Credit card fraud
Published: Saturday, March 1, 2003 at 6:01 a.m.
Last Modified: Friday, February 28, 2003 at 10:03 p.m.
Consumers and online retailers are at the greatest risk of losing money and confidence from credit card fraud.
It was the most polite of crimes: no dangerous guns, no dirty money, no nasty threats. But the magnitude and potential for harm could be devastating.
In February, more than 8 million credit cards were compromised when a hacker broke into a computer system for a third-party firm in Omaha that processes transactions for catalog companies, online services and other direct marketers.
The stolen data came from Visa, Master Card, American Express and Discover cards. Estimates suggest that 2.2 million Master Card accounts and 3.2 million Visa cards were involved, including consumers from the United States and Canada.
This is certainly the biggest single incident of credit card exposure. Experts estimate that in the past five years, about 10 million credit card accounts had been electronically compromised.
Was your credit card among those affected by the recent electronic break-in? Well, that may be hard for consumers to figure out.
Banks are not required to notify customers, and many do not. Instead, they wait to see if any fraudulent charges appear.
Banking institutions are required to notify the Treasury Department of certain cybercrimes, but those reports are not made available to the public.
Firms worry that disclosure of hacking incidents would shake public confidence and spark lawuits, without giving consumers useful information about their own accounts.
On the other hand, consumer advocates suggest that public accountability would force companies to make a greater effort to improve security.
This recent incident has been particularly controversial because of the differing responses among card-issuing companies, and outcries from consumer activists for greater consumer protection.
In Rhode Island, Citizens Financial Group contacted cardholders immediately, canceled some 8,800 cards and issued replacements. PNC Bank, Pennsylvania's largest bank, followed suit, deactivating and replacing 16,000 VISA debit cards. Replacing each card costs the company $25, but some banks feel it is proper busines practice.
However, an official with American Express told the Montreal Gazette that American Express would contact card members only if any suspicious spending activity is noticed.
What should be the appropriate response in such cases?
In California, a law slated to take effect in July requires companies operating in that state to notify customers when hackers break in and steal their personal information.
But it may be that such efforts conflict with federal law. According to a report in USA Today, the homeland-security law passed last year guarantees anonymity to companies who share cybercrime information, as a way of encouraging reporting to the government.
Perhaps the ultimate victims of this crime will be the dot.com retailers, already in an economic downturn, who will lose three ways.
First, they may see declining traffic as the public grows wary of the safety of online purchases in the wake of this incident.
Second, merchants will have to absorb the costs of fraudelent purchases.
Third, they end up paying stiff fines to the bankcard associations if fraudulent purchases exceed 1 percent of sales transactions for more than two months.
Retailers might even lose the ability to accept credit card payments, which would effectively shut down many e-businesses. In Australia, a well-known firm was forced to temporarily close its retail site in 2000 after it found more than 25 percent of attempted credit card transactions were fraudulent.
Most card agreements protect consumers, so that individual cardholders are not liable for fraudulent charges that are promptly reported.
This month and every month, consumers should carefully monitor their credit card bills and call the toll-free number on the back of the card in case of suspicious charges.
Comments are currently unavailable on this article