June 22, 2005 4:00 AM PDT
Consumers, retailers grapple with data theft
(continued from previous page)
the cardholder has to pay for the first $50 of unauthorized transactions, or nothing at all. Businesses, however, in many cases have to cover the loss--a potentially heavy burden in the CardSystems case, given the large number of accounts exposed. If consumers aren't alerted, that means the compromised cards could still be active and may be used by criminals in a transaction.
"We'd really like credit card companies to take responsibility for their mistakes," said Tom Mahoney, director of Merchant911.org, a group of online sellers focused on preventing fraud. "They are not canceling the cards and re-issuing them because it costs them too much, and the merchants bear the cost of fraudulent charges as a result."
Re-issuing a credit card costs around $30, according to Visa. If the credit card companies were to replace all 40 million cards that may have been stolen, it might cost more than $1.2 billion.
Web retailers in particular are considered high risk by credit card issuers because they don't see the customer's credit card and can't ask for a signature or an ID. As a result, Web retailers end up bearing the burden on more fraudulent transactions than brick-and-mortar stores.
However, there is little need to worry, according to Visa. "Fraud really is at an all-time low--in the Visa systems, only 5 cents for every $100 transacted," said Rosetta Jones, a Visa spokeswoman.
Also, according to Visa, only about 2 percent of credit cards that are exposed after a data security breach are ever used improperly. "Very few consumers will be impacted by this," Jones said.
But for business owners like Gary Howell, who runs Howell Automotive in Keyser, W.Va., any case of fraud is one too many. He wants the affected credit card accounts deactivated. About one in every 50 transactions handled by his online auto parts business is already suspect, and Howell is afraid more fraud is on its way and that he will have to pay.
"The credit card companies know that the criminals have enough information to get by the security checks that an online merchant does," he said. "I'll be out the merchandise, I will be out all of the money, and I will get charged fees for being the victim of a crime--even though I did all of the security checks and did them right."
11 commentsJoin the conversation! Add your comment