted by FIs, since it has proven to be successful in reducing PCF. Several data mining techniques can also be used to detect fraud.
To prevent data breaches and mass data compromise, FIs need to be Payment Card Industry Data Security Standards (PCI-DSS) compliant. The PCI-DSS, which has become the de-facto international best standard for payment card security, has in place requirements to help organizations that transmit, store or process payment card data to adequately secure card information.
CONCLUSION
FIs, merchants and card users need to provide optimum security to safeguard payment cards. The BOG needs to strictly enforce its directive (In 2016) to all banks to be PCI-DSS compliant. BOG needs to help save the colossal amounts of money lost annually due to PCF and increase consumer confidence in the payment card system.
Author: Sherrif Issah – (IT Consultant and Member: Institute of ICT Professionals, Ghana)
For comments, contact author mysherrif@gmail.com Mobile: +233243835912.