If you are a credit cardholder, surely one of your main concerns is the security of your credit card transactions. Credit card fraud is a very real and very common threat that has victimized many a cardholder. Nobody wants to be victimized by a seemingly random crime that has the effect of stealing your credit identity and charging you with the purchases of someone else.
Security wise, credit card transactions in the United States needs a lot of work, security experts say. The existing setup for credit card transactions are optimized for speed and convenience, not security. These are, after all the major requirements that credit card companies and merchants need to meet the demands of credit card purchases. While credit card companies are implementing security checks, they are not as robust as security experts would expect them to be.
As serious a risk as credit card fraud is, you would expect there to be tighter measures to keep it in check. Currently, the U.S. sees more than 50 billion credit card transactions per year, a major security risk. Surprisingly, the government has left it to the credit card companies themselves to design the proper security rules to keep these transactions secure.
In 2006, American Express, Discover, JCB International, Mastercard and Visa created the Payment Card Industry Security Standards Council. Through this, they created a uniform set of security rules for credit card transactions applicable to merchants. The result was the PCI standard which still exists today as the standard for security that every merchant doing credit card transactions must attain.
According to Avivah Litan, an analyst from Gartner Inc., security upgrades for PCI compliance have cost retailers and other involved payment processors around $2 billion. PCI compliance has also gained widespread acceptance with 93% of the major U.S. retailers and 88% of medium retailers having PCI compliance.
Unfortunately, many security experts have found that the PCI compliance standards are too lenient and does not really reflect the actual security risks involved. Furthermore, PCI compliance audits are known to be inconsistent. Certification courses are also merely cursory and can take as short as a weekend. Bigger retailers can also provide PCI compliance evidence by themselves which makes the process open to major mistakes and fraudulent evidence. Also, retailers having less than 6 million annual transactions are allowed to do evaluations on themselves. These comprise around 99% of all retailers.
All of this means that whenever you use your credit card transaction, you are basically gambling against the odds that the merchant your are using has secured the transaction for you. As long as credit card transaction remains this lax, you probably should consider cash payments as your primary payment option.