While security has improved the credit card system does present countless opportunities for fraud. There is a huge black market in stolen credit cards and credit card information. Thieves tend to move quickly to maximise the opportunity for fraud before the cards are reported stolen or the victim of identity theft realises their information is being used illegally. It is important that the credit card user is always vigilant, protecting their card and its information and always checking their monthly bill in detail. In the event of a problem notify the card issuer immediately.
Aim of Credit Card Companies
The credit card companies know they cannot eliminate fraud, but their aim is always to reduce it to a manageable level and at an acceptable cost. There would be no value to them in being in a situation where the cost of successfully preventing fraud is greater than the loss to fraud itself.
Credit Card Fraud
Most Internet fraud is carried out through the use of stolen credit card information. This is generally acquired by illegally copying retailer transaction records in store or online. There have also been many cases of hackers obtaining high quantities of credit card information from company databases. In some cases employees sell credit card information to criminals.
Credit Card Acquisition
Despite efforts to improve security for remote purchases using credit cards, poor implementation of card information acquisition procedures is still a major loophole. A website may use SSL to encrypt credit card numbers from a customer, but then compromises the information’s security by e-mailing the number from their web server to someone who manually processes the card details at a card terminal. Obviously wherever card details become human-readable before being processed at the acquiring bank a security risk exists. Many banks now offer Clear Commerce systems, where encrypted card details captured on a merchant’s web server are sent directly to the payment processor.
The Federal Bureau of Investigation is the agency responsible for prosecuting criminals who engage in credit card fraud in the United States. They do not have the resources to pursue every crime, and in general prosecute in cases where the amount involved exceeds $5000.
Credit Card Security Improvements
Three improvements to card security have been introduced to the more common credit card networks and should help reduce credit card fraud.
- An additional 3 or 4 digit code is now present on the back of most cards, for use in “card not present” transactions.
- The on-line verification system used by merchants is being enhanced to require a 4 digit Personal Identification Number (PIN) known only to the cardholder.
- The cards themselves are being replaced with similar-looking tamper-resistant smart cards. These are designed to make forgery more difficult. The majority of smart card (IC card) credit cards comply with the EMV (Europay MasterCard Visa) standard.