Slashdot Mirror
AT&T To Use Phone Geolocation To Prevent Credit Card Fraud
jfruh (300774) writes "Imagine you've spent years making credit card purchases in your home state of California, and suddenly a bunch of charges appear the card in Russia. Your bank might move to shut the card down for suspected fraud, which would be great if your account number had been stolen by hackers — but really irritating if you were on vacation in Moscow. AT&T is proposing a service that would allow customers to let their bank track their movements via their cell phone, to confirm that you (or at least your phone) and your credit card are in the same place."
A lot of people don't travel with their phones to foreign countries because it's too damn expensive.
Or call your credit card company before you leave and say you will be traveling in country X on these days.
How about they just require a live video feed from our phones to confirm every transaction?
What if, sitting in my chair in Kansas City MO, surfing happily over my Google Fiber connection, I decided to order an authentic Vladimir Putin Rocks! t-shirt from Moscow? Would it get rejected?
I don't ever travel overseas. I would much prefer the ability to put a restriction on my credit card to U.S. purchases only without confirmation. I suspect that would solve 90+% of the problems.
Uhhmmm, there are lot's of times that you and your credit card and your phone are in one place and you use your credit card to make a transaction in another place (online, automated, phone, etc), so how exactly is this supposed to work?
Everybody has a website these days. Just let us pick the regions where we will allow transactions to take place. If we are going on vacation, we can light up Russia or Antartica. Then we can turn it off again as soon as we get back. Seems like it would take very little effort on their part to setup.
You're screwed if you break your phone and then go to the store to buy a replacement.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Now I can't buy anything
Way too easy for them to put everything together.
A lot of people don't travel with their phones to foreign countries because it's too damn expensive.
AT&T lets you turn international roaming on and off on a monthly basis. Last time I traveled I turned it on for one month.
It may not be as cost effective as getting a local phone or sim but its pretty damn convenient, especially if not using many minutes or MB when traveling. At least for a business trip I made to Europe a few years ago.
This is for the banks and only the banks. Since most offer some sort of fraud protection, this protects them from loss. I get it but I am unwilling to let my phone company connect with my credit card bank for any reason. It's a tenuous relationship as it is with me and vendor advertising partnerships. I can't imagine what fine print would be part of that privacy agreement.
.. what could possibly go wrong?
In Soviet Russia, credit card charge YOU!
Get free satoshi (Bitcoin) and Dogecoins
but what if I am in an underground shopping mall or a building with lots of metal and reinforced concrete? oh wait, maybe the phone will connect to a public wifi hotspot.. I guess the bank or credit card company could call your cell phone to verify the purchase but what if there is no hotspot around like in the middle of a rural place in the U.S.A. I think there are some places that don't have 2G let alone 3G cell phone coverage.
Maybe your credit was.....frozen....at the time.
Sorry bout that, couldn't resist.
I don't have AT&T you insensitive clods!
Soon AT&T will be selling your location to anyone else with money.
BOA did this to me a few years ago.. I'd make some purchases before traveling abroad only to have my card shut off when I was in Ukraine.. You have to warn them of your travel plans, as there is a very real chance you will be cut off from your funds. This happened to my wife, and it happened to me. It pays to call customer service. BOA has been pretty draconian to us in the past.. It once even shut off my card because I bought too much food at my local supermarket.. Card service providers mentioned that it was above my normal trend for supermarket purchases ( I have excellent credit, and am not sure why they were so skittish; I have no history of fraudulent transactions) ... We had a screaming infant with us at the time, and had to call customer service with a large basket of food we couldn't walk out with, who would have otherwise been fine if we didn't have to wait so long on the phone..
These days I'm careful to carry around more than one credit card in case I run into a similar issue..
Why does AT&T have to 'track you' couldn't they just send you a text that says, 'open our app to verify your location for 10 seconds?' Talk about overkill.
If AT&T creates an interface to let third parties track a cell phone how can we be sure AT&T won't start offering that interface to everyone? Imagine getting a text about some great sale at the store just around the corner, and every other store within 1 mile, or getting put on some watch list because you attended (or were just near) a demonstration.
I would be willing to bet that AT&T already has the tracking interface software ready, Hells, the NSA has likely been using it for years. This announcement to "help consumers avoid credit fraud" is just make real-time tracking of individuals sound like it is a "Good Thing" (TM).
What was that line about the camel's nose? Once you let it in the tent the rest of the camel will follow.
If your worried about your bank freezing your card while abroad all you have to do is let your bank know before you leave that your going to be in such and such between this and this date. been doing that my entire life and never had problems.
Shopping on the Internet is quick and convenient, and international. Using a credit card, charges appear as if you had made a purchase from wherever their merchant account lists as their address. In general, your location (as provided by your IP address) is not taken into account. This has already caused me problems with an overzealous bank that doesn't believe I would be shopping in Germany or Japan. Now if they can see that I'm obviously still in the US (via my cellphone), well then.
He effected a bored affect.
I mean, why not voluntarily hand over more info to a company who clearly respects our privacy?
If someone steals your credit card, you're liable up to $50. The bank is responsible for the rest-- and they don't put in place potential security systems standard in other countries.
So yeah, nothing says "privacy dream team" like ATT+the banking system.
ATT asking for your personal private information would do more to protect the bank's bottom line- not to protect you.
This seems really dumb to me. Having your bank track your whereabouts seems like a bad trade-off. How about we just fix the credit card system instead?
Like how about we use a private key encryption scheme instead of a credit card number in order to pay? If you want to have cell phones involved, they would make an easy method of storing and accessing the key, providing a digital signature when needed. Doing that would actually provide a huge improvement in security, and do so without having my bank constantly tracking my whereabouts.
not us. Sorry CC companies, guess you will have to keep up proper diligence.
Good-bye
If they're going to track your cel phone, that means they're assuming you have your cel phone on you. So why not send the authorization code to your cel phone and let you give it to the merchant? That way it doesn't matter if the card's stolen, the merchant can't get an auth code if you aren't present with your phone. Or better yet, have an app that'll let you punch in the merchant's ID and transaction number and initiate the payment from your end, rather than having the merchant handle your card? That makes stealing the card pointless, because just having the card isn't enough to let you make a charge.
All the carriers will be doing this soon. Your cell phone will eventually replace your credit cards (the industry is just waiting on Apple to put a NFC in the iPhone, and Apple is just trying to figure out how to charge the CC industry for the privilege :P ).
This is basically the beginning of the end of Credit Card fraud. For all we love to romanticize hacker thiefs the reality is that in 10 years big data + cheap powerful handheld computers + geolocation will make it damn near impossible to commit. The only thing holding it back was that it was cheaper to let the fraud happen. With computing power getting cheaper and more common place that's not true anymore.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
nothing in TFA (or the ATT page it links to) say this is **international only**
I did note this in TFA however...
this is tracking your phone, all the time, and letting your credit card company access the data
I see this as using fraud to justify spying on you
Thank you Dave Raggett
We are sold this myth in the US that we have free markets when the truth is the opposite. We have oligarchies - businesses that have convinced our legislatures that in the "public good", they need to have legislated closed markets.
Whenever a business complains about Government regulations, they are full of shit. Or they don't like them when it harms them but love it when it keeps out competitors.
I have never understood this problem. Let me opt in and out of purchases outside my country... or even my state. The code would be trivial. Let me log into my CC admin page and check off where I can use the card. It's that simple.
and $15-$20 a meg data roaming will kill that idea
... to just tell your bank you're going abroad, they send you a confirmation letter with a code, you then phone the bank with the code, to confirm you received it, and requested they prepare for you to be using your card abroad? It isn't rocket science, is it...
The time is coming where one's purchases will affect one's insurance premiums, overal suitability for certain purcahses, credit ratings, etc. No, thank you. I'll continue to do my best to stay under the radar of the capitalist theives.
What do you mean coming?
Its been that way for a long time.
hey, this sounds really cool. can I try out your Netherlands internet guy setup? just leave the ip address and login info here. thx
Seriously, why are we still stuck with the idea of credit card numbers? Ie, give some a number and date and they can draw money from it. It's ridiculous. Each transaction should have a unique id, with a set amount, that can only be used once. This is one of the things I really like about Bitcoin.
Are incoming messages expensive too?
In EU, incoming SMS are free wherever you are (home network or roaming).
Us european tend to keep an older phone around. Swap your *home* SIM card into the old phone and put whatever you use when abroad (SIM with plan in target country, prepaid SIM for target country, or just some random sim that is cheap while roaming like XX-Sim).
We're still reachable on the usual number (can get message for free, can also acept calls but that has roaming charges), and have the travelling option on the main phone.
The Banks I've seen simply contact you instead of relying on complex tracking (you receive an SMS: "your credit card has been used in an usual place. Please contact us"). Just call the bank back and either authorise the payment or announce a stolen card/number.
Other banks alternatively use a side-channel confirmation (3DSecure, for example) while shopping online.
It has the advantage of being less invasive and not require an active collaboration of Phone provider. (you only confirm when a flag is raised, you don't need the bank and the phone provider continuously monitoring you).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
I'm on vacation right now (Israel). I come here often to visit my family and I found out that renting a car here trips up their fraud detection and my card gets deactivated. So before I go I call and give them the dates by using a little known feature of today's smart phones: Making phone calls!
and $15-$20 a meg data roaming will kill that idea
so buy a local sim card for ~$5 a gig! Oh yeah...I forgot you guys need to get permission from mommy mobile to swap sims
A lot of people are starting to put their money in bitcoin so they can actually have some control over it for once.
As a way to do fast person-to-person transaction, bitcoin protocole (and other crypto-coins) is a good idea (it's like cash transaction, but over the internet, although a bit slower. Or for EUropeans: it's like SEPA, direct payment without an intermediate, except that it's a bit faster).
But please, unless you're a gambler DO NOT store money as BTC (nor any other crypto-currency): its value fluctuate too much (1 BTC is 500$, perhaps 10$ tomorrow or 1000$ the day after tomorrow) , also if you rely on an on-line service ("web wallet") rather than your own bitcoin-protocol client ("wallet" software) there are risks out of your control (think about MtGox and similar scandals).
Otherwise cryptocoin protocols are really interesting, by making an intermediate un-necessary. (There's no "bitcoin company" handling the actual transaction, unlike Visa/Mastercard), and complete freedom of choice for each end-point of the transaction (both the merchant and the client can use any wallet software, exchange platform, payment processor, etc. as long as both end-point follow the bitcoin protocol. Just like any of them could be using any european bank for an online payment as long as both banks support SEPA)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Tried that. They still blocked the card after my first transaction abroad.
Then tell them to go fuck themselves and switch to another bank.
Mine (europe) not only support that, but its directly accessible from the e-banking web interface, so you can do it at any time conveniently and quickly.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
A text whenever your credit card was used saying "Card with number ending in xxxx was used in location yyyy, if this was a fraudulent charge reply to this text" would work just as well without the privacy issue of tracking locations.
As currently done by several other banks.
(I'm in europe)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Fuck you "Troll" moderator. You don't know english either?
I'm not sure how that would help, then, given that most people in the US are using US carriers that would totally not work outside of North America... and most of the rest are still using a US carrier, that would absolutely ream them a new one in roaming charges (i.e. AT&T - which I suppose is why it's AT&T who wants to implement this, so they can trick people into letting them get reamed with roaming charges?)
My old smart phone holster wore out recently, so I bought a new one. This one has a convenient extra pocket for credit cards and other forms of ID. It seems to me that putting your ID, credit cards, and your phone all in one conveniently stealable container might not be the brightest thing to do. All it needs is a key ring...
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Isn't this a little overboard, most credit card fraud is egregious, cash withdraws/purchases hundreds of miles from your usual stomping grounds. Simply allow an option through a website/mobile application for you to put in "safe zones" for purchases, either by location or retailer. Purchases in those zones are considered good, if one happens outside of them you get a warning. Your credit card company only needs to know where your regional whereabouts, not within a few hundred feet.
Not sure why this what modded as Troll, since "appear the card" is indeed incorrect.
Why not just have number like debit cards?? How hard would that be? Much cheaper then spying on our every move and makes a stolen CC useless.
Jack of all trades,master of none
Yep, have the same option in my ebanking interface too
(make an additional security to the "unusual pattern detected" approach).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
For the low-low price of only $750/minute, you can be sure that no foreigner will run off and buy coffee with your credit card!
1. This is why I call my bank(s) before I go to .
2. I always buy another phone in the other country and get prepaid minutes so I never worry about some insane data roaming overcharge surprise.
Is this really that hard for people to do?
- Zav - Imagine a Beowulf cluster of insensitive clods...
It's often the opposite to what's in the summary.
I've travelled in many countries, and the alarms so far were raised overwhelmingly when card transactions were made in USA.
Bank usually calls when the card has been used in USA, as card security in that country is a big fail - no PIN, just signature that nobody can check. Clerks request and pretend to check your ID for name match, but since they know nothing about non-USA IDs, any fraudulent user can show them any bit of plastic with name matching that on card. At gas pumps you are required to enter "ZIP Code" as security measure (lol), and of course none is valid for a non-USA card. Big joke overall, no wonder that card issuer wants to verify those transactions
Another example were rental car companies. When you rented car in European country, they still charged your card through their USA HQ, resulting in transaction blockage or a call from the bank to clarify fraud (card suddenly used in a country far away, known for fraud).
No.
Or they could just phone you.
The fraud prevention systems built into bank credit cards are largely to protect them, not you. More often than not a bank will refund funds that occurred from fraudulent activity (a good thing) but are overly aggressive in trying to mitigate the issue (i.e. traveling == suspected use). I've had my card shutdown *many* times while traveling. I have had to call and waste my time as well as their customer service's time to get it turned back on. I always ask to have fraud prevention turned off - which they refuse.
Chase has recently built a feature to send a text message and automated-call to confirm these kinds of things before shutting off the card - others should follow suit if they do not all ready.
This is all we need to combat unintended card cutoff, not tracking.
...via cell phone. so that either at&t or the bank can sell advertisements on said phone, sell said tracking data to the highest bidders, or sell detailed purchase histories to the retail store you just happen to be trying to shop in.
this is supposed to cut down on fraudlent purchases, right? will banks or credit card companies lower fees as a result? nope. so fuck off.
I'd never give up liberty for security
Besides, the credit card company is liable for all fraudulent charges on my CC
This is just another NSA scheme to track you at all times.
Just let them know if you're going to do some international travelling. They'll flag those countries as being safe for a period of time.
It's nothing new. Your cellphone provider already tracks your phone and knows exactly where it is. How else do you think they route the calls to the correct cell site?
The new part is they're suggesting sharing this data with your bank. Doesn't mean they don't already share it with the NSA.
I can think of times when I have been using my card to buy stuff and when I have had no phone service (e.g. been down in the basement of a store or somewhere where my phone cant get a signal or been out in the middle of nowhere at a roadhouse/service station/whatever and buying food etc), how does the AT&T system handle that?
Or what about if your phone is turned off for some reason? (e.g. you are flying on an airplane that takes credit cards for payment for in-flight purchases or you are in a hospital and need to turn off the phone but you are using your card)
This is completely pointless. Pretty much every major bank has an app and most people with smartphones will likely have it installed. Banks can incorporate this feature themselves by having the apps relay the geolocation during a transaction.
Other carriers already provide access to third parties so that they can offer this service to banks. My understanding of the call flow is that they would query any time a charge occurs outside of your known area. This way, they may get a confirmation that the charge occurred in a different location than your phone, which is obviously very suspicious. It's unlikely to be a constant tracking kind of thing, more of a sanity check for a charge in a funny location.
To be devil's advocate, this could avoid situations where today a bank disables your card just because you went traveling.
Also highly relevant to a newer Slashdot story: http://news-beta.slashdot.org/story/14/06/05/229257/ftc-lobbies-to-be-top-cop-for-geolocation
192.168.0.1
admin/password
they're not allowed to do this now....**that's why they need a new plan w/ a new TOS**
see, you're throwing the baby out with the bathwater
we have laws, and corporations are (usually) held accountable when it is proven a law was broken
if this wasn't already a violation of TOS then **THEY WOULD ALREADY DO IT**
stop justifying their assumption that "privacy is dead"
privacy is as alive as we demand
Thank you Dave Raggett
A decade ago I was part of as team coding a fraud detection module for a payment system that looked up where the credit card had been used before and compared it with the current usage location and calculated a travel speed between the two. If the speed was reasonable and feasible all was well, but no consumer travels a warp speed between remote locations on our planet so that would raise a red flag. For online transactions it used the customer IP to geolocate the card user, not the location of the shop - of course.
Why reinvent a similar technology and add unnecessary complications like a cellphone, which may even be lent out during the vacation to avoid obscene roaming charges?
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
enough said
You are wrong. As long as it is one person on vote it is a democracy. Don't confuse voters not caring with party control. Voters could toss out any politician **if** they cared to. The sad fact is that voters do not care to. In part because voters choose to be loyal to their party, not because the party has any control. The party merely whispers the right things into their ears.
Anyone who travels abroad with more than two neurons talks to their bank before traveling abroad. I can log into my bank accounts and inform bank security of my travel itinerary, dates of travel, specific travel destinations and also make annotations about any spending I might use the bank card for. Then when charges are made abroad they are examined against my travel information that I provided. And overseas phone contact is toll-fee even if I have to call collect.
Of course I travel with a MajicJack device so I always have a virtual VOIP USA phone with me. I too never use roaming anywhere. I have an inexpensive international GSM cell phone and buy an inexpensive SIM fo pay-as-you-go use for the country I visit. Two step authentication using you cell phone can be inconvenient but generally going abroad, before you go, you can reconfigure to using a second email address instead of your cell phone for the authorization code receiver.
If you use credit cards instead of bank debit cards, do they same thing - call your credit card company before you travel and give them your travel itinerary information and talk to them about where you how or where you may or will use the card. Never, ever let your cards leave your sight and preferably never leave your fingers.