No, I'd still report it missing because I would assume it would be possible to crack even though it appears secure to me. I don't know enough about encryption to say how likely, but of course I'd still report it. The point is that unless the thief has my code as well, there are no charges to wonder who's liable about. Your answer seems to suggest that you'd prefer the current method where some of your money gets stolen but it's OK because the CC company picks up the tab.