This article first appeared in Personal Wealth, The Edge Malaysia Weekly on September 16, 2019 - September 22, 2019
Credit cards have undergone many security improvements over the years since the first universal credit card was issued in the US Diners Club Inc in 1950. Industry developers have introduced many tools to combat fraudsters, equipping credit cards with a variety of built-in defences. However, many credit card holders still find themselves victims of fraud, especially with online transactions as the physical card is not needed.
Romain Zanolo, deputy regional director for Asia-Pacific and managing director for Southeast Asia at Idemia, recalls the time when his wife noticed that there were a lot of fraudulent transactions in his account’s transaction history — up to 90% of the card’s credit limit. The couple lodged a report with the bank straight away.
After assisting the bank with the preliminary investigation, Zanolo and his wife set off for Australia on a vacation. On their third day there, he found his credit card blocked.
“I thought that reporting the case, the fraudulent transactions would be removed from my transaction history and I could use my card as normal. Then, I found out that it would be blocked until the case was solved,” says Zanolo.
To unblock the card, his bank recommended that he increase his credit limit. However, it would take a few days to process the request. “So, there we were in the middle of Australia with no cash in our pockets. Thankfully, I had a backup American Express card, which is widely accepted Down Under,” he says.
Until this day, Zanolo has no idea what caused the fraudulent transactions. His best guess is that someone has got hold of his credit details and used it to make transactions where two-factor authentication was not needed.
“Everything needed to make a fraudulent transaction is readily printed on the card. That means anyone who has got hold of my card can take a photo of its front and back and proceed to make payments with it,” he says.
In Malaysia, the majority of payment card fraud cases involves credit cards. According to Bank Negara Malaysia’s Financial Stability and Payment Systems report released on March 27, credit cards accounted for 92.1% of the total fraud losses, followed debit cards and charge cards at 7.3% and 0.6% respectively. Payment card fraud was predominantly due to “card-not-present” cases such as unauthorised online transactions, which accounted for 95.5% of the total fraud cases and 91.8% of the total fraud losses.
To reduce the occurrence of online fraud, Idemia has developed Motion Code credit card — a high technology payment card with a dynamic security code that changes regularly. The technology replaces the static security code printed on the back of a bank card and is now displayed on an e-paper “mini-screen”.
Idemia provides what it call Augmented Identity (an identity that ensures privacy and trust and guarantees secure, authenticated and verifiable transactions) for global clients in the financial, telecommunications, identity, public security and Internet of Things sectors. In July, the company announced a partnership with RHB Banking Group to offer the technology in Malaysia with its Visa Rewards Motion Code credit card — a first for consumers in the region.
At first glance, it looks like any normal card. However, it has an e-paper screen (which mimics the appearance of ordinary ink on paper) at the back of the card, which shows a security code that changes every few hours (for the RHB-issued card, it is every four hours). That means even if the card details have been saved a malicious individual, any transactions made after the security code is changed will be unsuccessful.
To make it work, an electronic flex printed circuit board is embedded inside the payment card and connected to a small lithium battery. A chip connected to a clock computes a cryptogram every four hours to display a new security code on the screen.
There is no reason for cardholders to be concerned about carrying the card around, says Zanolo. The battery used is small and thin, with no risk of leaking. The power consumed the card is also minimal and can last at least three years.
“The Motion Code technology has been around for about two years and it is issued a lot of banks around the world, especially in France. In fact, 10% to 15% of the cards issued Société Générale — one of France’s biggest banks — are equipped with the Motion Code technology,” he says.
One of the most important aspects of the technology is that it does not require any change in the user’s behaviour, says Zanolo. As everything happens behind the scenes, cardholders do not have to install a plugin or key in any data prior to using the cards.
“The feedback that we get from the consumer side is very positive. Once they look at the card, they immediately understand how it works,” he adds.
On the banking side, however, it has taken a while for Idemia to convince card issuers to adopt the Motion Code technology. Typically, banks have questions about IT integration. This is a major concern for many banks as it can be difficult to integrate new technologies into their legacy systems.
In the case of RHB, Idemia works with Visa, which helps issuers validate transactions inside its processing network. “This addresses the concerns that banks may have. It also simplifies our discussions on IT integration,” says Zanolo.
Other cards in the works
Idemia is working to introduce a few other cards in Malaysia. The first of which are metal cards, which have been issued banks such as OCBC Bank and UOB Bank. Currently, these cards are only available to the affluent. The company is working to make the card accessible to the mass affluent so that more people can enjoy having a metal credit card in their hands.
While there is almost no difference in terms of practicality between the plastic and metal cards, the latter is highly desirable as a status symbol. It gives cardholders a premium feel, on top of the pleasure of having a heavier and more durable card to carry and use.
According to Zanolo, the demand for metal cards may have increased among the mass affluent due to the growing number of issuers making these available in other parts of the world. Financial technology (fintech) firm Revolut, for example, has issued a limited number of metal cards, costing only £12.99 a month. Anyone can apply for the card if they are willing to pay for it.
Idemia is also working on a biometric card called F.Code. Zanolo says the card comes with a fingerprint sensor that can be used to authorise payments. “So, instead of keying in their personal identification number or providing a signature, cardholders simply put their thumbs on the sensor to pay.”
There are several benefits to this technology, he points out. One is removing the threshold limit for contactless payments. In Malaysia, contactless payments are limited to RM250 per transaction. With biometrics, cardholders will not need to use the chip and pin method to authorise payments above the capped value.
The use of biometrics also makes it easier for banks to authenticate payments made overseas, leading to a better experience for users when they are travelling, says Zanolo. “Recently, I went back to France for a vacation. After four days, my card was blocked. This happened because I did not tell my Singapore bank that I was going to France. The bank’s back-end suspected a case of fraud and probably sent me an SMS prior to blocking the card, but I did not see it.
“With biometrics, this will not be a problem. In the payment flow, the bank is notified that the authorisation is made with biometrics. So, the bank will know that I have physically made this transaction in France.”
Cards using this technology are being experimented with Société Générale in France and JCB in Japan. Zanolo thinks it could be experienced Malaysian cardholders next year.
Save by subscribing to us for your print and/or digital copy.
P/S: The Edge is also available on Apple's AppStore and Androids' Google Play.