Thursday, 5 June 2014 00:28
IS credit card fraud worsening in Sri Lanka? On Tuesday police arrested four people using 437 forged credit cards, giving a glimpse into the shadowy world of deception. Yet, despite numerous arrests, credit cards maintain enduring popularity in Sri Lanka, with their economic flexibility countering concerns over security.
The number of new cards issued in 2012 alone amounted to nearly 90,000 or a growth of 10.4% to 952,256. In 2011, the growth in the number of active cards was 11% or near 84,000. According to Central Bank data, 2012 also surpassed the previous highest active card base of 917,418 that prevailed in 2008. In 2011, the figure was 862,340.
Of the 952,256 cards, around 93.6% were globally-accepted cards, slightly higher in comparison to 92.8% in 2011. The outstanding balance of active cards continue to soar, with the 2012 increase being Rs.6.8 billion or 18% to Rs.44.44 billion. In 2011, the growth was 16% or Rs.6 billion.
Such a vibrant credit card market is the perfect playground for fraudsters because it is combined with poor regulation and legal reform. Under the current system, everyone points fingers at everyone else (processors, banks, VISA/MasterCard and the merchants). Law enforcement and government agencies tend to only investigate big cases. No one takes the blame for credit card fraud.
Reputed magazine Forbes claims most credit card numbers are still stolen the old-fashioned way. Unethical employees steal card numbers often using hand-held skimmer devices. A scam artist can go through the trash of any merchant (even those online) or customer garbage, get valid credit card numbers, and use them on the internet.
Industry analysts and e-merchants claim the credit-card companies have yet to come to grips with the full scope of the problem. None of the credit-card associations disclose exact loss-rate figures for fraud – Visa, MasterCard and American Express claim to have a handle on the problem overall.
Credit card fraud is something that can never be completely eliminated, but rather something that must be managed. Merchants must develop a delicate balance between using safeguards to prevent fraud and not creating too many hoops for customers to jump through. Web pundits recommend after a credit card processor or registration service approves an order, the merchant needs to perform additional checks, as fraudulent orders sometimes are approved. The merchant should not depend on the credit card company, or the registration service, to stop all fraudulent orders.
In Sri Lanka the situation is more tenuous. IT experts have been calling on stakeholders to adopt best practices and internationally-recognised security standards for years. These include stronger investigation into the root cause of a fraud once it has been identified and proper data storage in associated files after an intrusion. This is even more important given the booming tourism industry and the need to expand credit card facilities into all corners of the country – even to places where locals would avoid paying by card.
In February last year 14 suspects who were allegedly involved in a Rs. 263 million fraud by withdrawing money from foreign credit card holders through an e-commerce application service provided by a State bank in Sri Lanka disappeared. The State bank suffered the loss while police suspected the crime could have terror links. In such a complicated world it’s surely better to be safe than sorry.