That is the conclusion of a study of 23 U.S.credit card issuers conducted by Javelin Strategy & Research, a consulting firm specializing in the financial services and payments industries. Criminals are getting better at stealing card account information, while banks and consumers are simply not doing enough to protect their data, the researchers tell us.
The result is that account fraud costs issuers about $37 billion annually, the report says.
New Card Account Fraud Costlier and More Difficult to Resolve
It turns out that, while existing credit card accounts generate a higher total of fraudulent transactions than new accounts – $17 billion vs. $6 billion last year, new account fraud is much costlier on a per-incident basis – $1,267 vs. $565, according to the study.
On top of that, new account fraud takes much longer to detect – 49 hours on average, compared to the 26 hours it takes to discover fraud on existing cards. “The difficulty in detection of this fraud type is a large contributor to the high costs,” the report concludes.
To make matters worse, in addition to the direct cost of dealing with fraud, banks suffer from a couple of fraud-related side effect. Some fraud victims quit online banking, which is costly for issuers, while 20 percent switch to a competitor, which is an even worse outcome from a bank’s perspective.
Here is the top 7 list in the study:
- Bank of America – 87.
- Discover Financial Services – 74.
- U.S. Bank – 73.
- USAA – 71.
- Capital One – 68.
- JPMorgan Chase – 67.
- American Express – 66.
The average score for the 23 issuers was 59.
How to Protect Account Data
The researchers have some suggestions on what issuers should do to make it harder for hackers to steal account information. Here are some of them:
- Send SMS alerts to cardholders when large purchases are made or for card-not-present transactions (I am not so sure about that one).
- Stop asking for SSN, a prime target for fraudsters, for authentication purposes.
- Limiting online access for customers who have not updated their anti-virus software.
While issuers may or may not decide to adopt any of these measures, there are things consumers can do themselves to protect themselves, including:
- Keep your anti-virus software updated.
- Look for issuers who support tokenization, which is a technology that replaces the card account number with a random string of characters, which, if intercepted, is useless to the criminal.
- Look for issuers who will let you set transaction limits and ask you for validation when you exceed them.
- Get a chip-and-PIN card when they become available in the U.S. In these cards the account information is embedded in a chip and studies have proven them to be less vulnerable to fraud than traditional magnetic stripe cards.
Challenging as it is, the situation is certain to become even trickier with the rapid evolution of the numerous nascent mobile payments technologies, which present a whole different set of problems and I am sure we will be hearing a lot about that in the coming months.
Technologies will evolve and change, but common sense will never go out of fashion. It is your best protection. Keep an eye out for anything that looks out of the ordinary. If you find it, stop what you are doing and contact your issuer.
The good thing about credit card fraud, from a cardholder’s stand point, is that ultimately the issuer is liable for fraudulent transaction amounts. Still, the investigative process can take a while and you will be wholly involved in it. Moreover, there are a number of things that can go wrong and your credit historymay suffer as a result. So just because someone else is paying for it, does not mean that you will necessarily get off scot-free.
Hope this brief article helps you understand what tokenization is and how it helps your business.