New European Cybercrime Centre to tackle rising trend in payment card fraud

January 9, 2013 – Payment card fraud is a low risk and highly profitable criminal activity which brings organised crime groups originating from the EU a yearly income of around 1.5 billion euros, according to a Europol’s intelligence study. The figure comes from a report published to coincide with the opening of a new European cybercrime centre under Europol’s jurisdiction, which will be the EU’s focal point in fighting online crime carried out by organised gangs.

The report shows that despite rising numbers of credit and debit cards – now standing at more than 726 million – in the EU, domestic card-present fraud has been gradually falling since 2008 thanks to widespread adoption of Chip and PIN. However progress is being undermined by a sharp increase in the level of illegal transactions overseas as crooks target cash machines and payment terminals in EMV-less places such as the Dominican Republic, Colombia, Russia, Brazil, Mexico, and, crucially, the US.

In 2011, around 60% of payment card fraud losses, totalling 900 million euros, were caused by cardnot- present (CNP) fraud. The majority of illegal transactions took place outside the EU, but affected the EU. Despite the huge number of identified perpetrators, many of them remain unidentified and are still actively involved in payment card fraud.

According to Europol, a major problem in the EU is the lack of proper regulations for reporting data breaches to police authorities. Law enforcement agencies, even if aware of a breach, have difficulties finding information on, and links to, the point of compromise, stolen data and illegal transactions. The lack of legal provisions on reporting data breaches is not the only problem.

One of the key factors making industry reluctant to report incidents to law enforcement authorities (LEAs) is the lack of trust in investigative possibilities as well as the need to maintain the reputations of the respective private entities. On the other hand, the lack of reporting leads to a small number of international investigations and a low level of prioritisation of such cases within LEAs.

The problem ends up with the situation where, despite a dynamic increase in card not present (CNP) fraud, it is not reflected in the statistics of cases reported and investigated by EU police forces. Consequently, since the problem is not reflected in police statistics, this phenomenon is not prioritised and it is difficult to initiate international cooperation (for example Joint Investigation Teams) in such cases.

From the security perspective, as with the security of face-to-face transactions, there is a lack of a common global standards on the protection of card-not-present transactions. Major investments by EU industry have been made in the 3D secure protocol (MasterCard secure code; verified by VISA). However, despite this strong 3D secure verification, it is not a worldwide solution and, even on the EU level, not all on-line transactions are protected with it.

According to statistics, the total number of payment cards issued in the EU in 2011 reached 726906710 while the value of legitimate non-cash transactions with EU cards exceeded 3000 billion euros.