Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:52 PM
Connect Directly

Banks Not Doing Enough To Stop ID Theft: Report

Credit-card issuers focus too much on ID theft resolution, rather than prevention and detection.

Despite all the headlines about the growing problem of identity theft, most financial institutions that provide credit cards are doing an inadequate job of attacking the problem, focusing on resolution rather than prevention and detection, according to a report released this week by Javelin Strategy & Research.

The report ranked leading card-issuing banks based on three criteria: prevention, detection, and resolution. Issuers could score a maximum of 100 points: 40 points each for prevention and detection, and 20 points for resolution. The rankings were based on a survey of 39 banks in which researchers posing as customers asked about the bank's ID theft policies. Prevention and detection were weighted more heavily than resolution because of their greater potential benefits and cost savings.

The average score for all banks was an unimpressive 41 points. The issuers and products scoring the highest were Discover Platinum Card (59 points), FNB Omaha Platinum Edition Visa Card (58 points), Citibank Platinum Select Card (57 points), Bank of America Visa Platinum (55 points), American Express Blue (54 points), and Chase Platinum (54 points). The survey didn't disclose which banks had the lowest scores.

For prevention and detection, banks achieved average scores of 16.7 and 9.7, respectively, out of a possible 40 points in each category. For resolution, banks achieved an average score of 14.4 out of a possible 20 points. Prevention includes prohibiting or limiting certain types of merchant categories and transactions, such as telephone and E-commerce transactions, allowing customers to opt out of receiving monthly paper statements, and curtailing the use of Social Security numbers as the prime means of authentication for customer interactions.

Detection includes allowing users to generate automated E-mails alerting banks when they're making higher-risk transactions, such as those made in foreign countries or for higher-than-normal amounts. Resolution includes educating customers about ID theft; issuers earned additional points for offering 24/7 account suspension, providing dedicated resolution staff, and assigning ID fraud-tracking numbers.

Identity theft resulted in $52.6 billion in losses in the United States in 2004, according to a Javelin report published in January. Fraud committed using existing accounts totaled $36.9 billion, and fraud committed by opening new accounts--a growing component of ID theft--totaled $15.7 billion.

Fraud detection was the category in which banks scored lowest, with an average score of 9.7 out of a possible 40. Of fraud cases resulting in significant losses, only 30% were discovered by the banks versus 54% by the cardholder. Yet issuers for the most part have been slow to offer customers the ability to access credit bureau data from a bank's own Web site or receive E-mail notification from credit bureaus if their names, addresses, and other data have been changed.

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.