Credit card fraud in the late 1980s was a lot less complicated than it is today.
In the pre-internet era, criminals often called banks to falsely report that a specific customer’s card was lost or stolen. Then they peeked inside the targeted customer’s mailbox to see whether the new plastic had been delivered. When the card arrived, they stole it.
The methods were old-fashioned, but the losses for banks could be substantial. In some cases, as much as $300,000 was charged under a victim’s name.
Starting around 1990, the U.S. credit card industry figured out how to fight back. Thus was born the process of requiring customers to make a phone call to activate their cards. Nearly three decades later, card activation is still used throughout the industry.
Longtime American Express executive Ash Gupta was a pioneer of the card activation process. He plans to retire at the end of next month following a 41-year career that has seen vast changes in the industry’s approach to fraud prevention.
“Most fraud developments have short shelf lives,” Gupta said in a recent interview. “This one has had a shelf life of over 25 years.”
Still, the history of the card activation process is a reminder that while banks may win battles in the fight against fraudsters, the war never ends.
Gupta recalled that back in the 1980s, credit card issuers had no way of knowing whether a customer had opened the envelope that contained his or her new card.
“Maybe somebody took that envelope out from a mailbox,” he said. “We knew we sent it. But we were never sure you received it.”
Amex decided to affix a sticker to its cards with instructions to dial a phone number. When customers called, they were asked to verify certain personal information, and the card was activated.
By 1993, fraud involving Amex cards that customers had not received was down by 70%. And the innovation had another benefit. Generally speaking, customers liked that American Express was taking steps to protect against fraud.
There were some early glitches. Some customers who were not accustomed to the new process simply removed the stickers and did not bother to pick up the phone. In response, Amex made certain tweaks to its system. “So even if they removed the tape, we would not automatically decline the transaction,” Gupta said.
Soon, various companies were affixing activation stickers to their credit cards. In some cases, the issuers could not resist the temptation to try to sell additional products to customers who were simply calling to activate their cards.
One consumer who was outraged by the marketing ploy told The Washington Post in 2000 that he was envisioning lying on his death bed, staring at the ceiling, and seeing an ad coaching him on which funeral home to choose.
Over the decades, the card activation process has been perfected. Today, when customers call from a phone number that is listed on their account, their card can be automatically activated. Or they can make a no-hassle visit to the issuer’s website.
“When the customers get a new card, you want to have the fewest disruptions possible,” said Gupta, who is president of global credit risk and information management at American Express.
The card activation process was one of a number of low-tech innovations that put a big dent in fraud, said Brian Riley, a former Citibank executive.
In the card industry’s early days, the carbon copy receipts that were generated when a consumer paid with plastic contained the customer’s full account number, he recalled.
“All you had to do is dive into somebody’s dumpster,” said Riley, who is now an analyst at Mercator Advisory Services.
In response, card issuers began using the perforation in the carbon paper to break up the customer’s account number. Soon carbon paper was gone altogether.
Riley said that fraud prevention is one of the few areas where banks share a lot of information with each other, since lower fraud rates at one issuer will not do any harm to its competitors. When one company pioneers an innovation, others soon follow suit, he said.
Fraudsters evolve with the times, of course. After card activation became commonplace, counterfeit fraud spiked, as criminals saw an opportunity to steal data from the mag-stripe strip on the back of cards.
More recently, chip cards have eliminated the risk of counterfeit fraud, but fraudsters have responded by buying items online, since a physical credit card isn’t needed for an e-commerce transaction. Meanwhile, card companies have developed sophisticated algorithms to flag suspicious transactions, using emails and text messages to alert consumers within seconds.
“There have been thieves since the planet cooled,” said Robert Hammer, the CEO of a bank card advisory firm in Thousand Oaks, Calif. “You’re never completely out of the woods as an issuer.”
As an example, Hammer noted that technology can be used to obtain a card number and expiration date from inside the wallet or pocket of a passer-by. You might call it digital-age pickpocketing.
Still, there is a reason that card companies continue to ensure that their customers actually received their cards, almost three decades after the activation process was invented.
“That is the biggest risk control mechanism, even today,” Gupta said.