Science

Less-secure Canadian debit cards a target for fraud: analyst

Criminals may be targeting Canada's bank cards because financial institutions here have been slower to switch to more secure card technology than in many other countries, says a security technology consultant.

Criminals may be targeting Canada's bank cards because financial institutions here have been slower to switch to more secure card technology than in many other countries, says a security technology consultant.

"Now that Europe has accelerated their adoption of chip and PIN, that basically leaves Canada and a very few other places as the places that organized crime are going to go as long as they can to perpetrate magnetic-based bank or credit card fraud," said Jerry Gaertner, director of security technology services at the accounting firm Soberman LLP.

'The criminal groups know that the end is coming and they are working as hard as they can now to maximize their profits.' — Det. Jeff Caplan, Durham Regional Police

This week, Toronto police confirmed they had received dozens of complaints from people working at or near the CBC Broadcasting Centre downtown who said their bank accounts had been compromised.

In Canada, Interac Association is the group responsible for the network that allows Canadians to access their money through bank machines and retail debit card terminals. According to its numbers, 148,000 debit card fraud victims were reimbursed in 2008 after getting $104.5 million stolen from their accounts — roughly triple the 49,000 victims reported reimbursed in 2004, when they were robbed of a total of $60 million.

Durham Regional Police Det. Jeff Caplan, who is with the major fraud unit, said there has been a recent spike in bank card scams. He said Canadian bank cards, which store data using magnetic strip technology, are not secure.

"The fraud is going to continue and it's going to continue at a really alarming rate until the full implementation of chip," he said.

Chips required in Canada by Dec. 31, 2015

The chip he is talking about is a more secure technology already being used by many other countries, but won't be fully implemented in Canada for another 6½ years.

Year No. of card users reimbursed $ amount stolen (millions)
2008 148,000 104.5
2007 159,300 106.8
2006 119,000 94.6
2005 72,000 70.4
2004 49,000 60
Source: Interac Association

The more secure cards use an embedded computer chip based on a global standard called EMV that was developed by Europay, MasterCard and Visa. The chip is capable of some computer-processing functions, which makes it more difficult to copy and reproduce the cards and their stored data. It also facilitates security checks by the debit card terminal to ensure the card is valid.

Interac spokeswoman Caroline Hubberstey said EMV has proven successful at combating debit card fraud in other countries.

She added that financial institutions and merchants across the country are already in the process of rolling out the new cards and the terminals required to read them, but it will take several years because the process involves 35 million cards, 600,000 retail debit card terminals and 55,000 bank machines.

According to the Interac website, debit cards without a chip will no longer be accepted at bank machines after Dec. 31, 2012, and will no longer be accepted by retailers after Dec. 31, 2015.

Caplan said the deadlines may explain the apparent increase in debit card fraud.

"The criminal groups know that the end is coming and they are working as hard as they can now to maximize their profits," he said.

An increase in reports of that type of crime hasn't happened everywhere, though. Ottawa police Sgt. Robert Landry said debit card fraud reports received in Canada's capital have been steady, with 258 reported victims in 2008 and 257 victims in 2007. But he added that police aren't always notified in such fraud cases, especially since the fraud may not take place in the same city where the victim lives.

Meanwhile, Gaertner suspects that even switching to the chip debit cards won't put an end to this type of fraud. He suggested that thieves will become more sophisticated and move toward targeting banks and business accounting systems through the back end.