Digital economy: Advantages and dangers

Money and credit are what fuels an economy both for an organisation and the individual. Technology has increased the velocity with which money moves through the entire system speeding up the growth of GDP for the country and income for the individual.

Initially monetary transactions were either in cash or put through the bank using various instruments like cheques, drafts, or wire transfers. Most of these transactions required a physical visit to the bank by the end user and the transaction was between verified entities.

With technology products like internet, mobile, credit cards, digital wallets the transaction methods and parties have exploded.

Today with automatic toll collectors and similar technology, financial transactions are carried out even without any human intervention. With digitisation and auto-payments enabled the burden on humans to make financial transactions have dramatically reduced.

As the global economy races towards GDP of $ 149 trillion, by 2021, more and more transactions are digital transactions. However, as technology enables financial transactions using complex layers of software and hardware the end user has deceptively simple interfaces to operate.

The increasing complexity of the underlying technology has opened opportunities for technically savvy people to commit frauds. It is estimated that the total of 6 trillion US$ will be the worldwide money lost to cybercrime. That is equal to the GDP of a significantly large country like Japan. 

Most end users are exposed to fraud when they encounter compromised, internet banking accounts, mobile banking, or credit card frauds.

Most of these frauds take place with stolen credentials of end users. Daily reports that gloss the headlines of newspapers with stunning frauds, make most of us wonder how these humongous frauds are committed. What are the actual ways in which these exploits are carried out? Is there no defence against these frauds?

The basics of most fraud involve stealing credentials, duplicating the same and using them to carry out transactions which were never authorised by the end user.

Let’s take credit cards and see what actually a cyber-criminal does to commit a fraud.

In the early days of credit card usage all a criminal had to do was duplicate the card and learn to fake the signature. This was fixed by technology of magnetic stripe cards, which stored information about an additional level of security the pin number. Thus to carry out a transaction at a point of sale machine (POS) at a merchant the user’s card is swiped on the terminal and then after the transaction amount is entered the user enter his personal identification number (PIN) to authorise the transaction. The bank which issues the credit card compares the PIN number with what the user has created and authorises the transaction.

This created an additional level of security which prevented a fraudulent transaction in case the card was lost or duplicated by anyone else. However with the proliferation of technology it became easy for cybercriminals to get their hands on equipment to program magnetic strip. The only thing then needed for the ability to have access to the original magnetic card. With the help of card skimming equipment it allowed a small device to be attached to POS devices and ATM devices to read the information on the magnetic strip and acquire the PIN in case of POS machine by a reader inside and in case of ATM with miniature cameras outside.

With this the cybercriminals were able to defeat the magnetic strip card technology. 

To counter this in 1993 Europay, MasterCard and Visa (EMV) got together to create a technology which would be difficult to defeat by duplication of cards. The original idea was to remove the cost of international calls involved in validating the old credit card which required authorisation for large transaction amounts. However, since along the way card skimmers were also put to use by cybercriminals the same technology was useful. EMV technology is essentially a semiconductor chip which is put into the credit card. Since it is next to impossible for a cyber-criminal to invest in making a chip, duplicating a card was a huge hurdle.

EMV technology can work both as a card which can be interfaced with contacts made to the chip through the metal terminals available on the surface of the credit card or through contactless interface like Near Field Communication (NFC). EMV technology allows the POS to acquire basic information as card holder name, expiry date, and list of applications on the card. Next it can authenticate the card using authentication data on the card. It then goes on to verify that PIN entered by the user is authenticated by what is on the card.

With the introduction of EMV technology cards in 2015 the number of card frauds using POS or ATM dropped dramatically.

There are many transactions that are done with a credit card where the card is not presented physically, referred to as CNP, like when we do online shopping on a web site. In such cases the EMV technology does not come into play. Thus the possibility of a fraud is still widely present in CNP scenario. Again with the advent of technology introducing Fraud Risk Management (FRM) products it is possible to prevent fraud in these and many other cases like Internet banking, Mobile banking, SWIFT money transfers and other similar areas.

FRM technology works by basically building a profile for customers, merchants, devices, cards, and accounts on each channel of interaction. Once these statistical profiles are built a variety of constructs like simple rules, statistical techniques and artificial intelligence is used to spot anomalous transaction and either block them or provide an escalation challenge to which only the real user can respond. With FRM technology again every transaction can be screened in real time independent of the channel through which the transaction reaches the financial institution.

(Manipal Technologies enables secure financial transaction by providing both EMV enabled cards and providing leading edge fraud risk management solutions. These have been deployed successfully in various banks around the world and is daily preventing many frauds in real time.)