Credit Card Security
Generally speaking the credit card system can be considered as a 'low security' system. As such it prevents countless opportunities for fraud. This has resulted in a huge black market in stolen and/or reproduced or 'cloned' cards. These are generally used quickly to buy high value electronic or photographic goods before the cards are actually reported stolen.
One of the largest sources of card fraud is the internet. This is typically done through the use of stolen credit card information. Information which is gained in a number of ways. The simplest way is by copying nformation from retailers, either online or offline. There have als obeen many cases of hackers entering company databases and copying huge quantities of credit card information. It is also not unusual for the employees of companies dealing in large numbers (often millions) of credit card transactions selling credit card information to criminal organizations.
This has resulted in attempts at improving security for purchases using credit cards. However, security holes generally appear due to poor implementation of card acquisition systems by retailers. A typical example is the one in which despite credit cards being transmitted to a website using SSL secure encryption the numbers are then read from a database and given to someone who manually enters them at a standard card terminal. The database on which transactions are stored may not be properly secured or encrypted either, leaving it open to hacking. Obviously, any point at which credit cards become human readable is an obvious security risk. As a result banks are offering systems such as ClearCommerce where encrypted card details captured on a merchant's webserver can be sent directly to the payment processor; entirely eliminating the human-readable element from all transactions.
The Rôle of Credit Card Companies in Fraud
Part of the problem also lies in the credit card companies' own attitude to fraud. Indeed, they themselves state that their aim is not to eliminate fraud, simply to 'reduce it to manageable levels' which effectively means that they are satisfied if total cost of both fraud and fraud prevention is minimized. The implicaton here is that any high-cost fraud prevention method that only has a low return will not be employed if their overall cost outweights the potential gains from fraud reduction.
What the Credit Card Companies are Doing
Recently credit card companies have introduced three measures in an attempt at making credit card purchases more secure (though, in truth none of these measures has actually been proven to reduce credit card fraud thus far. These measures are:
1. The introducton of individual PIN (Personal Identification Number) numbers to each customer. These are known only by the customers themselves and the on-line verification system used by merchants are being enhanced so that they have a keypad to accept these four-digit numbers. This will soon replace the signature verification system. Indeed, in Britain at least only this four-digit number verification will be accepted by all merchants from May 2006.
2. In conjunction with the PIN number credit cards themselves are being replaced with similar-looking tamper-resistant smart cards which are intended to make forgery more difficult. These cards have an integrated circuit (IC) embedded in the card itself; the majority of which comply with the EMV (Europay MasterCard Visa) standard. Such cards, wihch accept the four-digit PIN number are called 'Chip and Pin' cards.
3. For internet transactions cards now have an additional 3 or 4 digit code either printed on the front or on the signature strip at the back of the card. This is known as the Card Verification Value (CVV) and most on-line card processing systems will now ask for your CVV number in adition to other card details.
Unfortunately, the primary way that criminals get credit card information for use in online (or phone) fraud is via phishing scams, which also will result in the capture of the CVV codes for the compromised credit card. This fact of life has reduced the real-world effectiveness of the CVV codes as an anti-fraud device. Also, because the merchant does not store CVV codes when they re-bill a card they do so without the CVV which effectively makes the CVV code only optional for internet transactions, thus diminishing its real value as a security device even further.
What you can to to Protect your Credit Card
You will have seen from the information above the credit card fraud is almost a fact of life when using credit cards. Which is not to say that there aren't things you can do to protect yourself. The first rule is to never let the credit card out of your site. This applies particularly to restaurants and establishments where the card reading machine is not plainly visible. Whenever the card is out of sight is an opportunity for someone to copy it. If you have a receipt with your credit card numbers on it always destroy this before placing in the trash. The same goes for your credit card statements. If making purchases on-line think about getting a credit card with a low credit limit specifically for on-line purchases and never allow any site to store your credit card details on their website, no matter how secure they claim their systems to be. This will not eliminate the chance of your becoming a victim of credit card fraud but it should appreciably reduce your risk.