Credit-card issuers focus too much on ID theft resolution, rather than prevention and detection.
Despite all the headlines about the growing problem of identity theft, most financial institutions that provide credit cards are doing an inadequate job of attacking the problem, focusing on resolution rather than prevention and detection, according to a report released this week by Javelin Strategy & Research.
The report ranked leading card-issuing banks based on three criteria: prevention, detection, and resolution. Issuers could score a maximum of 100 points: 40 points each for prevention and detection, and 20 points for resolution. The rankings were based on a survey of 39 banks in which researchers posing as customers asked about the bank's ID theft policies. Prevention and detection were weighted more heavily than resolution because of their greater potential benefits and cost savings.
The average score for all banks was an unimpressive 41 points. The issuers and products scoring the highest were Discover Platinum Card (59 points), FNB Omaha Platinum Edition Visa Card (58 points), Citibank Platinum Select Card (57 points), Bank of America Visa Platinum (55 points), American Express Blue (54 points), and Chase Platinum (54 points). The survey didn't disclose which banks had the lowest scores.
For prevention and detection, banks achieved average scores of 16.7 and 9.7, respectively, out of a possible 40 points in each category. For resolution, banks achieved an average score of 14.4 out of a possible 20 points. Prevention includes prohibiting or limiting certain types of merchant categories and transactions, such as telephone and E-commerce transactions, allowing customers to opt out of receiving monthly paper statements, and curtailing the use of Social Security numbers as the prime means of authentication for customer interactions.
Detection includes allowing users to generate automated E-mails alerting banks when they're making higher-risk transactions, such as those made in foreign countries or for higher-than-normal amounts. Resolution includes educating customers about ID theft; issuers earned additional points for offering 24/7 account suspension, providing dedicated resolution staff, and assigning ID fraud-tracking numbers.
Identity theft resulted in $52.6 billion in losses in the United States in 2004, according to a Javelin report published in January. Fraud committed using existing accounts totaled $36.9 billion, and fraud committed by opening new accounts--a growing component of ID theft--totaled $15.7 billion.
Fraud detection was the category in which banks scored lowest, with an average score of 9.7 out of a possible 40. Of fraud cases resulting in significant losses, only 30% were discovered by the banks versus 54% by the cardholder. Yet issuers for the most part have been slow to offer customers the ability to access credit bureau data from a bank's own Web site or receive E-mail notification from credit bureaus if their names, addresses, and other data have been changed.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.