Thursday, September 04, 2003

Credit Card Fraud explodes -- Yawn.

Identity Theft Victimizes Millions, Costs Billions

...About 3.3 million American consumers discovered within the last year that their personal information had been used to open fraudulent bank, credit card or utility accounts, or to commit other crimes, according to the Federal Trade Commission's first national survey on identity theft...
In 1998 I was among the victims of the NetFill scam; at the time it was among the biggest credit card scams in history. The perpetrators, some of whom have continued in the same business set up a bank. Turns out that's easy to do. As a bank they then bought credit card numbers and identify information. Turns out that's easy to do too. Then they ran small transactions on a routine basis, switching vendor names every few months. They raked in millions. Cases are hard to pursue and penalties are modest. The FTC has lots of smart people, but they're fighing a losing battle.

Sadly, the banks have known about the problems behind credit card authentication for about 20 years. Any fix they can come up with tends to lower transaction volume and increase transaction costs -- so it's more cost effective to ignore the problem. If customers notice the banks reimburse them -- though some banks are pretty rude about it. If they don't notice, there's no problem.

Hey, VISA/MasterCharge and their franchisee banks have to make money! Any bank that really pushed for a better system would lose business and have to abandon the credit card market.

Then there's the small detail of using Social Security Numbers as a global personal identifier. SSNs are on insurance cards and in just about every database you can imagine. We might as well tatoo them on our foreheads.

So what's a poor fool to do?
  1. Lobby congress -- this needs legislation, voluntary fixes have failed for a generation. Of course banks make large donations to reelection campaigns. Maybe vote Democrat?
  2. Use American Express -- they do take security more seriously.
  3. Don't carry checks -- they're really bad news.
  4. Convince the credit reporting agencies to put a "fraud watch" marker in your file -- makes it harder to create a fraudulent account.
Update 9/24/09: Nothing has changed six years later, but this time AMEX is a victim of massive internal fraud.

No comments: