Last week my credit card number was compromised. As a result, two vendors, my credit card company and I invested time and/or money. The loss was not large – a few hundred dollars – but my experience has likely been repeated by others thousands of times with a total cost of several million dollars to the affected companies.
Was I careless? Did I leave my card at a restaurant, neglect to tear up carbon copies, or speak the card number loudly into a phone in a crowded airport? No. I was the victim of a person operating somewhere outside the United States. This individual is generating credit card numbers that will self-check, have valid bank numbers and perhaps have a real account attached.
Thanks to this individual, I how have a month’s subscription to an “adult content” Web site in Canada! Unfortunately, I don’t know my user ID or password so the subscription has little value to me. The site approved a small, $4.95 transaction billed to my credit card number. Within minutes of the approval, a well-known, Internet-based bookseller approved two transactions for several hundred dollars. The purchased items were shipped outside the United States.
As luck would have it, I looked at my credit card transactions online and noticed the small transaction. My credit card company and the bookseller responded beautifully, promptly canceling the card, reversing the charges and investigating the incident. Within a week of the illegal use of my number, future abuse – against this account, at least – was halted. But why should this happen today, with the technology available to the financial services industry?
In spite of the advances, we continue to use plastic cards with magnetic stripes containing static information. Forty years ago this technology ushered in the widespread use of consumer credit. Possession of the card, or even the number, is sufficient to make charges or get cash advances. With millions of cards in circulation, the potential for abuse is widespread.
It’s time to do something about the exposure. Europe leads the world in deploying smart cards, primarily for the increased security afforded with this technology. Here in the U.S., we continue to believe the technology is interesting, but not worthy of implementation.
Smart card costs are now at commercially feasible values and will drop further as volumes increase. Let’s take away another easy mark from the bad guys and improve security for consumer credit card transactions. My bet is the reduced exposure, lower staffing requirements and lower insurance premiums will produce a payback within four years.
Thanks, American Express – your Blue Card is a step in the right direction.