Fraud is still rife and much of it, as ever, comes from payment card scams. Is there a way that we can stop it?
Simon Hewitt, CEO of ScramCard and former boss at the fraud department of Australian bank Westpac, reckons he has the solution – and it’s contained in a standard-sized payment card.
He says Da Vinci Choice is the first card that is impossible to clone, protecting users from payment fraud using one-time PIN technology.
However, it comes with a hefty £75 one-off cost or a subscription for £7.50 a month over a 12-month period.
loveMONEY interviewed Simon to see if he thought people would really be willing to pay for the extra security.
First off, tell us how the Da Vinci Choice card works
"The card is a wallet-sized computer, with a chip, micro-processer and keypad. It also has an app which you use to activate the card.
You can link anything from one to eight Visa, Mastercard or American Express payment cards. Essentially, you can create your own card and configure it, depending on what you want to do.
Each payment card is linked to a button on the keypad.
Once it's activated, you select which card you want to use and put in your normal PIN to generate the dynamic one-time PIN. Use this at the point of sale (POS) machine or the ATM so you don't have to type your normal PIN directly into a hackable device.
There’s an extra layer of security on the web, too. The only difference between that and a normal transaction is that you enter your dynamic PIN instead of your security code.
How does it prevent fraud?
At the moment, the threat is that if the scammer has the front and the back of the back of your card, they can commit fraud.
With the Da Vinci card, I could show someone the front and back of my card and they won’t be able to do anything with it.
If everything is PIN-based, isn’t the contactless feature redundant?
We were going to launch a product without it, but people wanted it. You can still use it, but you have to type the PIN in first.
When can I get one and will I be able to get it through my bank?
The card is coming out later in the year but I’ll be blunt: as a commercial offering; we’re selling the product.
So, at present, you can't get it from your bank. Any change to that will depend on each bank’s business model.
Some say they might give it away for free, some say it will be a prestige offering for wealth management.
The card will show their branding though.
Are there any other issues to be aware of?
As an electronic product, I suppose anything could go wrong.
The card is battery powered so that's something to keep an eye on.
The card switches off after 30 seconds, so that the battery doesn’t run down.
The app can tell you through the card usage that it might run out in, say, a month’s time and ask you if you’d like another one to be sent through.
In our own tests, we got up to 30,000 transactions before the card ran down.
It comes with a warrantee, so you’re protected by that and as with any other card, if it breaks, we’ll issue you with a new one.
If you lose it, there’s a £20 charge to get a new one, but if you’ve got a subscription, you get a new one every year anyway.
After three incorrect PINs it will time out – we know people like to play with these at parties.
Ultimately, if something happens to your card, you can go into the app and kill it.
But if you find your card in your back pocket out the washing machine later on, you can just generate a code to get going again. Your card will be validated, but you’ll need to link up the cards to each number again.
What has your time in the industry taught you about fraud?
I think scammers are constantly one step ahead. The reason I came out of the industry is that a lot of banks’ plans are aimed at hindering the fraudster and I think it undermines the fraudsters’ intelligence.
In the fraternity, scammers are always quick to understand how things work. You know, reverse engineering. Look at the recent SMS scam – they know how phones and devices work, how to spoof them and how to fool people into thinking something’s legitimate.
Nothing really changes; banks just try and make it harder for scammers by using multi-factored authentication and other restrictions. Biometrics has also never taken off because it’s so intrusive.
All banks tell you ‘don’t give your PIN out to somebody – you’ll get text messages, voicemail messages, there’ll be signs everywhere saying ‘don’t give people your PIN’.
That’s the promise of security. But we know that point of sale machines get compromised, we know ATMs get compromised.
If you pull our product apart, it just drops all the data. Can you imagine all the effort [a scammer] would have to go to get your details? Why would they do it if they could just reverse engineer, email and text for much greater returns?
You’ll always find that scammers go where the lowest hanging fruit is.
Think you've fallen victim to a scam? Check your credit report for anything suspicious