Publication

Understanding credit card fraud in New Zealand : A dissertation submitted in partial fulfilment of the requirements for the Master of Professional Studies at Lincoln University

Citations
Altmetric:
Authors
Read, Philip M
Date
2009
Type
Dissertation
Collections
Restricted Theses and Dissertations
Department of Financial and Business Systems
Keywords
credit card fraud, debit card fraud, fraud detection, fraud prevention, credit card security, two-factor authentication, phishing, skimming, smart cards
Fields of Research
ANZSRC::1502 Banking, Finance and Investment, ANZSRC::080303 Computer System Security
Abstract
This report presents the reader with an overview of credit cards, what they are, and how they work both locally and internationally. It describes existing security mechanisms, and attempts to scope the extent and nature of existing credit card fraud and of fraudsters. It also attempts to identify any inherent weaknesses in existing security measures that may unwittingly 'enable' fraud to take place and it provides some suggestions about how security might be improved. Credit card fraud in New Zealand is a growing problem. With approximately $17 billion in credit limits and only $5 billion carried as outstanding balances, a total of $12 billion remains available to potential access by fraudsters. Credit card security systems, in particular the way Two-Factor authentication is implemented, appears to be fundamentally flawed for two reasons. Firstly, possession of the physical card, which strictly speaking is a form of 'Identifier' appears also to be accepted within the industry as a first 'Authenticator' ('something you have'). And secondly, the real 'Authenticators' such as the signature, the PIN number, the CVV etc ('the something you know') are static in nature, and in the process of being used are usually brought out into the open at some point where they can be captured and used by a fraudster at a later date. What is required to maintain a robust Two-Factor authentication mechanism, are dynamic second factors, customer intervention, and or multi-channel authentication. This report examines this perceived weakness in the authentication process and highlights the ASB Bank's Netcode security system for Internet banking, as an example of a robust Two-Factor authentication process. This system is not only executed through a second independent communication channel, it also involves the legitimate cardholder, and as such it presents us with an example of a concept that may help improve credit card security and so assist to reduce credit card fraud here in New Zealand.
Permalink
https://hdl.handle.net/10182/13000
Source DOI
Rights
https://researcharchive.lincoln.ac.nz/pages/rights
Creative Commons Rights
Access Rights
Digital thesis can be viewed by current staff and students of Lincoln University only. If you are the author of this item, please contact us if you wish to discuss making the full text publicly available.
Full item page