Credit Card Companies Use Artificial Intelligence to Thwart Thieves
by Margaret Webb Pressler, Washington Post
Two credit cards were recently stolen from my wallet. The thief was smart: Rather than pilfering my entire wallet from my purse while I relaxed over lunch, he (she?) merely lifted a couple of cards and put my wallet back in my purse. Because I didn't notice the missing cards, the thief had more time to run up a few charges.
I discovered what had happened the next day when I got a call from American Express security, which wanted to verify some unusual spending on my corporate account. The charges included $1,000 at Best Buy, $250 at some oil-change place in Virginia and a fill-up at a gas station. On my Visa was a $100 charge at a suburban 7-Eleven.
In addition to wondering how anyone could spend $100 at a 7-Eleven, I immediately blamed the various cashiers who obviously had not checked the signatures on my cards. If only they had checked, I fumed to myself, none of this would have happened.
As it turns out, however, credit card companies no longer rely on retail clerks to catch the crooks.
With billions of dollars at stake, and ever more clever crooks, the credit card companies have become very, very smart about protecting themselves by using astonishingly sophisticated network computers and software programs.
"We're at a level whereby we can understand with artificial intelligence . . . the potentially fraudulent transactions," said Raf Sorrentino, vice president of risk management for First Data Corp., one of the country's biggest providers of credit card processing and payment services.
Credit card fraud costs the industry about a billion dollars a year, or 7 cents out of every $100 dollars spent on plastic. But that is down significantly from its peak about a decade ago, Sorrentino says, in large part because of the powerful technology that can recognize unusual spending patterns.
Take the thief of my American Express corporate card. I use it rarely, and when I do it's usually for a moderately priced lunch. A charge of $1,000 at a consumer electronics store immediately flagged the American Express security system -- so quickly, actually, that it told Best Buy not to approve the transaction.
"There's a logic in the system," said Judy Tenzer, a spokeswoman for American Express.
And it's not just a sudden surge in spending that can set off a warning. If there were a charge on my card in Omaha, and five minutes later in Berlin, that also would send up a red flag. Crooks buy and sell credit card numbers over the Internet, so the computer networks that monitor spending patterns have to process data worldwide, instantaneously, 24 hours a day.
The credit card companies don't share many details about the layers of security they've put in place to cut their losses from fraud, aside from stressing the size of their computer networks. As Tenzer of American Express put it: "The more detail I would tell you, the more detail the criminals would read." The system is all about staying one step ahead of the thieves.
It's no wonder the lowly signature isn't considered much of a security measure, compared with the other firepower being thrown at the problem. Yet credit card executives are loath to dismiss outright the importance of checking signatures, calling it a deterrent or another level of safety. They say there are occasional instances of a cashier catching a criminal in the act, which usually causes the perpetrator to flee.
But the one message that's clear from numerous industry executives is that retail cashiers don't have the level of responsibility they may seem to have when they check a credit card signature.
"You can't expect cashiers to be handwriting experts," said Sorrentino of First Data.
This all makes me feel pretty naive, because I'd always figured that the simple act of comparing names was pretty important. I even thank clerks who do check my signature. But in the case of my credit card being used at Best Buy -- notwithstanding my initial furor -- the store never even got as far as looking at my John Hancock. And that's really how the system is supposed to work, said Paul Stone, vice president of loss prevention for the Minneapolis-based chain.
"The first line of defense is the line of defense with the credit card company," he said. "We really are the second line of defense."
Keeping the signature even less important is that retailers don't get penalized for not doing it. Typically the costs for fraudulently purchased items are covered by the issuer of the credit card or the bank that processes all of a merchant's electronic payments. There are few legal or contractual requirements to check signatures, and it's harder to make such a step mandatory these days, anyway, given the explosion of small card-processing devices at cash registers that allow shoppers to swipe a credit card and never even hand it to the clerk.
Nevertheless, Stone insists, "the retailer is not scot-free" in the credit card fraud equation. Each fraudulent transaction is investigated to find out what happened, and sometimes the retailer does have to pay. But more important, Stone said, is that the credit card companies have the right to raise the fees they charge a retailer if fraud becomes a problem.
For that reason, Best Buy does train all its employees to check signatures, and it reinforces that training if credit card fraud becomes a problem at a particular store.
"It is all about the costs that would eventually add up if you weren't trying to help out in this whole process," Stone said.
And speaking of costs adding up, you know who ultimately pays for all this fancy computer technology -- to say nothing of the fraud that still gets through? We, the cardholders, through higher fees and rates. The only comfort in that is to know that the fees would be even higher if the system relied just on cashiers to protect us from the thieves.