Data Thieves Are One Big AmericanExpress Commercial

Written by Evan Schuman
November 26th, 2006

Just in time for the holidays, data thieves are giving big brightly-colored wrapped gifts to Visa, MasterCard and AmericanExpress every time they seal their steal.

The traditional credit card companies are fighting for their lives against a plethora of new alternatives, ranging from debit cards, non-credit-card contactless payment, cellphones, eCheck, PayPal and Bill Me Later, not to mention new-fangled hybrids that merge loyalty/CRM, giftcards, incentive coupons and POS card, such as a pilot at the Subway chain..

But they may have picked up an unlikely ally in the cyber criminals?and the regular brick-and-mortar crooks?that are attacking their systems.

Various surveys show many of those alternative payment methods?especially debit cards and Bill Me Later?faring surprisingly well against the established payment leaders.

I’ll say one thing about this gig. People just love to send me survey results. The more dubious the source, the more they like to send it: “In a survey of 29 people randomly selected (from our employee cafeteria), 94 percent of them preferred our product over the competition. When the survey was taken near salary review time, the percentage soared to 100 percent.” But I digress.

The point is that the old-line credit card players have reason to sweat, especially when their direct customers?retailers?have every reason to crave seeing the alternatives do well because the interchange fees are much higher with credit cards than almost any alternative. Swooping in for the rescue is the 21st Century Boris Badenov.

Without getting political (who me?), there are those who have argued that fear can be an effective tactic when you want people to back an otherwise-less-attractive option. Say what you will about those alternative payment methods, when your credit data is hacked and you’re being hit with identity fraud, you really want to have been using Visa, MasterCard or AmericanExpress. Of course, 99.999 percent of the time for 99 percent of the people, that is unlikely to happen.

That’s where fear comes in. Get people to focus on the calamity that is unlikely to occur and base their decision on that. It’s the principle behind most insurance policies. “If something goes wrong, you don’t always get your money back on ECheck or PayPal,” said Avivah Litan, security analyst at Gartner. With the major credit card players, customers almost always recoup all losses. Those victims will lose mountains of time and effort, but at least the dollars are likely to be credited.

As more security breaches get more coverage, that advantage may be just about all that the credit card companies will have going for them.

Here’s how the top payment options stack, in terms of consumer popularity, over to a Gartner survey of 5,000 adults taken this summer and released on Nov. 27. Cash still reigns supreme, at 57 percent, with PIN Debit coming in second, albeit a distant second at 25 percent. Credit comes in next, virtually tied with PIN Debit and garnering 24 percent. Checks are a half-notch below that, at 20 percent, with signature debit taking 14 percent and everyone else splitting a four percent “other” category. (Clearly, people could select more than one option, so it totals much more than 100 percent.)

But what’s more interesting is how some specific players fared in the Gartner survey when consumers were asked about their comfort level on a scale of one (not at all comfortable) to five (extremely comfortable). Bill Me Later?an insurance-like program offered by I4 Commerce?took the top spot at 3.9, with PayPal right behind with a 3.8. Visa and MasterCard’s credit cards tied at 3.7, Amex dropped up slightly with a 3.4 (possibly explained by a smaller customer base), followed by Discover Credit and Visa Debit (both at 3.3), MasterCard debit at 3.1 and Electronic Check at 2.9.

Litan said Bill Me Later pretty much amounts to store credit but the store’s not on the hook for the money, which would explain it’s popularity. “The fact that they even got equal rating (with the established credit cards) is pretty amazing,” she said. “The credit card companies are so well entrenched.”

Gartner also reported Monday that security fears were likely to cost E-Commerce merchants some $2 billion this year, which is ironic because Gartner also reported that Web sites are a heck of a lot more secure than the POS at a typical brick-and-mortar location.

The best tactic that MasterCard/Visa/Amex can use is to bypass retailers and get consumers to insist on using that card or nothing. The fear of fraud attacks?exaggerated or not?is probably their most powerful weapon. Maybe this holiday season will see new credit card taglines. Master The Paranoid Possibilities? Or perhaps “There are some rational decisions about what money can buy. For everything else, there’s MasterCard.”

Then again, Visa may have already gotten there with it’s latest tagline: “Enjoy Life’s Opportunities.” For Visa, a bunch of retail managers getting their laptops stolen is nothing if not a really golden opportunity.


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.