The low security of the credit card system presents countless opportunities for fraud. This opportunity has created a huge black market in stolen credit card numbers, which are generally used quickly before the cards are reported stolen.
The goal of the credit card companies is not to eliminate fraud, but to "reduce it to manageable levels"[5], such that the total cost of both fraud and fraud prevention is minimized [citation needed]. This implies that high-cost low-return fraud prevention measures will not be used if their cost exceeds the potential gains from fraud reduction.
Most internet fraud is done through the use of stolen credit card information which is obtained in many ways, the simplest being copying information from retailers, either online or offline. Despite efforts to improve security for remote purchases using credit cards, systems with security holes are usually the result of poor implementations of card acquisition by merchants. For example, a website that uses SSL to encrypt card numbers from a client may simply email the number from the web server to someone who manually processes the card details at a card terminal. Naturally, anywhere card details become human-readable before being processed at the acquiring bank, a security risk is created. However, many banks offer systems such as Clear Commerce, where encrypted card details captured on a merchant's web server can be sent directly to the payment processor.
Controlled Payment Numbers are another option for protecting one's credit card number: they are "alias" numbers linked to one's actual card number, generated as needed, valid for a relatively short time, with a very low limit, and typically only valid with a single merchant.
The Federal Bureau of Investigation and U.S. Postal Inspection Service are responsible for prosecuting criminals who engage in credit card fraud in the United States, but they do not have the resources to pursue all criminals. In general, federal officials only prosecute cases exceeding US $5000 in value. Three improvements to card security have been introduced to the more common credit card networks but none has proven to help reduce credit card fraud so far. First, the on-line verification system used by merchants is being enhanced to require a 4 digit Personal Identification Number (PIN) known only to the card holder. Second, the cards themselves are being replaced with similar-looking tamper-resistant smart cards which are intended to make forgery more difficult. The majority of smartcard (IC card) based credit cards comply with the EMV (Europe MasterCard Visa) standard. Third, an additional 3 or 4 digit code is now present on the back of most cards, for use in "card not present" transactions. See CVV2 for more information.
The way credit card owners pay off their balances have a tremendous effects on their credit history. All the information is collected by credit bureaus. The credit information stays on the credit report, depending on the jurisdiction and the situation, for 1, 2, 5, 7 or even 10 years after the debt is repaid.