NEW YORK (MainStreet) — Javelin Strategy and Research recently released its seventh annual Card Issuer’s Safety Scorecard, an in-depth analysis of how well credit card issuers prevent, detect and resolve fraud.
The research was used to rank the most 23 most popular credit card issuers based on performance (see the top 10 in this MainStreet roundup, but also provided some valuable insights into what most credit card issuers are doing right and what they could do better.
“Issuers overall have made great progress in resolution,” Phil Blank, head security and risk analyst for Javelin Strategy & Research, tells MainStreet. “But they are not keeping up with prevention, and detection practices have fallen off.”
In other words, most issuers are adept at addressing fraud after it occurs – with a majority offering zero liability for fraudulent transactions, 24/7 account suspension options, next-day card replacement and personal assistance from a trained representative– but they have yet to launch an adequate pre-emptive strike.
Blank’s sentiment is illustrated best by Citigroup (Stock Quote: C), which recently experienced a data breach that compromised customers’ credit card numbers and other personal information, resulting in $2.7 million in fraudulent charges. The bank squeaked into Javelin’s top 10 list of the safest credit card issuers by virtue of its detection and resolution score, though it only received 22 out of a possible 45 points for fraud prevention.
But Citi isn’t the only issuer who has yet to think proactively about fraud prevention, a shortcoming Blank says consumers contribute to as well.
“The feeling in the industry is that consumers don’t want to be involved in the security,” Blank says, explaining that both parties need to get out of this mindset and that the consumer should play a more active role in account monitoring and maintenance.
He suggests, for instance, that issuers let consumers set their limits for transaction size, cash advances, foreign transactions and transactions taking place when a card isn’t present, an option that was missing from every issuer in the study.
Blank walked us through Javelin’s suggestions for what consumers and credit card issuers should do to improve security practices:
Prohibit the use of full Social Security numbers.
Only 30% of all issuers Javelin studied prohibited the use of full Social Security numbers to authenticate consumers. Even Bank of America, who took first place in all three categories, lost points for this.
Javelin suggests issuers move away from this practice, since Social Security numbers are currently the second most stolen piece of information for fraud victims (first names are the most stolen). Instead, Blank says, issuers should require a truncated version of the number or replace its use entirely with a more rigorous knowledge-based authentication system.
Incentivize fraud protection.
Anti-virus programs or identity theft prevention software doesn’t guarantee a hacker won’t come after your personal information. However, “if you have updated software, you’re much less susceptible to the most common forms of attack,” Blank says.
As such, Javelin suggests that credit card issuers incentivize using security products by offering perks to those who implement best practices or by placing limits on those who don’t. For instance, the report cites that issuers could place transaction limits on consumers who access their account without the latest version of their browser or grant a “higher level of privilege” to a consumer who has installed antispyware on his or her home computer.
Partner with software companies to offer deals.
Similarly, Blank says issuers should develop partnerships with “outstanding security vendors” to offer protection software and services at a discount on the issuer’s website. Javelin believes this would entice consumers who would otherwise purchase identity theft protection software after fraud has occurred to do so preemptively.
—For more ways to save, spend, invest and borrow, visit MainStreet.com.