That’s how long it takes me to drive home from our New York City offices. I made that very trip yesterday, leaving just before the Friday afternoon rush hour on a weekend already challenged by Super Bowl traffic in the area.
That’s also how long it took for my credit card data to be stolen and used in four unique transactions in Quebec, Canada while I was driving home to Pennsylvania. The normally quiet drive was interrupted by several emails and calls from American Express to warn me of fraudulent activity for four transactions ranging from $18 to $45.
The art and hassle of the scam
This particular credit card is one I don’t even use often. It’s an AMEX(s amex) Business account that I opened years ago when I was an independent blogger. I only use it now for my Gigaom activities, simply because it’s easier to separate work expenses from personal ones. Yet, for the second time in as many business trips to New York City, the card information was stolen and purchases were made. The last time, just a few months ago, created nearly $1,500 worth of fraudulent transactions.
Thanks to diligence on the part of AMEX, I don’t have to pay for any of these transactions. The company didn’t even approve the charges from yesterday. But I had to spend time on the phone reviewing all the transactions with the credit card company and of course, my current card is now invalid. Another card with new numbers is on the way.
What a waste of time, effort and money for all involved.
For an innovative country, we’re behind the times
So why haven’t we figured this out yet? We have a number of mobile payment initiatives and products available to us in the U.S. but we’re still dealing with an outdated magnetic stripe system that’s easy to hack for data. That’s partly why this country accounts for a disproportionately high amount of overall credit card fraud: Although we process only 24 percent of global payment volume, we account for 47 percent of the overall global fraud according to BusinessWeek.
Market politics is one big challenge. For example, I had high hopes for Google Wallet and NFC payments a few years ago but they were soon dashed.
In 2011, I first bought a tank of gas by tapping my phone to a payment terminal knowing that there was no easy way for anyone to see or get my credit card account data. Contactless payments have been held up however, as companies jockey for position to “own” this market. The oft-delayed Isis mobile payment project backed by Verizon(s vz)(s vod), AT&T(s t), and T-Mobile(s tmus) is a perfect example of this: It offers no additional benefit over the older Google Wallet initiative, but it has basically blocked Wallet from taking off.
How? Isis partners typically don’t allow Google Wallet on their handsets.
The expense of contactless payment terminals is also an obstacle, but I suspect the cost of such upgrades would be less than the amount of annual credit card fraud. And many retailers already have capable terminals that could be used: There are more than 300,000 retail locations in the U.S. that use Master Card PayPass(s mc); I’ve used them for Google Wallet contactless payments. Last week, Incipio debuted an NFC-capable case for iPhones so they can use Isis for mobile payments at similar terminals.
Coin is a new twist on the old model. Instead of carrying individual credit cards, you have one card with magnetic stripe. Using a mobile app, the stripe can be instantly programmed with your card account numbers to become a universal credit card. I thought about spending $50 on Coin but the truth is: While Coin is more convenient, it doesn’t solve any fraud problems. The card can still be “skimmed” for its data through the stripe.
The market is ready for disruption and that’s where Apple thrives
I do have some hope though: Apple is reportedly looking at expanding into mobile payments in a way that would eliminate the magnetic stripe approach. The company already has hundreds of millions of credit card account information. And with the new iPhone 5s, it has a strong user identification process in the Touch ID fingerprint sensor.
In fact, Apple CEO Tim Cook noted this on the company’s recent investor call, saying “The mobile payments area in general is one we’ve been intrigued with. It was one of the thoughts behind Touch ID.”
Personally, I prefer solutions that are device and platform agnostic so I won’t suggest that Apple will save the mobile payment industry from fraud alone. The idea of personal authentication in place of a physical magnetic strip, however, is the best overall solution I’ve heard of yet. Google Wallet comes close by requiring an NFC-enabled phone to be present, along with the added protection of a PIN for transactions. Fingerprint data stored in a secure storage area is better though.
If Apple does provide a solution for this issue, I’ll welcome it with open arms. Yes, it means providing trust in Apple for all of that credit card data but if you’re an iTunes user, don’t you already do that today? Of course, the recent Target data breach affecting up to 70 million customers may give some pause but my faith in a tech company is generally greater than that of a retailer.
Again, I’d like to see a widespread solution that doesn’t rely on a single company, platform or device line. But I’ll take what Apple has to offer if it eliminates or at least greatly reduces payment fraud.
Then I can enjoy my three-hour drive home in peace.