The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar

Archives

Links

Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by groups.yahoo.com

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Tuesday, July 04, 2006

Victim impact statement on debit card fraud 

A colleague in Alberta recently sent me a link to a recent case from Alberta, R. v. Singh, 2006 ABPC 156. It is a decision of the Alberta Provincial Court determining the appropriate sentencing for an individual who pleaded guilty to debit card fraud under section 342.1 of the Criminal Code of Canada. The decision is interesting in that it describes the crime in some detail, but the most interesting part is the victim impact statement submitted by the Interac Association:

“I, Fred Harris have been employed by INTERAC ASSOCIATION as Senior Vice President of Strategy and Business Development for over 15 years. In my capacity as Senior Vice President, I have knowledge of the fraud prevention mechanisms implemented by Interac Association’s member institutions to ensure the security of transactions on the Shared Cash Dispensing and Interac Direct Payment services (the “Interac Services” or the “Services”), and also of the specific matters addressed below.

INTERAC SERVICES IN CANADA

The Interac Services account for millions of automated banking machine and payment transactions (known as “debit at the point of sale” or “POS” transactions) on a daily basis. These services enjoy a high degree of consumer confidence given the ease of use and the widespread acceptance of debit cards at locations ranging from retail outlets to federal and provincial government offices.

In 2004, there were 19.8 million users of Interac Direct Payment each month resulting in a total of 2.8 billion point of sale transactions. Those 2.8 billion transactions represent $124.4 billion dollars at 546, 000 point of sale terminals. In 2004, cardholders withdrew cash from an automated banking machine that did not belong to their own financial institution over 294 million time utilizing one of the 46,178 ABMs available in the Canadian marketplace. In addition to the transactions processed through the Interac Services there are close to one billion proprietary transactions, such as bill payments and cash withdrawals, processed on Members; own proprietary banking machines every year. These services are among the most secure in the world. Interac Association and its Members take extreme care in identifying threats and vulnerabilities to ABM or Point of Sales locations. Establishing stringent device level security standards, and by employing security features that can include surveillance cameras, and automated fraud detection systems.

Banking machine and point of sale transactions require a two factor authentication system consisting of the electronic reading of valid magnetic strips information from the back of a debit card plus the inputting of an associated Personal Identification Number (PIN). In recent years, criminals have developed diverse and increasingly ingenious means of obtaining the information on the magnetic stripe and PIN information from cardholders. This activity, often called “skimming” uses methods that range form low-tech ploys consisting of double swiping a cardholder’s card and then looking over the individual’s shoulder as the PIN is entered, to higher-tech methods that include hidden pinhole cameras and additional card readers installed on top of banking machine card readers or point of sale devices.

Once a skimming incident is identified, Interac Association and its Members take action to eliminate the source of skimming and manage the resulting exposure to cardholders and financial institutions. In order to protect cardholders, most exposed cards are proactively cancelled by the financial institution and the cardholder is notified that a replacement card is being required. Until the cardholder receives the replacement card they are unable to access their money using a banking machine or point of sale terminal. In other instances, thousands of cards are proactively blocked to stem losses, thereby increasing substantially the number of cardholders affected by a single skimming incident. Canadian financial institutions have been at the forefront of fraud prevention and detection and continue to develop improved procedures and use new technology as it becomes available.

THE IMPACT OF BANKING CARD FRAUD

The initial group affected by debit card fraud is [sic] cardholders. Money is taken directly from their chequing or savings accounts. In some cases cardholders are burdened in the short term by being unable to meet basis living requirements, for example they may be unable to make rent or mortgage payments. They may suffer immediate “on the spot” inconvenience and embarrassment, particularly given the widespread use and acceptance of debit cards, when their card cannot be used to pay for goods or other services. Cardholders must then take steps to lodge an inquiry with their financial institution, which leads to an investigation regarding the missing funds. Their financial institution will reimburse them if they are the victims of a proven fraud, but in the meantime they are inconvenienced.

In 2003 our Members collectively reimbursed $44 Million to approximately 28,000 cardholders who were victims of debit card fraud resulting from skimming. In 2004 this figure increased to $60 Million reimbursed to over 48,000 cardholders. The related costs are also significant. The time and effort to investigate each instance of fraud is a significant burden on the time and resources of law enforcement agencies, Interac Association, and the involved financial institutions, terminal deployers and merchants. Each incident typically requires a team of individuals from several different financial institutions and terminal deployers to retrieve and scrutinize various records and to liaise with the appropriate law enforcement agencies. This investigation often takes several weeks. In addition, financial institution often proactively block and re-issue other debit cards used at this location during the skimming period in order to prevent further losses. This represents a further cost to the financial institution as well as an inconvenience to cardholders.

Interac Association and its Members, and the entire industry, also suffer. At a minimum, debit card fraud shakes customer confidence in the use of modern banking technology. This risk and potential harm increase exponentially when one considers that criminals often share the success of their schemes on readily accessible internet bulletin boards.”

Labels: , , ,

Links to this post:

Create a Link

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs