Security for credit and debit card usage will move a
significant notch higher with the signature-based system to be replaced with
PIN (personal identification number) verification.
About 39 million – eight million credit and 31 million
co-badged debit cards in Malaysia – will be replaced with new PIN-enabled cards
to meet the January 2017 deadline set by Bank Negara.
Merchant payment terminals are also to be upgraded to
accommodate the new security-enhanced system.
The massive exercise is already underway with credit
cardholders receiving their new cards in batches, while debit card users
generally have to go to their respective banks to collect them.
The migration to PIN from signature is part of a worldwide
shift which has been implemented in Europe, Canada, Australia and New Zealand,
among others, with the Middle East also following suit.
The United States, however, is still using the old
signature-verified system.
“This is a preventive measure as fraudsters will eye the
weakest link – which is the signature-verified market,” said Paul Brisk,
founding director of payment systems consultant Cotignac, which is handling the
Malaysian system migration.
“That’s why the US has one of the highest number of credit
card fraud cases, as it’s still dependent on signature verification,” he said
in an interview.
The Association of Banks in Malaysia (ABM) executive
director Chuah Mei-Lin said PIN-verification would be effective when it came to
lost or stolen cards.
The issue of cloned cards was addressed with EMV (Europay,
MasterCard, Visa) global chip standard cards introduced here between 2002 and
2005, she added.
“An EMV chip helps to reduce fraud as it is very difficult
and costly to counterfeit. When a transaction is performed by reading the chip,
it produces a unique one-time cryptogram which must then be validated for the
transaction to be approved.
“The chip contains a secret unique cryptographic key, and
unless that key can be extracted, it isn’t possible to copy or clone the chip,”
Chuah explained.
Brisk said PIN-verification added an extra layer of security
as it was a two-pronged system – combining a physical card and a PIN which
would only be known to the user.
“In countries which have introduced this system, it is
common practice for users to insert their own cards in the terminal. The
transaction is faster and safer,” he said.
He said Malaysian-issued cards would use a six-digit PIN
which will be required for all transactions except “contactless” (by way of
waving or tapping the card at the terminal) transactions involving amounts of
RM250 and below.
“The PIN should only be known to the user, it’s part of the
terms and conditions of the card,” said Brisk.
Sathish Kumar, an information security manager for financial
services, advised that one should have different PINs for different cards.
“I understand that most people use multiple banks and it may
be difficult to remember different PINs, but it is the safest way,” he added.
Source - The Star Online-
Post a Comment