In recent months, Japan has been hit by a new wave of crime: cash-card forgery. According to banks, cash withdrawals by forged cards have amounted to hundreds of millions of yen. At stake is the security of deposits. Action is urgently needed on two fronts: crime prevention and loss compensation.
Banks have demonstrated a willingness to take a variety of preventive steps, such as issuing chip-containing smart cards that are difficult to forge, but they appear reluctant to compensate cardholders for losses. As deposit managers, though, they ought to work out rules that minimize the liability of customers who have been victimized. If banks do not want to impose such rules on themselves, the Financial Services Agency (FSA) should consider establishing legally binding ones.
In September 2000, Keidanren, the Federation of Economic Organizations, presented an “interim proposal for improving transaction rules designed to meet advancements in information technology.” The report, noting that fraud victims in the United States are obliged to pay a maximum of $50, said Japan should take its own action to cope with card crimes. Neither the FSA nor the banking community has responded positively.
There are two ways to set a ceiling on a cardholder’s liability. In the U.S., for example, the $50 limit is established by law. In other countries such as Britain, it is set voluntarily by banks. Japan should adopt either method as soon as possible. There is much to gain from other countries’ experience.
Forgers do not steal a card outright; they “skim” the magnetic strip on a card for the information needed to make an identical card. (Copy cards, or “raw cards,” are reportedly smuggled in large numbers from China.) Having surreptitiously obtained the cardholder’s personal identification number (PIN), they then withdraw cash from automatic teller machines (ATMs).
A magazine for cash-card enthusiasts last year carried a special report on how cards are forged. The surprise is that it is so simple that nearly anyone can do it. A set of the necessary tools can be purchased for several tens of thousands of yen at a market for electric appliances. The number of victims will rise unless preventive action is taken promptly.
In early January, Mr. Tatsuya Ito, the state minister in charge of financial services, said he would request, perhaps in mid-February, that banks take effective steps to prevent cash-card fraud. In mid-January, the Metropolitan Police Department arrested a group of forgers for stealing card data from golf-club security lockers. Following the incident, the Japanese Bankers Association, as well as individual banks, announced plans to take preventive measures.
Some banks are planning to introduce a new type of card that identifies the cardholder by the vein pattern of his or her palm or finger. The beauty of this biological ID card is that nobody except the cardholder could withdraw cash from ATMs. So there would be no use in stealing someone’s PIN code.
Some other banks have plans to set up a deposit-monitoring system in which an ATM would stop paying once a certain amount of cash is withdrawn in a single day from the same account. What has held back efforts to introduce this system so far is the “myth” that the cash-card system is safe. The rush of card frauds has debunked that notion.
Still other banks are considering reducing the limits on daily withdrawals or allowing depositors to set their own limits. Strict limits should be considered particularly for nighttime withdrawals. Special rules could be allowed for customers who normally conduct large transactions.
Some systems can be introduced relatively easily only if banks are willing to do so. These include a system that prevents a third person from peeping at the ATM screen while a depositor is handling the machine, and one that enables depositors to change their PIN codes by ATM.
There are also banks that, while expressing a desire to introduce specific preventive devices, are leaving the time frame open for doing so. They need to reveal their plans immediately. Depositors should be able to choose which banks to use on the basis of their security systems.
Of course, depositors should do their best to defend themselves. Most rules seem self-evident. Do not use your birthday or phone number as a PIN number. Do not use the same number for a variety of cards. Disperse your deposits among different accounts or banks. Do not park a large sum in a single account, and so on.
In a time of both misinformation and too much information, quality journalism is more crucial than ever.
By subscribing, you can help us get the story right.