Electronic payments create new risks
Published: 7 November 2019
An electronic payment means, among other things, that sensitive information needs to be exchanged by the payee, for instance the card number and CCV code. If external parties gain access to sensitive information, this may sometimes be used to commit fraud or theft. A well-known example is identification or debit and credit card information that goes astray, often in connection with the card being used to make a payment. In recent years, we have seen a major increase in the number of frauds reported. This is largely because computer fraud has increased. Computer fraud includes fraud in which a person uses another person’s card details to make an online purchase.
The Swedish National Council for Crime Prevention carries out the Swedish Crime Survey (NTU), which aims to investigate people’s exposure to crime, among other things. In the latest survey, just over five per cent of respondents reported that they had been exposed to card or credit fraud in 2017, which is a small increase from 2016, when the number was just below five per cent. In terms of value, fraud amounted to about 0.03 per cent of the value of card payments in 2016. This is slightly below the average for the EU as a whole, even though we have seen an increase in recent years. As all cards now have EMV chips and the magnetic strips are seldom used, frauds in shops and ATMs have decreased sharply. Fraud is now most common in e-Commerce, where the card is not physically present, particularly outside the EU.
Identity theft, which is a way of accessing another person’s bank account, has been a growing problem in recent years. Today, there are many different types of identity document, and digital identification is becoming increasingly common. A government inquiry has proposed a new law and a new regulation on government identity documents with provisions on a government identity card and government e-identification. The Riksbank supports the proposal and considers that it could reduce the number of payment frauds. This, in turn, could lead to a strengthening of confidence in the financial system.
The growing problem of identity theft is a worrying development but several current initiatives could help reverse the trend. Among these, the second payment services directive (PSD2), which has now been implemented in Swedish law, aims to increase consumer protection and improve the security of electronic payments. One example is the requirement for strong customer authentification. This means that a customer’s payment transaction must be verified in two different ways. For example, a payment transaction can be verified with something only the user knows (a code), something they have (a payment instrument) or a unique characteristic (their fingerprint). The components used to verify a payment must stand alone to ensure that a payment cannot be executed in a situation in which a payment instrument or card details, for example, have been stolen. Another important element is the ongoing work of government agencies and market participants on information and education for the trade sector and consumers.
The Swedish people in general have a high level of confidence in most payment methods. Card payments, which are the most common method of payment for purchases in shops, command the greatest confidence, followed by cash and credit transfers. Invoice payments, purchases using payment apps such as Swish, and payments via online banking in e-Commerce also enjoy relatively high confidence. In 2013, confidence in payment apps was only 13 per cent, but, as it has become more common to use them, confidence in the method of payment has increased and amounted to 66 per cent according to the survey Sverige betalar 2017 (Sweden pays 2017).