Credit account fraud costs companies millions of dollars per year. Additionally, companies spend large amounts of time and money trying to reduce credit account fraud. Many transactions involving credit accounts and credit cards occur via the Internet every day. Establishing the identity of the person using a credit card or credit account via the Internet is nearly impossible.
Currently, in the credit card industry there are several ways to help merchants verify that credit card information is actually coming from the cardholder and not a person trying to commit fraud. Unfortunately, none has proven to be effective all of the time.
One method is ZIP code verification. This process occurs when either a website prompts a cardholder to enter their billing ZIP code when completing a purchase form or when an operator verbally requests this information during a telephone transaction. When an order is placed, a match or no match is given based on whether or not the accurate ZIP code information was given.
Another fraud prevention method is additional number verification. Credit card issuers are now including extra digits on cards that are only visible to someone physically holding a card. These numbers usually appear on the front or back of a card. The idea behind this security measure is that only the person holding the card would have access to these numbers. For example, if a thief stole a credit card receipt it could contain the account number and the expiration date, but would not have these extra digits.
The problem with these verification methods is they are not fool proof in preventing fraud in the case where someone has physically stolen the card, piece of mail, or a company's internal database.
Similar problems exist for controlling access to usage of physical/informational resources, and access of secured areas.