It is true that the very convenience of credit cards is what makes them so susceptible to theft and fraud. A large underground market in stolen card numbers has cropped up in recent years.

These numbers may be stolen by hackers penetrating large corporate databases, or by large retailer cashiers selling them to crooks. More recently, enterprising hackers have written computer programs to rapidly generate 16-digit numbers (the length used by both Visa and MasterCard) and test them to weed out nonsense strings from actual, valid card numbers, giving life to a new generation of fraud more sophisticated than ever before possible.

Credit card companies are aware that the inherent insecurity of credit card transactions makes it impossible to completely wipe out fraud. Rather, they focus on reducing the impact of fraud to “manageable levels,” by balancing the high costs of fraud prevention and fraud reduction.

Online merchants may prominently tout their “secure” servers meant to facilitate safe remote purchases using credit card information, but poor implementation by these retailers is the cause of much fraud. Supposedly safe merchants may use SSL encryption in actually obtaining card information, but then e-mail these numbers to human workers to process the sale, opening the information to thievery. However, the advent of ClearCommerce, a new and improved system, allows encrypted information to be transmitted directly from the merchant to the payment processor, eliminating the human middleman, and subsequently, the opportunity for tampering.

The FBI is in charge of handling most cases of credit card fraud in the United States, though they are not currently outfitted to pursue all offenders. For one, they generally only deal in cases where the loss to fraud is over $5,000. Plus, they don’t investigate the security gaps in credit card companies’ networks that lead to loss in the first place.

Three security measures that have been implemented in response to the overwhelming incidence of credit card fraud are: tamper resistant “smart cards” that make forgery harder on crooks, the use of 4-digit PIN numbers known only to the consumer, and the inclusion of 3- or 4-digit CRV verification numbers on the physical back of cards for transactions where the actual card is not swiped.