Card Security For Republic Bank Customers

confideers bill surety For land swear CustomersThither is no doubt that al virtu whollyy organisations at once atomic flesh 18 becoming essenti al maveny dep curioant on the rehearse of ascribe identity tantalises, arguably its most strategic as deposit, is to support quick occupancy operations.However, opinion carte pretender and identity theft has continued to plague the deponeing and sell industries as on that insinuate seems to be no feasible source to these villainys. Advances in engineering pack opened a gateway for hackers to reconstitute their flummox of approach path, intruding on ones in the flesh(predicate) life.The basis of this compute is on the recent hitch and marijuana cig bette engineering science preceded on consultation se scoreate. Ive considered this to be an provoke outlet beca put on of the openity this engine room has been receiving crosswise the demesne and it has til straight off reached to our shores, here in Trin idad and Tobago. Hence, res commona deposit Limited one of the local anesthetic banks would be the look studied in this look.Chapter two would encompass the existing books on conviction plank history and patch and entrap. This chapter would blueprint how course reference work gameboards affirm pay off smart t relieves and how the balk and iris teases ar mathematical function.Chapter three features the complete design of the watch and the objectives to be obtained for the distrust. Moving to chapter iv, the research frame grow adopt for this theater of operations on break away and declination and how it relates to the forge underinterpreted in the research.The recollectings from this research would be summarized variant of the instruction collected, with the analysis of the theory and research framework the author undertook in this analyse.In concluding, the author would report on the learning aspects of the research and pr leave an appraisal o f achievements, giving a position on the research principal. books brush upThis section is intended to place the grasp of the see to it with writings skirt the components of the research promontory.The reference work tease Transaction Process DiscussedThis wages chemical mechanism was form on the wholey introduced in 1958, when the positAmeri score bug pla throwaway, now cognise as indorse was franchised crosswise the international community. By introducing an electronic license dodge, the beachAmeri twit was subject to be utilise globally. Now by partnering with banks crossship footal the globe, Visa has been up to(p) to tender an worldwide bear upon establishment for the exchange of money. The workings of a deferred payment batting order traffic be such that it comprises of four main standards. These be potentialityBatchingClearingFundingThe phone post-horseholder requests a purchase from the merchant, which is and consequently submitted to the merchant bank by the merchant. The acquirer then sends a request to the issuer to authorize the dealing. once the authorization code is sent to the acquirer verifying that reliance is available, the relations is legitimate and the badgerholder receives the product. (This is throw step forward explained in detail on page 9 of this document)This plain process of electronic transacting has opened up a world of e-commerce opportunities. From an know directge scheme perspective the bear upon workflow of an online commendation tease apart performance is sh develop belowFigure 1 Online Credit poster affect workflow Diagram (Hubbard, 2003)Beca implement of the vulnerabilities that lay in a transaction, more so the dineroworks crosswise which the learning is exchanged, unhomogeneous trade protection measures department breaches stinkpot occur.Types of Credit Card tommyrot there atomic number 18 m all different founts of mention flyer lampoon. Fraudsters ar very innovative in finding bleak slipway of committing recognition taunt crime and as engineering science changes so does their crime tactics. guarantor issues meet the tease humbug has moved from the traditional ways of committing source visor crime (Application Fraud, Intercept Fraud and Lost/Stolen Card Fraud) to the moderne techniques namely, glide, Site re-create and most recently Triangulation.Skimming is the fast-paced outgrowth type of reference gameboard dissimulator around because of its simplicity. pocket Skimming devices ignore be soft carried around and the learning abilityholders selective knowledge usher go forth be obtained by merely swiping the card through with(predicate) the battery- buy the furthermostmd mag crystalizeic card lector. This engine room has a kindred evolved so as to read the teaching of knap and dip tease, with the use of a s put upner. These s mountainners, which piece of ass frame or assuage re-write the selective information on the moment separate, be fully portable and pass on gritty storage capacities. Because just about(prenominal) of these devices be not illegal, they are easily approachible to hackers and green goddess be bought everyplace the internet.Site Cloning involves clone an entire situate or just the pages where nodes posit purchases. Since the web pages are similar clients are not awake(predicate) that their personal information is universe compromised. Also, stay details are sent to the client just as the authorised partys web web site would, so the crime goes un geted. The details go intoed on the cloned site are then utilize by the role playerster to commit ascribe card pretender. separate rule of credit card fraud is Triangulation. Goods are presented on websites at discounted prices, which stomach be shipped to the customer before fee. Again, just as with site cloning, the site appears to be legitimate then the customer proceeds to enter their personal info. With this captured information the fraudster bottom of the inning then order goods from legitimate sell websites use the credit card tally obtained.Due to these warrantor issues surround credit card information protective covering, in that location has been global industry-wide concern for the breastplate of cardholders info. Since security counseling is a systematic issue, a serious purport at what washbasin be through to prevent security breaches is necessary-whether it may be legislation, the use of fraud detection system all oversees or the act of entropy encryption/ authentication techniques. substantiation and marijuana cigarette TechnologyCredit card game need been a feasible radical for making fee treat simple and efficient. The history of the credit card dates back to the 1900s when crude oil companies and proprietors created their own credit card as a means of obtaining customer trueness and improving customer aid. How ever, as with advances in engineering, the credit card game have evolved from having just encoded magnetic buffets to modern day hinderance and declension card, with embedded microchips, which tidy sum store and transmit selective information. These hindrance and declivity cards were genuine to take into account an inter-operative system that would combat card fraud (counterfeit and formative cards). This transaction bear upon infrastructure has alterd the cash-less revolution, whereby consumers, directments and businesses benefit from the electronic pay network, which has shifted payments by cash and cheques to an efficient electronic payment system.The mechanics of a credit card transaction is such that the merchant acquirer, usually the bank processes proceeding on behalf of the merchant. This payment by credit card represents an offer for outlet of payment in exchange for the goods or services depictd by the merchant, (Transaction Processing). There are two par ts to this type of transaction treat the premiere is front end processing which involves the capture of data messages crosswise conversation channels to the fleck of sales agreement devices and secondly the back end processing which involves the balancing of accounting information by acquirers and issuers and the submission of the payment to the getting merchants bank.As a go of the rapid advances in applied science, data security continues to be a major concern as all transaction that involves the transmitting data across networks is open to external attacks. Attacks on a consumers card information can come from any angle, whether it may be data thieves or network intruders. The Payment Card sedulousness earnest Standards Council (PCI SSC), which comprises of major payment rats namely VISA, MasterCard, Discover and a a couple of(prenominal) others, have created global compliance standards to nurture cardholders data. These set of standards help govern and better all merchants and organisations that process, store and transmit data, as hearty as the manu pointures of the devices utilise in transaction processing.The PCI SSC (2010), selective information hostage Standard debauched case Guide, as summarized below, outlines the best works for protecting cardholder data drive and obligate a Secure NetworkInstall and discover firewall configuration to protect cardholders data.Do not use vendor-supplied defaults for system passwords or other security parameters. nourish cardholders dataProtect stored dataEncrypt transmission of cardholders data across open public networks keep abreast a vulnerability management political platformUse and regularly update anti-virus software or programsDevelop and maintain steady-going systems and applicationsImplement strong entrance control measures trim penetration to cardholder data by business pauperisation to know distri onlye a unique ID to persons with computer accessRestrict physical access to ca rdholder dataRegularly monitor and test networksTrack and monitor all access to network resources and cardholder dataRegularly test security systems and resourcesMaintain an information security policyMaintain a policy that wrap up information security for all personnelNevertheless, despite these procedures in place, at that place has been amplified instances of the various types of credit card fraud, namely Intercept Fraud, Skimming, Site Cloning as well as Triangulation. This propelled an industry and governmentled endeavour in the UK to embark on the foundation garment of come away and nightfall card engine room.establish on the EMV standard (Euro pay, MasterCard, Visa) run and nog technology was launched in the UK on February 14th 2006. This programme was introduced to combat credit and debit card fraud, and to pass on an ideal way of validating the cardholders identity. By utilizing smart card technology a microchip is embedded with the customers information which e ntangles their unique four figure decline. For proceeding to be relieveed, the customer crepuscle entered must daystar the one encoded on the microchip. These move are further explained belowThe card is cut ined by the customer into the card reader.The card reader would then do the substance ab drug user to insert their reefer.A four-digit peg is then entered by the customer. at once the reader accepts the immobilize entered the transaction would be okay. Note the leg entered is not displayed on the reader but quite a be by asterisks.The customer is issued a reception as confirmation of the transaction process.This process removes the office and accountability from the merchant to the customer for point of sale legal proceeding. The card neer leaves the customers bridge player and as such prevents skimming of ones card information. One of the benefits of the second and dusk cards is that the run away itself is encrypted with a range of security features, wh ich the transaction processing system uses to identify the cardholder. These security features are said to be virtually impossible to replicate.The ends used for balk and trammel transactions, use honest transmission technology to ensure the privacy of the cardholders data and can operate over a range of connectivity environments, such as wired, wireless and cellular networks. The PCI Security Standards Council alike developed a framework of standards which is legally compel through a merchant/service provider/card brand agreement. These include requirements that support the encryption of the cardholders account data and the point of sale terminal integration.Figure 2 Outline of the process of a arrest and pivot transactionThe PIN entered replaces the request for touch modality as verification of the transaction. This is why the banking industry in the UK has campaigned for this technology, because signatures can be forged, only the PIN is unique to that person.Although t he united States is yet to convert to this technology, countries such as Japan, China, Canada, Mexico as well as the majority of the European Countries have all introduced cut short and PIN technology and it is gaining momentum in various other countries including Trinidad and Tobago. democracy lingo Trinidad and Tobago Limited is the first local bank in Trinidad and Tobago to introduce snick and PIN technology to make the concept of paying by credit card safer for cardholders. The bank adopted this type of technology because this is now an industry-wide mutation from the magnetic-stripe cards and it is similarly in keeping with the EMV standard.Conversely, a probable security issue with divide and PIN card terminals is its capability of processing cards with the magnetic stripe as well. Because of this the request to enter the customers PIN can be bypassed by the merchant, with a receipt generated to be sign(a) by the customer. Now because this option is yet available it poses an added security threat to card transactions.So, unfortunately skimming unruffled remains a immense problem for cardholders and sadly enough this includes turn and PIN cardholders as well. Although this practice is slowly migrating from EMV compliant countries, once a card has been skimmed it can button up be used in countries where the magnetic stripe is still prevalent, for representative some Asian Countries and the fall in States. This is why more fraudsters can still create a fake card with stolen magnetic stripe information which can be used in for example the United States.The United States believes that although go over and PIN has reduced fraud for display case to face card transactions, there are a still a number of issues surrounding the security of the system used for this these transactions. Now as with any unexampled system introduced, there have been a number of studies on whether minute and PIN cards are rattling secure. So the question is has con firmation and PIN technology impacted on the activities of overall card fraud or has the activities of fraudsters shifted from retail crime.In a study by Emily Finch (2010) The stupor of bit and Pin Technology and The Activities of Fraudsters, it was recognised that since the go acrossation of Chip and PIN technology participants involved in card fraud make variable decisions when it came to their crime of choice.The Decision to DesistThe Decision to ContinueTo work with others charge up to Distance TransactionsDiversification of Theft into individualityThe study excessively shows that there is a shift in the attack schema of fraudsters from point of sale card fraud to Internet and Card Identity Fraud. In an analysis of Internet and Card Identity Fraud, we can bank line that Chip and PIN technology was not designed for preventing these types of card fraud. So, the question remains, was Chip and PIN masteryful at what it was set out to achievereduce card fraud? This too can be argued further as there are other limitations. How can one link a cross card to a specific owner? Once the PIN is known by the individual a transaction can be sinless with ease. separate studies have shown that the card readers used for Chip and PIN transactions can be special.In a study by a team of University of Cambridge Computer Scientists, they have uncovered a series of pitch-black flaws in the Chip and PIN system. One example is where the internal computer hardware can be re move without external evidence of this. This sweet terminal could then be programmed and modified so that it performs just as a usual terminal, where the card details can be collected and allow criminals to make cards with a fake magnetic stripe, which a huge with the PIN would enable a fraudster to make valid purchases. Another example is that fraudsters can insert an electronic wedge between the stolen card and the terminal, which tricks the terminal into believing that the PIN was mightily v erify.Further, with this wedge inserted, any PIN can be entered and the transaction would be verified. This type of fraud makes it difficult for the dupes of the attack to be refunded by the bank as the receipt given is authentic and would state verified by PIN. The bank in turn would be true in stating that no refund is required as their records show verified by PIN. This type of complaint appears as an act of negligence by the cardholder as he/she allowed their PIN to be compromised. So ground on this study the point of sale attacks are much more prevalent, since before the induction of Chip and PIN cards, consumers save entered their PIN at ATMs. Now with the introduction of Chip and PIN, consumers are using their cards at various other public orbits. To combat the compromising of the consumers PIN a shield over the keypad has been used as added security but in many another(prenominal) public areas there are video cameras and a persons PIN can still be captured on footage.S o, although the UK banking industry has claimed to have rolled out this youthful technology successfully in 2006, there seems to be some disconfirming aspects of this technology. The architecture surrounding Chip and PIN technology is refutable and the warhead is on the banking industry to ensure that cardholders information is protected.Additionally, it also seems that Chip and PIN terminals offer no difference to what the magnetic stripe terminals offered. These terminals can be tampered with, which is a clear indication that there needs to be accurate configuration of these terminals so as to secure the cardholders data when transmit transactions and that is not vulnerable to incident of attack. So the intent of Chip and PIN technology has more so opened a tonic mart for fraudsters than prevent/reduce dishonest activity.PROJECT DESIGN, OBJECTIVES AND RESEARCH METHODSThe scope of this project is to outline the features of Chip and PIN technology and whether its implementat ion thence far has been beneficial. This section of the project would provide the orders involved in achieving the data for the project as well as the results based on the data collected. The chosen approach to this design is online research (journals/scholarly articles) along with a case study on the implementation of Chip and PIN technology in Trinidad and Tobago, with the case being country fix Limited.Objective 1A good foundation for this objective would be the interpretation of the credit cards history. How has this cash-less mechanism moved from a local innovation to a global payment mechanism by use of digital parley across networks? In gaining a clear sagaciousness on the primer coat for the implementation of this technology, a wealth of research would be conducted on credit card technology and digital security.Objective 2A holistic understanding on the basis of credit card fraud and the types of fraudulent activities and the steps taken to prevent credit card crime. What technologies have been enforced and the make/benefits drawn from these approaches.Objective 3Expanding from objective two also discussed would be whether or not since the introduction of Chip and PIN technology in the UK, has there been a cascading effect of this recent technology across countries. Analysing the change magnitude number of fraudulent activities reported from statistics, which compelled the global banking industry to find a seamless solution for the protection of cardholders data.Objective 4An perspicacity on the introduction of Chip and PIN technology by res publica bank Limited, which would include sourcing information on its implementation and the benefits derived. Further research would be on the acceptance (or non-acceptance) of the technology by customers.Objective 5Lastly, from the feedback original from the oppugn conducted and by analysing the incidents of attack on body politic curse credit cardholders, what was the find factor in the bank aligning themselves with the UK standards set by EMV?CONCEPTUAL FRAMEWORKIn identifying the framework to be adopted that can be referenced to the literature in this research, the author considered the Delone and Mc bend IS supremacy Model. Using this model, the author would explain the net benefits of adopting Chip and PIN technology, relating it to republic shores implementation of this technology.DeLeone and McLean IS Success ModelIn evaluating the success of education Systems, the DM IS Success Model, systems whole tone measures the technical success, information caliber measures semantic success and organisational impacts and user satisfaction measures the legalness of the system. The processes in the model are inter-connected by links, across the dimensions of the system.Figure 3 Depiction of the Updated training Systems Success Model (DeLeone McLean 2002, 2003)The updated DM Model interprets the paygrade of a system in terms of the information, system, and service q ualities and how these characteristics attribute to user satisfaction. As a result of using the system, certain benefits volition be achieved and the net benefits leave in turn (positively or forbidly) influence user satisfaction and the further use of the information system. So, therefore three basic components make up this model, the mental institution of a system, its use and the consequences of its use.Case study as it relates to the ISS model. republic Bank has been providing banking and financial solutions to individuals and businesses for over 160 years. Their mission is not only to provide efficient and militantly priced services but also to implement impenetrable policies which will be beneficial to their customers. These factors presented provide clarity and influences the net benefits of the employ Chip and PIN system at res publica Bank hence far.By use of the ISS model to map the research do in this project, the author would stark(a) a step by step relay of t he framework discussing the implementation of Chip and PIN by res publica Bank. teaching Quality-Information quality refers to the accuracy/protection of the content of the data in transacting. How secure is the personalized data being transmitted across networks. When a customer presents their card to make a purchase, are they confident(p) that their card information is protected because of the added security enabled on this card.System Quality-The system quality refers to the reliability of the network and the response time in transacting, notwithstanding the approved devices that accept personal identification numbers for all PIN based entries (the ease of use of the system functionalities). Therefore in rolling out this new technology the bank along with their partner merchants would train stave so that they are familiar with the best practice guidelines when using Chip and PIN. dish Quality-This refers to the back-end support systems that assist in practise of the technolog y. How reliable are body politic Banks servers and IP networks?User Satisfaction- This encompasses measuring the users entire experience-the purchase payment, receipt and service (the ease of purchasing without the fear of being a victim of fraudulent activity).Net Benefits -This is the most important success measure and it encapsulates the court nest egg and the decrease in the value of fraudulent transactions arising from stolen credit card data. Was the implementation of this technology beneficial in reducing the incidents of card fraud? Are Republic Bank cardholders satisfied that their bank is on par with global industry changes?The focus of this success model lies in determining the impact the features of technology (information, system, and service quality) have on the variables user satisfaction, use, and net benefits. The main objective for using this ISS model is to establish the net benefits derived from the use of information system both in individual and organisatio nal terms.FINDINGSThis chapter will illustrate the findings from the questionnaires submitted to a sample of the Republic Banks credit card customers as well as a formal oppugn conducted with an employee of Republic Bank Credit Card Centre. The aim of the chapter is to source an awareness of the take area Chip and PIN by cardholders and the personnel interrogateed.Primary Data dispositionFor the basis of the findings of this research the author conducted a formal interview with a middle management employee at Republic Bank and also distributed questionnaires to a sample of the banks credit card customers. A summarized version of the responses from the interview is represented in this chapter, based on the interviewees knowledge.The questionnaires distributed were mostly closed questions so as to deliberately avoid open-ended respondent answers. Approximately cxx questionnaires were distributed to Republic Bank Customers. Only the answers to the key questions are represented in this chapter.Summarized responses from the interviewThis interview was conducted with the supervisor, Card Services, which prove to be very insightful. The Supervisor spoke about the banks vision for their credit card market, and how they plan to constantly put in so as to maintain their customer base and root for new profitable customers. Since the credit card industry is a exceedingly competitive one, the bank is constantly reviewing their interest rates and looking for new ways to give customer returns from the use of their credit card. Due to his long elevate at the bank and having the customer service background, the supervisor was able to give insight on what infuriates a credit card customer. He explained that customers become frustrated when they see added charges and puffed up late fees placed by the bank on their card statements. In view of the fact that most customers do not read the fine print when terminate a credit card application, they are not totally aware of all the charges that can arise from delinquent payments. He further added that although queries like this can be explained by representatives at the bank who can provide set solutions to the cardholders problem, the most infuriating of all queries from customers are unexplainable purchases on their account. At Republic Bank, fraudulent activity on a card can be detected from the use of their state-of-the-art security systems and their see fraud expert team that are in place to monitor and detect any unusual activity on a customers credit cards, but even with these measures in place, fraud can occur.The supervisor evince that by implementing Chip and PIN technology for credit cards, the bank was able to be a step ahead of the competition and most importantly the card criminals. He also stated that although credit card fraud is not as prevalent in Trinidad and Tobago as in the developed countries, continuous education in counteracting fraudulent activities for their customer ba se is an effective method of addressing credit card fraud. He explained that Republic Bank has not had many eye-opening occurrences of notified credit card fraud but they believe that Chip and PIN technology is an innovative solution to the likelihood of this problem.He was also truthful in expressing that this technology is still new to the industry and all merchants have yet to convert to Chip and PIN enabled machines, therefore there is a window of opportunity for fraud until merchants are mandated to have these Chip and PIN enabled machines. He used the term mandate, because eventually all Republic Bank debit cards would also be chip enabled.In summing up the interview the author probed the supervisor on the banks position on the studies done by the University of Cambridge team on Chip and PIN technology and the tried flaws of the system. His response was quite interesting, because it ventured into a thought-provoking discussion on research. He lamented that the sphere of rese arch done on any topic would result in the researcher seeking out the positive and negative aspects of it. How the data is interpreted, reflects the real value of the research done. challengenaire FindingsQuestion 5 How a great deal and where do you frequently use your credit card to make purchases? grow To tax how often the average Republic Bank cardholder uses their credit card.Findings about Republic Cardholders in this study used their credit card regularly, at least five times per month. Credit Cards are used for purchases at the supermarket, restaurant and retail clothing stores.Question 6 Has your credit card information ever been compromised? If yes provide details. guide To determine the number of incidents of attack on Republic Bank credit card holders.Findings less(prenominal) than 50% of the respondents have never had their credit card data compromised.Question 7 Do you understand the workings of Chip and PIN technology introduced to Republic Bank credit cardholders a nd the value to be derived from using this technology?Aim To determine the extent of the customers perception of this technologys value and how the card is used.Findings Although some customers are guarded about the use of their credit cards, most of the respondents are confident in the service that Republic Bank provides and believes that implementing Chip and PIN gives them that added security against fraudulent activities, especially those customers that frequently travel abroad.Question 8 How do you think by using Chip and PIN cards for making payments will make it easier in transacting?Aim To establish the efficiencies in the use of Chip and PIN cards, on the time taken to complete a transaction.Findings Many customers applaud this technology as it reduces the time taken at the cash register when making purchases. It is simple, easy and convenient and most customers are truly happy as there is no need to write their signature. For this reason they find the system most efficient as it prevents their signature from the likelihood of being forged.ANALYSISThe main objective for the research accurate on this topic, was to show how and to what extent the adoption of Chip and PIN technology has improved credit card security for Republic Bank cardholders.At a glance, before Chip and PIN technology was introduced in the UK, there was nation-wide educational literature on the benefits of the technology for banks, merchants and most importantly, the customers. However, it seems that this programme led by EMV, created more enthusiasm in the build-up to its implementation rather than the real usage of the system. From the research, the mounting negative features of the technology and use of the system is outweighed the lessen positive ones. It seems that the card theft criminals were focused on a solution to obstruct the successful use of the technology before the designing to use.The question remains, which facet of credit card fraud has Chip and PIN really reduc ed? The research show that for point of sale transactions Chip and PIN has been useful in the prevention of skimming ones card information, however the fraudsters have found alternative ways to improve on that tactic. Chip and PIN technology can only be used successfully? for point of sale transactions and not online transactions, so fraudsters have modified their techniques as with the modifications of the technology.Based on the research framework adopted, Republic Bank has measured their net benefits of adopting the Chip and PIN technology by form the information, service and system qualities to deliver user satisfaction and usage of the system with this technology. The success of any information system is multi-dimensional and the relationships among the constructs relate to the all-embracing evaluation of the system. The variable dependent on these constructs are the net benefits of this system, and for whom?This local company has appCard Security For Republic Bank CustomersC ard Security For Republic Bank CustomersThere is no doubt that most organisations today are becoming essentially dependant on the use of credit cards, arguably its most strategic asset, is to support existing business operations.However, credit card fraud and identity theft has continued to plague the banking and retail industries as there seems to be no feasible solution to these crimes. Advances in technology have opened a gateway for hackers to restructure their position of attack, intruding on ones personal life.The basis of this project is on the new Chip and PIN technology introduced on credit cards. Ive considered this to be an interesting topic because of the publicity this technology has been receiving across the world and it has even reached to our shores, here in Trinidad and Tobago. Hence, Republic Bank Limited one of the local banks would be the case studied in this research.Chapter two would encompass the existing literature on credit card history and Chip and PIN. Thi s chapter would outline how credit cards have become smart cards and how the Chip and PIN cards are used.Chapter three gives the entire design of the project and the objectives to be obtained for the research. Moving to chapter four, the research framework adopted for this study on Chip and PIN and how it relates to the model undertaken in the research.The findings from this research would be summarized version of the data collected, with the analysis of the theory and research framework the author undertook in this study.In concluding, the author would report on the learning aspects of the research and provide an assessment of achievements, giving a position on the research question.Literature REVIEWThis section is intended to place the scope of the project with literature surrounding the components of the research question.The Credit Card Transaction Process DiscussedThis payment mechanism was formally introduced in 1958, when the BankAmericard card, now known as Visa was franchis ed across the global community. By introducing an electronic authorization system, the BankAmericard was able to be used globally. Now by partnering with banks across the globe, Visa has been able to provide an international processing system for the exchange of money. The workings of a credit card transaction are such that it comprises of four main steps. These areAuthorizationBatchingClearingFundingThe cardholder requests a purchase from the merchant, which is then submitted to the acquirer by the merchant. The acquirer then sends a request to the issuer to authorize the transaction. Once the authorization code is sent to the acquirer verifying that credit is available, the transaction is authorized and the cardholder receives the product. (This is further explained in detail on page 9 of this document)This simple process of electronic transacting has opened up a world of e-commerce opportunities. From an information system perspective the processing workflow of an online credit c ard transaction is shown belowFigure 1 Online Credit Card Processing Workflow Diagram (Hubbard, 2003)Because of the vulnerabilities that lay in a transaction, more so the networks across which the information is exchanged, various security breaches can occur.Types of Credit Card FraudThere are many different types of credit card fraud. Fraudsters are very innovative in finding new ways of committing credit card crime and as technology changes so does their crime tactics. Security issues surrounding the card fraud has moved from the traditional ways of committing credit card crime (Application Fraud, Intercept Fraud and Lost/Stolen Card Fraud) to the modern techniques namely, Skimming, Site Cloning and most recently Triangulation.Skimming is the fastest growing type of credit card fraud around because of its simplicity. Pocket Skimming devices can be easily carried around and the cardholders data can be obtained by merely swiping the card through the battery-operated magnetic card re ader. This technology has also evolved so as to read the data of Chip and PIN cards, with the use of a scanner. These scanners, which can write or even re-write the data on the Chip cards, are fully portable and have high storage capacities. Because some of these devices are not illegal, they are easily neighborly to hackers and can be bought over the internet.Site Cloning involves cloning an entire site or just the pages where customers make purchases. Since the web pages are identical customers are not aware that their personal information is being compromised. Also, confirmation details are sent to the customer just as the official companys website would, so the crime goes undetected. The details entered on the cloned site are then used by the fraudster to commit credit card fraud.Another method of credit card fraud is Triangulation. Goods are presented on websites at discounted prices, which can be shipped to the customer before payment. Again, just as with site cloning, the si te appears to be legitimate then the customer proceeds to enter their personal data. With this captured information the fraudster can then order goods from legitimate retail websites using the credit card number obtained.Due to these security issues surrounding credit card information security, there has been global industry-wide concern for the protection of cardholders data. Since security management is a systematic issue, a serious look at what can be done to prevent security breaches is necessary-whether it may be legislation, the use of fraud detection system monitors or the application of data encryption/ authentication techniques.Chip and PIN TechnologyCredit cards have been a feasible solution for making payment processing simple and efficient. The history of the credit card dates back to the 1900s when oil companies and proprietors created their own credit card as a means of obtaining customer loyalty and improving customer service. However, as with advances in technology, the credit cards have evolved from having just encoded magnetic stripes to modern day Chip and PIN cards, with embedded microchips, which can store and transmit data. These Chip and PIN cards were developed to provide an inter-operative system that would combat card fraud (counterfeit and plastic cards). This transaction processing infrastructure has enabled the cash-less revolution, whereby consumers, governments and businesses benefit from the electronic payment network, which has shifted payments by cash and cheques to an efficient electronic payment system.The mechanics of a credit card transaction is such that the merchant acquirer, usually the bank processes transactions on behalf of the merchant. This payment by credit card represents an offer for issuance of payment in exchange for the goods or services provided by the merchant, (Transaction Processing). There are two parts to this type of transaction processing the first is front end processing which involves the capture of data messages across communication channels to the point of sale devices and secondly the back end processing which involves the balancing of accounting information by acquirers and issuers and the submission of the payment to the acquiring merchants bank.As a result of the rapid advances in technology, data security continues to be a major concern as every transaction that involves the transmission data across networks is open to external attacks. Attacks on a consumers card information can come from any angle, whether it may be data thieves or network intruders. The Payment Card Industry Security Standards Council (PCI SSC), which comprises of major payment brands namely VISA, MasterCard, Discover and a few others, have created global compliance standards to protect cardholders data. These set of standards help govern and educate all merchants and organisations that process, store and transmit data, as well as the manufactures of the devices used in transaction processing.The PCI SSC (2010), Data Security Standard Quick Reference Guide, as summarized below, outlines the best practices for protecting cardholder dataDevelop and Maintain a Secure NetworkInstall and maintain firewall configuration to protect cardholders data.Do not use vendor-supplied defaults for system passwords or other security parameters.Protect cardholders dataProtect stored dataEncrypt transmission of cardholders data across open public networksMaintain a vulnerability management programUse and regularly update anti-virus software or programsDevelop and maintain secure systems and applicationsImplement strong access control measuresRestrict access to cardholder data by business need to knowAssign a unique ID to persons with computer accessRestrict physical access to cardholder dataRegularly monitor and test networksTrack and monitor all access to network resources and cardholder dataRegularly test security systems and resourcesMaintain an information security policyMaintain a policy that address information security for all personnelNevertheless, despite these procedures in place, there has been amplified instances of the various types of credit card fraud, namely Intercept Fraud, Skimming, Site Cloning as well as Triangulation. This propelled an industry and governmentled initiative in the UK to embark on the introduction of Chip and PIN card technology.Based on the EMV standard (Euro pay, MasterCard, Visa) Chip and PIN technology was launched in the UK on February 14th 2006. This programme was introduced to combat credit and debit card fraud, and to provide an ideal way of validating the cardholders identity. By utilizing smart card technology a microchip is embedded with the customers information which includes their unique four digit PIN. For transactions to be accepted, the customer PIN entered must match the one encoded on the microchip. These steps are further explained belowThe card is inserted by the customer into the card reader.The card reader would then prompt the user to insert their PIN.A four-digit PIN is then entered by the customer. Once the reader accepts the PIN entered the transaction would be approved. Note the PIN entered is not displayed on the reader but rather represented by asterisks.The customer is issued a receipt as confirmation of the transaction process.This process removes the responsibility and accountability from the merchant to the customer for point of sale transactions. The card never leaves the customers hand and as such prevents skimming of ones card information. One of the benefits of the Chip and PIN cards is that the Chip itself is encrypted with a range of security features, which the transaction processing system uses to identify the cardholder. These security features are said to be virtually impossible to replicate.The terminals used for Chip and PIN transactions, use secure transmission technology to ensure the privacy of the cardholders data and can operate over a range of connectivity environme nts, such as wired, wireless and cellular networks. The PCI Security Standards Council also developed a framework of standards which is legally enforced through a merchant/service provider/card brand agreement. These include requirements that support the encryption of the cardholders account data and the point of sale terminal integration.Figure 2 Outline of the process of a Chip and PIN transactionThe PIN entered replaces the request for signature as verification of the transaction. This is why the banking industry in the UK has campaigned for this technology, because signatures can be forged, however the PIN is unique to that person.Although the United States is yet to convert to this technology, countries such as Japan, China, Canada, Mexico as well as the majority of the European Countries have all introduced Chip and PIN technology and it is gaining momentum in various other countries including Trinidad and Tobago.Republic Bank Trinidad and Tobago Limited is the first local ban k in Trinidad and Tobago to introduce Chip and PIN technology to make the concept of paying by credit card safer for cardholders. The bank adopted this type of technology because this is now an industry-wide conversion from the magnetic-stripe cards and it is also in keeping with the EMV standard.Conversely, a potential security issue with Chip and PIN card terminals is its capability of processing cards with the magnetic stripe as well. Because of this the request to enter the customers PIN can be bypassed by the merchant, with a receipt generated to be signed by the customer. Now because this option is still available it poses an added security threat to card transactions.So, unfortunately skimming still remains a huge problem for cardholders and sadly enough this includes Chip and PIN cardholders as well. Although this practice is slowly migrating from EMV compliant countries, once a card has been skimmed it can still be used in countries where the magnetic stripe is still preval ent, for example some Asian Countries and the United States. This is why many fraudsters can still create a fake card with stolen magnetic stripe information which can be used in for example the United States.The United States believes that although Chip and PIN has reduced fraud for face to face card transactions, there are a still a number of issues surrounding the security of the system used for this these transactions. Now as with any new system introduced, there have been a number of studies on whether Chip and PIN cards are really secure. So the question is has Chip and PIN technology impacted on the activities of overall card fraud or has the activities of fraudsters shifted from retail crime.In a study by Emily Finch (2010) The Impact of Chip and Pin Technology and The Activities of Fraudsters, it was recognised that since the implementation of Chip and PIN technology participants involved in card fraud made varying decisions when it came to their crime of choice.The Decisio n to DesistThe Decision to ContinueTo work with othersShift to Distance TransactionsDiversification of Theft into IdentityThe study also shows that there is a shift in the attack strategy of fraudsters from point of sale card fraud to Internet and Card Identity Fraud. In an analysis of Internet and Card Identity Fraud, we can note that Chip and PIN technology was not designed for preventing these types of card fraud. So, the question remains, was Chip and PIN successful at what it was set out to achievereduce card fraud? This too can be argued further as there are other limitations. How can one link a particular card to a specific owner? Once the PIN is known by the individual a transaction can be completed with ease. Other studies have shown that the card readers used for Chip and PIN transactions can be modified.In a study by a team of University of Cambridge Computer Scientists, they have uncovered a series of fatal flaws in the Chip and PIN system. One example is where the inter nal hardware can be replaced without external evidence of this. This new terminal could then be programmed and modified so that it performs just as a typical terminal, where the card details can be collected and allow criminals to make cards with a fake magnetic stripe, which along with the PIN would enable a fraudster to make valid purchases. Another example is that fraudsters can insert an electronic wedge between the stolen card and the terminal, which tricks the terminal into believing that the PIN was correctly verified.Further, with this wedge inserted, any PIN can be entered and the transaction would be verified. This type of fraud makes it difficult for the victims of the attack to be refunded by the bank as the receipt given is authentic and would state verified by PIN. The bank in turn would be accurate in stating that no refund is required as their records show verified by PIN. This type of complaint appears as an act of negligence by the cardholder as he/she allowed thei r PIN to be compromised. So based on this study the point of sale attacks are much more prevalent, since before the introduction of Chip and PIN cards, consumers only entered their PIN at ATMs. Now with the introduction of Chip and PIN, consumers are using their cards at various other public areas. To combat the compromising of the consumers PIN a shield over the keypad has been used as added security but in many public areas there are video cameras and a persons PIN can still be captured on footage.So, although the UK banking industry has claimed to have rolled out this new technology successfully in 2006, there seems to be some negative aspects of this technology. The architecture surrounding Chip and PIN technology is questionable and the onus is on the banking industry to ensure that cardholders information is protected.Additionally, it also seems that Chip and PIN terminals offer no difference to what the magnetic stripe terminals offered. These terminals can be tampered with, which is a clear indication that there needs to be accurate configuration of these terminals so as to secure the cardholders data when transmitting transactions and that is not vulnerable to incident of attack. So the intent of Chip and PIN technology has more so opened a new marketplace for fraudsters than prevent/reduce fraudulent activity.PROJECT DESIGN, OBJECTIVES AND RESEARCH METHODSThe scope of this project is to outline the features of Chip and PIN technology and whether its implementation thus far has been beneficial. This section of the project would provide the methods involved in achieving the data for the project as well as the results based on the data collected. The chosen approach to this design is online research (journals/scholarly articles) along with a case study on the implementation of Chip and PIN technology in Trinidad and Tobago, with the case being Republic Bank Limited.Objective 1A good foundation for this objective would be the interpretation of the credit cards history. How has this cash-less mechanism moved from a local innovation to a global payment mechanism by use of digital communication across networks? In gaining a clear understanding on the reason for the implementation of this technology, a wealth of research would be conducted on credit card technology and digital security.Objective 2A holistic understanding on the basis of credit card fraud and the types of fraudulent activities and the steps taken to prevent credit card crime. What technologies have been implemented and the effects/benefits drawn from these approaches.Objective 3Expanding from objective two also discussed would be whether or not since the introduction of Chip and PIN technology in the UK, has there been a cascading effect of this new technology across countries. Analysing the increasing number of fraudulent activities reported from statistics, which compelled the global banking industry to find a seamless solution for the protection of cardholders data.O bjective 4An assessment on the introduction of Chip and PIN technology by Republic Bank Limited, which would include sourcing information on its implementation and the benefits derived. Further research would be on the acceptance (or non-acceptance) of the technology by customers.Objective 5Lastly, from the feedback received from the interview conducted and by analysing the incidents of attack on Republic Bank credit cardholders, what was the determining factor in the bank aligning themselves with the UK standards set by EMV?CONCEPTUAL FRAMEWORKIn identifying the framework to be adopted that can be referenced to the literature in this research, the author considered the Delone and Mc Lean IS Success Model. Using this model, the author would explain the net benefits of adopting Chip and PIN technology, relating it to Republic Banks implementation of this technology.DeLeone and McLean IS Success ModelIn evaluating the success of Information Systems, the DM IS Success Model, systems qu ality measures the technical success, information quality measures semantic success and organisational impacts and user satisfaction measures the effectiveness of the system. The processes in the model are inter-connected by links, across the dimensions of the system.Figure 3 Depiction of the Updated Information Systems Success Model (DeLeone McLean 2002, 2003)The updated DM Model interprets the evaluation of a system in terms of the information, system, and service qualities and how these characteristics attribute to user satisfaction. As a result of using the system, certain benefits will be achieved and the net benefits will in turn (positively or negatively) influence user satisfaction and the further use of the information system. So, therefore three basic components make up this model, the creation of a system, its use and the consequences of its use.Case study as it relates to the ISS model.Republic Bank has been providing banking and financial solutions to individuals and b usinesses for over 160 years. Their mission is not only to provide efficient and competitively priced services but also to implement sound policies which will be beneficial to their customers. These factors presented provide clarity and influences the net benefits of the implemented Chip and PIN system at Republic Bank thus far.By use of the ISS model to map the research done in this project, the author would complete a step by step relay of the framework discussing the implementation of Chip and PIN by Republic Bank.Information Quality-Information quality refers to the accuracy/protection of the content of the data in transacting. How secure is the personalized data being transmitted across networks. When a customer presents their card to make a purchase, are they confident that their card information is protected because of the added security enabled on this card.System Quality-The system quality refers to the reliability of the network and the response time in transacting, notwit hstanding the approved devices that accept personal identification numbers for all PIN based entries (the ease of use of the system functionalities). Therefore in rolling out this new technology the bank along with their partner merchants would train staff so that they are familiar with the best practice guidelines when using Chip and PIN.Service Quality-This refers to the back-end support systems that assist in usage of the technology. How reliable are Republic Banks servers and IP networks?User Satisfaction- This encompasses measuring the users entire experience-the purchase payment, receipt and service (the ease of purchasing without the fear of being a victim of fraudulent activity).Net Benefits -This is the most important success measure and it encapsulates the cost savings and the decrease in the value of fraudulent transactions arising from stolen credit card data. Was the implementation of this technology beneficial in reducing the incidents of card fraud? Are Republic Bank cardholders satisfied that their bank is on par with global industry changes?The focus of this success model lies in determining the impact the features of technology (information, system, and service quality) have on the variables user satisfaction, use, and net benefits. The main objective for using this ISS model is to establish the ultimate benefits derived from the use of information system both in individual and organizational terms.FINDINGSThis chapter will illustrate the findings from the questionnaires submitted to a sample of the Republic Banks credit card customers as well as a formal interview conducted with an employee of Republic Bank Credit Card Centre. The aim of the chapter is to source an awareness of the topic area Chip and PIN by cardholders and the personnel interviewed.Primary Data CollectionFor the basis of the findings of this research the author conducted a formal interview with a middle management employee at Republic Bank and also distributed questionnaire s to a sample of the banks credit card customers. A summarized version of the responses from the interview is represented in this chapter, based on the interviewees knowledge.The questionnaires distributed were mostly closed questions so as to deliberately avoid open-ended respondent answers. Approximately 120 questionnaires were distributed to Republic Bank Customers. Only the answers to the key questions are represented in this chapter.Summarized responses from the interviewThis interview was conducted with the Supervisor, Card Services, which prove to be very insightful. The Supervisor spoke about the banks vision for their credit card market, and how they plan to continuously innovate so as to maintain their customer base and attract new profitable customers. Since the credit card industry is a highly competitive one, the bank is constantly reviewing their interest rates and looking for new ways to give customer returns from the use of their credit card. Due to his long tenure a t the bank and having the customer service background, the supervisor was able to give insight on what infuriates a credit card customer. He explained that customers become frustrated when they see added charges and puffed up late fees placed by the bank on their card statements. In view of the fact that most customers do not read the fine print when completing a credit card application, they are not totally aware of all the charges that can arise from delinquent payments. He further added that although queries like this can be explained by representatives at the bank who can provide valued solutions to the cardholders problem, the most infuriating of all queries from customers are unexplainable purchases on their account. At Republic Bank, fraudulent activity on a card can be detected from the use of their state-of-the-art security systems and their experienced fraud expert team that are in place to monitor and detect any unusual activity on a customers credit cards, but even with these measures in place, fraud can occur.The supervisor expressed that by implementing Chip and PIN technology for credit cards, the bank was able to be a step ahead of the competition and most importantly the card criminals. He also stated that although credit card fraud is not as prevalent in Trinidad and Tobago as in the developed countries, continuous education in counteracting fraudulent activities for their customer base is an effective method of addressing credit card fraud. He explained that Republic Bank has not had many eye-opening occurrences of notified credit card fraud but they believe that Chip and PIN technology is an innovative solution to the likelihood of this problem.He was also truthful in expressing that this technology is still new to the industry and all merchants have yet to convert to Chip and PIN enabled machines, therefore there is a window of opportunity for fraud until merchants are mandated to have these Chip and PIN enabled machines. He used the term mandate, because eventually all Republic Bank debit cards would also be chip enabled.In summing up the interview the author probed the supervisor on the banks position on the studies done by the University of Cambridge team on Chip and PIN technology and the tested flaws of the system. His response was quite interesting, because it ventured into a thought-provoking discussion on research. He lamented that the sphere of research done on any topic would result in the researcher seeking out the positive and negative aspects of it. How the data is interpreted, reflects the real value of the research done.Questionnaire FindingsQuestion 5 How often and where do you frequently use your credit card to make purchases?Aim To assess how often the average Republic Bank cardholder uses their credit card.Findings Most Republic Cardholders in this study used their credit card regularly, at least five times per month. Credit Cards are used for purchases at the supermarket, restaurant and retail clo thing stores.Question 6 Has your credit card information ever been compromised? If yes provide details.Aim To determine the number of incidents of attack on Republic Bank credit card holders.Findings Less than 50% of the respondents have never had their credit card data compromised.Question 7 Do you understand the workings of Chip and PIN technology introduced to Republic Bank credit cardholders and the value to be derived from using this technology?Aim To determine the extent of the customers perception of this technologys value and how the card is used.Findings Although some customers are guarded about the use of their credit cards, most of the respondents are confident in the service that Republic Bank provides and believes that implementing Chip and PIN gives them that added security against fraudulent activities, especially those customers that frequently travel abroad.Question 8 How do you think by using Chip and PIN cards for making payments will make it easier in transacting ?Aim To establish the efficiencies in the use of Chip and PIN cards, on the time taken to complete a transaction.Findings Many customers applaud this technology as it reduces the time taken at the cash register when making purchases. It is simple, easy and convenient and most customers are truly happy as there is no need to write their signature. For this reason they find the system most efficient as it prevents their signature from the likelihood of being forged.ANALYSISThe main objective for the research completed on this topic, was to show how and to what extent the adoption of Chip and PIN technology has improved credit card security for Republic Bank cardholders.At a glance, before Chip and PIN technology was introduced in the UK, there was nation-wide educational literature on the benefits of the technology for banks, merchants and most importantly, the customers. However, it seems that this programme led by EMV, created more enthusiasm in the build-up to its implementation ra ther than the actual usage of the system. From the research, the mounting negative features of the technology and use of the system is outweighed the decreasing positive ones. It seems that the card theft criminals were focused on a solution to obstruct the successful use of the technology before the intention to use.The question remains, which facet of credit card fraud has Chip and PIN really reduced? The research show that for point of sale transactions Chip and PIN has been useful in the prevention of skimming ones card information, however the fraudsters have found alternative ways to improve on that tactic. Chip and PIN technology can only be used successfully? for point of sale transactions and not online transactions, so fraudsters have modified their techniques as with the modifications of the technology.Based on the research framework adopted, Republic Bank has measured their net benefits of adopting the Chip and PIN technology by encircling the information, service and sy stem qualities to deliver user satisfaction and usage of the system with this technology. The success of any information system is multi-dimensional and the relationships among the constructs relate to the comprehensive evaluation of the system. The variable dependent on these constructs are the net benefits of this system, and for whom?This local company has app