Banks Should Report Cyber Crimes, Says Gartner

by CXOtoday Staff    Nov 09, 2004

The recent U.S. Secret Service arrest of alleged cyber criminals shows why financial service companies must proactively disclose cyber crimes to consumers affected, stressed research major Gartner.

On 29 October 2004, the U.S. Secret Service announced it had arrested 28 members of an alleged cyber crime ring. The suspects, from eight U.S. states and six countries, have been charged with identity theft, computer fraud, credit card theft and conspiracy.

Authorities say that the members of this alleged crime ring stole 1.7 million credit card numbers with financial losses estimated at $4.3 million. This translates into slightly more than $2.50 of fraud per stolen card number. Although this number is plausible credit card thieves sometimes charge small amounts to large numbers of cards Gartner doesn’t believe the official reports give the entire picture.

Card acceptors often won’t process charges of less than $10 because the cost of processing exceeds the profit. Also, of the 1.7 million card numbers the thieves allegedly stole, they likely used only a small number of them to perpetrate big frauds, since fraud-detection software protects most credit card transactions.

But a glaring concern plaguing the industry is: Who notifies consumers that their cards have been stolen when there have been no illegal transactions using those stolen cards? Most of the time, card issuers don’t tell consumers when their cards are stolen unless it results in a theft.

The issuers reason that they don’t know whether the card theft will ever result in fraud, and that it costs too much (about $10) and poses too much inconvenience to close an account and issue a new card. But the stolen card information will likely to be used one day to commit either new account fraud or card fraud. Consumers would be better protected if they knew their card number had been stolen.

Very few credit card thefts end in arrests. According to Gartner’s April 2004 survey of 5,000 online consumers, only 4 percent of credit card thefts affecting consumers resulted in an arrest. But even when it does, as in this case, unaffected consumers likely won’t find out about it until it’s too late.

Financial service providers should proactively notify consumers about card theft, warns Gartner. This will prevent later theft and will protect consumers from other forms of identity theft fraud that use the stolen card number but don’t necessarily result in illegal credit card use, the research firm stressed.

Tags: breaches