The Logic Group Blog

Welcome to The Logic Group Blog, where our experts will share their views on customer interaction and give you their take on the industry developments affecting you today.
I've spent the last few weeks getting used to our new office. It's bigger, better and has the Barclaycard logo proudly looking back at me on every wall. Our new offices represent how we're truly becoming one organisation, with the right people and teams sitting next to each other, working together every day. So how do you celebrate the start of a new journey?
August 1, 2016

The Logic Group: world’s first PCI-accredited company for P2PE versions one and two. Double First Puts The Logic Group Top of the P2PE Class.
June 27, 2016

The third in this series of Blogs on online payments is all about how to make sure your online retail business offer a safe and reliable customer experience. Read on, and don't forget to sign up to the webinar next week on online payments! 1. Comply! Comply! Comply! Keeping pace with PCI DSS is one of the most important things you can do, yet it’s something that the customer will never know about. This is a worldwide security standard for everyone processing payments, regardless of size. If you mishandle data
June 2, 2016

Providing a trusted payment service that supports all of the engagements that you are having with your customers (around the clock and across the channels) is what you expect from us. We strive to deliver this, in order to allow you to spend your time focusing on other business priorities
December 17, 2014

Retailers have good reason to be concerned that their business systems are becoming the focus of cyber-criminal community efforts. Retailers face a greater challenge than most organisations in that they have a number of significant issues to overcome. Benj Hosack, Director at our partner Foregenix talks about some of the main challenges for retailers.
June 24, 2014

Together with our partner ReD, a global fraud prevention specialist, we work with merchants around the world to protect their online businesses - day in, day out. We asked ReD for their thoughts on how merchants can prepare for the busy Christmas and New Year holiday season and they came up with this useful checklist.
November 22, 2013

With the increasing speed of technology developments we often forget the impact on the retail ecosystem, whether you are a consumer or retailer. Over the past 18 months we have witnessed the erosion of our high streets as consumers have migrated to e-retailers in a bid to beat the economic downturn. However, the high street is fighting back to provide consumers new payment technologies which deliver a hybrid retail experience, such as click and collect, contactless payments and mobile wallet acceptance.
June 26, 2013

On Monday (12th November) I was alerted by a colleague to a You Tube video going viral; if you haven’t seen it already it’s titled ‘The Risk inside your credit card’ and suggests that fraudsters can electronically pick pocket your contactless cards - so it’s not surprising it’s had over 5.5 million hits.

The video stipulates that armed with a contactless card reader, fraudsters can gather sufficient card information to clone the card and use it at retailers to make purchases, which isn’t that compelling until the video shows it being done.

November 16, 2012

The new Annual Fraud Indicator from the National Fraud Authority (NFA) was published this morning and makes some interesting reading.


The headline figure which everyone will pick up on is that the loss to the UK economy to fraud each year is estimated to be £73Bn. Considering the previous estimate in 2011 was £38Bn has fraud really increased two fold? The answer, unsurprisingly, is that it hasn’t; what has changed is the inclusion of new areas of the economy not previously considered in the scope and a step change in the methodology in place.


So what are the interesting facts in the report?

March 29, 2012

The devil is in the details - an old adage I know, but just the other day I was struck by how accurate that phrase can be. In an online daily news service for Payments professionals there were 2 very different headlines on consecutive days. On day 1 the headline read “UK: Fraud reaches record levels in 2011”, followed the next day by “UK: Fraud losses on debit and credit cards reach the lowest level in 10 years”


How should a Retailer or other merchant respond to headlines like that? Should they increase investment in anti-fraud measures or re-allocate some of that spend to driving new marketing programmes as the risk of fraud is reduced? A more detailed investigation is required – I took a close look at each report, rather than relying on the headlines.
My first observation is that the reports were from two different sources and were talking about different sets of statistics. The “fraud is getting worse” one was from CIFAS, the UK’s Fraud Prevention Service, covering all fraud reported to the National Fraud Database, and the “fraud is reducing” one was from The UK Cards Association covering debit and credit card fraud only. So is that the reason? Well, no it isn’t.  The CIFAS report states that plastic card fraud has increased by 6.3% from 2010 to 2011 whereas the UK Cards Association says the overall rate has decreased by 7%.

March 14, 2012

I was recently sent a viral video of a baby who's used an iPad to such an extent, that she tried to use the same tablet UI gestures (swiping, clicking and pinch-zooming) when given a real (i.e. dead tree) magazine.


What struck me was how the video appeared to polarize opinion between the people who chastised the parents for 'ruining their child's future' and those who hailed this as a watershed moment in human evolution.


As with many things in life, I try to take the middle ground.

October 20, 2011

I returned from holiday to find another attack vector has raised its ugly head. Reading the latest news, at least two hundred fraudulent SSL certificates (and oossibly over five hundred) have been issued from a trusted root certificate authority (CA). In this case, it appears that Diginotar, the Dutch trusted third party has been breached and spoof certificates for common domain names including google.com have been issued. This follows on from a breach at Comodo earlier in the year.


What are the implications of this? Well the Diginotar root certificates are included within the trusted root authority stores of all common browsers, meaning that the fraudulent certificates would have been trusted when creating a SSL connection. These can be used to create encrypted tunnels to spoof sites where sensitive information could be transmitted, or leading to potential Man in the Middle attacks.

September 12, 2011

Last week, Apple withdrew an application that asked for a 4 digit pin on startup. Unbeknown to the user, the application was storing the passcodes and transmitting them back to the developer. Fortunately this time, it was not for malicious purposes, but more out of curiosity! The developer was amazed how the same passcode was used again and again, and that half of the codes would not have been difficult to guess.
July 4, 2011

Well looking at the latest news, Sony Corp. still remains in the spotlight. A new hacking group seem to have made Sony Corp. the focus of their current efforts. However I believe the most interesting incident from a security perspective is the attempted break in at Lockheed Martin and the recent announcement from RSA regarding the replacement of SecurID tokens.
June 24, 2011

I wonder what the Japanese is for “when you are in a hole it’s usually a good time to stop digging“?


I read the new Sony press release with some bemusement; the one with regard to the loss of 25 million further customer details from Sony Online Entertainment. The release had the following statement:


information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained.


I wonder if Sony are aware of the Payment Card Industry Data Security Standard (PCI DSS) since they are very effectively stating their non-compliance.

May 5, 2011

Today we hear confirmation about a breach of the Sony Playstation Network with the loss of millions of account names and personal details and potentially the loss of payment card details such as the payment card number and Expiry dates, but excluding the security code.


The type of data rumoured lost includes names, addresses, email addresses, account names, account passwords, relevant date of birth and answers to security questions. By security questions one presumes the questions would be of a similar type to: What is the name of your pet?


So should we be concerned?

April 27, 2011

Why is it; whenever there is a breach of a company’s security it is always attributed to the work of sophisticated cyber criminals? Is this because it really does take a sophisticated criminal to breach an environment these days or do victims prefer to characterise the cleverness of the criminal rather than the weakness of the security environment?

April 13, 2011

Every man and their dog has a smartphone these days.  Whether an Android, Apple or Blackberry device, today's mobiles are as powerful as desktop PCs were only a decade or so ago.  They can browse the internet and run a countless number of applications.  As such is it inevitable that more and more people are starting to use them like they do with their main PCs – keeping increasing amounts of sensitive personal information on them and using them to make purchases and do personal banking.  The problem is that unlike their PCs, most mobile phones are not currently adequately protected against viruses.  But how many smartphones are there and do people actually use them in sufficient numbers for this to be an issue?

April 8, 2011

It is estimated that 1 billion card transactions per year worth an estimated £40bn are processed by the UK’s 700,000 contact centre agents. Therefore it is not surprising that Card not Present fraud (stolen details over the phone, internet or mail order) accounts for 56% of all UK card fraud. With the vast majority of CNP fraud coming from contact centres, losses stem not only from fraudulent transactions, but also from cards that are leaked to the criminal fraternity by coerced call centre employees.


What can businesses that run contact centres do to prevent or stem this leak? After all they need to take payments, they need to provide effective customer relations and therefore they need their people to be on the phone to the customer.

March 24, 2011

You are a retail business. You have spent a small fortune in time and money to upgrade your systems and processes and a certified QSA has accredited you as PCI DSS compliant. Do you sit back and relax, safe in the knowledge that you have achieved security nirvana and that fraud will never show its ugly face in your business again? Well not quite.

February 22, 2011

In keeping with things at this time of year I’ve been thinking about a few predictions for 2011.


First off, I think we’ll see more coordinated fraud attacks. As the take-up of PCI DSS compliance continues, fraudsters will be forced to focus more strongly on specific targets. With PCI DSS compliant environments it is clearly harder for would be fraudsters to illicitly obtain card numbers and personal data, meaning would be fraudsters will have to take a more structured and planned approach to their activities, as a “scattergun” strategies will begin to pay less of a dividend.

February 9, 2011

Sometimes “it will never happen to me” should not be the corporate line!


Last year I discovered that my credit card had been used for a number of rogue transactions. My first thought was to blame the wife…but on second glance, they were clearly fraudulent. My mood changed as I thought about all the phone calls and letters it would take to clear up this mess.

December 9, 2010

Following recent news that more than two-thirds of companies have been hit by data breaches over the past year, the report featured in Computer Weekly is an interesting, if not alarming, confirmation that fraud is on the rise. Although person-present payments have improved security measures due to developments in global security standards like PCI DSS; cyber attacks still continue to be an area of vulnerability for businesses across the UK.

November 26, 2010

According to the January 2010 report from the National Fraud Authority, fraud now costs the UK an eye watering £30 billion a year. 58% of fraud is committed in the private sector with tax fraud hitting £15.2 billion, and, in the private sector, financial services companies and organisations are said to suffer yearly losses of £3.8 billion through crimes including mortgage and insurance fraud, online banking, cheque and card fraud.
November 10, 2010

100% security doesn’t exist.


The frustrating truth is that almost every organisation will suffer a security breach at some point. Whether it is the defacing of a website, loss of data through a Trojan horse or the corruption of a system by a virus or worm, most companies will experience some form of data breach. This includes merchants who have diligently put measures in place to prevent fraud by implementing the correct security processes and procedures, enlisted specialist third-party anti-fraud services, adhered to appropriate industry initiatives such as 3D Secure and CV2, and complied with PCI DSS to protect their infrastructure against attack.

November 10, 2010

In the past decade there has been a sharp increase in focus on the security of cardholder data held by third parties. High profile data breaches and the associated losses resulting from the fraudulent use of compromised cardholder data have made global headlines and have struck fear into consumers and merchants alike.
October 14, 2010

Contactless payment technology continues to develop; it is a hot topic of discussion as Barclaycard rolls out an update to its TV advert demonstrating the ease of contactless technology – but will its implementation become a rollercoaster ride for retailers and will hard currency become harder to find in the future?
October 7, 2010

What is casual fraud? It can be anything from fraud conducted on online shopping and auction websites – with products purchased but never received, and internal fraud by employees and employers, to online dating scams and the so-called ‘Sweetheart Fraud’ – a deception that refers to the collusion between an employee and a customer.
September 23, 2010