I'm constantly perplexed by the sensational headlines claiming this or that breach resulted in millions of credit cards being stolen. After all, cyber criminals can access your financial information, including your credit card data, almost at will.
As a matter of fact, I'm almost happy when my credit card gets caught up in a large, publicly known data breach. That means I'll get free credit monitoring for one or more years and my credit card, which has more than likely been compromised several times since it was issued, will be replaced with a new one and will be a bit more secure -- until the next breach.
Each year, tens to hundreds of millions of private records are compromised. You can see for yourself what's publicly known. That same source, Privacy Rights Clearinghouse, claims that 863 million records have been breached since 2005.
As high as the credit card abuse rates may seem, not everyone is a victim every year. Readers often ask me if what I say is true and my credit card number has probably been stolen, why hasn't it been abused? Two likely reasons:
- Your credit card issuer, or someone else in the financial transaction loop, spotted the fraudulent activity and stopped it before you were aware of it.
- The bad guys sell hundreds of millions of credit card numbers each year and yours simply didn't get sold.
Besides, they can't commit fraud against hundreds of millions of cards at once. Otherwise, someone in power would actually do something to minimize online credit card theft.
We don't spend money to kill gnats. Today's Internet thieves thrive only because they know they're merely a nuisance to the credit card issuers -- just overhead, a cost of doing business. If fraud actually caused substantial damage to credit card issuers and banks, the entire system would be transformed.
The larger truth is that cyber criminals have penetrated nearly every company and are able to access your credit card information whenever they want. Many of these compromised companies are in the credit card business or have indirect access as auditors, overseers, credit rating or reporting agencies, and so on. For example, the HVAC company's trusted access led to Target's recent breach problems.
All this naturally brings us to the question: How much should you worry about using credit cards or doing online transactions?
Not much, other than being aware of the system's fragility. What I'm writing about has been true for nearly a decade. We've been living in this corrupted world for a while, and the financial industry, broken as it is, functions pretty well. When a breach gets noticed, people get new credit cards and free credit card monitoring. Yes, a small percentage of people are inconvenienced each year due to fraud, but society has apparently decided the percentage is acceptable, just as we've reconciled ourselves to a certain measure of crime in the real, physical world.