Credit card fraud and ID theft statistics

[audreyh1]

Interesting article from credtcards.com about US Credit Card Fraud and ID Theft statistics. It covers some of the trends since EMV came into use, time and costs of dealing with ID theft, and American reactions to recent major cybersecurity breaches. https://www.creditcards.com/credit-card-news/credit-card-security-id-theft-fraud-statistics-1276.php

Looks like they do some of their own research. Source links listed at bottom, but they do the compiling.

 

[Chuckanut]

Interesting and not surprising. The chips have resulted in less fraud with the card present but more fraud with the card non present. The bad guys have adapted.

Really scary is the increase in the number of data breaches. I think we all knew it was going up, Up and UP. But, it's good to see some numbers.

 

[audreyh1]

That it is easy for a crook to use a credit card online is a problem.

HOWEVER

Most sites require billing address to be entered and to match for a transaction to go through. That's not something someone would get from just skimming a card.

Some sites are even stricter and won't ship expensive items to other than the billing address without proof of ID matching the card.

 

[Rustward]

If you understand how credit data (or any other data) is accessed in a data center, you would understand that that it it is very elementary for someone in the data center to copy that data and use it for nefarious purposes.

There is no CHIP in a data center, it is just the data.

The data may be encrypted (or it may not be encrypted), but at some point the data is decrypted for processing. It is at this point that the data can be captured. Data security departments monitor access to data, but there are things that they cannot catch. Many times data access is discovered after it has happened when it is too late.

I have worked in such data centers and I have seen this. I once had a storage dump in my house from one of the largest Mastercard processors (well, the largest) in the United States for problem determination. It had CC numbers, names, addresses, etc., and all credit card info all in plain text if you can read hexadecimal, which is not difficult for somebody who knows what they are doing (which I do).

The risk is getting caught. I thought about returning this 12 inch stack of paper to the bank, and after I thought further, I decided that it would be better for me to take it to my employer's office for secure shredding, thinking that the person at the bank who allowed me to take this information out of the bank might get in trouble if I brought this stack of paper back to the bank.

The CHIP protects you at the point of sale, and not beyond. Most of the very large data breaches occur beyond the point of sale.

 

[brett]

It is my understanding that chip cards did/do reduce theft. Having said that we have had chip cards for ten years or more. Our cards have been compromised three times. All Visa. Our MC's have never been compromised.

Bottom line is that the banks may get an upper hand for a while but there is no doubt that the bad guys will figure out a way to either tick it or get around it some how. This is a cat and mouse technology based game.

 

[RunningBum]

My chip card Visa was compromised earlier this month. It had a charge at a Safeway in CA for about $120 that was flagged and we got it shutdown before any other charges came. A little disappointed at how slow PenFed has been to replace my card. Apparently the replacement is lost in the mail and yet another is coming, but they didn't get the first one sent for 2 days, and it doesn't look like they have a new one assigned yet after I reported it MIA on Sunday. I have other cards to use but was waiting to change autopay accounts.

 

[Bamaman]

When you have problems with security, you will come out better if it is a credit card versus an ATM card. You have legal rights with credit cards not afforded on all ATM cards.

We have a wayward daughter that pays credit cards and cellphone bills drafting on our checking account. We have had to change checking accounts, ATM cards and charge cards. We keep all personal papers and my laptop locked in a large safe. My wife keeps her purse in a small safe all the time. Life is easier when we take a proactive approach to our personal business.

 

[audreyh1]

It is my understanding that chip cards did/do reduce theft. Having said that we have had chip cards for ten years or more. Our cards have been compromised three times. All Visa. Our MC's have never been compromised.

Bottom line is that the banks may get an upper hand for a while but there is no doubt that the bad guys will figure out a way to either tick it or get around it some how. This is a cat and mouse technology based game.

What they reduce is physical credit card fraud. So fraud moves to online fraud as the article explains. There needs to be a more secure way for an online retailer to know they aren't receiving a fraudulent credit card order. One way is to only ship to the billing address on the credit card for higher dollar orders unless the customer supplies additional proof of ID.

 

[JoeWras]

My chip card was compromised last spring when Chipotle was hacked. Chipotle never uses the chip, just the scanner.

The card was cloned as a stripe-only card and presented at Kroger in the state next door. To MC's credit, they denied it right away and gave me a call.

It seems the credit company's algorithms are getting better. I suspect this attempt at Kroger included gift cards (round number, that's all the info I was given). Probably another flag.

 

[audreyh1]

My chip card was compromised last spring when Chipotle was hacked. Chipotle never uses the chip, just the scanner.

The card was cloned as a stripe-only card and presented at Kroger in the state next door. To MC's credit, they denied it right away and gave me a call.

It seems the credit company's algorithms are getting better. I suspect this attempt at Kroger included gift cards (round number, that's all the info I was given). Probably another flag.

I think that there is something about the swipe on a chip card that tells the register it must be presented as a chip card. But some places are behind in accepting chip, and they are the ones responsible for for eating the fraud in that case.

 

[JoeWras]

I think that there is something about the swipe on a chip card that tells the register it must be presented as a chip card. But some places are behind in accepting chip, and they are the ones responsible for for eating the fraud in that case.

Right. You would think Chipotle would be on it, installing chip readers, after their hack.

Nope. Still swipe only, 9 months later.

Hey, it *is* fast. I suspect that's all they care about.

 

[audreyh1]

Right. You would think Chipotle would be on it, installing chip readers, after their hack.

Nope. Still swipe only, 9 months later.

Hey, it *is* fast. I suspect that's all they care about.

Currently? Wow. I don’t encounter anyplace without chip anymore, but we don’t eat at fast food places, and I don’t know what the restaurants that walk away from my card are doing. That last bit really bugs me!

HEB and Costco took a while to convert to chip readers, but they finally did.

 

[mathjak107]

if the vendor does not pay to carry the special programs and coverage that they extend to online vendors then any fraud is on the vendor .

these programs they force vendors to take in order to be covered when no card is present are very costly . you pay an additional fee on every charge regardless if on line or you have the card

at work we had a fraudulent sale via not only an e-mail transaction but we always send the customer a credit card authorization form to sign too .

turns out that form means nothing if fraud happens . if the card is not present than all bets are off and the vendor has to eat the fraud .

we figured out that we do so few transactions on line relative to our regular sales that to have every charge pay an additional fee so we could be covered on line too made no sense . it was a better deal to just eat the fraud charges when they happen .

 

[JoeWras]

Currently? Wow. I don’t encounter anyplace without chip anymore, but we don’t eat at fast food places, and I don’t know what the restaurants that walk away from my card are doing. That last bit really bugs me!

HEB and Costco took a while to convert to chip readers, but they finally did.

Yes. Currently.

They have a swipe reader integrated into their cash register screen. The associate swipes the card along the side of the screen they look at. Someone at corporate is probably waiting for depreciation to complete on those devices.

They don't have the separate terminal with keypad you see everywhere else.

 

[audreyh1]

Yes. Currently.

They have a swipe reader integrated into their cash register screen. The associate swipes the card along the side of the screen they look at. Someone at corporate is probably waiting for depreciation to complete on those devices.

They don't have the separate terminal with keypad you see everywhere else.

I’ve never eaten there, but clearly it’s not a place that can handle cards that require a user to enter a PIN.

 

[LastOfTheBoomers]

My CC was comprised 2 weeks ago - 2 small charges - Exxon and McDonalds - both near a highway next to each other.
I noticed the charges 3 days later - it seems they were smart enough to use once and discard.
I have several fraud alerts set up on my card - foreign transactions- charges over 200 - card not present - but maybe they need more - such as swiped transaction - or something location based - card used when phone with Amex app loaded is not nearby.

 

[kcowan]

I like the online retailers who insist that you enter a 4 digit code sent to your cell phone whenever you make a change to your CC, address, etc.

 

[Sunset]

I have my CC send me an alert for any charge over $1.00
One CC sends me the alerts about 2 days after the charge !!! I phoned customer service to complain about it, just so hopefully it goes up the line... Of course the rep told me she has heard the same complaint from lots of people

 

[Looking4Ward]

I have a Chase IHG credit card that I only use for Holiday Inn Express reservations.

Twice in as many years there have been online purchases show up on that card, and twice I've called Chase to report those transactions. It's been annoyingly difficult to report (call Customer Service, punch the non-mentioned 0 to get an agent, explain the situation, get transferred to Fraud Department, get interrogated, etc).

Account gets cancelled, new account setup, new card mailed to me. Only use it at a Holiday Inn Express and within weeks a fraudulent charge will show up from some internet website.

You'd think Chase/IHG would catch on by now.

 

[audreyh1]

Most of my cards send me the alert as soon as the card is charged - that’s when it’s really useful. The charge is pending. It can usually be reversed before it posts.

A few only send me a notice when the charge has posted - a couple of days later. Not nearly as useful, but better late than never.

 

[Looking4Ward]

I have my CC send me an alert for any charge over $1.00
One CC sends me the alerts about 2 days after the charge !!! I phoned customer service to complain about it, just so hopefully it goes up the line... Of course the rep told me she has heard the same complaint from lots of people

All of my accounts are setup to alert me whenever there is a transaction - and all of them send those alerts almost immediately EXCEPT for Bank of America which consistently takes two days. I stopped using that card.

 

[razztazz]

Currently? Wow. I don’t encounter anyplace without chip anymore, but we don’t eat at fast food places, and I don’t know what the restaurants that walk away from my card are doing. That last bit really bugs me!

HEB and Costco took a while to convert to chip readers, but they finally did.

Here, ALDI is the only place I go to that is still "Swipe-only." But I never use a debit card for gasoline and I live in Iowa

 

[Alan]

What they reduce is physical credit card fraud. So fraud moves to online fraud as the article explains. There needs to be a more secure way for an online retailer to know they aren't receiving a fraudulent credit card order. One way is to only ship to the billing address on the credit card for higher dollar orders unless the customer supplies additional proof of ID.

Being back in England we had a flurry of online purchases where the vendor sends you to a secure MasterCard or Visa site where we had earlier set up a password. They only prompt the first time you order something from a particular computer so they must leave a cookie to make life easier.

 

[audreyh1]

Being back in England we had a flurry of online purchases where the vendor sends you to a secure MasterCard or Visa site where we had earlier set up a password. They only prompt the first time you order something from a particular computer so they must leave a cookie to make life easier.

So that should block people buying stuff with fraudulent card numbers.

I notice some sites here saying things like “VISA Verified” during the payment processing. Similar, but not the same as having an account set up.

 

[Alan]

So that should block people buying stuff with fraudulent card numbers.

I notice some sites here saying things like “VISA Verified” during the payment processing. Similar, but not the same as having an account set up.

That’s right. It has been over a year since I set up the new passwords and I keep them in Lastpass secure notes as I don’t need them that often these days and would hate to forget them.