10th Annual Credit Card Issuer Identity Safety Scorecard

Fueled by massive data breaches, credit card fraud has reached new levels of prominence in the U.S. In 2014, more than half of all fraud victims had a credit card misused, placing even greater importance on issuers’ prevention, detection, and resolution capabilities. Javelin’s 10th Annual Credit Card Issuers’ Identity Safety Scorecard analyzes the customer-facing security features of 20 of the nation’s top credit card issuers – providing timely and actionable benchmarking tailored to current and impending fraud trends. Scorecard performance highlights many areas where issuers must focus their resources to appropriately protect their cardholders, especially around crucial prevention features, which continue to suffer from low adoption.

Key questions discussed in this report:

• What customer-facing security measures do major credit card issuers offer?
• How common are the capabilities among credit card issuers?
• How do key fraud trends, such as data breaches and the U.S. transition to the EMV standard for chip cards, impact card security?
• In what security solutions and fraud mitigation controls should issuers invest to generate the most substantial fraud-reduction benefits?

Companies Mentioned: American Express, Bank of America, Barclays, BB&T, Capital One, Citibank, Citizens Bank, Commerce Bank, Discover, Fifth Third, First National Bank of Omaha, JPMorgan Chase, Navy FCU, Pentagon FCU, PNC, SunTrust, TD Bank, USAA, US Bank, Wells Fargo

Scorecard Data

For the 2015 Credit Card Issuer Scorecard, Javelin revised previous mystery shop methodology. Each participating issuer was given the opportunity to self-evaluate security measures according to the parameters of the scorecard, but without knowledge of weights assigned to either features or overall categories. Issuers who declined to participate in the self-evaluation were evaluated according to traditional mystery shopping methodology during November 2015. Only features that were implemented at the time of evaluation were considered for the scorecard. This included the top 18 MasterCard and Visa credit card issuers as ranked by the number of cards outstanding according to the Nilson Report, as well as two other issuers with significant cards outstanding: American Express and Discover. Issuers that offer only store-branded cards or have issued a lower number of network cards were not included in the scorecard.

As part of the self-evaluation process, issuers were assured anonymity on specific line-item responses. Consequently, only aggregated figures for feature adoption are released in this year’s scorecard. For each of the category rank tables, only the scores of the five highest ranked issuers are made public. Issuers ranked six and below are grouped according to their quartile (6-10, 11-15, 16-20) with the average score for each group listed. In the case of ties and within each quartile, issuers in each group are listed alphabetically.

The criteria evaluated were categorized according to Javelin’s Prevention, Detection, and Resolution Model. Criteria were weighted differently in order to emphasize Javelin’s affirmation of the importance of particular features. Prevention is the most heavily weighted category, accounting for 49 of 98 potential points, followed by detection (32 points) and resolution (17 points). Issuer scores were totaled for each category, revealing the highest-scoring issuers for each group. The categories were then aggregated for each issuer to reveal the top scorers overall.

Because scores are based on consumer-facing security measures, the scope of this report assesses the information that is available to potential enrollees at each issuer. The criteria used to evaluate these security measures are not intended to encompass all consumer-facing security measures, nor does Javelin claim to evaluate issuers’ back-end security practices in this report. Given that the issuers surveyed changed from the past year and that the criteria used to evaluate issuers tighten each year, direct year-to-year comparisons cannot be made. However, general trends in issuers’ security adoption can be discerned even though the data is not fully longitudinal.

Cards were chosen based on general accessibility. Preferred customer cards, secured cards, and affinity cards intended to accrue rewards toward a specific merchant or organization were not included in the scope of this report.

Consumer Data

This report also incorporated consumer data gathered in the following survey for which data was weighted to reflect a representative sample of the general U.S. population.

• A random-sample panel of 5,000 respondents to an October 2014 online survey. The margin of sampling error was ±1.39 percentage points at the 95% confidence level. The margin of sampling error is higher for questions answered by subsegments.