Editorial Policy

Study: Credit Card Issuers’ Fraud Protection Programs Vary

default author image

By Eva Norlyk Smith, Ph.D.
July 12, 2011

How well you are protected from credit card fraud may depend on which credit card you carry in your wallet, according to a recent study by Javelin Strategy and Research.

The June 2011 study found that while most banks have excellent strategies in place for taking care of fraud once it occurs, most programs are less adept at preventing fraud in the first place.

“Prevention is the granddaddy of all fraud protection, but it is also the hardest thing to do,” says Phillip Blank, Managing Director for Security, Risk and Fraud at Javelin. “But the reality is that prevention has the biggest payback. It protects not just the banks, but also consumers who may not be hurt financially by fraud, but who often are harmed in other ways.”

The study looked at the fraud protection measures of the top 23 card issuers in the United States. The total cost of identity fraud reached $37 billion in 2010, according to a previous Javelin Strategy and Research study. And despite progress being made in the war on identity theft, the most recent Javelin study found that there are still significant limitations to the protections that are applied on consumer accounts.

For example, one of the most common types of fraud is opening a new credit card in someone else’s name, according to the Javelin report published last month. But while most card issuers have checks in place for unusual charges to cardholder accounts, only one in eight card issuers offer similar alerts for brand-new accounts.

According to Blank, Javelin’s research also shows a three-year trend of declining scores for card issuers’ prevention efforts. The results, says Blank, indicate that financial institutions may be losing ground in their fight against fraud.

Survey: Credit card fraud protection efforts vary by issuer
So, how safe are consumers’ credit cards? It depends, say researchers. For example, cardholders with Bank of America are in pretty good shape. Among the 23 issuers surveyed in the June 2011 Javelin Strategy and Research study, Bank of America ranked highest in fraud protection, with a score of 87 out of 100 on the Javelin scoring system.

The scoring system weighed prevention efforts at 45 points, fraud detection systems at 35 points and resolving fraud problems after the identity theft has occurred at 20 points.

Second in line was Discover, with a score of 74, while U.S. Bank came in a close third, with a score of 73. American Express came in seventh of all major card issuers – finishing with a score of 66 — just below Chase, which finished with a score of 67.

The lowest fraud protection scores in the group? That dubious honor went primarily to smaller banks, including State Farm, at 43 points, Associated Bank at 46 points and SunTrust at 47 points.

Expert: Consumers’ role in fraud prevention key
However, financial institutions aren’t the only ones that could up the ante in the fight against credit card fraud, Blank emphasizes. Consumers have an important role to play in protecting themselves as well.

For example, Blank says, many people are not aware of essential safe practices that are needed for safe web browsing. “We don’t do enough to teach people about safe practices on the web,” says Blank. “You don’t have to become a technofile, but there are certain key things that everyone should do other than simply keeping their virus protection software current.”

A common security slip-up, says Blank, is to fail to keep a computer’s operating system current or to use an older browser for Internet surfing. When consumers make this mistake, they miss out on key security updates, says Blank.

Blank recommends that consumers bolster their security by installing some form of Man-in-the-Browser protection to prevent fraud originating from a virus-infected computer. A Man-in-the-Browser is a trojan virus which, once installed, can intercept information, modify transactions or create additional transactions without the computer user’s knowledge.

The only protection against the Man-in-the-Browser trojan is to use a form of transaction verification, such as Verified by Visa and Mastercard SecureCode. Most card issuers also offer transaction verification protection in the form of virtual credit cards, which generate numbers on the fly. All of these services protect against hidden virus infections on the computer by adding an extra layer of encryption personalized to the transaction.

In addition, says Blank, card issuers should give consumers more tools to participate in their own security. Such measures, he says, could include expanding fraud alert options available via email or mobile phones.