6
How to avoid online credit card fraud
Credit card protection and security
To view this content, Javascript must be enabled and Adobe Flash Player must be installed.
TEXT OF INTERVIEW
JEREMY HOBSON: Credit card fraud jumped 62 percent last year. That's according to the electronic payments software company ACI Worldwide. The company says 29 percent of us -- including yours truly -- have been the victim of credit card fraud in the past 5 years.
Let's bring in LA Times Consumer Columnist David Lazarus for more on this. Good morning David.
DAVID LAZARUS: Good morning.
HOBSON: So this is becoming a real problem.
LAZARUS: It's been a big problem for quite some time; the growing use of plastic simply means that there's growing potential for getting ripped off when you use it. You've really got to be smart when you use a credit card.
HOBSON: But why is this happening right now?
LAZARUS: There's a number of reasons. On the one hand, you could say that we don't have sufficient security measures in place here in the United States. For example, in Europe, most of the plastic has chips embedded in, they're smart, they've got encryption, and they basically are able to defend themselves better. We're not quite there yet here in the U.S. Another thing too is simply just the growing use of mobile devices and Wi-Fi. A lot of people are accessing the Internet on-the-go or using unsecured connections, like at Starbucks or something else. And the simple fact is, if you go e-shopping using a Wi-Fi connection, I'm not going to say you're going to get ripped off every time, but the chances of someone seeing what you are doing and walking away with your number are exponentially higher.
HOBSON: Somebody could be watching that number that you're typing into the screen. David, what can people do to make sure that they're not the victims of credit card fraud?
LAZARUS: The first thing is just be smart about it. For example, don't give out your number to anybody who you don't trust. Second of all, be mindful of the whole Wi-Fi phenomenon. If you're having a latte at Starbucks, probably not the best time to go to Amazon.com and go browsing for things. Always use a secure connection when you need it. And finally, there's something called virtual credit cards out there, which hardly anybody seems to know about. But what these are are services offered by banks in which they create a separate number based on the full backing of your normal piece of plastic that has all sorts of encryption and other security attached to it, and then when you go e-shopping, you're not using your normal number, you're using this temporary number. And in some cases, after you do your shopping expedition on the Internet -- poof! -- the new number goes away.
HOBSON: All right, L.A. Times consumer columnist David Lazarus. Thanks so much.
LAZARUS: Poof, I'm gone.
I was a bit annoyed with some of the fear-invoking inaccuracy in this story.
As Kevin pointed out, as long as the credit card form is SSL protected (the lock icon appears), it doesn't matter if the WiFi connection is insecure. Nobody (except the NSA) can see your card number.
ALL e-commerce sites must do this, or else they are in violation of PCI DSS rules and can get slapped with huge fines and shut down by their card processor if they don't comply.
http://en.wikipedia.org/wiki/PCI_DSS
I was disappointed that nobody pointed out WHY the card industry isn't doing anything about fraud. The merchant pays for 100% of fraudulent charges, so none of the other players in the credit card industry have any monetary motivation to deal with fraud.
To make matters worse, the card networks (visa, mastercard, etc) and other players actually MAKE money when fraud occurs, by assessing "chargeback" fees to the merchant for every illegitimate purchase.
Having had one credit card cloned three times in the last 18 months, I've learned something about why we have a problem - nobody cares!
The last time somebody presented a cloned counterfeit card to a Target Store near where I live. The store accepted the card - without ID - for a ~$1000 purchase. Two minutes later they refused a similar transaction at another checkout.
Within a minute, the card company (Chase) text messaged me wanting to know if this was me - and I responded no, I was out of town at the time.
The perpetrator walked out of the store but was taped doing both transactions.
For the next 3 weeks, I tried to get an investigation done, as I was betting this was part of a "ring." I found the security people at Target and confirmed they had video and they burned a CD of the transaction for police.
I went to the police to file a report and was firmly told "don't bother" - we get thousands of these complaints a month.
I talked to the card company and was told they get millions a month and don't bother pursuing them. It just gets written off in fees.
So there you have it - low risk crime!
> virtual credit cards
There's no extra encryption or features. Its just a credit card number that is associated with your hard plastic card number, but you can set a low dollar amount (enough to buy your one purchase) and a short expiration date. Even if the virtual credit card number is compromised, no one can use it because of the low limit or because it has expired.
Standard procedure when using an e-commerce website is to check the "lock" symbol on your browser. This means that encryption is being used for the transmitted data. That being the case, and assuming the e-retailer is doing things properly, there's no additional risk that would come from using any Wi-Fi connection.
Some things that are real risks:
(1) Typing in your card number in a public place where people can see it.
(2) Malware that might be on your computer such as a keystroke logger. This is easy for any virus-writer to make. People don't type in 16-digit numbers very often, so it's easy to comb through the data and find them.
