Saturday, October 11, 2008

Credit Card Security

The low security of the credit card system presents countless opportunities for fraud. This opportunity has created a huge black market in stolen credit card numbers, which are generally used quickly before the cards are reported stolen.

The goal of the credit card companies is not to eliminate fraud, but to "reduce it to manageable levels", such that the total cost of both fraud and fraud prevention is minimized. This implies that high-cost low-return fraud prevention measures will not be used if their cost exceeds the potential gains from fraud reduction.

Most Internet fraud is done through the use of stolen credit card information which is obtained in many ways, the simplest being copying information from retailers, either online or offline. Despite efforts to improve security for remote purchases using credit cards, systems with security holes are usually the result of poor implementations of card acquisition by merchants. For example, a website that uses SSL to encrypt card numbers from a client may simply email the number from the webserver to someone who manually processes the card details at a card terminal. Naturally, anywhere card details become human-readable before being processed at the acquiring bank is a security risk. However, many banks offer systems such as ClearCommerce, where encrypted card details captured on a merchant's webserver can be sent directly to the payment processor.

Controlled Payment Numbers are another option for protecting one's credit card number: they are "alias" numbers linked to one's actual card number, generated as needed, valid for a relatively short time, with a very low limit, and typically only valid with a single merchant.

The way a credit card-owner pays off his/her balances has a tremendous effect on his/her credit history. All the information is collected by credit bureaus. The credit information stays on the credit report for 7 years except for bankruptcies, which remain for 10 years

No comments: