Fraud and security issues used to be more common with credit cards than debit cards, but fraudsters are setting their sites on both in 2015. The past few years have actually seen debit cards become almost as big a target as credit cards, thanks to changes in things like online shopping and contactless card technology.
Whether it’s credit cards or debit cards, however, one thing is clear: fraud is not going anywhere. The latest data from the Australian Payments Clearing Association (APCA) puts the total value of card fraud in Australia at $304 million per year.
APCA says scheme credit, debit and charge cards (those using international card schemes like American Express, MasterCard and Visa) make up the bulk of things with $285 million worth of fraud. This includes debit card transactions where “credit” is selected, as well as tap-and-go payments.
Meanwhile, fraud on regular debit card transactions (such as those where you select “cheque” or “savings”, and ATM withdrawals) has also jumped significantly. APCA reports that proprietary debit card transactions have seen a 17% increase between 2012 and 2013, and are now worth $18.4 million per year.
What all of this means is that there is a growing chance that debit cards will fall prey to fraudsters and scammers, regardless of whether or not you have a credit card. Knowing what risks are current and what security options are available to you means you can reduce the chances of dealing with debit card fraud in 2015 and beyond. So with that in mind, here is a look at the biggest security issues and how they could change things for the debit card industry and you in the year ahead.
On This Page
- Mail theft
- Online security issues
- Third-party data breaches
- Smartphone hacking
- Portable skimming devices
The rollout of contactless debit cards has seen a revival of mail theft, with criminals targeting letterboxes in the hopes of getting a new credit or debit card before the rightful owner collects his or her mail.
In 2014 police across Australia told the media that theft and fraud on tap-and-go cards is becoming a big problem as criminals realise they can use the cards in-person for transactions worth up to $100 at a time. Mail theft, in particular, is a growing issue according to NSW police. As the Sydney Morning Herald reported in December 2014:
“Local police stations have issued warnings in recent weeks, advising apartment-dwellers to be on the lookout for thieves, better protect their mail and collect credit cards or other forms of identification in person,” Michael Koziol writes.
“While pre-activated credit cards were the main target, cards such as driver licences and Medicare cards were also being stolen, leading to the prospect of identity theft.”
As a result of this theft trend, mail security should become a bigger focus for everyone from cardholders and apartment management right through to the banks issuing debit cards. For instance, the debit card activation process could change to help banks verify that you have received your card, and apartment management could amp up security.
When it comes to security measures for cardholders, checking the expiry date on your debit card and regularly checking your letterbox will help keep your cards and other mail from ending up in the hands of thieves.
Online security issues
Online shopping has become an everyday activity for many people, which has also opened the door to a lot more card security issues. The 2014 Heartbleed issue, in particular, highlighted the temperamental nature of the online security we often take for granted.
Heartbleed was a bug in popular encryption software known as OpenSSL (or Open Secure Sockets Layer). Basically, this coding is what keeps webpages with the https prefix and/or padlock symbol secure. It is supposed to encrypt data so that hackers cannot get to sensitive information, such as debit card numbers or personal addresses.
But in 2014, security company Codenomicon discovered a bug – “Heartbleed” – that compromised these encryptions.
“This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users,” the Heartbleed website explains.
While the issue has since been resolved, it was a stark reminder that the trust we place on website security could sometimes be misplaced. Some industry experts have also said we can expect more software vulnerabilities to be exposed and exploited.
“Due to the massive impact of these vulnerabilities, cybercriminals and attackers may decide to investigate the existing code and see if other dormant vulnerabilities are present,” security company Trend Micro says on its blog.
“They will also set their eyes on other less-known platforms, protocols, and software. Furthermore, they will look for vulnerabilities found in open source platforms and apps (for example Open SSL v3) as well as OS kernels.”
While it is security experts that have the job of finding these weaknesses, you can do your part by keeping security software up-to-date, checking the security of websites you visit and making sure you have strong passwords. That way your debit card or credit card details are less likely to be compromised if and when more online security issues like Heartbleed come up.
Third-party data breaches
Industry experts say we can expect more retail and payment company data breaches in 2015 as hackers see the value in getting personal details for thousands or millions of people in one hit.
In an interview with Forbes, the Senior Director of Security Strategy at IT company NetIQ, Geoff Webb, says that it was “pretty clear at the end of last year, after the details of the Target breach become public, that it wasn’t going to be a one-off incident. Rather, it was the opening salvo in what has proven to be a year-long attack on the retail industry.”
While the Target breach was in the US – along with many other major data losses in 2014 – online shopping means that we could easily become vulnerable to hacking anywhere in the world. Security experts also predict that other third-party companies and organisations, such as banks and payment processors, will also be targets.
“Weak security practices like not using two-factor authentication and chip-and-pin technology continue to persist in the banking sector,” Trend Micro’s report says.
“These practices will cause financially motivated threats to grow in scale throughout the coming year.”
With retailers and payment companies already alerted to the increased chances of hackings, we can expect stronger security from them in 2015. But NetIQ’s Geoff Webb also says it’s important to stay informed about specific risks and weaknesses within this realm.
The popularity of smartphones is making them goldmines for hackers, and more mobile threats are predicted to emerge in 2015. For starters, there are the networks smartphones access, both secured (ie your home wifi) or unsecured (public wifi, 3G and 4G connections).
According to industry research, around half of all smartphone owners do not have antivirus software installed on their devices, let alone the basic security of a passcode to unlock the phone.
Then there are the risks that come with new technology, products and apps. According to security experts, mobile wallets and mobile payment systems are particularly vulnerable to attacks.
In the Forbes article mentioned previously, Patrick Nielsen, Senior Security Research, with Kaspersky Lab says cybercriminals will be quick to take advantage of weaknesses.
“In fact, we already have some examples of malware stealing virtual wallets from users’ devices, and very high-profile incidents of banks themselves being infiltrated,” he says.
The Australian government’s Stay Smart Online website recommends treating your smartphone like a wallet – regardless of whether or not you actually use it as a “mobile wallet” – and keep it safe and with you all the time.
The website also says you should turn on security features built into the device, install security software, turn off Bluetooth connections when you are not using them and check for system updates regularly to help keep your information secure.
Portable skimming devices
According to APCA data, skimming is the biggest issue for proprietary debit card fraud and was worth $13.6 million in 2013. The organisation says the major targets are ATMs and taxis, but it can also be the result of someone using “fake terminals that are not connected to the banks’ networks and are not processing real transactions”.
While these devices used to be big, bulky and easy to detect, the authorities have warned that ghost terminals and other skimming devices are getting more sophisticated and harder to detect every year.
Some devices have also been adapted to target the radio frequencies transmitted by contactless cards, meaning data could be taken from you without you even making a payment.
In a report from the ABC, Queensland fraud and cybercrime detective Brian Hay says it would take a tech-savvy criminal about $130 to create a skimmer that wirelessly steals contactless card data.
“If I had one of those in my pocket, satchel or briefcase, and you were standing next to me on a train and your wallet was in your back pocket and I moved near enough to activate the signal on the RFID, well then I’ve got your details,” he says.
Hays notes that it is only a potential threat at this stage, but it is still important to be aware of this “vulnerability in the system”. With these concerned echoed elsewhere in the world, it is probably only a matter of time before skimming threats become even harder to detect.
Keeping an eye out for anything suspicious, holding onto your card during transactions and regularly checking your statements are the most effective ways to reduce the risk of skimming at this stage, although new measures may come into play in the future.
With debit card theft and fraud tactics adapting almost as quickly as security, it is hard to know where the struggle will go in 2015. But the odds of avoiding debit card fraud and other security issues are in favour of people who stay aware of the risks and take precautions seriously.
The five areas of security outlined above have been flagged by experts as the ones to watch out for this year, which should mean banks and other stakeholders’ amp up protection in a range of different ways.
Being aware of these risks also means that you can make more informed decisions about how you use and manage your debit card. By taking the time to think about things like when you are due for a new card and the security offered by a merchant when you use your card, you should be able to help keep your debit card as safe as possible throughout the year.