The nature of card fraud is changing rapidly, and existing security networks offer only short-term solutions to crime, attendees were told at Faulkner & Gray Inc.'s second annual Card Security Conference here.
Speakers included Secret Service agents and police detectives, bankers and card-industry executives, all of whom said security risks require sophisticated systems that can adapt quickly to future threats. Michael Stenger, Secret Service special agent in charge of the financial crimes division, talked about an international network of "economic terrorism" with gangs from Russia, Asia, and Nigeria hooking up with gangs in Los Angeles. He said these criminals are likely to use money stolen from credit card fraud to fund more dangerous criminal activities, such as drug trafficking and gun running.
Daniel L. Colin, detective for the criminal investigations division, Lake County (Ill.) Sheriff's Department, said criminals know credit card fraud is a safer way to steal money because banks, which are insured against losses, usually don't prosecute.
Many speakers said individual institutions must decide how much to spend to protect themselves.
Stephen Cole, president of Cash Station Inc., Chicago, warned against investing too little or not at all in fighting high-tech crime.
He said banks with off-line debit programs must be particularly wary. Mr. Cole added that debit programs are as vulnerable to security breaches as credit card programs are, but they typically lack the same protections, such as neural networks.
"I am here to scare the hell out of you," he said. "The financial capital of some bank will be wiped out because they didn't understand the dangers of off-line debit."
In a veiled compliment to the largest card issuer in the country, Mr. Cole mentioned Citibank as a financial institution that understands the security risks of debit programs. He said it does not have check cards.
After the conference, Mr. Cole said many banks are "blinded by the revenue of off-line debit and are not adequately evaluating the risks and technology necessary to protect them from the risk."
Some solutions to combat fraud were related to smart cards, the Internet, and the futuristic field of biometrics, which promises retinal and fingerprint scanning.
Joel Lisker, senior vice president of security and risk management for MasterCard International, said biometric fingerprinting and the smart card will render the personal identification number useless.
He said consumers are not reluctant to have their fingerprints used for identification purposes, despite the protests of consumer rights groups.
"I believe this is a canard. There is not a groundswell of opposition to fingerprinting," he said. But he acknowledged that such information, in the wrong hands, could be dangerous.
The most animated speaker at the conference, Nathaniel Borenstein, chief scientist and cofounder of the Internet payment system First Virtual Holdings Corp. in Ann Arbor, Mich., said credit card numbers should be kept off the Internet completely.
"Credit cards are a better target than other financial instruments, because they are self-identifying," said Mr. Borenstein. "They are the optimally bad design for a payment product on the Internet."
He urged off-site data entry and "virtual PINs," which would carry encrypted credit card numbers as an "alias for your credit card number." He also advocated a system under which customers would be sent electronic mail from companies to verify transactions as they occur.
Mr. Borenstein said cryptography is not a "silver bullet" and that sensitive material should not be put on the Internet.