Flaws Found in
Credit Card Identity Protection
|
|
| DISCOVER CARD, FIRST National Bank of Omaha, Citibank, Bank of America, and American Express topped the list of credit card issuers with the best protections against identity fraud, according to Javelin Strategy & Research, a financial services industry research firm in Pleasanton, Calif. The Identity Fraud Safety Scorecard for Credit Card Issuers, released by Javelin in June, follows a wave of corporate disclosures of security incidents involving consumer information at companies such as CardSystems Solutions Inc., Choice-Point, and LexisNexis. Javelin reports that losses from identity fraud total US $52.6 billion and affect 9.3 million people each year. The new scorecard ranks 39 credit card issuers on their identity fraud prevention, detection, and resolution capabilities based on reviews of their Web sites. Javelin scored issuers on 38 fraud safety capabilities and found that issuers differ significantly in the types of actions they take to protect customers from identity fraud, including expanded alerts, limits on certain types of transactions, and improved notices about changes in personal information. One of the survey's most glaring findings is that nearly two-thirds of issuers require cardholders to enter their Social Security number to access account information or obtain phone support. Forty-one percent of issuers don't allow cardholders to order credit reports or monitoring services. None of the issuers listed in the scorecard enable cardholders to block purchases from certain merchant categories. Card issuers also don't alert customers by e-mail about unusual account transactions, the survey found. Yet, in a separate Javelin survey of credit card customers, 72 percent of respondents said they would value such alerts highly. On the positive side, 90 percent of card issuers educate consumers about online identity fraud, and 85 percent inform cardholders about fraud safety for in-person purchases from merchants. In addition to rating the online fraud protections offered by card issuers, the scorecard recommends steps that issuers can take to improve security and lower fraud costs. These include allowing cardholders to receive online account statements rather than paper statements, encouraging online payments, using alerts to help customers monitor transactions daily, teaming with credit bureaus to give cardholders access to credit reports and monitoring services, eliminating the use of Social Security numbers for identification purposes, and offering 24-hour online account suspension and resolution services.
COPYRIGHT 2005 Institute of Internal Auditors, Inc. COPYRIGHT 2005 Gale Group
Internal Auditor, August, 2005 by T. McCollum |
|
