← All posts

// Blog

Why is credit card fraud so accepted in the US?

Personal

Originally published on Tumblr.

Last month one of my corporate cards was cloned. A copy was used to buy over $6,000 of goods in Brooklyn.

Cost to my company: $0.
Cost to my bank: $0.
Cost to Mastercard: $0.

So who pays the $6,000? We all do. The cost of fraud is passed on to every consumer or business that pays credit card fees. The estimated cost of credit card fraud in the US is $500 million. That’s a big number, but when that number is spread across hundreds of millions of cards, it’s not even noticed.

But there are lots of other costs that aren’t included in that $500 million:

  • Time
  • Anxiety
  • Inconvenience
  • Trust

    That card’s being cloned cost us a lot of time. One of our employees spent the better part of two days dealing with our bank. They had trouble telling us whether or not they were covered by fraud insurance, and when we could expect to get the money back. Because of the charges, we couldn’t pay an outstanding bill, which made several people both anxious and angry.

Because the US hasn’t implemented chip-and-pin, cloning a card turns out to be easy. Way too easy.

And it gets better.

Yesterday I received a push notification from my bank that my personal card had been used to buy $176 of goods in Kitty, Texas. I wasn’t in Kitty, and I hadn’t just bought $176 of stationery. Luckily I can disable that card from my iPhone, so the fraud stopped there. It had been cloned as well.

This morning I got a call from Mastercard asking if I’d been buying clothes in Kitty, Texas with my corporate card, the replacement for the one that had been cloned the previous month. That card hasn’t left my wallet since I received it. No one knew the number, but it had been cloned and used in person. I don’t yet know how many thousands of dollars in charges were made on it. I’ll find out tomorrow when our bank answers its phones.

Notification of charges and the ability to block and unblock my personal card probably saved us (and I mean us) a few thousand dollars. Chip-and-pin would have prevented all this fraud in the first place.

The laws that protect consumers from credit card fraud actually do no such thing. They spread the pain and make the problem invisible, so there’s no pressure on the credit card companies to upgrade their security. And the victims pay in other ways, none of them pleasant.

I now have no working credit card. I know that Car2Go, for example, will try to charge my weekend rides on Tuesday. The charge will be denied and my Car2Go account will be blocked. It’s an inconvenience to me, and Car2Go will trust me less. A lot of my businesses recurring services get billed directly to my card. This month they’ll all fail, for the second month in a row.

I don’t know how my cards are being cloned, but I’m sure there’s a common thread. I doubt that either my banks or the credit card companies will find it.

I’m really looking forward to modern secure payment systems, and I’m pretty sure they won’t be provided by Visa, Mastercard, or American Express.

Addendum: In response to this post several people have pointed me to FinalCard, which looks like a great solution to this problem. I’ve signed up to be notified when it’s ready.