Monthly Archives : April 2016

creditcardfraudfeaturedIs $35 Billion in Card Fraud the “Cost of Doing Business”?

Is $35 Billion in Card Fraud the “Cost of Doing Business”?

Over the past year, I’ve been speaking with executives at banks and card networks about credit card fraud, and there’s one phrase I hear over and over again.

“Fraud is just the cost of doing business”.

In the banking industry, it seems like this is the “go to” response when someone asks about fraud, and it really got me thinking about how desensitized we’ve all become to the costs of fraud.

A few months back, The Nilson Report released their latest annual survey of the direct losses due to credit card fraud globally.

As if the headline that card fraud losses had reached $16.3 billion was not scary enough, the report goes on to predict that by 2020, losses will grow above $35 billion annually, with $183 billion being lost in between.

The U.S. accounts for about 50% of the losses each year, even though we represent only 20% of transactions (Yeah, we’re number one).

I suppose at some level, if you look at the huge amounts of revenue US banks bring in from credit cards (more than $500 billion), then look at the $8 billion or so lost to card fraud, it can look like just a drop in the bucket.

In the real world, $8 billion is a staggering amount of money to be lost every year. This is a train wreck, a house fire, a travesty… you get the idea.  The worst part is that it’s not even close to the actual amount being lost.

What is the Real Cost of Fraud?

One problem with any study of losses due to fraud is that they often understate indirect costs related to the problem, such as the cost of prevention, and the cost of cleanup after the fact.

An interesting yearly study from LexisNexis tries to pinpoint this multiplier effect for merchants, and recently found that for every dollar in direct fraud losses, the true cost is closer to $3.08.

Another recent study by Javelin Research which looks at the total cost of card fraud in the U.S. places the current domestic losses at around $16 billion and growing quickly to $24 billion by 2018.,pressRoomDetail

So, if the actual losses in the U.S. are 2-3 times higher than the reported losses, does this mean that what currently looks like an $8 billion tax on our commerce system is on its way to grow into a $35 billion catastrophe?

This doesn’t even count the fraud that’s not reported, re-classified, or otherwise swept under the rug to avoid admitting security problems.  And don’t forget about the cost incurred by consumers spending endless hours dealing with fraud on their own accounts.

I’m bringing in the thesaurus now to come up with more words to describe this calamity of cataclysmic proportions.

Who Pays for Fraud?

While I was at a banking conference last month, I sat in on a session where I heard an executive say to the audience, “People outside the industry just aren’t informed. They don’t have to pay for fraud. The banks cover all the costs.”

That comment got me thinking about who really pays for fraud.

Of course, the answer is that we all pay for it, and banks and merchants do a good job of hiding the cost in the form of higher fees, or higher prices.

When someone at a bank says that fraud is just the cost of doing business, it means that they have passed that cost onto someone else, namely their customers, and haven’t lost much business.

To bring the problem home a little more, if you take the $35 billion in real cost for fraud, and divide it by the 100 million or so households in the US, we’ll all soon be paying $350/year to cover up this problem.

Yikes!  If I have to pay $30 each month for something, I should at least get a free tee shirt or something.  Maybe we’ll all get bumper stickers that say “My credit card fees help support organized crime!”

Read More
TiltBackRotate3Chip Shield Ready to Launch

Chip Shield Ready to Launch

Our company and our products have been in “stealth mode” for the past year and a half as we designed and built the Chip Shield device, implemented back end servers and client libraries to support the devices, and built our web sites and mobile apps.

After all these months of secrecy, we’re finally ready to announce our product, and share information about what we do, and how we do it.

Our Solutions section gives a lot of details of what the new device can do:

So, I thought I would use this blog post to talk about why we’re doing this, and how we started working to solve the problem of credit card theft and fraud.

The Pervasive Problem of Fraud

When we first started thinking about the problem of credit card fraud the Target data breach was still in the news, and the Home Depot story was just breaking.  It felt like everywhere you looked you would hear reports of fraud, data breaches, identity theft and organized crime.

We started to feel the personal effects of card theft with bank notices and cards being replaced.  My wife and I had 3 cards replaced in just a few months, and then later received a friendly notice that our personal information had been lost in the Anthem data breach.

It wasn’t only us.  It was our friends, our families, and it was starting to impact virtually everyone.  Just this week my dad had another card replaced.

Not long ago, Gallup asked Americans about their biggest crime fears and 85% of wealthier households listed credit card theft as their largest fear.

Also, more than 25% of the people surveyed reported that a family member had their credit card stolen by computer hackers in the past year.

A more recent survey from MasterCard shows a similar level of anxiety, and amusingly 55% of the people surveyed would rather have nude photos of themselves leaked online than have to deal with the theft of their financial information.

A Personal Experience with Fraud

Finally, the problem hit closer to home.

My mom, who is in her mid-70’s and lives on her own, woke up one fine morning to learn that her checking account had been hacked into and more than $1,700 had disappeared in a few hours.

Our family spent the next few weeks trying to unravel the source of the hacked account as it played out a bit like a murder mystery.

Was it because my mom had used the same password for years?

Was it because, like many people, she used the same password for all sorts of accounts?

Was it the sheet of paper on her desk with her passwords written on it?

Was it a virus, later discovered on her computer that had logged keystrokes and sent them to a website in a distant country?

Was it the new housekeeper that had recently started working for my mom, who seemed a bit too chatty?  Did she find the sheet of paper?  Did she install the virus? 

Was it my sister, or me, who took the money, since we both had our own login/passwords to the account?

Were our accounts with the same bank at risk?

Collateral Damage

The worst part of a computer hack is the side effects it can have on people’s lives, and the paranoia it can create around things and people you used to trust.

In hindsight, everything feels like an overreaction, but at the time, my mom was not sure who to blame.

The housekeeper, of course, had to be replaced, because it could have been her.

The computer, of course, had to be replaced, because it could no longer be trusted.

Online banking, of course, had to be permanently disabled and only paper statements used for the accounts.

Other online accounts, of course, had to have new, crazy long passwords created, since they could have been hacked also.

The little piece of paper with all my mom’s passwords on it now had to be written in code, with only hints at what each crazy long password might be.  Of course, we could never remember what the codes meant.

The Bank Handles Everything

I’m sure the folks at the bank do their best trying to fix these issues, but it can be a mess to clean up.

The accounts all had to be closed and re-opened, which was done incorrectly, so they had to be closed and re-opened again, with the process taking more than a week.

The replacement funds had to be deposited into the account, and went into the wrong account, and had to be done again, which took another few days.

All the while, checks written to pay utility bills were merrily bouncing and triggering fees from those companies.

Then, somewhere along the way, the bank decided that the hack had actually come from my sister’s login (although they offered no reason except “its technical”), so they held back part of the funds and re-opened a fraud investigation under my sister’s name.

My poor sister had to endure 90 minutes of what she termed an “interrogation” by the bank because someone in the fraud group decided she was stealing our mom’s money.

Did They Get Away with It?

Of course they got away with it. The hackers are long gone with the funds and probably working on their next victims.

Our bank told us that the funds were drained through fake PayPal accounts, but PayPal wouldn’t provide them any information about where the money ended up.

PayPal had no reason to pursue the matter because they weren’t the ones who had to reimburse the stolen funds.

The police also had no interest in tracking down a small theft that would cost them thousands to pursue, with likely no results.

Son, Just Fix It!

While all of this was unfolding, my mom also had a credit card replaced (she thinks because of the Target hack).

So, my mom told me to just fix these problems, like I had fixed the VCR when I was 10 or the hair dryer when I was 12.

Well, mom, I’m working on it…

Read More