Credit Card or Bank Transaction: Somebody Watches
Think Twice Before You Swipe That Card, Because Everything Is Being Tracked
By SCOTT MAYEROWITZ
ABC NEWS Business Unit
March 14, 2008
Every time you swipe your credit card, take cash out of an ATM or transfer money into your bank account, a sophisticated network of computers is keeping track.
The fraud detection systems â€” which security experts say vary widely â€” want to know: Are you trying to launder money or has somebody stolen your credit card or ATM card and making purchases?
Some data is kept by the banks and credit card companies and other information is passed on to the federal government.
"People aren't really aware of the fact that transactions that they make with financial institutions are being monitored," said Paul Stephens, director of policy and advocacy form the Privacy Rights Clearinghouse. "Hundreds of thousands of innocent people are having their everyday banking transactions forwarded to the federal government."
Eliot Spitzer, who will step down as New York's governor on Monday, learned that lesson the hard way. The former prosecutor was allegedly making wire transactions to a shell corporation that was a front for a high-end call girl service. His bank apparently found the transactions suspicious and notified federal authorities, starting the investigation.
Since April 1996, banks, casino and other institutions that handle large amounts of cash have been requested to file reports to the government any time they notice a transaction that doesn't seem right. These Suspicious Activity Reports, or SARs, go to a unit of the Treasury Department, known as the Financial Crimes Enforcement Network.
In 2006, 1.08 million such reports were filed, up from 920,000 the year before and 690,000 in 2004, according to a report from the Treasury Department.
Stephens is concerned because banks can essentially report whatever they want to the federal government.
"The banks are given a great amount of leeway in making a determination as to what constitutes 'suspicious,'" Stephens said.
But these reports are just one small part of the mountain of financial data collected on Americans each day.
Avivah Litan, a fraud detection analyst with Gartner, which is a technology consulting and services firm, noted that the reports are just what is required by law.
"Some banks go well beyond that because they are worried about fraud," Litan said. "Not all of them do. But some of them do. It really ranges."
She noted that there was a large spike in these reports after 9/11 and that subsequent legislation required more reporting.
There is also an additional level of scrutiny given to so-called politically exposed persons, who are defined as current or former foreign political figures, their family and associates.
"Those are usually foreign dictators," Litan said, "not New York Democrats"
But sometimes banks choose to give extra scrutiny to American political figures.
Some banks have better systems because they have been hurt by fraud. For instance, Litan said, Bank of America has a sophisticated fraud prevention system just because of its size and therefore likelihood to be a target. Citibank, Morgan Stanley and Goldman Sachs have also all spent a lot of time on money laundering and fraud, she said.
But what about other transactions, say that $30 meal placed on your credit card or the $200 taken out of the local ATM?
Those are tracked more than any other kind of transaction. The reason? The banks have the most to lose.
"They have poured a lot of money into credit card fraud detection because fraud was so rampant back in the 80s," Litan said. "It was 10 to 15 times higher than it is now. The banks ate that fraud. So the only way they could afford to push out new cards was if they had better credit card detection systems."
It's a different story from the banking world where most of the systems there are set up to go after money laundering. The banks don't have their assets directly on the line.
With credit cards, Litan said, the systems set up a profile of each customer's spending habits. If you divert from that, an alert is then sent out.
If thieves steal a group of credit card numbers off a database somewhere and make fake copies, one of the first places they test them is at a gas station, Litan said. Once the card works, they will immediately go and make a big purchase elsewhere. So the computers automatically raise a question if a $10 gas station purchase is immediately followed by $20,000 at a jewelry store.
Other common alerts include somebody who has only used a credit card in Iowa for 15 years and now is using it in Ukraine, or somebody who has transactions in California and New York seconds apart.
"The technology is never the issue," Litan said. "There are lots of technologies to track every single thing everyone's doing. But most banks haven't spent the money on it."