Credit-card issuers focus too much on ID theft resolution, rather than prevention and detection.
Despite all the headlines about the growing problem of identity theft, most financial institutions that provide credit cards are doing an inadequate job of attacking the problem, focusing on resolution rather than prevention and detection, according to a report released this week by Javelin Strategy & Research.
The report ranked leading card-issuing banks based on three criteria: prevention, detection, and resolution. Issuers could score a maximum of 100 points: 40 points each for prevention and detection, and 20 points for resolution. The rankings were based on a survey of 39 banks in which researchers posing as customers asked about the bank's ID theft policies. Prevention and detection were weighted more heavily than resolution because of their greater potential benefits and cost savings.
The average score for all banks was an unimpressive 41 points. The issuers and products scoring the highest were Discover Platinum Card (59 points), FNB Omaha Platinum Edition Visa Card (58 points), Citibank Platinum Select Card (57 points), Bank of America Visa Platinum (55 points), American Express Blue (54 points), and Chase Platinum (54 points). The survey didn't disclose which banks had the lowest scores.
For prevention and detection, banks achieved average scores of 16.7 and 9.7, respectively, out of a possible 40 points in each category. For resolution, banks achieved an average score of 14.4 out of a possible 20 points. Prevention includes prohibiting or limiting certain types of merchant categories and transactions, such as telephone and E-commerce transactions, allowing customers to opt out of receiving monthly paper statements, and curtailing the use of Social Security numbers as the prime means of authentication for customer interactions.
Detection includes allowing users to generate automated E-mails alerting banks when they're making higher-risk transactions, such as those made in foreign countries or for higher-than-normal amounts. Resolution includes educating customers about ID theft; issuers earned additional points for offering 24/7 account suspension, providing dedicated resolution staff, and assigning ID fraud-tracking numbers.
Identity theft resulted in $52.6 billion in losses in the United States in 2004, according to a Javelin report published in January. Fraud committed using existing accounts totaled $36.9 billion, and fraud committed by opening new accounts--a growing component of ID theft--totaled $15.7 billion.
Fraud detection was the category in which banks scored lowest, with an average score of 9.7 out of a possible 40. Of fraud cases resulting in significant losses, only 30% were discovered by the banks versus 54% by the cardholder. Yet issuers for the most part have been slow to offer customers the ability to access credit bureau data from a bank's own Web site or receive E-mail notification from credit bureaus if their names, addresses, and other data have been changed.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.