2 History of Credit Card Security Breaches

Credit cards have become an established and widely-used part of everyday society. According to Investopedia.com, a credit card is “a card issued by a financial company giving the holder an option to borrow funds, usually at point of sale. Credit cards charge interest and are primarily used for short-term financing.” Since their introduction into civilization, they have become one of the primary methods that consumers use to conduct transactions at virtually any establishment, business or institution. Every person, from the plumber to the corporate Wall Street executive, utilize them in order to smoothly and efficiently conduct transactions for their perspective business pursuits. The question is- how did the “credit card” come about?

The Encyclopedia Britannica asserts that, “the use of credit cards originated in the United States during the 1920s, when individual firms, such as oil companies and hotel chains, began issuing them to customers.” However, the story delves even deeper as there are several different theories as to how the “credit card” came to be a popular entity in the general public after its original conception. (“Credit Cards” NY/NY, 2007-2010)

One theory alleges that the original bank issued credit card came from Brooklyn, New York at Flatbush National Bank in 1946. The creator, banker John Biggins, issued the cards as part of a new program he called “Charge-It.” The inner workings of the program allowed transactions to be made between local business merchants and Flatbush National bank customers. The business owners would deposit customer sales slips at the bank and in turn the bank would bill the customers for their purchases. At the time, the “Charge-It” program was considered as an absolutely brilliant innovation. The program provided added convenience to the bank customers which consequently created a boom in profits for the local businesses. (“Credit Cards” NY/NY, 2007-2010)

Another popularly accepted theory of the origin of the credit card came from an establishment that is loved and known by every American citizen- the diner. Some believe that the first issued credit card was distributed by Frank McNamara, owner of Diner’s Club around the year 1950. This card was issued primarily to pay restaurant bills, however, and was issued primarily as a convenience to customers so that they did not have to carry around large amounts of cash when going out in the evening. Critics of this theory don’t really consider this a valid “credit card” since the owner could not carry over any sort of balance from month to month. (“Credit Cards” NY/NY, 2007-2010)

Despite the true origin of the credit card, the bigger question that now arises is- where did everything go wrong? With the advancement of technology came, not only consumer luxuries such as credit cards, but also thieves who access information from those cards to commit some sort of crime. Incidences of credit card theft suddenly took a sharp turn when free exchange of personal and financial information become common by the use of computer and electronic devices. This rapid growth resulted mainly from the multiple ways people live their lives and process information. Although new technology made it easier for people to communicate with each other, secure credit and make purchases globally, it has also made it much easier for personal information to fall into the wrong hands. (Premier Solutions International, 2014)

Credit card breaches are an example of a general practice known as “data breaching.” Data breaches are incidences in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property. (TechTarget LLC, 2000-2014) Data breaches now affect one in six small businesses, as well as large retailers like Barnes & Noble, Zappos, and TJX. A single breach can cost from anywhere from \$80,000 to millions of dollars. (EarthLink Inc., 2014) Data breaches, or more specifically credit card breaches, can be accomplished by many methods, the most popular being the direct theft of a cards mag stripe data. Using advanced tools, computers or software hacking methods- criminals can use the data obtained from mag strips [the black magnetic strips located on the back of the card] to manufacture new cards with valid mag stripe information (Credit Union Times, 2014). For the modern consumer, this means the ever-present risk for a criminal to steal credit card numbers to manufacture false credit cards, make unauthorized transactions, open up new credit accounts or to steal their victim’s identity.

The major concern associated with credit card breaches is identity theft, or the illegal seizure of one’s personal information to assume their identity. With the increase in the amount of personal information that is exchanged on the Internet, identity theft has developed into a major concern in the United States and abroad. (Gale Encyclopedia of Everyday Law, 2014) An individual who commits identity theft may appropriate a name, bank account number, credit card number, social security number, or other personal information in order to commit various types of crimes. Credit card breaches are a main avenue that criminals use to commit this type of crime and the repercussions can be numerous to the victim. According to the Gale Encyclopedia of Everyday Law, once an individual’s credit card information has been breached, the perpetrator may:

• Establish a phone or wireless service in the name of the victim

• Open new credit card accounts in the victim’s name

• Call credit card companies to change the billing address of the victim’s account (so the victim will not receive statements)

• Create counterfeit checks, credit cards or debit cards

• Authorize electronic transfers in the victim’s name

• Drain bank accounts of funds

• Buy a car or take out an automobile loan in the victim’s name

• Get a job or file a fraudulent tax return in the victim’s name

• Give the victim’s name to police during an arrest

As shown by recent statistics, credit card breaches are the most commonly used form of fraud used by criminals to commit identity theft and the incidences of these cases continue to rise.

In light of this trend, both state and federal governments have enacted a series of statutes that are designed to deter identity, or more specifically, credit card theft. Many of these statutes increase penalties or expand the roles that law enforcement officials play in the investigation of this type of crime. (Gale Encyclopedia of Everyday Law, 2014) In addition, new types of software and programs have been implemented in order to prevent credit card breaches from occurring.

3 Causes of Credit Card Security Breaches

There are a number of ways credit card information can be stolen. Some of these ways involve more of a physical interaction with the credit card, while others utilize malware on internet websites and personal computers. Most of the techniques involve deception to fool the card holder into unknowingly providing their credit card information to the thief.

The physical interactions of theft involve either recording the credit card information out of the card holder’s site or placing a device on the credit card reader that stores the information. In the first case, when a person uses their credit card at a restaurant or other location in which at some point their card is out of sight then there is a chance for their information to be stolen. The waiter can swipe the card through a device that quickly stores the card information (Herron, 2011). In the other case, the device that reads the card is instead secretly attached to the card reader of a register in a store or at a gas station. As people come through all day using their credit cards, the information from the cards that are swiped is sent to the thief’s laptop or the thief returns to take the device and extract the information stored on it. These processes are known as skimming (“World Vision Security”).

In the methods that don’t provide physical interactions, the thieves instead attack websites or public computers that lack effective security. When a person uses such websites, a program is downloaded onto their computer which then searches for the person’s personal information. Also, when the sites prompt the user for credit card information for purchases, the person may be rerouted to a site created by the thief that appears to be the same as the original website. This technique is known as framing. Such programs are also downloaded onto a person’s computer when they open emails that have the malware attached, which is known as phishing. These programs can record everything that the person does on the computer while the malware is installed, giving them access to every password and piece of information that the user inputs (Herron, 2011). The specific software that was used for the Target incident is called Kaptoxa or BlackPOS.

In general, the person stealing the credit card information doesn’t make use of it. Instead, they sell the information to another person who then makes a second credit card with the same information. They then sell those cards to others who use the cards for purchases. The person who makes the purchases may make it even harder to track the criminals because they will sell the purchases to other buyers (Herron, 2011). This entire process makes it hard to track the criminals that attack and steal credit card information.

4 Cost and Impact of Credit Card Security Breaches

The cost of an actual credit or debit card breach goes far beyond the initial amount of funds that were stolen. According to the Wall Street Journal, The Consumer Bankers Association states that the estimate cost of card replacements, for the Target consumers affected by the 2013 credit card breach, have reached 172 million dollars. To break that cost down even further, the member banks had to replace roughly 17.2 million cards, which are at a cost of \$10 per card; keep in mind that the \$10 includes the actual cost of the card, mailing costs, and if applicable, hiring extra employees to get such a large amount of new cards out the door fairly quickly.

As you may already know, Banks are different than Credit Unions and they too incurred millions of dollars due to the credit card breach in late 2013. The Wall Street Journal noted that the Credit Union National Association has put together an estimate of its impact at 30.6 million dollars. This Association also stated that the cost of replacing the credit and debit cards was not passed down to the credit union members.

5 Credit Card Security Breach Cases

6 Companies for Credit Card Security Breaches

Most credit card companies have policy’s that protect the card holder from fraudulent charges. These credit card companies usually monitor their customers accounts for suspicious activity, and when there is a questionable purchase they will usually contact you and or freeze the account. Credit card companies such as Bank of America provide their customers with a security package called “Total Security Protection.” With this package Bank of America provides zero liability protection, which means that if your card is lost or stolen, they will credit your account back any amount that is fraudulent. The second way this package offers credit card protection is by fraud monitoring, the bank reviews how and where your card is being used and will block potential fraud if abnormal patterns are detected. The third way this package protects the card holder is with photo security and security codes. The card holder can include their picture on the front of the card and a security code number on the back of the card, which helps reduce the risk of fraud(Bank of America.com). Bank of America is just one of many companies that offer protection like this with their credit cards.

If the credit card companies security protection plans are not enough, then there are other companies such as LifeLock. This company claims that they are more than just a credit monitoring service. They help protect your personal information using a combination of data surveillance techniques and customer service, 24 hours a day, 7 days a week, 365 days a year. This company’s customer service guarantee states that if you ever become a victim of identity theft while a member of LifeLock they will spend up to a million dollars to hire experts, lawyers, investigators, consultants and whatever else it takes to help their customer in recovery. Protection like this will set you back about \$10 to \$25 a month depending on what plan you choose(protecting your identity).

7 Prevention of Credit Card Security Breaches

Almost everyone knows someone (or even themselves) who has fallen victim to credit card fraud. It seems that if credit card fraud is completely unavoidable. Now big companies (like Target) are putting their customers in danger when they shop there. Over 110 million Target customers had their credit card information stolen while doing holiday shopping (McGrath, 2014). According to Chiacu (2014) the Target Corporation ignored several warnings that their security system sent out. Their security system sent out automated warnings to let Target know that hackers were trying to get into the system. The company recently admitted to acknowledging the warnings, but they decided to not take immediate actions (Chiacu, 2014). In Target’s case the biggest prevention effort that could have been taken was to take the security warnings more seriously, and to have reacted quickly to the potential threats. But, that bit of advice is only helpful to big businesses. What about the millions of Target customers who suffered?

Although individuals are damaged by the effects of a mass credit card data breach, it is not their fault that big companies did not update their malware system or etc. Individuals can take steps of their own to prevent credit card fraud. According to Irby (n.d.) there are seven ways to prevent fraud; keep your cards/information in a safe place, destroy anything with your card information written on it, before you sign a receipt make sure it is the correct amount, try to not give out your credit card information, be careful when you shop online, report lost/stolen cards, and review your card statements monthly.

• Of course you want to keep your credit card in a safe place, but what is considered safe? Anywhere that is close to or always on your body, like a zipped wallet or in a zipped purse. That way it will make it more difficult for someone to take it.

• If you have ever written down on paper your card information, then that piece of paper needs to be shredded (or destroyed one way) ASAP!

• Online shopping is great, but it is a very dangerous activity. If you choose to continue to shop online, then restrict your shopping to secure sites only.

• It is very important to review your credit card statements every month. Sometimes an identity theft will only take a few dollars here and there to see if they can get away with spending the big bucks later. Report any suspicious activity.

• If you are using a debit card make sure your bank offers identity theft protection.

• You can use a company like LifeLock (listed above) to help prevent credit card fraud.

• If you believe your card has been stolen or you lost it, then contact your bank/credit card company immediately. They will issue a new card with new information.

In conclusion, be very skeptical with your credit card/information, and take all potential threats seriously. Credit card fraud can be very tragic. It is important to take prevention measures to ensure that fraud does not happen to you.

8 References