Bank uses software to beat credit card thieves

The Bank of New Zealand's novel software-based technology for reducing credit card fraud is being rolled out in Australia by its parent company, National Australia Bank.

"This is a New Zealand innovation, and we are in the process of extending it into Australia," said BNZ chief information officer Peter Yarrington.

The bank has taken out global patents on several parts of the technology, which it first trialled in New Zealand two years ago.

The "liquid encryption number" (LEN) technology is used on all BNZ credit and debit cards, and has cut the incidence of fraudulent transactions from "cloned" credit cards by 50 percent, though the bank did not disclose to an Auckland press conference the numbers or dollar amounts involved.

The technology works by changing numbers on a card's magnetic strips every time a transaction takes place, or an account balance is requested at an automatic teller (ATM).

This attacks a common trait in a lot of "skimming" fraud, where criminals electronically copy and accumulate card details, but delay using the data in cloned cards to make it harder to identify where and when it was copied.

The BNZ system makes it easy to pinpoint when a cloned card is used, because by the delay means the cloned card has an outdated set of numbers, not the current one on the real card.

Invented by BNZ fraud initiatives manager Michael Turner, the number is added to existing cards.

"Skimming" details from bank ATMs -- often using a reader in a plate placed over the card slot -- is the fastest-growing electronic-fraud risk, the BankInfoSecurity website reported today.

But some industry experts have said that thieves are increasingly circumventing a key anti-skimming precaution on ATM machines -- "jitter technology", which uses a stop-start, or jitter motion, when a card is inserted in the motion.

In theory, the irregular motion distorts any copies made by a skimming device placed on the outside of the machine, but since many of these readers depend on a nice, smooth swipe of the card.

ATM security provider Absolute Financial Services vice president Carl Schriber told the website: "I am surprised that anyone today is offering jitter as a solution ...most skimmers on the market today have already taken care of that (jitter) issue and defeated it."

But ANZ New Zealand's senior ATM channel manager, Mark Prestwood, told the website that jitter can be effective as part of a multilayered security strategy.

"It's a very useful feature," Mr Prestwood said. "If 100 cards are used in an ATM during the time a skimming device is in place, the jitter may make it impossible to decipher the card data on 80 of those".

As an extra measure of protection, ANZ had has installed shields on its ATMs to protect observers or cameras seeing what personal identification number (PIN) was entered for a card.

"Putting measures in place to protect both the card data and the PIN gives the best chance of stopping the fraud," Mr Prestwood said.

Other techniques banks use can include radio-frequency jamming, which uses an electromagnetic field to detect readers mounted on the outside of an ATM, camera surveillance, and devices that sense vibration, such as when an ATM is drilled to attach a skimmer.