Consumers Not Powerless in the Face of Card Fraud
By RON LIEBER
The New York Times | March 15,2014
When you think about the security of your credit and debit cards, consider the facts on the ground.
Industry representatives readily admit that thieves are often one step ahead of them and that data breaches are a fact of life. One bank went rogue and publicly called out MasterCard and Bank of America for not sharing information and for failing to stem card fraud fast enough in Chicago taxicabs.
Now a for-profit college, sensing opportunity, has found its own angle. Monroe College is currently pitching a minor in cybersecurity. Its ad on New York subways features a woman in a white coat holding a card that intersects with beams of light. Perhaps she’ll invent a way to solve the payments industry’s problems.
Until then, you have to help yourself. Most card companies already have custom alerts and other features that not enough consumers use. Then there’s something that all cards should have but most don’t — an on/off switch accessible from a mobile app that could keep most fraud from happening. Finally, there are the microchip cards that most of the rest of the civilized world uses but barely exist in the United States so far.
Let’s take them in order.
Alerts and other tools
Whether you’re using a debit or credit card, there are all sorts of ways to limit the damage a thief might do or at least get a quick warning that one is on the loose.
Capital One offers a typical list: Customers can turn on text or email alerts that will arrive when their balance goes above or below an amount that the customer sets, when a charge occurs above or below a certain amount, when any charge occurs at all, or if a transaction doesn’t go through because there isn’t enough money in the checking account.
Committed debit card users may want to consider the two-account approach that a reader mentioned. The strategy here is to use one checking account for everyday spending with a debit card and a separate checking account for recurring payments. Destroy the debit card for the second account, and you won’t have to worry about a thief stealing the card, draining the account and causing your mortgage or other payments to come up short.
The on/off switch
If people turned their debit or credit cards on before each charge and then turned them off again before returning the plastic to the wallet, it would be a lot harder for thieves to do their work.
This technology exists. A company called Malauzai Software built an on/off switch after one of its bank customers sought a solution to the amount of time its representatives were spending on the phone with people whose debit cards had gone missing. It wanted the customers to be able to turn the cards off temporarily via their mobile banking app until they found them again or declared them lost and asked for a replacement.
Malauzai obliged, but it soon discovered that fraud-wary customers were turning the cards on and off before and after every charge.
“The fraud prevention thing was gravy on top of the mashed potatoes,” said Robb Gaynor, Malauzai’s co-founder and chief product officer. “It was unexpected.”
Ellen Richey, Visa’s chief legal officer, expressed a bit of skepticism about the on/off switch. The right malware could muck it up, and users may forget that their cards are off and get annoyed at the cash register when things aren’t working.
“One thing we have found is that consumers are remarkably impatient with anything that gets between them and making a payment,” she said.
Perhaps, but why not let consumers decide whether they mind that friction? So far, Chase, American Express, Citibank and Bank of America have no plans to do so. If enough of you demand it, however, perhaps they’ll see the light. This is what happened with the now ubiquitous tool that lets you deposit checks by taking a picture of them with your phone and zapping them to the bank.
The United States is such a fraud-friendly country in part because we still use old-fashioned magnetic stripes on the back of our cards. This makes it relatively easy for thieves to make counterfeit ones.
At long last, retailers and banks and the companies that process their payments are preparing to begin to possibly get their acts together on this front. Over the next 18 months, more debit and credit card issuers will issue plastic with a microchip inside that will transmit a unique code each time you use it in person. Presumably, thieves won’t be able to counterfeit that sort of thing easily, at least for a little while.
Then, on Oct. 1, 2015, assuming there aren’t any extensions, most retailers that don’t have terminals to read the chip cards yet will be responsible for certain types of fraud if it occurs. If retailers do have the terminals but a bank hasn’t gotten around to giving a consumer a chip-enabled card, then the bank will pay for the fraud as a penalty for lagging the retailers. It’s an elaborate game of chicken, fitting for an industry where the major players spent years embroiled in a lawsuit.
Richey of Visa says she believes that the various industry players will be quick to act online as well. After all, if they do nothing, the rate of online fraud may rise at the same rate that in-person card fraud falls thanks to all those microchips.
“It’s so compelling that it will fuel the merchant and bank players’ willingness to proceed,” she said. “Otherwise, they won’t get the benefit of the investments they’ve made in chip cards.”
That’s a lot of ifs, in an industry that has waited an awfully long time to fix its fraud problems while inconveniencing millions of customers. Let’s hope it happens as they say it will. Until it does, set some alerts and pester your bank to give you all of the technological options that ought to be available right now.