|
|
 |
|
Viewing report
|
|
|
|
Seventh Annual Card Issuers’ Safety Scorecard: Sophistication of Hacker Attacks Threaten Traditional Security Models
Javelin Strategy & Research, June 2011, Pages: 46
The authors Card Issuer’s Identity Safety Scorecard analyzes the top 20 U.S. card issuers’ methods of protecting customers from identity fraud. In addition, the authors selected several other issuers to round out the 2011 survey. Each year, they incorporate data from annual household, consumer and issuer surveys in order to identify relevant security features. Issuers were scored based on the authors Protection, Detection and Resolution™ model, which measures consumer-facing protective measures that issuers employ. The purpose of this report is to provide an understanding of the current trends in fraud and the evolving security criteria that credit card issuers are using to address them.
Primary Questions
- What are existing criminal trends related to card fraud, and how can issuers mitigate against them?
- Which card issuers have the best consumer-facing prevention, detection and resolution capabilities?
- Which practices have been commonly adopted by issuers, and which should be adopted?
- How have issuers changed their consumer-facing practices since 2010?
- Where is the industry heading, and what are possible future security trends?
Methodology
Between April 2, 2011, and May 24, 2011, the authors conducted a survey evaluating the consumer-facing protective features of the top 20 issuers by cards outstanding and several other selected issuers, totaling 23 issuers evaluated. Issuers were selected from a list of the top 50 U.S. Visa/MasterCard credit card issuers published by the Nilson Report. The criteria evaluated were categorized into the authors Protection, Detection and Resolution model. Different criteria were given different weights in order to emphasize the authors commitment to the importance of particular features. Prevention was the most heavily weighted category, encompassing 45 of the 100 points possible, followed by detection (35 points) and resolution (20 points). Issuer scores were totaled in each category, revealing the highest-scoring issuers for each group. The categories were then aggregated for each issuer to reveal the top scorers overall.
Since scores were based on consumer-facing security measures, the scope of this report is limited to information provided on issuer websites as well as information supplied by consumer service representatives (CSRs). The criteria used to evaluate these security measures are not intended to encompass all consumer-facing security measures, nor does the author evaluate issuers based on back-end security practices.
Thorough website research was conducted on card issuers’ sites in order to amass as much information on documented features as possible. For CSR calls, a mystery-shopper approach was employed. Researchers called issuers as potential clients inquiring about specific card and security features. Taking into account various knowledge levels of CSRs and as a verification method, callers made an average of 6.4 calls to each issuer. If researchers had reason to doubt the information provided by a CSR, the call was terminated (without adding to the call average) and a new call was made.
Given that the issuers surveyed changed from last year and that the criteria used to evaluate the issuers tighten each year, direct year-toyear comparisons cannot be made. However, general trends in issuer security adoption can be discerned, even though the data is not perfectly longitudinal. Figure 1 lists the issuers surveyed in 2011.
|
|
|
|
