NEW YORK — Credit card companies could make customers' accounts and identities more secure with a few simple steps, consulting firm Javelin Strategy & Research said in a study that looks at the policies banks use to protect customer data.
Javelin gave Bank of America its highest score for safety among the top U.S. card issuers, 87 out of 100 points. Bank of America is the third-largest U.S. card issuer, based on how much is spent on its cards.
The biggest card issuer, American Express, was ranked seventh for safety with 66 points. The second-largest issuer, JPMorgan Chase, was ranked sixth with 67 points.
The study gave a maximum 45 points for prevention efforts, 35 points for detecting fraud and 20 for resolving problems once they were discovered. The average score for the 23 card issuers examined was 59.
The study found that card companies do a good job resolving fraud problems once they occur — averaging 18 out of 20 points. But they fall short on prevention, averaging just 24 of the 45 points, and detection, averaging 17 of 35.
"The most troubling area is prevention," said Phil Blank, Javelin's managing director of security, risk and fraud and a co-author of the study. "Prevention, frankly, is the area that has the biggest payback, not only for the financial institution, but for the consumer as well."
Account fraud totals about $37 billion annually, said the study, which looked only at the security efforts employed by banks that are visible to the customer, but acknowledged that a great deal of money is spent behind the scenes.
Blank said banks can do things like create text message alerts that would contact a card holder when large purchases are made, for example, or when purchases are made without the card present, such as through a telephone or Internet order.
A system that requires the card holder to approve such a purchase could drastically cut down on fraud, particularly since transactions where the card isn't presented are among the most common problems, he said.
Another big issue: Banks should stop asking customers to provide their Social Security numbers as a routine form of identification. Social Security numbers are among the prime targets for fraudsters, he said. "We're training the consumer that it's okay to give up their Social Security numbers."
It also makes sense for banks to limit online access to accounts if customers don't have updated antivirus software on computers and mobile devices, he said. In Europe, online access is more restricted, Blank said, but banks in the United States are reluctant to take such steps.
"Time and time again our research shows that the consumer wants to be involved and wants to be at the center of security," Blank said.
There are also steps that consumers can take to protect themselves, he said, including updating antivirus software and carefully reviewing statements for unexpected charges. Even a $1 charge could be a signal that a crook has an account number and is testing the card holder to see if anyone notices anything unexpected.