Europeans are at much greater risk of becoming victims of credit-card fraud while traveling in the United States, or even just shopping on American websites, than they are at home, a new police report says.
The report by Europol, the European Union's police agency, blames part of the phenomenon on American financial institutions' failure to implement the Eurocard, MasterCard and Visa (EMV) card-security standard, also known as chip-and-PIN.
Another part of the problem, however, is the large number of European credit- and debit-card numbers stolen in data breaches involving U.S. retailers.
"The majority of illegal face-to-face card transactions (skimming-related) affecting the European Union take[s] place overseas, mainly in the United States," the report said. "The ultimate solution to this problem would be to implement the EMV standard on a global level, including making United States' merchants compliant."
Poor American security, both online and off
Europol estimates that organized crime groups netted €1.5 billion, or $2 billion, from European card holders and card issuers in each of the past few years.
In 2011, upward of 40 percent of those losses were incurred at physical points of sale or at ATMs, mostly in the U.S., when the cards' magnetic-stripe data was captured by skimmers and the cards were subsequently duplicated or "cloned" by criminals.
However, 60 percent of the losses in 2011 came from card-not-present fraud, in which stolen card numbers were used to shop online and over the telephone.
"Within the major card-not-present fraud investigations supported by Europol, the main sources of illegal data were data breaches," noted the report. "So far, most of the credit card numbers misused in the EU have come from data breaches in the U.S." [ 5 Steps to Better Credit-Card Security ]
Stripes and chips
EMV, or chip-and-PIN, is a two-factor verification method that combines the standard four-digit personal identification number with data on a chip embedded in the bank card.
The system began to be implemented in Western Europe in the 1990s. The Europol report notes that the European Union has been able to drastically reduce point-of-sale fraud since it fully switched over from magnetic-stripe readers in the middle of the last decade.
European cards still carry magnetic stripes for use when traveling in non-EMV areas. Europol notes that disabling the magnetic stripe except when traveling drastically reduces the incidence of fraud, as cloned cards used by criminals will no longer function.
As many American tourists have recently discovered, the number of European point-of-sale terminals that can read magnetic stripes is dwindling rapidly.
In the U.S. and most other countries in the Western Hemisphere countries, chip-and-PIN enabled cards are still vulnerable to skimming attacks on the less secure magnetic-stripe method of authentication.
U.S. banks and other card issuers delayed implementation of EMV standards for years, arguing that merchants and customers would not accept the changes. But Canada has already begun to switch over, and most American card issuers now plan to fully switch by the end of 2017.
- 12 Security Tips for Small Businesses
- How to Protect Yourself While Using Shopping Apps
- 10 Best Prepaid Credit Cards
© 2012 TechNewsDaily