width= eBook: Securing Linux Systems for the Enterprise. Protect Your System From Online Intruders. Get It Now!

Images Events Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
Search EarthWeb Network

Be a Commerce Partner
Promotional Products
Promotional Gifts
Phone Systems
2nd Mortgage
PDA Phones & Cases
Domain Registration
Register Domain Name
Web Hosting
Auto Insurance Quote
Compare Prices
Desktop Computers

IT Management : Columns : Executive Tech: Credit Card Expiration Dates Are Obsolete

Symantec Data Management Solutions
Secure Remote Control for IT Support Organizations
Remote control software is a cost-effective way of providing remote support. Some are concerned that this exposes PCs or the network to unauthorized use. This paper examines how these products provide a cost-effective help desk tool and defines security requirements.
Register Now to Download.
Break Through the Dissimilar Hardware Restore Challenge
Need to minimize downtime for critical IT services by recovering entire systems to dissimilar hardware or virtual environments? Learn how the Symantec Backup Exec System Recovery can help.
Register Now to Download.
Continuous Data Protection for Better Backup
Backing up mission-critical data can become a burden to IT because data volumes are growing at 40-50% each year. Improve overall data protection without a costly solution that weighs down IT. Learn more.
Register Now to Download.
Optimizing Performance of the Continuous Protection Server
The stress points that continuous data protection places on system architectures are different from traditional backup and recovery technologies. Learn how one customer characterizes these points and quantifies best practices.
Register Now to Download.
Webcast: Best Practices for Protecting Microsoft Exchange with Backup Exec
Learn how to manage your applications in an efficient manner for faster restores and minimized impact on business productivity.
Register Now to Watch.

Related Articles
Can You Prove Your E-Mail Isn't Spam?
Sender ID, DomainKeys Are Hammering Spam
How Good is Goodmail, Really?
Designer Says Vista Font is Original
- ITSMWatch Newsletter -
IT Focus
Coping With Compliance

Sarbanes-Oxley and other reporting requirements have greatly complicated the jobs of many IT professionals. These articles include advice, information and tips for effectively managing your compliance efforts.

Looking for the Silver Lining

Compliance Threatened by Archive Failures

10 Tips for Managing 404 Compliance

Sharing the Burden of Compliance

Corporate Compliance Regulations and Standards

Product Watch
Log Management Service - Application Level Event Log Monitoring Service
MegaRAID - PCI Adapters Offer RAID Capabilities
Digipass - Token Based Authentication Platform
BI Documenter - SQL Documentation Tool
Senforce Endpoint Security Suite - Create and Enforce Security Policies on Endpoint Devices

more products >>

Datamation Definitions
data mining
grid computing
network appliance
FREE Tech Newsletters

IBM Backup and Recovery You need a backup and recovery system that performs in the background, so you donít have to stop while itís doing its work. IBM System Storage has a solution. Learn more.

Credit Card Expiration Dates Are Obsolete
May 22, 2006
By Brian Livingston

Brian Livingston Most consumers think their credit card expiration dates -- the month and year in which their cards are supposed to be renewed -- are a sacrosant security feature, without which a business can't process a payment.

In fact, big players in the U.S. consumer-sales industry have developed informal agreements with credit-card issuers that allow charges to be made to consumers' credit cards without specifying the expiry month and year. This procedure works even after an individual's card has expired and been re-issued with a new expiration date.

Most surprisingly, this end run around expiration dates is little known by most businesses. The procedure is so new it isn't written down anywhere in credit-card regulations. The process exists only as an understanding between card issuers and a few companies that know how the system works.

Why Expiration Dates No Longer Matter

Is the ability to charge credit cards without an expiration date a security risk for consumers? After investigating the new, informal procedures, I believe it is not.

Many consumers genuinely want to use "recurring billing" -- an automatic credit-card charge to pay for a utility or some other service. The ability of an individual to pay for a service automatically can be desirable, ensuring continuity of service.

For businesses that accept credit cards for ongoing services, the new, looser regulations can make a big difference in the percentage of billings that are actually collected.

In fact, it appears that giant Internet service providers and other sources of online content took the initiative, cajoling credit-card issuers into the new procedures. Since more transactions succeed when expiration dates aren't required, the issuers make more money, too.

Pressure Builds to Ignore Expiration Dates

The growth in recurring credit-card charges, and the difficulties in collecting payments from cards that periodically change their expiry dates, were forces behind the new procedures. Paul Larsen, a payments and operations consultant in Fishkill, N.Y., provided me with the following examples of the problem:

Credit-card breakage. About 40 percent of the recurring credit-card charges handled by Larsen's 35-odd business clients in 2004 were being declined within a 12-month period. This "breakage" was largely due to cards passing their expiration date or having new numbers issued because of bank mergers or identity-theft concerns. The figure was up from approximately 15 percent breakage in 1996.

Ever-changing card numbers. Bank mergers and acquisitions, which can result in millions of consumers being given new card numbers, potentially affected about 50 million credit-card accounts in 2004. All of these accounts were not given new card numbers, of course. But the scale of the potential change was far higher than in earlier years. Only 10 million accounts were affected by M&A in 2001, for example.

Maxed-out consumers. Recurring charges can also fail because an individual has exceeded the credit limit on a particular card. About 30 percent to 40 percent of credit-card holders in the U.S. are within 5 percent of their credit limit at any given time, according to an article by Steve Mott, a former MasterCard executive, in Digital Transactions, a credit industry publication. But a charge that fails on one day may succeed if resubmitted a few days later.

Need for stability. Payments made via recurring credit-card charges grew an estimated 33 percent in 2005. As more and more companies take advantage of the predictability of recurring charges, pressure built for a way to ensure these charges continue whether or not a card's expiration date had come and gone.

All of these factors resulted in a procedure that is now accepted in the U.S. by Visa, MasterCard, American Express, and other credit-card issuers. The process isn't yet being widely honored in Europe -- but the American experience may be a forerunner of looser procedures to come on the continent, as well.

"You'll not find anything in writing officially regarding no-expiration-date policies," Larsen tells me. "The card-not-present recurring industry's best practices are at least two years ahead of the written rules."

A Blank Expiry Date Works Like a Real One

An example of the effectiveness of the new method was provided by ConsumerLab.com, a provider of health-care ratings, in a presentation at the 6th annual Internet Content Summit in New York City on May 9. The summit is sponsored each year by MarketingSherpa.com, a research firm for the marketing industry. (Full disclosure: I received an unrelated award at this summit.)

In the presentation, Tod Cooperman, president of ConsumerLab and a Larsen client, explained the benefits of ignoring credit-card expiration dates:

Loss rates were high. ConsumerLab has approximately 25,000 paying subscribers to its ongoing series of health-care product reviews. These payments are dependent on recurring credit-card charges that the subscribers agree can take place every 12 months. In 2004, however, only 40 percent of ConsumerLab's annual credit-card renewal payments were going through, leading to a high loss rate of subscribers.

Adding the "recurring flag." For cards that had been declined, the firm started omitting the expiration dates and running the charges again. This time, a "recurring flag" was set in the transaction data. This flag is a byte indicating that the consumer authorized the charge to continue indefinitely. ConsumerLab also used "account updater" services. These services are provided by credit-card issuers to advise merchants of account-number changes due to M&A and similar activity.

Dramatic increase in auto-renewals. This procedure now results in the company successfully auto-renewing about 65 percent of its subscribers for an additional year of service. This is an improvement of approximately 60 percent over the previous year's auto-renew rate. In combination with other improvements, ConsumerLab expects to achieve an 80 percent overall renewal rate, which is extremely high for any kind of consumer subscription service.

Cooperman estimates that, had his company used the new procedures when its subscription service began in 2001, it would enjoy double the number of paying subscribers it has today. A dramatically smaller number of subscribers would have been lost.

The Internet Content Summit attracted about 300 savvy marketers from big names in consumer subscriptions, such as Reuters.com and Match.com. But the majority of attendees I interviewed after ConsumerLabs' presentation said they knew little or nothing about the new credit-card procedures that had just been described.

Using Recurring Credit-Card Charges in Your Business

If consumers are properly informed of the terms -- and give their full consent to recurring credit-card charges -- auto-renewal methods can benefit both the individuals and the businesses involved. Since credit-card issuers have a great deal to gain from these auto-renewal arrangement, promotions of the recurring-charge concept can be found on the Web sites of Visa, MasterCard, and American Express, among others.

But the secret of getting these auto-payments to be honored -- even when a customers' expiration date or primary account number has changed -- has eluded most businesses that have tried recurring billing. Until the "recurring flag" is better documented, many legitimate companies will remain in the dark and be disappointed in the reliability of auto-renew methods.

Some additional information on the procedure is available in a presentation involving Visa, MasterCard, and American Express speakers, moderated by Larsen, at the 2005 Direct Response Forum, a marketing industry gathering. Visit the organization's 2005 conference page, select "Recurring Billing Panel Discussion" from the Outline and Presentations lists, and download the two relevant PDF files shown there.

Brian Livingston is the editor of WindowsSecrets.com and the coauthor of "Windows Me Secrets" and nine other books. Send story ideas to him via his contact page. To subscribe free and receive Executive Tech via e-mail, visit our signup page.

Executive Tech Archives

JupiterWeb networks:


Search JupiterWeb:

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Newsletters | Tech Jobs | E-mail Offers