Complain about a product or service

Research Firm Rates Credit Cards On Security

by Martin H. Bosworth
ConsumerAffairs.com

August 3, 2007

Though card issuers and banks are improving their responses to cases of fraud and identity theft after the fact, they need to improve their fraud prevention systems and build in better security measures for their cards, according to Javelin Research & Strategy firm.

"Identity fraud is a major pain point for consumers and can damage the relationship between the consumer and the card issuer," Javelin president James Van Dyke said in a statement. "Card issuers have a golden opportunity to increase loyalty and retention, and strengthen relationships and their brand reputation, by giving consumers simple identity fraud prevention tools they like to use."

The Javelin report rated the top 25 card issuers on the systems and services they have in place to prevent identity fraud and protect customers' finances and information. Among the report's findings:

• 56 percent of the surveyed card issuers require customers to provide full Social Security numbers for identification purposes, whether doing business by phone, online, or by mail. The Social Security number, along with a person's name and date of birth, comprises the "holy trinity" of personal information fraudsters need to steal someone's identity.

• Consumers are limited in their ability to set restrictions on the types of transactions made with their cards, such as blocking purchases made with or for vendors outside the United States. The Javelin report found that only 24 percent of the surveyed card issuers allow consumers to set user-defined restrictions on their accounts in order to prevent fraud.

• More card issuers are offering e-mail or phone "alerts" to notify customers of account activity, which can often alert them to possible fraud. But the number of participating issuers is still small--roughly 8 percent.

• Only 16 percent of card issuers had any kind of alert system for changes to personal information, which can often be a sign of account fraud, due to thieves opening up new accounts using stolen data from customers.

• On a more positive note, 80 percent of card issuers and banks surveyed are using "multi-factor authentication" for online banking, where a customer submits a password and then answers a series of questions or identifies a chosen image to validate their identity.

Javelin's top card for security was Bank of America's Visa Platinum card, winning 69 points out of a possible 80. In second place was American Express' Blue card, winning 66 points due to its fraud detection technology. Tied for third was Discover's Platinum Card and the First National Bank of Omaha's Platinum Visa card.

The Javelin analysts "ideal card" would be one that combines mobile or e-mail alerts of account status or information changes, user-defined restrictions to prevent unauthorized transactions, protects customer data during transactions, and enables easy access to credit reports and credit protection services.

Controversial Conclusions

Javelin's researchers regularly report on identity theft and related topics, and their conclusions sometimes draw controversy. Javelin released a report claiming that 2006 instances and losses from identity theft were on the decline, and that the majority of identity theft cases were committed offline, through stealing junk mail and unshredded credit card offers.

The Javelin study was challenged by privacy advocates and the FTC, both of which found cases of identity theft on the rise. The study was also criticized for ignoring "synthetic identity theft," wherein thieves build new identities from pieces of different victims' information, rather than simply using an existing account for fraud.

Javelin researchers have also claimed that cases of identity theft directly caused by data breaches are rare, and that businesses should not notify consumers unless there is immediate evidence of a danger. The report's stance is favored by government and the financial industry, both of which want federal data breach laws based on a "risk standard."

Consumer advocates and state governments want stronger data breach laws, and oppose federal breach laws due to fear that they will supplant stronger state laws and prevent consumers from finding out if they have been affected by a breach.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

Follow us on Twitter.

Back to the top |