E-BANKING
SWIPE TO LOSE, DIP TO WIN

AIJAZ AHMED
(feedback@pgeconomist.com)

Aug
29 - Sep 11, 2011

Since last decade, the e-banking transactions have shown a tremendous growth in Pakistan but the consumers in general are less aware about the usage and safekeeping of e-banking products.

According to the Payment Systems Quarterly Review published by the State Bank of Pakistan (SBP), for the 2nd quarter of the FY 2011, the total number of payment cards in Pakistan has reached 13.2 million, which include ATM, debit, credit, and also newly introduced Islamic credit cards.

This quantity of payment cards, however, does not include the prepaid debit cards offered by UBL since 2009.

To properly address the consumer grievances, protect their interest, and strengthen its regulatory and legal framework, SBP has taken various initiatives.

The creation of a separate consumer protection department, issuance of comprehensive guidelines on branchless banking, enactment of Payment Systems & Electronic Fund Transfer Act in 2007, mandating PAN Masking on transactions slips and advising banks to offer SMS alerts were among the major initiatives taken in this regard.

The payment cards such as credit, debit, remittance, and prepaid debit cards provide different services to cardholders based on their account type and relationship with the bank.

For credit or prepaid debit card, the consumers are required to open a virtual account with the bank whereas in debit or remittance cards, a normal bank account is required.

In traditional mag-stripe cards, the card is swiped on point of sale (POS) terminals to conduct transactions.

In chip-based smart cards, the card is dipped onto the POS terminals to conduct transactions. It is therefore significant to understand the difference between the swipe and the dip technologies.

Dipped-based transactions, which are only possible in smart cards, provide immense protection and data security to consumers. In contrast, the mag-stripe cards are highly prone to fraud and carry a greater exposure to risk when swiped on POS terminals.

As a result, most of the banks located in EU, Asean member countries and in Middle East are offering smart cards to their account holders.

According to the details available at EMV Co website, the EMV chip-based payment cards contain an embedded microprocessor, a type of small computer. The microprocessor chip contains the cardholder information needed to use the card for payment, and is protected by various security features.

Chip cards are a more secure alternative to traditional magnetic stripe payment cards. Europay, MasterCard, VISA (EMV) is a global standard for credit and debit cards based on chip card technology.

As of Q1 2008, there were more than 730 million EMV-compliant payment cards in use worldwide. It should be important to mention that smart cards do have a mag-stripe on the back of the card but the transaction is conducted while dipping the chip into the POS terminals. In addition, the PIN can also be activated on mag-stripe cards instead of replacing them with chip cards.

The mag-stripe is highly vulnerable to fraud and 'skimming', which created a mess across the Europe, UK, and USA and caused millions of USD and Euros in losses, created severe reputation risks for the banks, shattered consumer confidence and substantially reduced the usage of payment cards especially the credit cards.

Card skimming is the fraudulent act of the copying the accountholder's information encoded on the mag-stripe of a payment card.

The skimmed information is then re-encoded on one or many expired, counterfeit, stolen, or cancelled payment card and are used for fraudulent transactions at various merchant locations both locally and internationally.

The data stored on mag-stripe can easily be copied using a compromised POS terminals or skimming devices easily available on e-bay.

The genuine card is returned to owner and fraudulent transactions are conducted on skimmed/cloned cards.

As reported in readers digest, there are few groups famously known as Syndicates (in North America) and Arrows (in Europe) equipped with high tech abilities and financial backing. They manufacture mag-stripe counterfeit cards stored with stolen data and distribute them among their gang members in their global network for conducting huge fraudulent transactions. They usually visit those countries where the mag-stripe is in use or swiping of cards is allowed.

According to the information collected from various banks and service providers, evidences of the presence of any syndicate in Pakistan have not yet found, which, in my opinion could be because of eccentric law and order situation.

Keeping in view of the gravity of the situation, which may arise because of the presence of any of the syndicates, and to maintain and enhance the cardholder's trust, it is highly recommended that:

1. The policy makers, regulators, and commercial banks should jointly prepare a comprehensive preventive strategy based on international best practices and security standards which could offset the possible damage caused by syndicates and other fraudsters.

2. The SBP should further expand and enrich its supervisory and regulatory portfolio by way of designating different payment systems registered with security and exchange commission of Pakistan as 'designated payment systems' according to the guidelines provided under Chapter-2 (Sections-4) of the Payment Systems & Electronic Fund Transfer Act 2007.

3. The central bank must maintain and ensure the integrity of our e-banking infrastructure, which is also a shared responsibility of commercial banks, clearing house (NIFT), ATM switch operators, and other service providers.

4. Acquiring banks should immediately make PIN activation at POS terminals for debit and prepaid debit cards. Signature verification should be disallowed on all payment cards.

5. Commercial banks should gradually replace mag-stripe cards with smart cards.

6. After the chip cards are fully introduced, the fallback option should completely be disallowed on POS terminals deployed across Pakistan.

7. Commercial banks should run a comprehensive awareness program about dipping technology for the employees, consumers and merchants.

Since the payment card portfolio in Pakistan is predominantly mag-stripe, the technology replacement is really a daunting task.

In this scenario, the following suggestions may help the cardholders to save themselves from frauds. These suggestions have been prepared keeping in view the nature of frauds, types of e-channels in use and lack of awareness among the cardholders nationwide.

- It is important to place your signature on the space provided on the back of the payment cards.

- Avoid frequent use of payment cards especially the debit cards.

- Properly dispose off the transaction slip containing sensitive data. Never share it with your friends/colleagues or leave it unattended at your workplace and any other public place.

- Frequently change the PIN code on ATMs.

- It is safe to conduct cash transactions while travelling aboard. Leave your payment cards in safe custody at home.

- Memorize or keep the emergency call centre numbers of your bank handy.

- Activate SMS alerts on your card transactions including the supplement cards used by your family members.

- Frequently check your bank statement online or manually for any unauthorized or suspicious deductions from your account.

Finally, irrespective of the technology in use, the payment card is your asset. It needs your attention. Keep it under safe custody.

STATISTICS AS OF 31ST DECEMBER, 2010

  DESCRIPTION QTY (IN MILLIONS)
1 ATM Cards 0.72
2 Credit Cards 1.57
3 Debit Cards 10.91
4 Islamic Credit Cards 0.002
Total 13.20  
  REGISTERED USERS QTY (IN MILLIONS)
1 Internet Banking 0.752
2 Mobile Banking 0.817
3 Call Centre 4.923
  FINANCIAL INFRASTRUCTURE TOTAL QTY
1 Total Bank Braches 9,483
2 Real time Online Branches (RTOBs) 7,036
3 Automated Teller Machines (ATMs) 4,734
4 POS Terminals 44,383