The Magnitude of Fraud

Yesterday morning, after discovering the burglary, I called American Express, cancelled our cards, and asked for new ones.   They arrived today via courier (AmEx has been quite reliable for me over the 30+ years I have used their cards).

There was a small problem activating one of the cards, so I ended up getting bounced to manager-level and we had a conversation while we were waiting for a computer update.

I asked if there was any way to find out when/where the cancelled cards might have been attempted to be used.   The police here could use that info to try to pull videotapes from the merchants to identify the thieves.  (Cards are often used at gas stations, but most stations in the area have installed video to use proscuting drive-offs.)  The AmEx person informed me that once a card is reported stolen, it is deactivated and AmEx does not record attempted uses because they “do not wish to get involved in law enforcement.”

So, I posited, if we wanted a better chance of catching the scumbags who stole our stuff, it would have been better to NOT cancel the cards, wait for them to get used, get the video, and then deny the charges?   The rep agreed that so long as we did that within the challenge period (30 days?) that would probably work better.   As it is now, we cannot use the cards to try to track the thieves.

But wait — there’s more!   I pressed further and found that their average loss per fraudulent use before a card is shut off is around $1000.  This is why they don’t bother pursuing cases — that threshold is too low for the Feds to be interested, and neither are most local law enforcement agencies.   Often, the cases lead outside the country.  Thus, it is cheaper for them to charge back to the merchants (because, after all, the merchant didn’t appropriately validate the identity of the cardholder) than for the card company to pursue it (my conclusion, which the rep did not deny).

Going further, the rep works in one of (note: one of) AmEx’s call centers.  I was told they get 25,000 reports per week at that call center of lost and stolen cards.  Now, let’s do a little math, shall we?  Figure that 20,000 of those calls are for stolen and fraudulent use.   20,000 times $1000 per instance is $20 million per week in fraud.   Take that times 52 weeks in a year, and you get over $1 billion a year in fraud…now take that across all their call centers.   Then, figure fraud with more cards for Visa, MasterCard, Discover, and all the rest; I don’t know their average losses before discovery, but I suspect the industry average is around the same amount.

This is an area related to computer crime, and often co-mingled with it, because theft of card numbers via phishing and trojan software is a big source of card number theft.   It also exemplifies the problem.

Consider  – fraudulent use of US credit cards would seem to be in the tens of  billions of dollars per year.  I don’t know about the policy for investigation and prosecution is by the various other card-issuers, but it is probably similar for many — charge back to the merchants, and the individual cases are too small for law enforcement to get involved.  Thus, tens of billions of $$ a year with effectively no law enforcement follow-through.  Is there any surprise this is a growth business?

A phrase I used about 7-8 years ago when giving talks was that we were about to be “pecked to death by ducks.”  No single duck is more than an annoyance — a single duck is not a real threat and can be fought off easily.  But if you are constantly attacked by a huge flock, eventually you will succumb.   (I now see that it is more like leeches, but the duck image is more colorful.)

And this is only one form of financial fraud that we are facing.  It comes back in higher prices and lessened user confidence.   Even if my estimates are off by an order of magnitude, billions of dollars in fraud per year is a lot.

And that is only one form of fraud facing us, partially in cyber.   It is growing.  And it is largely not reported because no one bears a large enough part of the cost to really cry out for remedy.

Terrorists might kill a few of us now and then, but the criminals are bleeding us all, all the time.   Which is worse? Which is it the government chooses to focus the majority of law enforcement resources on?

Advertisements

5 Responses to “The Magnitude of Fraud”

  1. Frisky070802 Says:

    Pecked to death by ducks? What about this one? The horribly slow murder with the inefficient weapon: http://www.youtube.com/watch?v=9VDvgL58h_Y

    PS.. very interesting report about their unwillingness to find the burglars … absurd!

    Like

  2. trusecure Says:

    I don’t think it’s necessarily fair to lay this at the feet of government. The card companies have built this into their business models, as you have now discovered first hand. Anyone who’s recovered scores of credit card numbers from little nooks and crannies and tried to turn them over to the card companies has learned the same lesson. They don’t care; they don’t even pretend to care, which is pretty dumb IMHO.

    I think law enforcement would love to learn that Person X has accumulated $ABC E7 in duck pecks. Law enforcement has come to realize we’re facing organized crime and network analysis is a vital tool.

    But rather than contribute to solutions, it’s cheaper for them to pass the costs on merchants or clearing banks. Is this a great country or what? (rhetorical)

    Like

    • spaf Says:

      Building it into their business models is prudent from THEIR economic standpoint. It is still a large (and growing) drain on all of us. We’re the ones paying for it. It is a hidden “tax” that is hurting us all.

      Like


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: