The Logic Group Blog

In keeping with things at this time of year I’ve been thinking about a few predictions for 2011.

First off, I think we’ll see more coordinated fraud attacks. As the take-up of PCI DSS compliance continues, fraudsters will be forced to focus more strongly on specific targets. With PCI DSS compliant environments it is clearly harder for would be fraudsters to illicitly obtain card numbers and personal data, meaning would be fraudsters will have to take a more structured and planned approach to their activities, as a “scattergun” strategies will begin to pay less of a dividend.

Point to point encryption will be used as a key strategy for merchants looking to descope from PCI DSS regulations. With the well publicised cost implications of achieving PCI compliance, encrypting sensitive data and therefore removing it from the scope of PCI DSS regulations is emerging as a more cost effective strategy for businesses.

In the payments arena, I think it’s likely we’ll finally see the emergence of contactless technology among consumers too. Drives on increasing consumer understanding and comfort levels will be key to this, and with cards now prevalent throughout the UK it’s really just a case of getting the messaging right before we’ll see usage increase. From a security/fraud perspective I expect the impact to be minimal. Contactless transactions are limited to low value transactions –i.e. newsagent and coffee shop purchases. With this in mind, fraudsters are unlikely take the risk for such a small return.

Thus I think 2011 will bring with it an increase in identity theft. If PCI regulations have limited the availability of card data then we’ll start to see fraudsters looking for other ways to ply their trade. By making obtaining the card data more difficult I suspect we’ll see fraudsters switching to gathering personal (cardholder) data as a possible outlet and solution.