Over the past few years, my credit card number has been stolen 4 times. I’m very careful using my card online and don’t store the card details on many sites. I am fairly confident that the fraudulent purchases made with my card are not due to digital theft or hacking of some sort. I am almost certain that my card details were stolen by untrustworthy waitstaff.
At most restaurants, the waitstaff grabs the payment sleeve and takes your card to the register, often out of your sight. And since everyone has a camera on their person these days, it would be very easy for someone with your credit card to snap pictures of the front and back. Upon doing so, they have all but one piece of the necessary credit card information to make online purchases. With a quick and easy Google search, they will very likely get your ZIP code. Now they have everything they need and you’re now buying them whatever they want (in my case, I’ve bought people $100 worth of Sarpino’s, clothes from The Gap, and very expensive software).
Is it a huge deal to have your credit card information stolen? As a consumer, not really. Most banks and credit card companies will catch the fraudulent charges and won’t hold you accountable for them. You get a new card, a new number, deal with the feeling that you’ve been somewhat violated, and then spend weeks updating all the automatic payments that use your stolen card number. So all in all, the outcome could be far worse. While I’m glad credit cards have the policies they do and I’m not on the hook for fraudulent charges, you would think that credit card companies and banks would want to eliminate this type of fraud as much as possible. It can’t be cheap to continually excuse fraudulent purchases.
Change the Design, Prevent Fraud
How can we prevent this type of fraud? A simple design change would be very effective. If you think about it, we rarely need our credit card numbers anymore. We never need them for physical, in-store transactions. We only need them when making purchases online. Even that is getting less necessary since many online proprietors store your card information. With these scenarios in mind, do we really need our credit card information printed on the card for everyone to see (and possibly steal)? As long as we have convenient access to that information, I say no. We do not need our credit card information printed on the card. This article supports my claims.
I propose the following concept as an improved and more secure credit card design.
The main characteristics of the design are:
- All card information necessary to make an online purchase is obscured. Most of the card number isn’t available, the expiration date isn’t available, and most of the CVC number isn’t available (see Figure 1). Why not remove this information completely? For one, people need gradual change. But it also serves a purpose. We’re still going to need to be able to tell our credit cards apart. Some identifying information will still be necessary. If this design idea is adopted, we will eventually only need the last four digits of the card number for identification.
- Provide an accompanying online interface to access your credit card information. This is another key aspect of the design. If your card information isn’t printed on the card, you need access to it in some way. Banks and credit card companies will need to provide that access through their mobile and web interfaces (see figure 2 and Figure 3). Customers should be able to quickly access their card info with just a few taps or clicks.
- Provide a method for obscuring/exposing on-screen card information. Per day, even though way more people see my physical card (several) than see my logged-in bank account on-screen (zero), it’s still a good practice to not immediately expose sensitive information. Providing this is just one more tap/click, and increases security greatly.
Carrots for Customers and Card Companies
We can see why banks and credit cards companies would want to adopt this new design. Less fraud means fewer issues and fewer headaches. It probably also means more profit in some way. But as I mentioned earlier, people are slow to adapt, especially when long-held traditions or conventions are broken. So how do we get the customers on board?
Since this should save card companies money in the long run, offering customers a percentage point or few off of their interest rate only seems fair. It would drive initial adoption. And once customers have adjusted to the card design changes, this design could become the new default card. Credit card companies could then hike up interested rates on full-information cards because of the liability they carry.
One major problem not addressed above is that not everyone uses online banking. These customers would have trouble easily accessing their card information. While not ideal, they could receive their card information through snail mail and file it away for future reference. They could also opt for a full-information card and not receive the promotional deal (or, depending on where we are in the product’s maturity, they would pay a convenience fee for the full-information card).
Make it So
Is this proposed solution perfect? Not at all. It’s only going to help prevent one specific type of fraud. And as I mentioned, it may not be ideal or available to everyone. But I do think it is a worthwhile endeavor. As a customer who has fallen prey to this type of fraud, I would love this option (I currently put tape over my card information so it’s more difficult to steal). And as a user experience designer, I think this is the best solution for customers. Is it a slight inconvenience to fire up an app or get online to get your credit card number? It is, for the very few times that we need to do that. Is it a huge inconvenience to change all your payment info with many companies when your card is stolen? Obviously. Is that a more severe inconvenience than using an app to access your credit card information? I would argue a resounding yes.
Anyway, this an open-source idea. If you work for a bank and feel like this is a need, please show it to the necessary people. If you’re a customer and have had fraud issues similar to mine, write your bank and reference this article. And as always, contact me if you want to chat about it!
Also: hat tip to the person who designed the Gringotts logo I’m using in the wireframes (if you want me to credit you in this article, just let me know). And another hat tip to Chase, as I borrowed their app and web layouts to give context to my wireframes.