Improving authentication arrangements and tightening data security are two ways to make credit card business safer, Monetary Authority Chief Executive Joseph Yam says.
In his latest Viewpoint column, Mr Yam said the current authentication process is very loosely organised. In many cases, the desire for convenience in completing transactions, with the aid of advanced telecommunications technology, is achieved through compromising the need for authentication.
"What little authentication requirement there is - for example, a simple code at the back of the credit card for telephone orders, which admittedly may not be entirely effective - is sometimes dropped. This I fear has become an incentive for criminals to try to obtain systematic, unauthorised access to credit card data, which is then used fraudulently," he said, adding the authentication arrangements should be improved to remove this incentive.
Data security
Another way to remove the incentive is to tighten security at places where data is transmitted, processed or stored.
Mr Yam said a number of parties are involved in the credit card payment system. Apart from the credit card holder, the merchant and the credit card issuer, there are the less-known network operators, service providers and merchant acquirers.
"They all have access to credit card data. Some of these parties, for example, the service provider, have much more concentrated access to the data than the others. This makes them more vulnerable to systematic, unauthorised access, and they should therefore be a lot more careful about ensuring tight security," Mr Yam said.
Market to sort out problems
All concerned should exercise great care in protecting credit card information, Mr Yam said.
The credit card business is global business and it is difficult to use domestic regulations to resolve problems, explaining why the business is so prone to fraud.
However, he said the business is big enough for the stakeholders to sort out their problems while ensuring that credit card holders are protected.
|