Welcome to Chipcards ltd
Chipcards ltd is a provider of consulting and project management solutions for
card, smart card, e-commerce and payment systems. From its base in
Auckland, New Zealand, Chipcards ltd has assisted numerous
organisations in the development and implementation of card
Check out our blog at http://cardmanz.blogspot.com/ for chipcard industry news.
30 March, 2006
New Zealand bank hit by ATM card skimming
There has been a bit in the NZ media in the last day on an ATM skimming scam that has hit all the banks, with one Bank of New Zealand ATM being the centre of attention.
While NZ point of sale devices became EMV (smartcard) compliant from 1 January, 2006, banks have been slow to adopt the issuance of smartcards. This is primarily due to cost.
Current magnetic stripe card technology costs the banks in the vicinity of $0-75c per card, and the NZ banks tend to issue the cards with a two to three year validity period.
However, with EMV compliant smartcards, the cost of cards increases to around $2-00. Plus there is the infrastructure, such as risk management software, etc, required to support smartcards. The banks in New Zealand are unable to absorb this cost, therefore would have to pass on the cost to their customers. Given the range of fees already charged, this would be a hard call from a public relations perspective.
The banks do intend to make the move, but it looks like it will be around two years before the NZ consumer see's any migration to the EMV compliant chipcards.
How does an EMV compliant chipcard differ from a magnetic stripe card, in terms of fraud?
A magnetic stripe payment card is swiped at the start of the transaction. Once swiped, the contents of the encoded magnetic tracks, including, holders account number, name and issue and expiry date are sent from an integrated MSR reader as key strokes or as a serial data stream.
Capture of magnetic swipe data from a credit card is simple. The magnetic card
reader and software to process the transaction are uni-directional. The card
contents can be easily read by a card reader and potentially “skimmed” and then
copied onto a fraudulent card. As long as the card remains in the fraudsters
possession there is always a risk of further attempted fraudulent transactions.
A SMART card has an embedded semi-conductor device which is programmed before issue with account holder’s information. This data is protected by extremely secure encryption methods. It is very difficult for a fraudster to replicate a SMART card.
a Smart Card is offered as payment for goods or services, it is inserted into a
Smart Card reader (where it remains for the duration of the transaction). The
card details are then read by the reader, these include the card number and
EMV transaction requires bi-directional commands and data transfer between the
card and its reader by an EMV Level 2 certified software application. The data
stored on the chip can be changed during a transaction. The card can store its
own transaction history and also its floor limits for different merchants. The
card can also be deactivated to block its use if it is reported stolen.
In the case of a PIN enabled card, a message is sent to the PIN pad to request a PIN. The PIN is entered by the card holder and securely passed back to the card for verification against the PIN details stored in the smart card.
card is then checked to see if it has been altered or copied since it was
issued. The application on the card is checked to see whether it is valid in the
card processing system. Finally the system performs terminal risk management
checks, where against the floor limits set up by the system together with the
results of a random transaction selection.
all the above checks have been made, a recommendation is made to the card
whether to proceed on-line or off-line. If the card proceeds on-line an
encrypted message is sent through the client software to send and receive an
authorisation message from the acquiring bank and forwards the response to the
completion of the transaction the system sends a logging message to the
retailers acquiring software. The entire process can take as little as 3
need for bi-directional communication between the card, the smart card reader
and eventually the acquirer adds substantially to the complexity of
implementation of the Electronic Funds Transfer (EFT) transaction program. EMV
Level 2 certified application code is needed at each position accepting EMV
How does ATM skimming happen?
Equipment used to capture your ATM card number and PIN is cleverly disguised to look like normal ATM equipment. A "skimmer" is mounted to the front of the normal ATM card slot that reads the ATM card number and transmits it to the criminals sitting in a nearby car.
Check this article out at Urban Legends, it is factual, and describes the process well.
What happens when banks have a fraud loss, such as those affected by the ATM skimming?
The banks ARE, according to media statements, reimbursing the customers. However, these losses will likely be reflected in your interest rates charged on your accounts, as a cost of managing their card programmes.
How can the banks reduce the cost to their customers?
Basically, the microchip on a chipcard is a minature computer, with storage capacity for multiple software applications.
Banks could rent space on the card (subject to appropriate security, to loyalty programmes such as FlyBuys to distribute the costs. But there are potential security and ownership issues there. Check out the white paper "Multi Application Smart Cards: The Next Property Boom" for more information on the subject.
Would EMV compliant chipcards have stopped these ATM frauds?
The EMV (Euro / MasterCard / Visa) standard was developed to make card counterfeiting and skimming HARDER. It will (and has already in countries where chipcards have been issued by banks) reduced fraud significantly.
But, as with every technology enhancement, the criminals that set up these scams will catch up. However, the card associations have ongoing development programmes to stay ahead.
Chipcards ltd was established in 2001 when it was formed as a card systems consulting group. The company provides system solution research, management consulting and project management services around card and payment products and systems to organisations.
Since Chipcards ltd was established to focus on software and product design
and development, its client list has expanded to include financial institutions and international
consultancies, with revenue sourced from a variety of international markets. Chipcards ltd
has successfully implemented projects internationally, including stored value, smart card, loyalty, transaction switching, Internet payment and corporate purchasing card solutions.
What We Do
Chipcards ltd is a provider of electronic payment and card programme solutions for credit and debit card, smart card, e-commerce and similar e-transaction systems.
Chipcards ltd also provides the professional services required to integrate new technology solutions into existing environments. Chipcards ltd’s customers include financial, retail, Internet, and transit organisations deploying and managing credit and debit card, multi-application smart card, payment and related technologies.
Through its singular focus on product innovation, Chipcards ltd is committed to making it's clients world leading transaction infrastructure management solution.
Check out our News Blog for latest chipcard and card media reports!
Send mail to
webmaster with questions or comments about this web site.