September 27, 2005

A recent talk by Visa and MasterCard security experts delivered some sobering news to the card industry. According to a report by Reuters, the fight against cyber thieves has reached a stalemate, and millions will have to be spent over the next decade to combat perpetrators.

Organized crime rings are successfully using the Internet and crimeware programs to sidestep many of the security measures taken by card issuers, said John Shaughnessy, SVP for fraud prevention at Visa USA, and Suzanne Lynch, VP for security and risk services at MasterCard, at a conference. They even claimed these organized gangs are assisted in some cases by former Soviet KGB cryptographers.

According to Shaughnessy, FBI data showed the number of Internet-related credit-card crime reports rose 66 percent in 2004 and the average reported loss associated with online scams tripled to $2,400 from $800 in 2003. This increase may, in part, be due to the simple fact that more transactions are being conducted online. However, it also indicates the growing sophistication of fraudsters.

The industry itself is not blameless, however. The two security chiefs pointed to breaches at merchants and third-party processors as problematic. Shaughnessy claimed that in the recent spate of high-profile data breaches, had the third party been in compliance with card association rules, the information most likely would not have been hacked.

Also, although the card companies always are looking for ways to secure consumer data, such as storing it in such a way that it is useless to criminals, it will take millions of dollars over several years to develop a truly secure system.