There are three main takes on Sajid Javid’s recent decision to revoke Shamima Begum’s British citizenship. The first is tabloid. (Good on yer, Saj!) The second is broadsheet. (Frightful! Uncivilised!) The third is merely cynical. The Home Secretary, this view has it, wins either way. If the courts uphold his decision, he gets the credit. And if they don’t, those limp-wristed, bleeding-heart, liberal elite judges get the blame. Either way, he wins – and up go his ratings in the ConservativeHome Cabinet League Table.
We are as world-weary as the next media outlet. So we suspect that the impact of this decision on his future leadership prospects will have floated across Javid’s mind. But one soon grasps, on trying to think it all through, that there is much more to his decision than that.
Let’s start by focusing on Begum herself – this exploited, warped, unrepentant, atypical and seemingly not-very-bright teenager who is evidently as much of a stranger to British norms as she is to the traditional, classical Islam. She fled Britain when she was 15, married a Dutch jihadi, and reportedly now has a baby, two of her children already being dead.
Will this also apply to all the immigrants who will be coming through Europe, the problem in Europe is the unrestricted travel that the EU allowed to create the Schengen area. So is it a plan being introduced too late as security could already have been breached.
In recent news, where the unfortunate happened at an Oregon College in US, where gunman Chris Harper took the lives of 9 people, shooting and killing them when after the suspect was also killed. So many senseless and inhumane acts of violence, and gun violence. When is it going to stop? Does the unimaginable have to happen, so that we can see change, take preventative safety and security measures? So many shootings and killings have happened in the last little while.
Columbine, Sandy Hook, African American Church in Charleston S.C, Aurora Colo Movie theatre, TV news Reporter Alison Parker and her partner Adam ward and Alison who was interviewing Vicki Gardner in August, 2015 who survived at Lake Moneta, Malls, Shopping Plaza’s, on the streets, and anywhere else. You are really not safe anywhere in this world anymore.
Not only in US, but around the world. I can’t even imagine…
Yet at the same time, in the UK and elsewhere a new generation of Chip and PIN cards have arrived that allow contactless payments – transactions that don’t require a PIN code. Why would card issuers offer a means to circumvent the security Chip and PIN offers?
Chip and Problems
Chip and PIN is supposed to reduce two main types of fraud. Counterfeit fraud, where a fake card is manufactured based on stolen card data, cost the UK £47.8m in 2014 according to figures just released by Financial Fraud Action. The cryptographic key embedded in chip cards tackles counterfeit fraud by allowing the card to prove its identity. Extracting this key should be very difficult, while copying the details embedded in a card’s magnetic stripe from one card to another is simple.
The second type of fraud is where a genuine card is used, but by the wrong person. Chip and PIN makes this more difficult by requiring users to enter a PIN code, one (hopefully) not known to the criminal who took the card. Financial Fraud Action separates this into those cards stolen before reaching their owner (at a cost of £10.1m in 2014) and after (£59.7m).
Unfortunately Chip and PIN doesn’t work as well as was hoped. My research has shown how it’s possible to trick cards into accepting the wrong PIN and produce cloned cards that terminals won’t detect as being fake. Nevertheless, the widespread introduction of Chip and PIN has succeeded in forcing criminals to change tactics – £331.5m of UK card fraud (69% of the total) in 2014 is now through telephone, internet and mail order purchases (known as “cardholder not present” fraud) that don’t involve the chip at all. That’s why there’s some surprise over the introduction of less secure contactless cards.
Not only do contactless cards allow some transactions without a PIN, but the data can be stolen from the card and, by extension, potentially money from any account linked to it, just by brushing past someone near enough to trigger the contactless chip into transmitting.
Fear of fraud versus potential for profit
So why are some banks issuing chip cards which don’t support PIN verification at all, leaving customers to sign for transactions instead? Why has the US been so slow to roll out Chip and PIN and why have UK banks actually decreased security for contactless cards? All three decisions are driven by, perhaps unsurprisingly, profit.
The share of transactions that card issuers take (the interchange fee) depends on the country and type of transaction. In the US, a lower fee is charged for PIN transactions than for those verified by signature. Since the fee is paid by merchants to the card companies and banks, that explains why merchants upgraded their terminals to support Chip and PIN long before the US banks started issuing chip cards. Encouraging banks to start issuing cards is being handled the same way: as of October 2015 if the merchant’s terminal which accepts a fraudulent payment supports Chip and PIN but the card doesn’t, the card issuer pays for the cost of the fraud. If the merchant’s terminal doesn’t support Chip and PIN but the card does, the merchant pays.
Greater convenience leads to increased spending, which means more fees for the card issuers and more profit for the merchant – this is the real reason why the PIN check was dropped from contactless cards. The risk of fraud is mitigated to some degree by limiting transactions in the UK to £20 (rising to £30 in September), but it’s been demonstrated that even these limits can be bypassed.
Doing the maths
Card fraud involves a very large amount of money – £479m in 2014 in the UK – and affects many millions of people. In a EU-wide survey, 17% of UK internet users said they had been the victim of credit card or online banking fraud – the worst in the EU. Some of the costs of fraud are borne by the merchants. Others are passed to the victim because the Payment Services Directive allows banks to refuse to refund customers if they can’t identify a more likely cause for the fraud than customer negligence.
However, even if all the costs of fraud were paid for by the card companies, the cost they would bear would only make up 0.075% of the value of card transactions. This sum they could comfortably pay for from the interchange fees they charge on these transactions, currently set at 0.7% of the transaction value – nearly ten times larger than the costs of fraud.
Earlier this month the European Parliament voted to capinterchange fees to 0.2% of transaction value for debit cards and 0.3% for credit cards, but even so there is a healthy profit margin between card fraud losses and interchange fee income. As for contactless, no-PIN transactions, they are a gamble that has paid off: fraud rates for contactless cards are even lower, at a mere 0.007% of total transaction value.
While fraud statistics in the US are not as systematically collected as in the UK and Europe, fraud there is estimated at around US$10 billion a year (about half the worldwide total). As a proportion of transaction volume, fraud rose 0.05% in 2007 to 0.1% in 2014. Still, Chip and PIN in the UK only temporarily disrupted the rising trend of card fraud until criminals focused on softer targets such as using UK cards in the US. Once this option is unavailable through the introduction of Chip and PIN to the US, the long-term effects are hard to predict. …………..’
Just when you thought you were safe, the card skimmers are at it again. This time they’re placing their card readers inside the door locks that require you to dip your card before you can enter an ATM vestibule.
According to Brian Krebs, the scammers hide the readers inside the comparatively unnoticed locks and then add a small hidden camera around the ATM. They grab your card data via the reader as you enter and then match it up with your PIN, which they read by watching your hands on the PIN pad.
In this case the hackers installed their card reader inside a fake lock faceplate and then stuck a dismembered Casio camera into a strip of thin plastic. This allows them to retrieve the card data separately from the PIN data and it puts them safely outside for at least one of those actions. Interestingly, you don’t actually have to dip your debit card to get past most vestibule doors.
￼Pro tip: These door security devices aren’t too smart, and most of them will happily accept just about any card with a magnetic stripe. But don’t take my word for it: Next time you pass one of these ATM vestibules on the street, whip out your library card or ID card and see for yourself.
Again, I implore you, dear reader, to hide your PIN code with your other hand every time you type it. This simple step will save you time – and money – as hackers bypass your card because they can’t grab your digits. ………….’