Pragmatic Security: the history of the Visa card

BankAmericard welcome signI’ve been looking at the evolution of electronic funds transfer (EFT) and payment systems recently. My research uncovered a gem: about two years ago, David Stearns completed a dissertation that looks at the early evolution of the Visa card (originally “Bank Americard”) in the context of other evolving electronic payment systems. Stearns’ work is both readable and filled with interesting information.

What I find most fascinating is that the card systems followed the same security trajectory as cell phones. The first cards, like the early analog cell phones, were  vulnerable to fraud. In fact, the cards were absurdly vulnerable to fraud.

However, the promoters believed that the long term benefits of electronic cash were worth the risks. They also assumed without evidence that they could fix the fraud problems eventually.

Stearns’ story introduces Dee Hock, who was deploying Bank Americard at a Seattle bank in the late 1960s. The card program collapsed into chaos in 1968, as bank participants took advantages of lax settlement rules. Hock single-handedly rebuilt the card program into an independent cooperative, completely separate from the Bank of America. Hock developed Visa as an alternative to cash and to paper checks, and not simply as a “revolving credit card.”

My first ATM card carried a BankAmericard logo – it incorporated a credit card with ATM operations on my bank account.

Thresholds of Indifference and Authorization Delays

Stearns uses an interesting term: thresholds of indifference. This captures the fact that participants could tolerate certain levels of trouble and inconvenience. For example, the cards have always provided some form of real-time authorization for high-value transactions.

In the earliest days, “real time” could stretch to an hour as service reps would dig through printouts of customer accounts to make authorization decisions. This led merchants to ignore or misuse authorizations. For example, some would simply reuse the same authorization code on multiple transactions. The initial back-end systems were so badly implemented that they could not reconcile the codes with the transactions.

As newer systems automated the authorization process, response times fell to under a minute, which was acceptable back then for higher-value transactions. Transaction processing also started to reconcile authorization codes with individual sales, which allowed the processor to reject invalid authorizations on fraudulent transactions.

In practice, some card systems could handle authorizations faster than others, but incremental improvements didn’t matter as long as things remained within the customers’ threshold of indifference.


Arguably there was also a threshold of indifference for fraud. Initially, member banks blanketed their customer base with unsolicited cards. This fed fraud to some extent: some customers themselves exploited the new cards, while others systematically stole cards from mailboxes and perpetrated large-scale fraud. In the early days, fraud often involved merchants who systematically produced bogus transactions low enough to avoid authorization.

Initially, there were two mechanisms to prevent fraud:

  1. The authorization process – if the transaction’s dollar amount exceeded a “floor limit,” then the transaction had to be authorized. The issuing bank did not have to honor unauthorized transactions that exceeded the floor.
  2. The bad card process – if the issuer had reported a card as canceled, or if it had expired, the issuer did not have to honor transactions on that card. The card system reported bad card numbers to merchants on a regular basis; once a number appeared in the list, merchants couldn’t submit purchases involving that card.

At the time, credit cards were one of the few ways a bank could attract new customers. As such, banks tolerated a good deal of fraud and uncertainty about their card programs. In the early days, some banks took months to clear transactions, so it could take months to detect and report a fraudulent card. Meanwhile, merchants would continue to honor that card and, complying with their agreements, the card issuer had to honor all transactions on that card, bogus or not.


In fact, many of these card programs yielded losses in early years, but rapidly turned profitable on the strength of interest payments on outstanding balances. At the time, many writers in business publications reported on the fraud problems and repeated stories on how the card programs yielded large losses.

In fact, many banks were making a profit. They didn’t advertise this fact because they didn’t want other banks to offer cards and compete. This produced an interesting strain between the bank attracting customers (convenient cards that replace cash) and appearing irresponsible (running a fraud-riddled card operation that loses money).

So, fraud falls below the threshold of indifference and simply becomes a cost of doing business.


In 1970, the US Congress passed a law regulating credit cards. The law set the limit on customer liability for card fraud to today’s $50 amount. The law also forbade anyone from issuing unsolicited cards.