White paper. Biometrics and the mitigation of card-related fraud

Similar documents
WHITE PAPER. Let s do BI (Biometric Identification)

Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011

FREQUENTLY ASKED QUESTIONS

CONNECTICUT IDENTITY THEFT RANKING BY STATE: Rank 19, 68.8 Complaints Per 100,000 Population, 2409 Complaints (2007) Updated November 28, 2008

To all GRSB debit and credit card customers:

Frequently Asked Questions (FAQ) on HSBC Chip Credit Cards

FAQ on EMV Chip Debit Card and Online Usage

WISCONSIN IDENTITY THEFT RANKING BY STATE: Rank 15, Complaints Per 100,000 Population, 9852 Complaints (2007) Updated January 16, 2009

Single Card Model for Hassle- Free Financial Management

Aadhaar. Security Policy & Framework for UIDAI Authentication. Version 1.0. Unique Identification Authority of India (UIDAI)

AUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA

PROGRAM TO PREVENT, DETECT & MITIGATE IDENTITY THEFT

What the Future of Online Banking Authentication Could Be

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

Security enhancement on HSBC India Debit Card

IDRBT Working Paper No. 11 Authentication factors for Internet banking

BUSINESS ONLINE BANKING AGREEMENT

BANK OF BARODA (NEW ZEALAND) LIMITED (BOBNZ) VISA CLASSIC DEBIT CARD. User Guide

A multi-layered approach to payment card security.

Payment Systems Department

FUNDS TRANSFER AGREEMENT AND DISCLOSURES

MISSOURI IDENTITY THEFT RANKING BY STATE: Rank 21, 67.4 Complaints Per 100,000 Population, 3962 Complaints (2007) Updated January 11, 2009

Yes, your card will expire at a given date, which is printed on the front of your card.

Payment Fraud Statistics

Market Intelligence Cell. Fighting Financial Crime

CRM4M Accounting Set Up and Miscellaneous Accounting Guide Rev. 10/17/2008 rb

Biometrics: Advantages for Employee Attendance Verification. InfoTronics, Inc. Farmington Hills, MI

Reducing Fraud whilst Keeping Transactions in Motion

With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful.

Aadhaar. Authentication Framework. Version 1.0. Unique Identification Authority of India (UIDAI)

Be Safe, Smart and Secure: Simple Ways to Protect Your Identity and Your Money

ELKHORN RURAL PUBLIC POWER DISTRICT POLICY #1230. Identity Theft Prevention Policy

ATM FRAUD AND COUNTER MEASURES

The Merchant. Skimming is No Laughing Matter. A hand held skimming device. These devices can easily be purchased online.

First Citizens' Federal Credit Union 200 Mill Road, Suite 100 PO Box 270 Fairhaven, MA

The best of both worlds Low interest and convenience.

[FACILITY NAME] IDENTITY THEFT PREVENTION PROGRAM. Effective May 1, 2009

W.A.R.N. Passive Biometric ID Card Solution

Card and Account Security. Important information about your card and account.

Credit Cards CARD TRANSACTIONS AND YOU. Credit Cards. A consumer education programme by:

Framework for Biometric Enabled Unified Core Banking

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

POLICY NO. 449 IDENTITY THEFT PREVENTION POLICY

Policy for Protecting Customer Data

ENHANCING ATM SECURITY USING FINGERPRINT AND GSM TECHNOLOGY

MASSACHUSETTS IDENTITY THEFT RANKING BY STATE: Rank 23, 66.5 Complaints Per 100,000 Population, 4292 Complaints (2006) Updated January 17, 2009

cardholder USER GUIDE Purchasing

Using Real Time Interactive Notifications to Effectively Fight Fraud, Accelerate Resolution and Increase Customer Loyalty

EMV and Small Merchants:

EMV EMV TABLE OF CONTENTS

Merchant Best Practices & Guidelines

"You" and "your" mean the account holder(s) and anyone else with authority to deposit, withdraw, or exercise control over the funds in the account.

Biometrics for payments. The use of biometrics in banking

Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online.

UNIVERSITY OF CALIFORNIA, MERCED Red Flag and Security Incident Reporting Policy

Security Upgrade FAQs

Debit Card Transfers

DBS Bank (China) Limited Debit Card Users Guide

Checking Account & Debit Card Simulation and Student Worksheet. Understanding Checking Accounts and Debit Card Transactions

What is a Checking Account? Checking Account & Debit Card Simulation. What is a Check? Bouncing a Check. Other Checking Components

DIAMOND NAIRA VISA DEBIT CARD. Your Bank

Protecting the POS Answers to Your Frequently Asked Questions

TERMS AND CONDITIONS FOR THE ICICI BANK INDIAN RUPEE TRAVEL CARD

Regulation E Electronic Funds Transfer Agreement & Disclosure

Another Legal Guide from Bonallack & Bishop Solicitors

Electronic Funds Transfer - Your Rights and Responsibilities ELECTRONIC FUND TRANSFER AGREEMENT AND DISCLOSURE

Driving License. National Insurance Number

esign Online Digital Signature Service

MARYLAND IDENTITY THEFT RANKING BY STATE: Rank 10, 85.8 Complaints Per 100,000 Population, 4821 Complaints (2007) Updated January 29, 2009

Frequently Asked Questions

Understanding and Combating Online Fraud in 2014

Deterring Identity Theft. The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year.

USDA: Handling Fraud and Disputes. Deanna Hanson CPS Fraud Support Analyst

ATM Card Application

FFIEC CONSUMER GUIDANCE

An Oracle White Paper July 2010 U.S. CARD FRAUD

Intercepting your mail. They can complete change of address forms and receive mail that s intended for you.

CREDIT CARD PROCESSING GLOSSARY OF TERMS

Protect yourself against fraud

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Testimony of Scott Talbott, Sr. V.P. for Government Relations, Electronic Transactions Association (ETA)

DEBIT MASTERCARD APPLICATION

IMPORTANT ACCOUNT INFORMATION FOR OUR CUSTOMERS from. The Roscoe State Bank 117 Cypress St. Roscoe, TX (325)

IMPORTANT ACCOUNT INFORMATION FOR OUR CUSTOMERS from

IDENTITY THEFT WHAT YOU NEED TO KNOW. Created by GL 04/09

COLORADO IDENTITY THEFT RANKING BY STATE: Rank 8, 89.0 Complaints Per 100,000 Population, 4328 Complaints (2007) Updated November 28, 2008

Newhall County Water District N. Pine Street P.O. Box Santa Clarita, CA Telephone: (661) Facsimile: (661)

Credit/Debit Card Processing Requirements and Best Practices. Adele Honeyman Oregon State Treasury Training Specialist

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )

Information to Protect Our Customers From Identity Theft

RHODE ISLAND IDENTITY THEFT RANKING BY STATE: Rank 34, 56.0 Complaints Per 100,000 Population, 592 Complaints (2007) Updated January 5, 2009

AIB Merchant Services AIB Merchant Services Quick Reference Guide Ingenico

Visa Merchant Best Practice Guide for Cardholder Not Present Transactions

Independent Bank 230 W Main St Ionia, MI ELECTRONIC FUND TRANSFER AGREEMENT AND DISCLOSURE

The Webster Visa Prepaid Debit Card Frequently Asked Questions

Application of Biometric Technology Solutions to Enhance Security

May For other information please contact:

ELECTRONIC FUNDS TRANSFER SERVICES PROVIDED

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures

Frequently Asked Questions: Identity Theft Red Flags and Address Discrepancies

Transcription:

White paper Biometrics and the mitigation of card-related fraud The Aadhaar scheme, primarily envisaged to provide every resident proof of identity, holds a great deal of promise for other applications as well. The banking sector, especially, stands to gain immensely from effective implementation of this project. The Aadhaar card, which will bear an individual s biometric data and serve as a unique ID, can potentially help mitigate a multitude of banking-related problems, such as identity theft and credit and debit card fraud, to name a few.

Facts and figures The financial services sector, comprising banks, insurance companies and other non-banking financial companies (NBFCs), has always been vulnerable to fraud. By definition, bank fraud refers to the criminal offence of knowingly executing or attempting to execute a scheme or artifice to defraud a financial institution or to obtain property owned by or under the control of a financial institution by means of false or fraudulent pretenses, representations or promises. Data compiled by the Reserve Bank of India throws up astounding figures, pegging monetary losses due to credit card fraud at about INR 948.64 lakhs in the quarter ended December 2012, a massive increase over the INR 492.98 lakhs for the quarter ended September 2012. The corresponding number of fraud cases during the two quarters was 1,590 and 1,327 respectively. Types of fraud By and large, the most common types of fraud that an individual is susceptible to can be classified as Electronic Fraud, Identity Theft, Credit/Debit Card Fraud and Cheque Fraud. This paper will focus primarily on the whys and wherefores of credit and debit card-related fraud, ways to address them and most importantly, the means of prevention. More on card-related fraud The advent of credit and debit cards in India brought with it the attendant risks. Card-related fraud was initially limited to unauthorized usage of stolen or lost cards. As card usage gained popularity and prevalence, so did the incidence of fraud and the ingenious methods employed in its perpetration. Advancements in technology that aided banking processes were in turn used to swindle unsuspecting people. Today, perpetrators have a whole repertoire of card frauds. Card reading devices are used to capture electronic data from the magnetic stripe on the card, which is then used to create duplicates. This, in banking parlance, is referred to as skimming. Oftentimes, hidden cameras or false Personal Identification Number (PIN) pads are used to obtain personal access codes for debit cards. Fraudsters also intercept cards being transported through courier and retrieve sensitive information pertaining to an individual s account and card details. Unscrupulous merchants may also use cards to replicate a transaction already carried out at their establishments. Information from the stolen card is used to place a request for a new card, resulting in identity theft. Helpful tips to prevent card loss/fraud With due care and common sense, the majority of credit/debit card frauds can be averted. The first thing to do upon receiving a card is to sign on the reverse side. Apart from being vigilant of their belongings at all times, cardholders need to be mindful of their surroundings while using their cards. At ATMs or merchant establishments, they should use their hand or body to shield the PIN from onlookers. They should keep an eye on the card and never let it out of sight. Upon completion of the transaction, they must double check that the card is safely back where it belongs. It is also important to procure the transaction record and retain it for future reference. Timely verification of account balances with the billing statements can confirm that all transactions have been documented. Any discrepancies need to be addressed promptly. Lost cards or those left behind in the ATM should be reported without undue delay. Most banks have customer service help lines that can be contacted at any time of the day or night. PINs should be committed to memory and never disclosed to anyone. It is advisable to choose a unique number entirely unconnected to other personal numbers such as one s telephone number, date of birth or the like. Telephonic or online transactions should be conducted with utmost care and credit/debit card numbers or other personal details should never be given away, unless when dealing with a trusted merchant. Credit card statements should be scrutinized carefully and any unauthorized transactions should be intimated to the card issuer promptly within 30 days of receipt of the statement or any other time limit specified by the bank. Failure to do so would be deemed as agreement to pay the outstanding amount. It is therefore important to keep the bank and card issuer updated on current contact details. What banks can do While it is primarily the cardholders responsibility to safeguard their cards, banks also need to take proactive measures to hedge their risk of contingent losses due to fraud and put in place an enhanced system of checks and balances. One such effort is the CBI s Bank Case Information System (BCIS), which will include the name of bank fraudsters. The database will be made accessible to field functionaries in the banking sector and will help banks to keep a check on the fraud committed by known fraudsters. 2 Infosys

Technology also plays a key role here by minimizing the incidence of card related fraud. It is in this context that the Unique Identification Authority of India-implemented biometric identity card called Aadhaar can be used as an additional security layer for most card based transactions.

The UIDAI angle Technology also plays a key role here by minimizing the incidence of cardrelated fraud. It is in this context that the Unique Identification Authority of India-implemented biometric identity card called Aadhaar can be used as an additional security layer for most cardbased transactions. Biometrics in banking With this unique identity card set to become mandatory for opening of new bank accounts and eventually for all existing ones as well, card payment mechanisms can be tweaked to incorporate an individual s biometric data. For instance, at ATMs and card swiping machines, apart from the PIN, an individual s fingerprint and/or retina can be scanned before the transaction is completed. This ensures that the person in possession of the card is indeed its rightful owner. In case of any mismatch, the system can abort the transaction and raise a red flag in the form of a text message to the registered mobile number, so that the concerned individual can take appropriate action. So as to tide over any technical snags in recognizing biometric data, there should be an override option whereby the cardholder receives a one-time password (OTP) in order to complete the transaction, as in the case of net banking. Successful completion of the transaction should, as always, be communicated to the account holder s registered mobile number. To enhance this further, the system should always randomly prompt the fingerprint to be authenticated with an option for the user to reset it X number of times ( X to be decided by the banks) at which time the system should request for another fingerprint to be verified. This would help avoid inconvenience to genuine users who, for various reasons such as an injured finger might not be able to authenticate a particular biometric requirement, which would result in a mismatch and consequently, a failed transaction. Biometrics demystified While on the topic of biometrics, it might be worthwhile to examine what exactly it means. By definition, biometrics refers to an automated system that can identify an individual by measuring physical and behavioral uniqueness or patterns and comparing them to those on record. Biometric systems typically work with fingerprints, retina, DNA etc. With the unprecedented spurt in Internet-based businesses and the growing need for accurate verification of an individual s identity, biometrics presents itself as a simple and convenient solution. The various types of biometric technology available include facial and fingerprint identification, hand geometry, iris and retina recognition, DNA testing etc. Benefits of biometrics in banking The move to integrate biometric technology with the existing banking setup can prove to be extremely beneficial, despite major challenges in terms of upgrading systems and processes. The most obvious advantage would be the significant reduction in credit/debit card fraud. Unauthorized usage of cards can be mitigated as there would be a system in place to double check a person s identity. Such a system would also necessitate the presence of the cardholder at the time of transaction, thereby discouraging card theft. Thanks to the unique nature of the biometric parameters, which are impossible to forge, any attempt at card misuse would be effectively thwarted. The road ahead With the Aadhaar wheels set in motion and the entire project slated for completion in a couple of years, banks need to work handin-hand with the UIDAI to integrate the two entities to help create a safer banking environment. Besides creating huge monetary savings, this would also foster a feeling of security and trust towards banks and banking in general. References 1. businesstoday.intoday.in/story/creditcard-fraud-tips-prevention-debitcard/1/22667.html 2. www.anz.com/personal/ways-bank/ security/online-security/threatsbanking-safety/fraud-types/ 3. www.indianexpress.com/news/creditcard-frauds-amounts-to-rs-948.64-lakhin-dec-quarter-govt/1083433/ Rekha Hansraj Thakkar Senior Consultant, Product and Domain Consulting, Finacle, Infosys 4 Infosys

About Infosys Finacle Infosys Finacle partners with banks to transform process, product and customer experience, arming them with accelerated innovation that is key to building tomorrow s bank. For more information, contact finacleweb@infosys.com www.infosys.com/finacle 2013 Infosys Limited, Bangalore, India. All Rights Reserved. Infosys believes the information in this document is accurate as of its publication date; such information is subject to change without notice. Infosys acknowledges the proprietary rights of other companies to the trademarks, product names and such other intellectual property rights mentioned in this document. Except as expressly permitted, neither this documentation nor any part of it may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, printing, photocopying, recording or otherwise, without the prior permission of Infosys Limited and/ or any named intellectual property rights holders under this document.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information