Credit Card Theft, Fraud and the Banks That Are Liable - Essay Example

Master’s Degree Proposal Credit card theft, fraud and the banks that are liable August RESEARCH PROPOSAL Research Paper Topic: Credit card theft, fraud and the banks that are liable in the US. Does the scope of the law work for all interested stakeholders? Abstract Credit card fraud as the result of phishing emails and payments fraud appears to have become more rampant as more financial institutes are publishing actual data on what the fraud is costing them1. This paper will look at the different types of credit card fraud and then address two specific questions: 1. What is the extent of the liability banks are held responsible for in cases of credit card fraud in the United States and 2. How are banks implementing policy changes and proposed law changes to better protect their customers and their own profit figures in the US? The paper will be supported by an extensive literature review including case studies in American law over the past ten years; the impact of decisions made through the court system and economic and law discussions on the issue. The final discussion will look at how the legal system could be adapted to improve security for banks and card holders, and whether or not U.K. law on the same issue can learn anything from this research. Introduction In 2006 Lisa Valentine posed the question “what do bank customers and criminals have in common?2” The answer was of course, “they both love debit cards”. It is difficult to know which situation came first – the rampant rise in credit and debit card usage online or the desire for credit and debit cards because people were shopping more online. Valentine cited statistics from McKinsey & Co. that predicted (in 2006) that debit card usage would generate almost 30% of the bank’s DDA fee income – up from 16% in 2006. There is no denying that the use of credit and debit cards online has increased exponentially and with it the potential for fraud. Sullivan noted just one breach at Heartland Payment Systems compromised 130 million records of payments cards and felt that this situation was facilitated because of security vulnerabilities that are part of the credit card usage system3. Sullivan explains “The process for approving card payments depends to a large extent on information. Thus criminals have a strong incentive to steal that information, leading to attacks on computer systems, data breaches and ultimately payment fraud”4. Valentine supports that position in her paper where she claimed that criminals prefer debit cards to credit card when it comes to making money. With credit cards criminals have to buy items and then sell them to recoup their money. With debit cards criminals can get cash directly from ATM machines. Valentine also made the point that banks are becoming increasingly frustrated with the debit card system. Customers want them and the banks want to hand them out and yet bankers have little or no control over the security of the cards. She writes “In some cases merchants are not stepping up to the plate and taking security precautions needed to defend against hackers…but its banks that are left holding the bag, having to reissue cards, notify customers that a breach has occurred…and absorb the losses”5. Gates and Jacobs found in their research an example of payments fraud that cost the relevant company (TJX Companies Inc) more than $130million in settlement claims after hackers managed to steel more than 45,700,000 credit card and debit card numbers along with 455,000 merchandise return records that included customer names and their driver’s license details6. It has been estimated that 30% of the American population was affected by this one incident that impacted 48 million people. The breach was caused by a global effort with criminals being implicated from the USA, Eastern Europe and China7. The TJX example is not an isolated incident as research presented in the final paper will show. But the focus of this paper will be more on how financial institutions, and in particular banks, can protect themselves from paying huge amounts out to customers in claims. There is certainly not an absence of legislation about this issue but its effectiveness in terms of reducing the incidences of fraud, and protecting financial institutes and their customers doesn’t seem as clear. For example in United States v. Laljie, 184 F.3d 180, 189 (2d Cir. 1999) Congress implemented the Bank Fraud Statute, 18.U.S.C. [Sections] 1344 to protect the interests of the federal government as an insurer of financial institutions. Before this case anybody who was caught defrauding banks and insurance companies couldn’t be prosecuted under federal laws8. Then in Williams v. United States 458 U.S. 279 (1982) the Supreme Court decided that 18. U.S.C. [Sections] 1014, which is the piece of legislation that criminalizes false statements to financial institutions did not cover all types of fraud. So in response to that Congress implemented 18 U.S.C. [Sections] 1344 which was to allow for federal prosecution for check-kiting and other schemes. The Bank Fraud Statue states that anyone who “knowingly executes, or attempts to execute a scheme or artifice-to-defraud a financial institution; or to obtain any of the money, funds, credits, assets, securities or other property owned by, or under the custody or control a financial institution, by means of false or fraudulent pretences, representations or promised shall be fined not more than $1,000,000 or imprisoned for not more than 30 years or both” (18 U.S.C. [sections] 1344 (1994), Pub. L. 98-473, 98 Stat. 2147, and amended Pub. L. 101-73.). Research Questions The research for this paper will focus on three key issues: 1. What legislation is currently in place in the United States that renders banks and other financial institutions liable in cases of credit and debit card fraud? 2. What statistics and supporting evidence is there relating to the effectiveness of the legislation? 3. Have there been solutions considered that might have worked but were not implemented possibly because of restrictions from privacy laws, consumer protection laws and legislation governing the storage and security of personal information? Research so far has indicated that despite a strong legislative presence the effectiveness of that legislation when applied to specific case studies is somewhat neutered. However more research will be needed to ensure that the information found so far is not just one biased take on the situation. Literature Review Books A. Boyer, The Online Identity Theft Prevention Kit: Stop Scammers, Hackers, and Identity Thieves from Ruining Your Life. USA: Atlantic Publishing Company, 2008. RA. Epstein, & TP. Brown, Cybersecurity in the payment card industry. The University of Chicago Law Review, Vol. 75, no. 1, 2008, pp. 203-223. JR. Rich, The Unofficial Guide to Starting a Business Online. USA: John Wiley and Sons, 2005. S Paulus, N Pohlmann, & H Reimer, ISSE 2005: Securing Electronic Business Processes: Highlights of the Information Security Solutions Europe 2005 Conference. Germany: Springer, 2005. J Stickley, The Truth about Identity Theft. New Jersey, USA: Que Publishing, 2008. Past Research Papers Thomas P. Brown and Richard A. Epstein, 2008, “Cybersecurity in the payment card industry,” (Off-site Link) University of Chicago Law Review, Vol. 75, No. 1, Winter, pp. 203–223. Steven J. Murdoch and Ross Anderson, Verifed by Visa and MasterCard SecureCode: or, How Not to Design Authentication. Financial Cryptography and Data Security Vol. 10, No. 25, 28 January 2010, Tenerife Stephen E. Blythe, "The Proposed Computer Laws of Uganda: Moving Toward Secure E-Commerce Transactions and Cyber-Crime Control," Journal of Management Policy and Practice, Vol. 11, Iss. 5, 2010, pp. 19 - 33 David Guerin, “Fraud in Electronic Payments” Trintech Group Plc www.trintech.com, November 2003 Cases and Common Law Historical data and arguments - background research United States v. Pless, 79 F.3d 1217, 1218-19 (D.C. Cir. 1996) United States v. Hoglund, 178 F.3d 410, 413414 (6th Cir. 1999) United States v. Studevent, 116 F.3d 1559, 1561 (D.C. Cir. 1997) United States v. Torres, 209 F.3d 308, 309-10 (3d Cir. 2000) United States v. Jenkins, 210 F.3d 884, 886 (8th Cir. 2000) United States v. Mueller, 74 F.3d 1152, 1159 (11th Cir. 1996) Recent Cases relating to bank fraud interpretations United States v. Leahy, 445 F.3d 634, 665 (3d Cir. 2006) United States v. Jimenez, 513 F.3d 62, 73-74 (3d Cir. 2008) United States v. Cruz, 317 F.3d 763, 767 (7th Cir. 2003) United States v. Severson, 569 F.3d 683, 689 (7th Cir. 2009) United States v. Stathakis, 320 F. Appx 74, 77 (2d Cir. 2009) Regulations Bank Fraud Statute, 18 U.S.C. [section] 1344 (2006). Bank Secrecy Act, 12 U.S.C. (2006) Crime Control Act of 1990, Pub. L. No. 101-647, 104 Stat. 4789 Financial Institutions Reform, Recovery, and Enforcement Act of 1989, Pub. L. No. 101-73, 103 Stat. 183 Methodology Research Proposal This dissertation will comprise of a comprehensive literature review that examines the structure of regulations that are supposed to be limiting the liability that banks face as a result of online credit card fraud. The paper will document the history of federal legislation from the 1980s onward to determine if at any time there was enough legislative safeguards to prevent banks from having to absorb huge costs (as outlined by Valentine and Sullivan) as a result of technologically savvy criminals. Results and recommendations Once a comprehensive literature review has been prepared this author will be looking at particular case study evidence (likely sourced from case information) to determine the effectiveness or otherwise of current federal legislation. The discussion will present a summary of each side of the equation (it does work or it doesn’t) before considering the situation overall. A second aspect that must be covered is the responsibility of the card and account holders themselves. This is where a discussion will be held on the findings and recommendations of five books (see book list) will be introduced to determine how much (if any) of the fault of these fraudulent costs should be attributed to user error rather than unsecured bank systems. Evidence will then be presented to give an indication of the cost of the current problems faced by USA’s credit and debit card fraud problem, before a comparison will be made as to the similar problems that the UK faces with regards to fraud. Can we learn from America’s mistakes? This paper will endeavour to provide an answer to that problem. References Bank Fraud Statute, 18 U.S.C. [section] 1344 (2006). K Jacobs, T. Gates, "Payments Fraud: Perception versus Reality-A Conference Summary. Economic Perspectives, Vol.33, no. 1, 2009, pp. 7-15 B Stone, "Global trail of an online crime ring," New York Times, August 11 2008, available at wwwnytimes.com/2008/08/12/ technology/12thefl.html. RJ Sullivan, "The Changing Nature of U.s. Card Payment Fraud: Industry and Public Policy Options", Economic Review - Federal Reserve Bank of Kansas City, Vol. 95, no. 2,2010, pp.101-110 RJ. Sullivan, "The Benefits of Collecting and Reporting Payment Fraud Statistics for the United States," Payment System Research Briefing, Federal Reserve Bank of Kansas City, October 2009. United States v. Laljie, 184 F.3d 180, 189 (2d Cir. 1999) L Valentine, "Surging Debit Card Fraud Will Take Broad Effort to Stem," ABA Banking Journal, Vol. 98, no. 11, 2006, pp. 7-12. Williams v. United States 458 U.S. 279 (1982) Read More