Stealing credit card numbers is a crazy way to make a living, and we've certainly seen more than a few crazies showing up on police blotters lately. You might have heard about the thief who used a stolen credit card account to purchase the same meal at Burger King every day for almost a month. Or the master criminals who ran their budding enterprise from a hotel room they rented with a stolen credit card. Or the clever outlaw who operated a sophisticated credit card fraud scheme from his jail cell.
Sadly, not all credit card fraud stories end with a punch line, or even a conviction. Credit card fraud affects everyone, from merchants that cover the cost of chargebacks to public figures such as U.S. Senator Daniel Inouye. His account information ended up in the hands of a Georgia woman who used it to buy $12,000 in Walmart gift cards.
Even if your credit card is safe in your pocket…
Even security experts can find themselves victims of credit card fraud. Consumer advocate Denise Richardson, author of the book "Give Me Back My Credit," told CardRatings.com that thieves managed to charge $9,000 in plane tickets at a Rome airport to her account, even though her credit card never left the United States--or her wallet.
"All too often, consumers become relaxed with a false sense of security that their credit card information is safe simply because they have possession of the card," Richardson says. "Unfortunately, this isn't the case at all. Credit card fraud happens all the time, even when the individual has the credit card safely tucked into a wallet or even locked up in a safety deposit box."
With thieves upping the ante on credit card fraud, what are card issuers doing to fight back? Will we see any big steps forward for security in 2012?
Magnetic stripe: throwback to the '60s
Part of the reason credit card fraud is so prevalent is that the card technology in widespread use, at least in the U.S., hasn't changed much in four decades--not since 1969.
That's the year that researchers at IBM helped make the magnetic stripe a standard feature on the back of your credit card. According to company historians, the CIA-inspired technology sped up retailers' record keeping. At first, merchants resisted paying more for expensive point-of-sale terminals. As costs came down, more stores installed magnetic stripe readers.
But today's inexpensive merchant tools also enable a generation of "skimmers" to copy and clone your 1960s-era magnetic stripe.
EMV chips to the rescue
European banks and merchants proposed a replacement card technology in the 1990s. The "EMV chip" scrambles your account information so skimmers can't easily copy it. In addition, European retailers championed the "chip-and-PIN" standard that requires a personal identification number at checkout.
While not foolproof, the system has sharply reduced the severity of identity theft attacks against European cardholders. Instead, criminals there prefer to target American travelers overseas, transmitting skimmed magnetic stripe data to accomplices around the world.
Replacing the familiar credit card takes time
Just as merchants resisted the magnetic stripe in its first decade, U.S. retailers and consumers have failed to embrace the PIN as a security standard in the United States. Citing both inconvenience and expense, research from Visa, Inc., shows that only about a quarter of Americans opt for PIN-based transactions when given a choice. Therefore, Visa and other payment platform providers have backed a "contactless" version of the EMV chip that lets you "tap and go" or "wave to pay."
To speed adoption, Visa announced significant financial incentives for merchants to begin using the new technology over the next few years, while banks position the new cards as being both convenient and secure. A partnership between MasterCard and Google has led to a version of the new technology being included in some Google-branded smartphones, enabling the devices to mimic EMV credit cards.
Despite the popularity of the new payment technology among early adopters, merchants may take as long as five years to install EMV-capable card readers at their locations, forcing many Americans to live with the more vulnerable magnetic stripes during the transition.
Credit card issuers seek other ways to fight fraud
While technology enthusiasts clamor for new EMV and "near-field communication" tools, banks have taken a pragmatic approach to making credit cards safer in 2012. Protection from identity theft has become as essential for customer service as a toll-free phone number or a low introductory rate.
According to James Van Dyke, founder and president of Javelin Strategy & Research, which tracks industry trends, banks are on the right track when they focus on identifying "impersonators" instead of relying solely on new credit card technology to beat criminals.
Writing on his company's blog, Van Dyke suggested that we shouldn't hope for "immediate change" from new payment systems. However, Van Dyke predicts that the customer experience will continue to drive credit card issuers to invest heavily in fraud detection and resolution.
Indeed, after Citibank revealed details of a major security breach, the bank launched an enhanced fraud detection program while promising customers they wouldn't be held liable for a single dollar of fraudulent transactions. American Express, which has long offered similar account protection, announced it would set up a $100 million investment fund to help launch Silicon Valley startups working on new fraud detection and account security technology.
Javelin has recognized Discover Card for its industry-leading fraud resolution team. It also applauded new security measures implemented by Citibank's new global security chief, Rich Detura. Visa, Inc., officials echoed this praise for banks on their fourth-quarter earnings call, citing bank and merchant partnerships as a reason for one of the lowest fraud rates in years.
Your own steps to credit card security
Since it could take years for some of the best automatic fraud protection technology to become the new standard in the United States, banks and law enforcement officials recommend that you take a few simple steps to secure your credit cards:
- Separate your everyday-use credit cards from your standby accounts. As Citi advised in an online guide for student borrowers, "Carry only the cards you need, especially when traveling. To clarify: you may need 1 or 2 cards. You will not need 6."
- Activate transaction alerts. The best credit cards offer instant notification about new purchases and transfers. Getting a new text message every time you swipe your card may sound like overkill, but it could give you the advance warning you need to kick criminals off your account.
- If sharing an account, request additional cards instead of broadcasting your account number. Many business credit cards issue alternate account numbers for authorized employees to better track purchases and to deter internal theft.
- View statements online to deter mail theft. Your mailbox might not be the best place to leave a credit card statement unattended. Requesting online statements saves trees while preventing identity thieves from accessing your personal information from the mail.
Meeting your bank's fraud department halfway and using your credit card safely won't guarantee your protection against identity theft. However, the best defense--while new card technologies are still being adopted in the U.S.--is still for individual cardholders to protect account details, use credit cards responsibly and report even the smallest inaccuracies.