Insider's view // Andrew ChurchillBanking security measures can tackle terrorism and terrorist financing

Published 5 March 2008

Mobile phones can be part of the banks’ security to prevent terrorist financing through fraud, but it can also be a direct tool in the pursuit of homeland security

In 2007 terrorists and organized criminals made as much money from defrauding U.S. citizens’ credit cards through phishing alone, as most NATO members commit to their annual defense budget—- globally, some estimate that total card fraud exceeds the defense budget even of the United Kingdom. With such financial resources at their disposal it is little wonder that such groups pose such a significant threat to homeland security.

Yet some of the same technologies that are being explored to counter fraud have additional benefits for homeland security if we choose to adopt the appropriate technology.

Evolution of bank security

Banks have had an interesting lifecycle over recent decades in their approach to card security and usability. Early signature cards were found to be easily abused as staff rarely checked the signatures; so Chip and PIN was introduced in the United Kingdom over several years to fight fraud. Yet now contactless cards are removing the PIN security for “low value” transactions, opening up a whole new industry for organized criminals.

Contactless cards are now on the rise globally, with major public programs such as the Oyster card used for public transport in London, now being adopted as three-in-one credit/prepay/travel cards. The main advantages of contactless cards in public transport, particularly a large enclosed network like the London underground, are its speed of throughput at the gates and more efficient ticket purchase management. Likewise, many consumers like the cashless purchase for low value items such as coffee, and if the banks are happy to take the hit for up to £10, then that’s all well and good.

Here, then, is the criminal’s new industry — it is relatively straightforward to rig up a more powerful contactless card reader with a greater range than the normal 3-4 inches. The criminal merely needs to sit at a busy station concourse, for example, and request £9 off each commuter walking by. He will need a front business, of course, to process the funds, but this is a minor obstacle.

The problem exists because contactless cards leak information all the time and are happy to carry out transactions when requested by a reader, be it to open the turnstile to exit a station or to buy a coffee. This information leakage, however, is not just of interest to the criminal fraternity but to homeland security practitioners as well. Active interrogation of contactless cards, or other devices, at stand off ranges of 10-20 feet is