ZDNetAsia : Printer Friendly - Indonesian banks get chip card switch deadline

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Asia.
--------------------------------------------------------------

Indonesian banks get chip card switch deadline

By Vivian Yeo
Monday, March 03 2008 01:32 PM
URL: http://www.zdnetasia.com/news/security/0,39044215,62038412,00.htm

Indonesia's central bank, Bank Indonesia, has told banks in the country to move to electronic chip technology by end 2010, following the recent unraveling of a credit card fraud syndicate.

According to the online edition of The Jakarta Post Friday, the Indonesian police found about 9,000 counterfeit credit cards during a raid in early February. They also uncovered stolen credit card data of some 7.2 million cardholders, of whom about 20 percent were Indonesians. The data retrieved included cardholder names, credit card numbers and expiry dates.

The Indonesian Credit Card Associations (AKKI) said credit card fraud in the country last year amounted to 35 billion Indonesian rupiah (US$3.85 million), reported the JakartaPost.com. The AKKI estimated that about 50 percent of Indonesian banks that offer credit cards have started to adopt EMV (Europay-Mastercard-Visa) chip technology, but others were still using magnetic-stripe cards.

Said to be more secure, chip and PIN technology has been made mandatory in countries such as the United Kingdom. However, some believe that the technology is not invulnerable. In Asia, countries such as Malaysia, Singapore and Thailand have begun to implement chip-based credit cards.

Industry watchers ZDNet Asia contacted confirmed the recent episode of credit card data loss. A Singapore-based spokesperson for Visa noted last week that the incident affected "all payment brands" but declined further comment as investigations were ongoing.

Symantec's vice president of product management Brian Foster said in an e-mail that the incident "is probably the most serious to date" in Asia. One of the biggest issues faced by the financial services industry today is data leakage, and the resulting financial implications can be high, he added.

Organizations, Foster pointed out, need to be vigilant and enforce data safety and integrity through a "combination of personnel education, policy enforcement and technology".

"Data leakage will continue to be a problem for businesses unless they have the appropriate tools and solutions in place to prevent such incidents from occurring," noted Foster. "There is a need to constantly audit an organization’s processes and operations for security weaknesses that can result in data breaches. In order to 'check the checker', regular internal audits and penetration testing of internal and external networks should also be carried out."

Foster added that financial institutions should also take a much broader view of risk. "Availability, compliance and performance risks, as well as physical and operational security, are other aspects that should be considered when implementing a comprehensive risk management program," he said.