| > Credit card fraud has gone *down* since 1992, and is actually falling:
| >
| > 1992:  $2.6B
| > 2003:  $882M
| > 2004:  $788M
| >
| > We're on the order of 4.7 cents on the $100.
| >
| > 
http://www.businessweek.com/technology/content/jun2005/tc20050621_3238_tc024.htm
| >
The article also mentions that the loss rate for 1992 was 15.7 cents per $100.

Something doesn't add up.  Combining the dollar values above with the loss
rate per $100, I calculate that the total charges handled in 1992 was about
$165 billion - which seems a bit low, but reasonable.  However, the
corresponding calculation for 2004 shows a total charges of about $16 billion,
which is clearly nonsense.

I don't actually see the $2.6B figure anywhere in the article.  Where did it
come from?

| > If it's any consolation, I was rather surprised myself.
| I seem to have gotten that one drastically wrong. Thanks for the
| more accurate figures.
| 
| A back of the envelope calculation makes me think that it is still
| more than enough money to provide a good incentive for a change in
| systems, though, especially when the cost of the anti-fraud measures
| needed at every part of the system are taken in to account.
In doing this calculation, be careful about the assumptions you make about
how effective the countermeasures will be.  The new systems may be more secure,
but people will eventually come up with ways to break them.  The history of
security measures is hardly encouraging.  There have been a couple of articles
in RISKS recently about the fairly recent use of a two-factor system for
bank cards in England.  There are already significant hacks - and the banks
managed to get the law changed so that, with this "guaranteed to be secure" new
system, the liability is pushed back onto the customer.

It's a continuing battle, and the banker's approach is really the only one that
works over the long run:  Keep the loss rate low enough that you can live with
it while keeping the system easy enough to use that you don't lose customers.
(Of course, bankers also try to externalize their liability - an effort that
society must watch and control carefully.  The liabilities must always be
put on those in a position to actually do something about the risks.)

                                                        -- Jerry


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to