What does this mean for us? Basically that security is as important as ever and, while new security features, services, and advice are released all the time, awareness of specific risks is just as valuable for keeping your cards safe. With that in mind, we take a look at the five biggest security concerns the credit card industry faces, and what you can do to stay protected.

On This Page
Introduction

1. Letterbox theft
2. Retail data breaches
3. Payment company hacking
4. Smartphone hacking
5. Portable skimming devices

Conclusion

Letterbox theft

Although online fraud is often cited as one of the biggest concerns for consumers, Australian authorities are increasingly warning about old-fashioned mail theft. The introduction of contactless cards, which do not need a PIN for purchases under $100, has actually seen a spike in physical card theft over the last year.

In 2014, Victorian Police actually linked rises in car and home burglaries to “tap-and-go” credit cards.

“Credit cards are being stolen from cars, they’re being stolen from houses and they’re being stolen from mailboxes,’’ Deputy Chief Commissioner Lucinda Nolan says in an interview with Fairfax Media. She also warns that it is easy with these cards to “immediately go to a retail outlet, and make multiple low-value transactions” without being caught out.

Sydney police also said the boom in apartment living has led to more mail theft and identity fraud. According to another report from Fairfax Media, there are even organised crime syndicates targeting the mailboxes at high-rise buildings.

Mail theft is an easy way for thieves to get cards without being caught because it can take days or even weeks for a new card to be issued. In fact, if you haven’t checked the expiry on your card, you could be due to get sent a new one without even realising it (which also means you could have a card stolen from you and not know it).

To reduce the risk of mail theft, make sure your letterbox is secure (a lock is preferable), check it regularly and contact your credit card issuer if you know or think you might be due to get a card in the mail.

Retail data breaches

Retail data breaches were one of the main reasons credit card fraud was big news in 2014, with major US retailers including Target and Neiman Marcus dealing with serious hacking issues. Millions of US credit cards were compromised as a result, and the after-effects are still being felt in some ways.

But experts say these incidents were not localised and could be the next big issue for credit card customers. In fact, the Senior Director of Security Strategy at US IT company NetIQ, Geoff Webb, says this type of cyber security issue needs to be taken very seriously in the year ahead.

In an interview with Forbes, he says: “it was pretty clear at the end of last year, after the details of the Target breach become public, that it wasn’t going to be a one-off incident. Rather, it was the opening salvo in what has proven to be a year-long attack on the retail industry.”

While the retail industry in Australia is yet to report any data breaches on the same scale as those in the US, there have also been concerns about the level of security retailers have in place here. What’s more, online shopping means that data can be stolen from anywhere and, while there is awareness of the risks, very few shoppers actually protect themselves.

A 2014 study from information systems company ISACA found that less than half of all Australians have increased their security in light of the recent hacking scandals.

“One of the most dramatic conclusions from this year’s study is the gap between people’s concerns about protecting their data privacy and security versus the actions they take,” Robert Stroud, international president of ISACA and vice president of strategy and innovation at CA Technologies says in a press statement.

As well as encouraging businesses to do their part to keep data protected, ISACA recommends consumers protect their personal information by creating a strong password unique to each account, installing security software on devices and by looking for a padlock icon displayed in the browser.

Payment company hacking

With the retail industry expected to clamp down on its data, experts are also predicting that payment companies will become a huge target for hackers looking to get our credit card details.

“We will see more data breach incidents with banks, financial institutions, and customer data holders remaining to be attractive targets,” Trend Micro says in its blog post about cybersecurity in 2015.

“As such, organizations and individuals need to assume compromise; enterprises need to constantly monitor their network for any threats while individual users must always change their passwords to prevent data theft.”

When it comes to credit card payments, it is sobering to realise just how many different places your data is transmitted and potentially stored. In any given transaction, your data could pass through the following stages/companies:

1. The retailer/merchant
2. The payment processing system (eg eftpos, PayPal)
3. The credit card payment network (Visa, MasterCard, Amex)
4. The credit card issuer

Three of these four parties are financially-based, which could also explain why security experts are predicting a rise in these kinds of targets.

Trend Micro’s analysis of threats has also indicated that financial companies, including banks and payment processors, are sitting ducks without strong security in place.

“Weak security practices like not using two-factor authentication and chip-and-pin technology continue to persist in the banking sector. These practices will cause financially motivated threats to grow in scale throughout the coming year.”

In terms of protecting yourself against this type of attack, the best thing you can do is read up on the security and privacy policies of the payment companies relevant to you so that you know exactly what kind of protection and support you get.

Smartphone hacking

Hackers already have their eyes on smartphones, but the push for mobile wallets could see them become an even bigger risk for consumers. The introduction of Apple Pay in the US has sparked concern over mobile phone hacking, and Trend Micro says it could kickstart more than just the adoption of this kind of payment system.

“Apple Pay is not alone in the market – other payment systems have or will be introduced by other companies and trade associations. Not all of these payment systems have been thoroughly tested to withstand real-world threats, and we may see attacks targeting mobile commerce in 2015.”

Fellow security company Kaspersky Lab reinforces this statement, with Senior Security Researcher Patrick Nielsen telling Forbes that it won’t take long for cybercriminals to find and take advantage of vulnerabilities in mobile phone apps and software.

“In fact, we already have some examples of malware stealing virtual wallets from users’ devices,” he says.

Apple Pay is expected to launch in Australia in May 2015, while local credit card issuers, including ANZ, CommBank and Coles, have also developed mobile wallets. While these options mean you can pay from your phone at the checkout or with online retailers, the warnings from security experts suggest you should also amp up security on your devices to keep hackers at bay.

Portable skimming devices

Skimming devices used to be big, bulky things that only really tricked people when they were made to look exactly like a real payment terminal, but that’s not the case anymore. Skimmers can now easily be hidden in bags or under clothes and still get the job done – particularly when it comes to contactless cards.

In an interview with the ABC in 2014, Detective Superintendent Brian Hay said the transmitting technology used by tap-and-go cards made it easy for criminals to steal essential data with a homemade skimming device that.

“As the card’s chip gets closer to an electronic pulse, it will emit data,” he explains.

“Some of that data when it transacts with your credit card is in an encrypted format, but the number of the card and the expiry date is not encrypted so essentially it could be cloned. What that means is it gives potential for card cloning and identity takeover if you know your target.”

He adds that it would cost around $127 at an electronics store like Dick Smith to get everything needed for such a device. Basically, this means you could have your card details stolen anywhere, and not even realise something suspicious is going on.

While there is not much you can do to stop this kind of attack, it makes it even more important to regularly check your credit card statement for suspicious transactions. And if you do suspect something, let your issuer know straight away.

Conclusion

While there is growing awareness and concern about credit card security, the adaptability of these criminals can make it hard to figure out what you need to do to keep your card safe. But the current trends do bring up an important point: credit card threats never really go away, they just change in relevance based on what strategies criminals use.

Another point highlighted by the issues above is that your actual account security is just as important as the card you keep in your wallet. As APCA points out in its report on fraud, card data is just as good as the actual credit card these days because it can be used for Card Not Present or CNP fraud.

“One of the challenges facing the industry is the increased activity by criminals in stealing card data that can be used to make fraudulent online payments,” APCA says. So whether it is a hacker getting card data or someone using a skimming device, it could lead to CNP fraud in some form.

But as more awareness around CNP develops, other credit card criminals are turning to whatever methods they feel will be the easiest to employ, such as mail theft. So what the issues above really show is that where there is weakness, there could also be a credit card criminal waiting to take action.

If you are aware of the risks, though, you can make sure your credit card is safe whenever and wherever you decide to use it.

Photo source: Shutterstock