Features
As well as convenient, accessible credit, credit cards offer consumers an easy way to track expenses, which is necessary for both monitoring personal expenditures and the tracking of work-related expenses for taxation and reimbursement purposes. Credit cards are accepted worldwide, and are available with a large variety of credit limits, repayment arrangement, and other perks (such as rewards schemes in which points earned by purchasing goods with the card can be redeemed for further goods and services or credit card cashback).
Some countries, such as the United States, the United Kingdom, and France, limit the amount for which a consumer can be held liable due to fraudulent transactions as a result of a consumer's credit card being lost or stolen.
Security Overview
Credit card security is based on privacy of the actual credit card number. This means that whenever a person other than the card owner reads the number, security is potentially compromised. Since this happens most of the time when a transaction is made, security is low. However, a user with access to just the number can only make certain types of transactions. Merchants will often accept credit card numbers without extra verification for mail order, but then the delivery address will be recorded, so the thief must make sure he can have the goods delivered to an anonymous address (i.e. not his own) and collect them without being detected. Some merchants will accept a credit card number for in-store purchases, whereupon access to the number allows easy fraud, but many require the card itself to be present, and require a signature. Thus, a stolen card can be cancelled, and if this is done quickly, no fraud can take place in this way. For internet purchases, there is sometimes the same level of security as for mail order (number only) hence requiring only that the fraudster take care about collecting the goods, but often there are additional measures. The main one is to require a security PIN with the card, which requires that the thief have access to the card.
Security Problems
The low security of the credit card system presents countless opportunities for fraud. This opportunity has created a huge black market in stolen credit card numbers, which are generally used quickly before the cards are reported stolen.
The goal of the credit card companies is not to eliminate fraud, but to "reduce it to manageable levels", such that the total cost of both fraud and fraud prevention is minimized[citation needed]. This implies that high-cost low-return fraud prevention measures will not be used if their cost exceeds the potential gains from fraud reduction.
Most internet fraud is done through the use of stolen credit card information which is obtained in many ways, the simplest being copying information from retailers, either online or offline. Despite efforts to improve security for remote purchases using credit cards, systems with security holes are usually the result of poor implementations of card acquisition by merchants. For example, a website that uses SSL to encrypt card numbers from a client may simply email the number from the webserver to someone who manually processes the card details at a card terminal. Naturally, anywhere card details become human-readable before being processed at the acquiring bank, a security risk is created. However, many banks offer systems where encrypted card details captured on a merchant's webserver can be sent directly to the payment processor.
Controlled Payment Numbers are another option for protecting one's credit card number: they are "alias" numbers linked to one's actual card number, generated as needed, valid for a relatively short time, with a very low limit, and typically only valid with a single merchant.
The Federal Bureau of Investigation and U.S. Postal Inspection Service are responsible for prosecuting criminals who engage in credit card fraud in the United States, but they do not have the resources to pursue all criminals. In general, federal officials only prosecute cases exceeding US $5000 in value. Three improvements to card security have been introduced to the more common credit card networks but none has proven to help reduce credit card fraud so far. First, the on-line verification system used by merchants is being enhanced to require a 4 digit Personal Identification Number (PIN) known only to the card holder. Second, the cards themselves are being replaced with similar-looking tamper-resistant smart cards which are intended to make forgery more difficult. The majority of smartcard (IC card) based credit cards comply with the EMV (Europay MasterCard Visa) standard. Third, an additional 3 or 4 digit code is now present on the back of most cards, for use in "card not present" transactions. See CVV2 for more information.
The way credit card owners pay off their balances has a tremendous effect on their credit history. All the information is collected by credit bureaus. The credit information stays on the credit report, depending on the jurisdiction and the situation, for 1, 2, 5, 7 or even 10 years after the debt is repaid.