CIBC fights illegal card skimming

To beat the burgeoning illegal trade of card skimming, banks need faster review capabilities of ATMs point-of-sale and remote banking transactions, a Canadian banking executive told an OzTUG (Australian Tandem User Group) conference in Sydney late July.

Andy Cook, Canadian Imperial Bank of Commerce (CIBC) senior director electronic transaction and messaging services (eTMS), said: “skimming has been huge in Canada. You need to be able to review the transactional data near real-time to catch it. On occasions if the (risk profile) model is very high we will cancel (a card access) there and then.”

Cook has good reason to be concerned; CIBC punches out around 25 million transactions a month, most of them PIN-controlled, point-of-sale debit transactions — which is where most of the skimming takes place. Cook says PIN-based debit transactions have increased by 50 per cent year on year.

In 2002, CIBC moved its PIN-based transactional systems over to HP Non Stop server technology (previously known as Tandem and Himalaya) to better fit in with its Tandem and Base24 ATM network, a move that has allowed the bank to run a dynamic single database across the majority of its transactional processing.

This has allowed the bank’s ATMs to offer value-added services in addition to traditional withdrawal and deposit functions, such as printing statements, multi-currency transfers and conversions and PIN selection.

Cook says that CIBC is now looking at the next generation of ATM technologies that will be able to invoke transactions from other systems, offer personalized or user customized interfaces and dish out pre-approved offers to the right customers.

Such advances have not come without a price tag, namely the rise and rise of applications related to getting onto the Internet and the bank is now undertaking a strategy to reduce costs and applications by getting its IT house in order, Cook said.

“We’re evaluating application efficiency to reduce costs — that’s a big focus especially reducing CPU cycles and looking at where stuff sits. But availability is everything in this game and through HP managed services it’s 99.92 per cent. We had our first outage this month and now we think that isn’t enough. As soon as you start having availability hits all your good work goes down the drain.”

Apart from that, Cook reckons he’s happy enough to run a 130-processor Non Stop installation with 11 production systems, two development systems and six “very expensive” test systems across two live data centres — servicing an ATM network of around 4000 machines.

“You don’t want to regression-test every time you go live on the Internet,” Cook says.



Related Download
Understanding How IBM Spectrum Protect Enables Hybrid Data Protection Sponsor: IBM
Understanding How IBM Spectrum Protect Enables Hybrid Data Protection
Download this whitepaper by Enterprise Strategy Group to learn how to choose a backup technology that is capable of supporting a hybrid protection approach capable of covering both on-premises technology and offsite cloud capabilities.
Register Now