EMV technology to prevent fraudulent card transactions | Sunday Observer

EMV technology to prevent fraudulent card transactions

17 February, 2019

The number of credit and debit card skimming incidents in Sri Lanka has not increased at an alarming rate and the impact of cases reported in the past has been minimal, according to the Payment Card Industry Association of Sri Lanka (PCIASL) which has been urging members to be Europay, Mastercard and Visa (EMV) technology compliant.

Cardholders panicked following complaints a fortnight ago from customers that their savings and current accounts had been debited through fraudulent ATM withdrawals.

PCIASL President Thusitha Suraweera said Automated Teller Machine (ATM) skimming in Sri Lanka initially took place around 2008 and 2009, and since then we have had cases from time to time. However, the impact has been minimal and for the past few years, it has been pretty calm until recent incidents.

Following the credit card scam incidents, the Central Bank directed all banks to introduce the EMV technology, a global standard for credit and debit card payments. The technology features payment instruments, such as cards and mobile phones with embedded micro processor chips that store and protect cardholder data.

The Central Bank notes that ATM thefts had taken place at banks that have not moved into EMV chip technology. The Bank had directed banks to implement the technology in 2016.

“There are two types of transactions, card present transactions and card not present transactions. The main risk with card present transactions is the use of cloned cards to carry out fraudulent transactions at ATMs and at point of sales (POS) devices. As for card not present transactions, the non adoption of 3 D Secure Technology by internet based merchants creates opportunities for fraudulent transactions,” Suraweera said.

He said PCIASL has been encouraging members to move with the EMV chip technology on card issuance and upgrading the acceptance devices, such as ATMs to process transactions. The country should achieve 100 percent in EMV issuance and acceptance to prevent the recurrence of card related fraud.

PCIASL cautions cardholders to be vigilant when using ATMs and be observant of external objects at the ATMs, cameras and skimmers affixed to card readers.

Sampath Bank PLC Group Chief Information Officer Ajith Salgado said there is an increase in fraudulent credit card activities to steal customer data. Foreseeing the possibilities Europay, VISA and Master came up with a standard known as EMV technology to protect customers. A major feature of the technology is the customer data is stored in a smart-chip. The data encrypted technology prevents theft of customer data.

Before the introduction of the EMV technology, banks stored data on the magnetic strip on the back of the card which could easily be stolen using a skimmer.

“Skimming devices are designed in such a way that they could be attached to ATMs and which cannot be easily noticed. Micro cameras are also attached to ATM keypads to extract data, such as personal identification numbers known as the PIN. The data is used to manufacture fraudulent cards which can be used to withdraw money from ATMs and purchase goods,” Salgado said, adding that only magnetic strip cards could be manufactured and not chip based cards

He said all Sampath Bank cards are EMV compliant and added that the bank has upgraded all its ATMs and Point-of-Sales machines (POS) to be EMV compliant.

HNB Managing Director/CEO Jonathan Alles said the bank is fully EMV compliant and added that the bank has taken measures to prevent skimming. The PCIASL and the Sri Lanka Banks’ Association in a joint statement last week called upon cardholders to inform banks immediately when they notice a suspicious transaction on their accounts.