The continuing war of credit card fraud
On Feb. 28, The Fraunhofer Institute for Computer Graphics Research, a German organization, unveiled new technology that could make credit cards much more secure. If it takes off, you'd have to provide an original "exemplar" signature on the sort of screens FedEx drivers use to get you to provide proof of delivery. And then you'd sign on similar electronic devices every time you pay with your card at a merchant's store, restaurant, gas station… wherever.
When you buy something, the system won't just carefully check the look of your signature in the same way store clerks do now (Yeah, right). It'll also make sure your name is written in the way you normally do. So, if your name is Smith, it'll know whether you first cross your T and then dot your I, or vice-versa. And it'll know whether you cross your T from left to right or right to left. That would tighten up a gaping hole in card security.
Credit card companies and chip-and-signature
You probably already know that credit card companies are rolling out EMV cards (they're the ones with tiny on-board microprocessor chips) in America over the next couple of years. And, if you read Chip And Signature Cards Are Not The Same As Chip And Pin Cards you may remember that most -- possibly all -- credit card issuers so far seem intent on insisting you sign for your purchases rather keying a personal identification number (PIN) into a point-of-sale (POS) terminal. That's in spite of experiences in Europe that suggest that PINs are much more secure. If banks are going to stick to chip-and-signature, the least they can do is tighten up the security surrounding signatures.
Credit card security threats ubiquitous
Of course, closing one gap in credit card security isn't going to solve the whole problem. On March 13, American Banker magazine said recent "cyber attacks against U.S. banks were more widespread than reported." Most of these are simple denial-of-service assaults, and it's vanishingly rare for a hacker to access a credit card company's accounts database. But every few months we hear of huge numbers of card details being compromised in attacks on merchant IT infrastructures.
At least as scary are cases of card "skimming". That's when plastic is swiped by criminals to capture the electronic information on black magnetic stripes. And guess where you're most vulnerable to this form of fraud. Shady retailers? Dodgy restaurants? Remote gas stations? In 2011, when 79 percent of skimming incidents happened at POS terminals, you might have been right. But, in 2012, it was at bank ATMs.
Credit card fraud rising
Those data were derived from a March 19 report from FICO Labs, which found that, in 2012, overall credit card fraud increased in 20 states, led by South Dakota. A FICO press release went on to reveal that 46 percent of all skimming incidents that came to the company's attention that year occurred at ATMs operated by banks. Another 18 percent happened at "white-label" ATMs, ones that aren't bank-branded. ATMs located in California, Florida and the Northeast were hit particularly hard.
But it's not just high-tech fraudsters who want access to your card accounts. Recently, police in Evansville, IN, warned of a scam they say is growing in the Midwest. Thieves are calling people whose card numbers and expiration dates they already know. Posing as MasterCard or Visa security employees, they ask if a recent (fictional) significant purchase has been made by the prospective victim. On being told no, the caller offers to credit the account with the sum lost. All they need is the three-digit card verification value (CVV) number printed on the signature strip on the reverse of the card. You know: the CVV number that prevents skimmers and others with stolen card details from going on online spending sprees.
Mobile payments a new threat?
All this, and now we have mobile payments providing even more opportunities for fraudsters. Recently, Javelin Strategy and Research, a company that studies payments and technologies, observed:
Smartphone security is an increasing concern as mobile malware multiplies exponentially, and Android's open source platform continues to gain market share over [Apple's] iOS. While most malware has so far targeted Android, which has the largest installed base of users, iOS remains a valuable, if elusive, mark for hackers -- iOS users spend more individually and have greater deposits on average than Android users.
In other words, criminals are already working hard to crack the security technologies protecting Android-based smartphones and tablet computers that are used for mobile payments. And they have Apple products in their sights.
Credit cards best protection
If you're feeling exhausted by the prospect of protecting yourself against all these different criminals who devote their lives to stealing from you, then you may be hoping for a shining knight on a white charger. And has there ever been a less likely one than the Federal Trade Commission (FTC)?
But it's the FTC that rides to the rescue with this reminder, contained in its March 2013 report, Paper, Plastic… or Mobile? (21-page PDF):
Mobile payment users may not recognize that their protections against fraudulent or unauthorized transactions can vary greatly depending on the underlying funding source. Generally, credit cards provide the strongest level of statutory protection, capping liability for unauthorized use at $50.
That cap applies to all sorts of fraud, not just mobile payments. In fact, it's the best you can get: better than debit cards, prepaid cards, checks, or cash, which has no protections at all. And it's just one reason why using your credit cards (responsibly) is almost always a smart move.
Published 04/01/13 (Modified 11/20/13)