A Brief History of Credit Card Security & Online Transactions

A Brief History of Credit Card Security & Online Transactions article cover

Fewer Americans are carrying cash every day, opting instead to swipe their plastic and ditch the risks of paper money. It seems credit and debit cards are accepted everywhere today, from the millions of shopping portals online to the retail store down the street – even some new vending machines are starting to accept cards. But with so much swiping going on, what sort of fraud should the average shopper lookout for, and what security protections are in place to keep us safe? Today we explore a brief history of credit card security risks over the past several decades and the actions that have been taken to protect consumers from them.

Early AOL Phishing

(source)

Phishing is a form of fraud that takes place when a con artist mimics an reputable organization with intent to steal a victim’s credit card number. Long before the days of the modern web, early Internet adopters were subject to phishing attacks from the mid-1990s hacking community.

In 1998, Wired News reported on the problem, warning AOL members that “It’s not hard to phish, and being as how some members forget that [a security warning] is there right on the screen, it makes it very easy for the phishers to obtain any members’ passwords.” The big risk with these early phishing attacks was gaining access to the account billing information, which gave skilled phishers access to credit card numbers and bank account details.

Skimming Fraud

Outside of the Internet, credit card holders still need to be on the lookout of scam artists. Skimming is a scam that targets any shopper or restaurant customers that hand over their card. The scammer can either photocopy the card, or use a small electronic device to scan the card and steal the information.

CreditCards.com reports that some skimmer criminals use the stolen credit card numbers to go on shopping sprees, while others sell the numbers through a contact or over the internet. In recent years, credit card security has evolved to plot trends in individual purchasing behavior, and notify the bank when it spots strange looking transactions. This helps banks identify a stolen card and protect their customer before the charges get out of hand.

Bin Attacks And Card Generation

(source)

Despite how they may look, credit cards are not created from random numbers. Instead, banks issue cards in batches where the majority of the numbers are the same except for the last 4 digits. Fight-Identity-Theft.com explains that BIN stands for “Bank Identification Number,” and that “cards in the same BIN range have similar data like expiry dates etc.” Using custom computer programs, credit card thieves can manipulate these last 4 numbers thousands of times and come up with a series of valid credit card numbers to use for shopping online.

Payment Card Industry Data Security Standard

(source)

Recognizing the need for increased security for online credit card transactions, the Payment Card Industry Security Standards Council began putting new merchant standards into effect in 2004. Visa, MasterCard, American Express, Discover, and the JCB Data Security Program collaborated on a set of new mandates that would require Internet retailers to enact a number of saftey precautions to protect their customers paying by card.

Modern requirements include installing a firewall, encrypting cardholder data, and regularly updating anti-virus software to prevent worm attacks from harvesting data. The standard also requires retailers to keep their security systems up to par by testing their software against attacks and hacking attempts.

Modern Day Phishing

(source)

According to TheFreeLibrary, 53 million people in the US alone use the Internet for banking and bill pay – more than ever before in the history of the Internet. Just as the fabric of the Internet has evolved into a totally new animal since the early days of AOL, so too have credit card phishers become more skilled and cunning with their tactics. Taking advantage of the upsurge in online bankers, modern phishers can design websites that look exactly the same as those of major banks.

Scammers then lure in bank customers, usually through an email that requests the user to log into online banking and verify their identity. When the deceived customer enters their user name and password, the website captures it and sends it back to the scammer, allowing him to log in and drain the accounts.

Identity Theft Protection

(source)

The rise in online consumerism has made identity theft a troubling concern for over the past few years. In fact, eSecurity Planet reports that over 11.1 million Americans lost a combined $54 billion to identity theft crimes in 2009 alone. As a result, identity protection companies like LifeLock have developed products aimed at those afraid of loss and identify theft.

One solution offered by identity protection services is a constant monitoring of a customer’s credit report, which will show any and all unauthorized attempts to open new credit or loans. In addition, credit card purchases and spending habits are recorded so that unusual spending (or spending that takes place in another geographical location) can be identified as fraud and stopped as it occurs. However, one company providing this service, LifeLock, has received substantial criticism of its business model.