News From Terre Haute, Indiana

February 12, 2007

The cost of theft: Citizens pay for credit card theft through higher banking, card fees

By Arthur Foulkes

TERRE HAUTE — In these days of quick and easy credit card purchases of everything from gasoline at the pump to movie tickets on “Fandango,” fear of credit card theft is never far away.

“For years I’ve thought this is stupid,” said a recent local victim of credit card theft who asked not to be identified. She believes that businesses invite theft when they do not require signatures for credit card purchases — such as at a gas pump — so that the signature can be verified by a clerk. “It drives me nuts,” she said.

But credit card theft may not be the growing problem we often are told it is.

“Credit card fraud … is on the decline,” writes Indiana University professor Fred H. Cate, director of the IU Center for Applied Cybersecurity Research.

The total cost of credit card fraud fell 10 percent, to $788 million from $882 million, between 2003 and 2004, and fraudulent charges are lower as a percentage of total card use in the United States than anywhere else in the world, Cate writes.

Nevertheless, credit card fraud remains a serious and expensive problem.

“There’s no doubt that financial institutions as a group are losing millions and millions of dollars” to credit card theft, said Pete Piazza, vice president of lending at the Indiana State University Credit Union, which, like many banking institutions, issues its own credit cards. “It’s a huge problem,” he said.

By law, card holders are not liable for more than $50 in losses from credit card fraud and banks seldom, if ever, pursue even that amount, Piazza said. In most cases of credit card fraud, the issuing banks absorb the costs. Additionally, banks have higher operating costs because of credit card fraud. The ISU Federal Credit Union, for example, has a full-time employee devoted primarily to handling credit card fraud problems, Piazza said.

And of course, all these costs ultimately are passed on to the consumer in the form of higher prices, reduced services and lost jobs, Cate writes.



Protection not foolproof

Most credit card theft is not the result of large scale database security breaches, such as a recent compromise of the State of Indiana’s Web site, the much-publicized ChoicePoint breach in 2005 or the more recent hacker attack at the parent company to TJ Maxx and Marshalls. Cate cites a 2005 study that indicated more than one-third of so-called “identity” thieves are family members, another 18 percent are friends or neighbors and nearly a quarter are dishonest employees. That means more than three-fourths of identity theft cases did not involve any access to third-party data, according to Cate.

Since banks and other financial institutions bear most of the costs of credit card theft, they have a big incentive to try to reduce it. The ISU Credit Union, for instance, subscribes to a private security service that monitors a card-holder’s shopping to watch for unusual purchases. This system, known as the Falcon System, is probably what alerted one Terre Haute resident to her card’s recent theft, Piazza said.

In this case, the card thief, after ringing up around $560 in charges on Christmas Eve and Christmas Day at area gasoline stations and drug stores, tried to pay a telephone bill using the stolen card. But because the telephone bill address didn’t match the card-holder’s address, the transaction was rejected and the Falcon System alerted the card holder, Piazza said.

Not all card-issuing institutions subscribe to the Falcon system, but most do, Piazza said.

While banks pay most of the costs of credit card fraud, the consumer also may pay a heavy price in terms of time and headaches. Once you have been a victim of credit card theft, for instance, your credit rating may be harmed, leaving you with a lot of time and bother to get it repaired.

“It could be a nightmare” for the victim of card theft, Piazza said.



New ways to steal

“A thief [may go] through the trash to find discarded [credit card] receipts or carbons” or a “dishonest clerk [may make] an extra imprint from your credit or charge card,” the U.S. Federal Trade Commission warns on its Web site dealing with credit card security. In short, you may not have to lose your credit card or have it stolen to be a victim of credit card theft.

“‘Phishing’ is one frightening example” of a new type of credit card or “identity” theft that is increasing, Cate writes. “Phishing” involves fraudulent e-mails that claim to be from legitimate businesses. These e-mails seek “confirmation” of existing business accounts by asking the victim to reply to the e-mail with personal financial information, such as credit card or bank account numbers.

One recent well-circulated “phishing” scheme involved a phony e-mail claiming to represent eBay. The e-mails asked eBay customers to verify their accounts by sending personal financial information. In this case, as in many others, “phishing” scams include very real-looking, but phony, Web pages from legitimate businesses.

“That’s the number one problem right now … ‘phishing,’” Piazza said. He warns card holders to never answer requests for information about credit cards that come via e-mail, adding that a legitimate credit union or bank is “never going to ask you to put your personal information online and send it back to us for verification” purposes, he said.

Other suggestions for keeping your card information safe include signing your cards as soon as they arrive; keeping a record of your account numbers, expiration dates and the phone numbers of your card companies in a safe place; keeping an eye on your credit card during a transaction; saving your card receipts to compare with card statements; and reporting any questionable charges on your credit card statement promptly and in writing to the card issuer.



Who should foot the bill?

“Not one person bothered to check ID,” said the local victim of credit card theft, referring to store clerks who accepted her stolen card. Maybe if the stores, instead of the banks, had to “eat the charges,” she said, they would be more careful.

But automated gasoline purchases, online shopping and other recent shopping innovations make it clear that credit card use is getting easier, faster and more common. Face-to-face transactions and the practice of signature verification may be becoming less and less the norm.

“It’s always good on a face-to-face transaction that they verify the signature,” Piazza said. But, with systems such as Falcon in place, the risks are not as great as they might seem, he said.

In the meantime, credit card fraud remains an expensive problem, but not one that most consumers deal with out-of-pocket since the law shields consumers from direct monetary costs. However, these costs are nevertheless real and are reflected in higher banking and card fees, higher prices at the stores and wasted time spent sorting out the mess a credit card theft creates.

Arthur Foulkes can be contacted at (812) 231-4232 or arthur.foulkes@tribstar.com.



PROTECT YOURSELF

• Open credit card bills promptly and reconcile accounts monthly. You have 60 days to dispute questionable charges.

• Report any questionable charges promptly and in writing to your card issuer.

• Notify card companies in advance if you change your address.

• Keep an eye on your card during a transaction.

• Save receipts to compare with card statements.

• Sign your cards as soon as you receive them.

• Do not lend your cards to anyone.

• Do not leave your cards or receipts lying around.

• Do not give out account information over the phone unless you know the company is reputable.

• Do not click on embedded e-mails.

• Do not click on attachments.

ON THE NET

• For additional security tips, see the Federal Trade Commission Web site at www.ftc.gov. For more information on identity theft and “phishing,” see www.cacr.iu.edu.