X
Tech

Australia exposed as card skimmers target IKEA

A mass card skimming attack on a Swedish IKEA store has highlighted the dangers Australian consumers face while banks and retailers fight it out over who foots the bill for chip and PIN.
Written by Liam Tung, Contributing Writer

A mass card skimming attack on a Swedish IKEA store has highlighted the dangers Australian consumers face while banks and retailers fight it out over who foots the bill for chip and PIN.

This week, IKEA stores were targeted by a card skimming group, after two men stayed in a Swedish store over night and equipped payment terminals with card skimming readers -- a scam that could affect thousands of customers, according to Swedish daily newspaper, Aftonbladet.

Although the incidence of credit card fraud is low in Australia, it is on the rise. The latest figures from the Australian Payments Clearing Association reveal that for every 100,000 transactions using credit cards, 16.7 are fraudulent -- a slight increase on last year's figure of 14.8 per 100,000.

A problem facing the payments industry is that card skimming devices are easy to buy, according to RSA Security's banking and finance specialist, Geoff Noble.

"There are skimming kits sold online. There was a second-tier bank that had their network rigged up with skimmers," he told ZDNet.com.au.

Second tier banks are not the only ones affected: last year, National Australia Bank customers were targeted in Brisbane and Sydney after ATMs were equipped with card skimming devices.

Detecting machines that have been tampered with remains a challenge for consumers. Researchers in the UK have recently highlighted how easily payment terminals can be modified for both skimming and transaction hijacking.

New Zealand has moved to counter payment terminal attacks by standardising the look and feel of the terminals that merchants use.

"New Zealand is a good example of how to deal with the problem. ATM networks have installed uniform readers so that people, as part of their authenticate-the-device routine, know what devices are trustworthy," said RSA's Noble.

But even if merchants do update their payment terminals to handle chip and PIN cards, Carl Clump, chief executive of retail fraud prevention company Retail Decisions, believes credit card fraud will simply move elsewhere.

Following the introduction of chip and pin cards in the UK, criminals turned to transactions that bypass the new chip, such as online transactions or phone transactions, known as Card Not Present transactions.

"If you look at Card Not Present fraud, it accounts for 50 percent of fraud for the UK and that was driven by the introduction of chip and PIN," Clump told ZDNet.com.au.

Major Australian banks hope to combat the effects -- as opposed to the act -- of card skimming in Australia by introducing chip and PIN cards. While criminals could still skim details contained on a card's magnetic strip, criminals cannot use the information without the card's PIN number.

However, until the use of chip and PIN reading technology becomes widespread across Australia, the cards do little for security.

"Chips on cards are useful if you're in Europe but they're not of great use in Australia," said RSA's Noble.

The implementation of chip and PIN readers will not happen anytime soon: Australian banks and retailers are fighting over who should foot the bill for the new technology -- a problem that took the UK several years to resolve.

"When banks announced chip and PIN in the UK, their intention was to roll it out in 2001. In the end, it took longer due to heated debate between retailers and bankers -- bankers wanted retailers to pay for the technology, while retailers were reluctant. Bankers then imposed a liability shift, which changed that," Clump said.

Other costs that need to be considered, said Clump, are staff training and consumer awareness campaigns.

However, in Australia, there is no compelling reason yet for retailers to support chip and PIN, according to RSA's Noble.

Editorial standards