| > Credit card fraud has gone *down* since 1992, and is actually falling: | > | > 1992: $2.6B | > 2003: $882M | > 2004: $788M | > | > We're on the order of 4.7 cents on the $100. | > | > http://www.businessweek.com/technology/content/jun2005/tc20050621_3238_tc024.htm | > The article also mentions that the loss rate for 1992 was 15.7 cents per $100.
Something doesn't add up. Combining the dollar values above with the loss rate per $100, I calculate that the total charges handled in 1992 was about $165 billion - which seems a bit low, but reasonable. However, the corresponding calculation for 2004 shows a total charges of about $16 billion, which is clearly nonsense. I don't actually see the $2.6B figure anywhere in the article. Where did it come from? | > If it's any consolation, I was rather surprised myself. | I seem to have gotten that one drastically wrong. Thanks for the | more accurate figures. | | A back of the envelope calculation makes me think that it is still | more than enough money to provide a good incentive for a change in | systems, though, especially when the cost of the anti-fraud measures | needed at every part of the system are taken in to account. In doing this calculation, be careful about the assumptions you make about how effective the countermeasures will be. The new systems may be more secure, but people will eventually come up with ways to break them. The history of security measures is hardly encouraging. There have been a couple of articles in RISKS recently about the fairly recent use of a two-factor system for bank cards in England. There are already significant hacks - and the banks managed to get the law changed so that, with this "guaranteed to be secure" new system, the liability is pushed back onto the customer. It's a continuing battle, and the banker's approach is really the only one that works over the long run: Keep the loss rate low enough that you can live with it while keeping the system easy enough to use that you don't lose customers. (Of course, bankers also try to externalize their liability - an effort that society must watch and control carefully. The liabilities must always be put on those in a position to actually do something about the risks.) -- Jerry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]