The new front on fraud? Your credit card
Welcome to one of the most crime-ridden precincts in America: The cash register.
Financial losses from credit card fraud last year soared to $11 billion, touching millions of consumers and thousands of businesses nationwide. Thefts of other kinds of confidential data also have become increasingly common, turning every trip to the store into a potential rip-off.
"Whenever a consumer uses their card at the point of sale, it's almost impossible to know whether or not the merchant they're visiting has been breached," said Al Pascual, director of fraud and security at Javelin Strategy & Research.
It can be equally difficult for merchants to determine if they've been victimized, whether mom-and-pop shops or the largest U.S. retailers.
Case in point, Target announced in January that 110 million customers had been compromised over a six-week period. Other big companies hit this year include Home Depot, Nordstrom, Michael's and Neiman Marcus.
One reason credit card and other kinds of online fraud are booming -- it's hard to get caught, especially with hackers operating abroad and using technology to mask their activities.
"There have been some successful prosecutions," Pascual said. "But to be honest with you, the people that are running the show more often than not, they're almost impossible to get."
Not that such schemes are new. Indeed, the U.S. Secret Service has been protecting consumers from credit card fraud for more than 30 years.
"We were created to protect the financial structure of the United States of America, specifically for credit card fraud, bank fraud," explained Stuart Tryon, special agent in charge of the U.S. Secret Service Criminal Investigative Division (CID).
"We try to stop and arrest the organizers, those that are hacking into networks, and then who are vending the data," he said.
What has changed, not surprisingly given the explosion in e-commerce and mobile business, is the identity of the bad guys.
The Secret Service's main targets today are cyber thieves who are selling your data, known as dumps, in online forums serving as a cyber clearinghouse for data and tools for hackers.
"We look at the hierarchy. We look at the organizers. We're going after the high-level, the well-skilled individual, the organizers of these groups. We're not necessarily investigating every network intrusion," Tryon said,
Since 2010, the CID has made over 5,900 arrests of cybercriminals, stopping over a billion dollars' worth of fraud.
How they make these arrests remains under wraps.
For example, this July, a Secret Service investigation led to arrest of a Russian national, Roman Seleznev, in Guam.
The feds allege that he hacked into point-of-sale systems at retailers throughout the U.S., stealing the data for 2 million credit cards.
"Well, in this last year, we've been successful in extraditing quite a few. There are some very successful prosecutions," Tryon said. "For the last 10 years, we've averaged at least one to two extraditions a year on these high-level computer hackers."
Other measures could help deter data thefts.
In 2015, U.S. card issuers will begin to convert from outdated, unencrypted magnetic-stripe cards you use today to much safer chip-and-pin cards.
Smelling a business opportunity, the world's most innovative companies are also now training their expertise on ways to deter card fraud. Many experts think Apple's vaunted new digital payment system, Apple Pay, may give consumers another layer of protection.
"Apple Pay is probably worlds safer than what we currently carry in our wallet today," Javelin's Pascual said. "You pull the phone out, your finger is on the touch ID, and the merchant and issuer, everyone knows that you are legitimate when you're doing that. So that means protecting the data."
Of course, criminals will follow the money to where you shop, and more Americans are shopping online everyday.
Javelin Strategy & Research says e-commerce fraud will be four times as large as today's top fraud target, credit cards.
"That problem is going to dwarf fraud at the point-of-sale," Pascual predicted.
Major e-commerce players are beefing up their defenses.
"Paypal has been around for a long time. They have good controls in place, which means that they're going to notice odd or suspicious transactions -- probably far faster than most other folks in the ecosystem," Pascual said. "Amazon does an amazing job of knowing their customer and having really tight controls around the use of cards and being certain that the user of the card is the owner. They're worlds ahead."
--With reporting from Rich Brenner