Is Anywhere in the World Free from Payment Fraud?

Posted January 22, 2015

…NO. Taiwan’s Payment Fraud Is Four Times from What It Was in 2009. Lax Password Security Appears to Be a Major Factor

When it comes to cybersecurity, passwords have proven anything but effective. Alisdair Faulkner, ThreatMetrix’s Chief Products Officer, has been warning about their inherent weaknesses for years and dubbed the fallout from the many breaches they failed to prevent the “Password Apocalypse.”

So what’s worse than password protection? How about no protection at all?

Tsai Chin-lung, a legislator in Taiwan’s ruling Kuomintang (KMT) party observed that of the ten major web merchants based in Taiwan, only one, books.com.tw, asked consumers for password authentication when making a purchase. The other nine others, including PChome, Yahoo and Momo, requested only a credit card number and its three-digit security code.

Tsai added that of 37 major financial institutions surveyed, only seven required users’ credit card information and none required authentication before web transactions.

In her article on chinapost.com, Enru Lin discusses the alarming rise in online payment fraud and how Taiwan is facing the challenge. The following has been excerpted from her piece on chinapost.com and edited to fit our format.

Fraud growing faster than online transactions

Kuomintang [Taiwan’s ruling party] Legislator Tsai Chin-lung said fraudulent web payments in Taiwan have been growing at a faster rate than total online transactions.

Citing data from the Ministry of Economic Affairs’ (MOEA) Institute for Information Industry, Tsai said web transactions rose from NT$295 billion in 2009 [9,366,250.00 USD] to NT$746.5 billion [23,701,375.00 USD] in 2013, a 2.5-fold increase.

Over the same period, web payment fraud rose from NT$54.77 million [1,738,947.50] to NT$268.94 million [8,538,845.00 USD or a] four-fold increase.

A call for standardized authentication

[Tsai] called on the central government to standardize authentication measures for both banks and online vendors — “a dual line of defense” — before rolling out third-party payment and other platforms for web commerce.

“The Financial Supervisory Commission has an obligation to create a safe environment for consumers,” he said.

The Executive Yuan’s (Cabinet’s) response

Chen Hsiang-yin, a section chief at the [Financial Supervisory Commission] FSC’s banking bureau, responded that the FSC already works closely with banks to maintain security [, adding that] fraud is not always due to banking vulnerabilities….

Banking security mechanisms already in place

Chen said many local banks have adopted security mechanisms that are exemplary, such as telephone confirmations for transactions and virtual accounts. “Based on my understanding, all banks have measures that secure transactions and the difference is only in form and degree,” she said.

Chen said the FSC will work with the Bankers Association of the Republic of China to publish a list of banks and the protection measures and security technologies they offer for online consumers.

Retailers base security on cost and compliance

Similarly, the MOEA’s Department of Commerce responded that while web merchants adopt different security mechanisms based on cost considerations, all merchants must comply with the standards of the Regulations Governing Institutions Engaging in Credit Card Business

The law stipulates that a merchant must ensure the accuracy of payment request data and maintain the confidentiality of the cardholder’s personal information, said Deputy Chief Chen Mi-shun.

ThreatMetrix

ThreatMetrix

close btn