According to the European Central Bank’s “Third Report on Card Fraud”, the total value of card fraud in Europe in 2012 reached €1.33 billion, an increase of 14.8% from 2011. Card fraud has increased due to the growth of online shopping over the past five years: in 2012, 60% of the whole value of card fraud derived from card-not-present payments such as internet payments, and payments by post or telephone.
Most countries with mature card markets (defined as countries with high volumes and values of card transactions per inhabitant) experienced high fraud rates. According to Euromonitor International, European card fraud losses in 2012 were 6% higher than in 2011, and France had the highest rate of card fraud losses, with 29% of Europe’s total. The cost of French card fraud losses has increased since 2006 and has now reached €174 million.
The main reason France suffers the highest card fraud losses in Europe is because it has the highest level of lost and stolen debit and credit cards in Europe. A Fico.com report suggests the losses are due to low authorisation levels from the banks. Authorisations don’t guarantee payment: they simply mean that the card has not been reported lost or stolen and that there are sufficient funds available at the time of the transaction.
Germany and Russia also experienced high levels of card fraud, reporting €83 million and €78 million of losses respectively in the 2006-2012 time period. Germany, Russia and Norway have the highest incidence of counterfeit cards in Europe, which suggests difficulty preventing criminals crossing borders. Norway, the Netherlands, Italy, Greece, Austria and Ukraine are next in the list.
France and the United Kingdom experienced the highest card fraud loss as a proportion of regular transactions in 2012, but the UK has significantly decreased its fraud loss since 2006 by €216 million. In 2012 France and the UK suffered the greatest amount of fraud, whereas Romania, Poland, Hungary and Ukraine reported the least. In my opinion, ensuring that the personal and credit card data of your customers is safe should be a top priority. Unfortunately, more often than not customer data is compromised due to negligence or incompetence by the organisations that store it.
If you are an organisation that stores, transmits or processes cardholder data, you must comply with the PCI DSS. Compliance is regulated and enforced by ‘acquiring banks’, with which organisations have a merchant account. Being compliant with the PCI DSS means:
– Building and maintaining a secure network
– Protecting card holder data
– Maintaining a vulnerability management program
– Implementing a strong access control
– Regularly monitoring and testing networks
– Maintaining an information security policy
Professionals looking for concise and practical advice for achieving PCI DSS compliance should see the following products:
PCI DSS, A Pocket Guide, Second edition – This pocket guide is a short and concise introduction to the standard, containing only the key information you need to know.
PCI DSS, A Practical Guide to Implementing and Maintaining Compliance – This manual provides a flexible route to achieving compliance with the PCI DSS that is ideal for all manner of organisations.
PCI DSS Documentation Toolkit – This documentation toolkit is specifically designed to help payment card-accepting organisations quickly create all the documentation required to affirmatively answer the requirements of the PCI DSS as set out in the Self-Assessment Questionnaire.