Major bank and retail card issuers are lacking in key security areas, according to a new study from Javelin Strategy and Research.
The study examined nearly 30 banks, retailers and credit unions in key categories of fraud prevention, detection and resolution. For the seventh straight year, Bank of America ranked at the top in overall security in Javelin's study with a 70% score, and the average for all participants is 55%.
EMV, commonly called chip-and-PIN, had low uptake on the credit card side with only 17% of all issuers surveyed offering EMV cards, mainly for travelers, says Al Pascual, senior analyst for Javelin. "It's only 17% for a number of reasons, but in the long run we think EMV is worthwhile and we give them credit for [having] it," he says.
USAA rated the best in fraud prevention, while Associated Bank and SunTrust tied for the best in the area of fraud detection.
Most institutions ranked low in how they guard accounts against a fraudster with a stolen Social Security number, Pascual says. Only 4% required personal information beyond the Social Security number for authorization.
"In the past, we have seen that account takeover is driven quite heavily by compromised Social Security numbers," Pascual adds.
If a fraudster has a stolen Social Security number he has the "ultimate key that opens any door" and he would be able to call a vast majority of issuers and have access to any accounts, Pascual says.
Javelin estimates card fraud affected 7.5 million Americans in 2012, with losses reaching almost $8 billion. Fraudsters targeted credit card accounts heavily in 2012, with 36% of consumers experiencing an account takeover.
The study examined what type of alerts the institutions and retailers gave customers regarding suspicious activity. With card-not-present fraud on the rise, the study suggests that more banks need to provide alerts when a CNP transaction takes place in an account. "Right now, only 30% of the banks offer such an alert," Pascual says.
In addition, the study reviewed how the banks and retailers educate consumers about protecting their accounts and the pitfalls of providing too much personal information through social media.
The three retailers reviewed in the study rated the lowest in fraud prevention with Cabela's WFB at 29%, Target at 22% and Nordstrom at 18%. Target has been the topic of numerous security discussions since it suffered its massive data breach during the 2013 holiday shopping season.
"The retailers didn't have authentication, overall, that was up to snuff with general purpose cards," Pascual says.
Banks that scored well in detection offered 24/7 account suspension after a fraud event, promoted zero liability for fraudulent transactions and offered a team to assist cardholders with identity fraud resolution.
Javelin studied the methods of American Express, Associated Bank, Bank of America, Barclays, BB&T, Cabela's WFB, Capital One, Chase, Citibank, Discover and Fifth Third. Also, First National Bank of Omaha, GE Capital Retail Bank, Navy Federal Credit Union, Nordstrom, Pentagon Federal Credit Union, PNC, RBS, State Farm, SunTrust, Target, U.S. Bank, USAA, and Wells Fargo.