I do all the right things when it comes to online transactions. I use multiple, hard to guess passwords. All my cards are chipped. I track my spending carefully and have alert on my credit lines. I’m careful when I pay for transactions online, making sure the website is trusted and the connection is encrypted. I store my credit cards in a safe place and when I carry them I never let them out of my sight.
And still a Californian using my credit card walked away with $100 worth of pizza in the Bay Area while I was using the same card in North Carolina without triggering a fraud alert at the credit card company. He only caught my attention when he tried spending $1100 at a high-end retail department store in the same area.
This was the third time in a year my card was compromised, but the reaction of the issuer is what I found chilling.
I remember the first time I had a problem with my credit card. It was 1988 and I was going to school in southern California. I had left the card somewhere and after retracing my steps I had to report my card lost. The credit card company overnighted a replacement card to me. And they did the same over the years, like in 2010 when somebody tried charging boat parts to my card, and even last December when the issuer called me and were concerned the card had been compromised in a data breach. The protocol the issuers all followed was to cancel the card and get me its replacement overnight or within one or two business days.
“We will send you the replacement card in 5-7 business days,” the customer service rep stated. On the surface that’s a mild inconvenience, right? After all I have other cards – some with the same issuer just different accounts.
But the change in business practice said much more than the card issuer intended.
What the change said was the cost of overnighting replacement cards had become too expensive, forcing the issuer to choose a cheaper way to get the customer the cards. And that cost was higher than the losses incurred while the customer waited for the card to arrive.
I confirmed this with the representative. “So I have to use another credit card while I wait up to two calendar weeks for my card to arrive?” He agreed.
“Well then, I’ll guess I’ll just have to use my American Express card,” I said.
He expedited the card, although he did not overnight it.
This change in business processes says even more. If I am an average credit card customer, applying a variant of the Copernican Principle to daily life this means that my experience is not uncommon. Credit card fraud must be common that the cost of lost income from usage during the wait for a replacement coupled with the cost of overnighting a card has become a sum worthy of cost cutting measures. In effect the cost of fraud had been “normalized”.
In 2017 there were an estimated 1,500 data breaches reported – and likely thousands more unreported. This “normalization” of fraud is chilling. It likely means the issuers and banks are at a loss for controlling fraud and are instead finding ways to protect their bottom lines from it. They are also passing along the inconvenience to their customers – as well as the cost – even though there is little we can do to fight it as my experience shows.