Online shoppers could be forced to enter a code before making a purchase under plans to curb fraud

Security News ThreatsCybercrime Uncategorized

Online shoppers could be forced to wait for a text message before making a purchase under plans being considered by ministers to stamp out credit card fraud.

The Home Office is looking at a scheme to prevent card details being swiped by criminals and used without the knowledge of the account holder – a crime which affects a million people every year. 

Amber Rudd, the Home Secretary, said she is “excited” by the plans which could involve a two-step verification scheme similar to the one used by some people to log into emails or social media. 

Another method could involve new cards being issued with an electronic panel on the back displaying a random three digit code in place of the current CVV number, which shoppers have to enter online in order to checkout. 

Mastercard is working with ministers on the plans, the Home Secretary said, although the scheme is still in the early stages. 

Amber Rudd

Amber Rudd Credit: Bloomberg

Addressing the Home Affairs select committee Ms Rudd said: “If we get it right …it could reduce the number of crimes by one million.

“That could be a real win in terms of protecting people,” she added. 

Home office permanent secretary Philip Rutman said there is a “need” to prevent such crimes taking place online. 

He told MPs: “We have been working very closely on future development with credit and debit cards to protect people better from ‘card not present’ fraud.

“Some years ago we worked with the banks to introduce chip and pin, which was very important. We now need a new set of developments.

“There are ideas around involving a revolving CVV, those could change dynamically every two to three hours.

“There are also ideas around two-factor identification – keyword or code delivered through a technological solution.”

The changes would prevent 1 million frauds a year

The changes would prevent 1 million frauds a year Credit: AP

The two-step idea would work in a similar way to tough security measures introduced by Facebook, Twitter and Gmail to prevent hackers from guessing a user’s password and gaining access to their account. 

Instead, a code is sent to a mobile phone number, verified by the account holder, which is used to gain access after the password has been entered online. 

Additional mobile phone numbers can be added in case the first one is lost or stolen.

The second scheme would involve new credit card technology which has only recently been developed and tested. 

The cards have a changing CVV code, unlike currently where the number is typed onto the magnetic strip at the back and remains the same until a new card is issued.

The changes could involve a code being sent to a mobile phone

The changes could involve a code being sent to a mobile phone Credit: Dominic Lipinski

Under this model the three numbers would switch every two or three hours to add a second level of protection.

It would mean criminals could no longer copy card details onto paper and use them online, but it would not prevent people from using stolen cards on the internet. 

The Government has come under pressure for failing to do enough to tackle online fraud. 

Earlier this year the National Audit Office said the crime had been ignored. 

“For too long, as a low-value but high-volume crime, online fraud has been overlooked by Government, law enforcement and industry,” Sir Amyas Morse, head of the NAO, said.

He added: “It is now the most commonly experienced crime in England and Wales and demands an urgent response. 

“While the department is not solely responsible for reducing and preventing online fraud, it is the only body that can oversee the system and lead change.”