Massive increase in fraud crimes should make the government and banks realise that their data protection and Chip and PIN systems are failing to deter fraudsters.
This shows that fraud will continue to grow until they exploit ID KEY system described on website www.xwave.co.uk to make signature and PIN systems reliable and foolproof.
Fake documents have made our signature system unreliable while skimmers and pin-hole cameras etc. have made PIN system unreliable. We have option to make signatures reliable by personalising them with ID stickers and option to use Card Key Code to make PIN system reliable to make use of stolen and skimmed cards meaningless. By ignoring to exploit this system banks are only letting fraud crimes grow.
ID KEY system will eliminate the need for us to protect our personal and card details since fraudsters will be deterred from misusing these stolen details.
Proposed ID KEY can be treated as a reliable international ID card because it will personalise signature and PIN number to only the right individuals in any country.
From these details it is obvious that fraud crimes will continue to grow until proposed ID KEY system is exploited.
Latest security headlines from Network World:
Mafiaboy grows up; a hacker seeks redemption
It only seems like the only news is the economy
Google in curious alliance with click-fraud detection firm
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
Re: Credit Card Fraud
Re: The stolen forms are then filled in and sent in with a different address from the original but the same name and identifying data as the original recipient's. The victim gets the bills and the thief gets the goods.
Since the fraudster is using a different address, the victim does not get the bill either. They find out when their credit report shows non-payment of credit card debt!
Why is it that card issuers are not required to positively confirm that an individual has applied for credit? A different address on the application from that to which the application was sent should be an immediate red flag for the issuer, even if it results in some "false positives."
Wrong, wrong, wrong...
1) Why is it a problem that the cost of fraud is distributed among the late payers? I can totally avoid that cost.
2) As you correctly pointed out, the correspondence between the signature on the card and on the authorization slip, is the required check, but you didn't mention that it is the only required check. I am not interested in proving my identity with sufficient detail that my proof can now be used by some other agent to my liability, which is exactly what happens when you show a driver’s license during a credit card purchase – you have now exposed your identity in sufficient detail that it can be stolen. Or at the very least you have told someone where to go to steal that lovely HD flat screen TV that you are buying…
You are confusing two different things -- identity theft and fraudulent purchases. Stolen identities are always verifiable as the authorized agent of purchase because the credentials were established for the thief, meaning you can't prevent the problem at the retail level -- the problem happens when the credit is authorized, not when the purchase is authorized.
Careless attitude of both sides
Banks overfill the mailboxes of customers with pre-approved applications, and therefore should be held responsible. On the other hand customers also need to be educated about trashing all pre-approved offer, not giving out personal info on incoming phonecalls, educating kids also and not submitting personal info on unknown websites using some alert system such as http://www.parentapproval.com
I fall into this category
"many card holders are actually offended when someone checks their identity"
I'm not offended by the clerk checking my signature on the slip vs. the signature on my card as that is what is supposed to happen. I do get offended when a mindless clerk asks for my driver's license without even looking at the signature. In the case of Visa, I know their rules state the clerk is to compare the signatures and ask for other ID _if_ they don't match, but I am routinely asked for ID without any check of the signature whatsoever, even on check cards! I thought one of the major selling points of check cards is that they allow one to use checking account funds without the hassle of writing a check. One of those hassles is showing ID.
UK Credit Cards
Whilst I have never seen the Bank of Scotland photo credit cards, I think the combating of fraud appears to be further ahead in the UK than the US. Our credit cards need a pin number if you want to use in a shop. You can still perform card holder not present transactions without the pin, but getting hold of the goods is then difficult as most on-line stores don't like box numbers as addresses, so that leaves you with purchasing immaterial things online. Also the banks have to perform 'Know Your Customer' checks to combat money laundering and if the names addresses don't match against the credit agencies and electoral register, you can't financial services.
I know you have much higher levels of fraud in the US and thought it might be down to gullibility, but it is down to lax businesses practisies and acceptance of higher levels of crime.
Why identity-theft rates are so high - Who pays for Fraud?
Mr. Kabay obviously does not have a business that processes credit cards, or he would know that the slow payer's do NOT cover the cost of fraud. They cover the cost of those who default on their credit card payments. When an item is purchased with a card that should not have been used, the merchant has to pay. And it is the merchant who actually pays the cost of fraud. The banks and Credit card companies actually make a profit on the deal. Here is an example, of how Visa, Master Card, Chase, etc sit back and enjoy huge profits at the expense of the merchant being ripped off.
Suppose I buy a product for $80, add $10 for profit and $10 for shipping, for a total of $100. The product is purchased by a credit card thief using a Visa rewards card. i.e.. Here is what happens.
Start:
Income: $100
My cost = $80 + $10 (product & Shipping)
Hoped for profit = $10
About $98 is placed into my account. 2% is scarfed up as a fee called the exchange rate.
I send the product and pay UPS $10 for shipping.
Income: $98
My cost = $80 + $10 + $2 = $92 (product & Shipping & CC fee)
Profit = $8
Credit Card Gang industry = $2 (25% of the profit I get at this point)
The end of the month comes and I pay my bill (product & Shipping) I get a bill from the Credit Card processors and there is an additional charge for that transaction. Another 2%, plus $.25 for the actual transaction and $.05 for the AVS check and still another $.25 for the batch processing that night. For simplicity, we will not include the statement fee, and the other fees they also charge.
Income: $94.55
My cost = $80 + $10 + $2 + $2.55 = $94.55 (product & more CC fee
Profit = $5.45
Credit Card Gang industry = $4.55 (83% the profit I get at this point)
About 3 months later, I get a chargeback saying the real owner disputed their bill. I can fight it, but there is nothing I can really do since the card was stolen and used by someone else. The full $100 is taken out of my account and the real owner is reimbursed for the entire amount charged.
Income: $94.55
My cost = $80 + $10 + $2 + $2.55 + $100 = $194.55
Profit = $5.45
Total Result = Income $94.55 - Cost$194.55 + Profit $5.45 = Loss $94.55
Oh and that's not quit the whole story. The Credit Card industry also hits me with a Fee of $39 for having been ripped off for $94.55 by accepting their card.
Total Loss to the merchant for selling that $80 product = $133.55 Out of pocket Loss
Still think the slow payer pays the brunt of Fraud Mr. Kabay?
Small Correction
I made an error in the income which should remain at $100 so as not to be misleading. It would be clearer to label it as Sales. Cost and Results are the same. The point of the writing should still remain clear. Sorry for any confusion.
The answer is sort of obvious
The answer is obvious, the merchants should stop accepting those nasty credit cards..... Oh, wait, merchants take credit cards because they all know that a customer will probably spend 20-30% MORE in their store if they can pay by plastic instead of cash.
The simple fact is that security will not be improved because everyone is willing to allow it to go on as it is - and nobody will do anything to attempt to improve security if it might cost them business..... and, so far, nobody has figured out how to improve security without inconveniencing the customer, even a little bit, or making them nervous.
Personally, I think that it should be possible to educate the customer to understand that the inconvenience "is a good thing" and serves a purpose... but this seems very difficult to do. When CitiBank offered the option of putting your picture on your credit card to make it more secure, very few people did it. WAMU (when they were Aria) started to test out a smart card system - it was discontinued before even being put into widespread use - presumably because nobody was willing to install and use the FREE card readers it required.
Now PayPal is offering the use of Verisign hardware token security - which is a good improvement in security and everyone SHOULD be happy to use - for a token (sic) ONE TIME cost of $5 for the device - I wonder how many people have signed up....
Don't use the SSN for authentication
You mention the Social Security Number being used in the US as a ubiquitous identifyer - due to the lack of alternatives and inspite of the fact that the SSN was not originally designed to serve as such a general identifier. You then mention the problem of data aggregation based on this identifier. However, data aggregation is mainly a privacy issue, not a security / identity fraud issue. It seems to me (being Swiss, not American) that the use of SSN becomes a problem related to identity fraud from the moment that SSN is considered as a "secret" and used for authentication. However, an identifier mustn't be considered nor used as a secret.
I say that using
ID Theft
I agree with your comments. I do not sign the back of my card, I would rather have them check my ID than have a valid signature available to a theft if my wallet gets stolen. ALso, the new electronic signature machines are a joke. It is impossible to sign you name legibly on most of them. In fact, many stores no longer require a signature or ID check if the value is under $20.