Slashdot Mirror
AT&T To Use Phone Geolocation To Prevent Credit Card Fraud
jfruh (300774) writes "Imagine you've spent years making credit card purchases in your home state of California, and suddenly a bunch of charges appear the card in Russia. Your bank might move to shut the card down for suspected fraud, which would be great if your account number had been stolen by hackers — but really irritating if you were on vacation in Moscow. AT&T is proposing a service that would allow customers to let their bank track their movements via their cell phone, to confirm that you (or at least your phone) and your credit card are in the same place."
Or call your credit card company before you leave and say you will be traveling in country X on these days.
Everybody has a website these days. Just let us pick the regions where we will allow transactions to take place. If we are going on vacation, we can light up Russia or Antartica. Then we can turn it off again as soon as we get back. Seems like it would take very little effort on their part to setup.
You're screwed if you break your phone and then go to the store to buy a replacement.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Way too easy for them to put everything together.
I absolutely pull out my AT&T sim card before traveling. I've seen too many stories of people getting gouged by US cellphone companies.
This sounds like a disaster for someone trapped overseas. It sounds more like a way for AT&T to force customers into the trap of using their cell phone overseas.
Where all think alike, no one thinks very much.
A lot of people don't travel with their phones to foreign countries because it's too damn expensive.
AT&T lets you turn international roaming on and off on a monthly basis. Last time I traveled I turned it on for one month.
It may not be as cost effective as getting a local phone or sim but its pretty damn convenient, especially if not using many minutes or MB when traveling. At least for a business trip I made to Europe a few years ago.
This is for the banks and only the banks. Since most offer some sort of fraud protection, this protects them from loss. I get it but I am unwilling to let my phone company connect with my credit card bank for any reason. It's a tenuous relationship as it is with me and vendor advertising partnerships. I can't imagine what fine print would be part of that privacy agreement.
In Soviet Russia, credit card charge YOU!
Get free satoshi (Bitcoin) and Dogecoins
A lot of people don't travel with their phones to foreign countries because it's too damn expensive.
I travel to Italy several times a year, I purchased an iPod Touch and loaded Skype on it for making phone calls overseas...
If you want news from today, you have to come back tomorrow.
Maybe your credit was.....frozen....at the time.
Sorry bout that, couldn't resist.
BOA did this to me a few years ago.. I'd make some purchases before traveling abroad only to have my card shut off when I was in Ukraine.. You have to warn them of your travel plans, as there is a very real chance you will be cut off from your funds. This happened to my wife, and it happened to me. It pays to call customer service. BOA has been pretty draconian to us in the past.. It once even shut off my card because I bought too much food at my local supermarket.. Card service providers mentioned that it was above my normal trend for supermarket purchases ( I have excellent credit, and am not sure why they were so skittish; I have no history of fraudulent transactions) ... We had a screaming infant with us at the time, and had to call customer service with a large basket of food we couldn't walk out with, who would have otherwise been fine if we didn't have to wait so long on the phone..
These days I'm careful to carry around more than one credit card in case I run into a similar issue..
Shopping on the Internet is quick and convenient, and international. Using a credit card, charges appear as if you had made a purchase from wherever their merchant account lists as their address. In general, your location (as provided by your IP address) is not taken into account. This has already caused me problems with an overzealous bank that doesn't believe I would be shopping in Germany or Japan. Now if they can see that I'm obviously still in the US (via my cellphone), well then.
He effected a bored affect.
Well, even if you left your phone at home, there's ways to tell that you moved from A to B successfully. This is why transit records, even if they show up too late to alert a cashier, can be called up and say "You didn't do that, we'll figure out who did!"
That's a feature, not a bug :P
Twelve-and-three-quarter inches. Unyielding. This wand belonged to Bellatrix Lestrange.
This seems really dumb to me. Having your bank track your whereabouts seems like a bad trade-off. How about we just fix the credit card system instead?
Like how about we use a private key encryption scheme instead of a credit card number in order to pay? If you want to have cell phones involved, they would make an easy method of storing and accessing the key, providing a digital signature when needed. Doing that would actually provide a huge improvement in security, and do so without having my bank constantly tracking my whereabouts.
Exactly. Yet another reason to never do business with AT&T.
Peter predicted that you would "deliberately forget" creation 2000 years ago...
Or because they simply don't work over there.
Not every country has a peering agreement with every other one. Not to mention that frequencies may differ between countries. I, myself, never take my cellphone with me traveling outside of Europe, mostly for those reasons. Instead I simply buy a cheap one when I arrive there.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Do you really want to be behind the guy in line at the cash register waiting for that kind of confirmation?
If they're going to track your cel phone, that means they're assuming you have your cel phone on you. So why not send the authorization code to your cel phone and let you give it to the merchant? That way it doesn't matter if the card's stolen, the merchant can't get an auth code if you aren't present with your phone. Or better yet, have an app that'll let you punch in the merchant's ID and transaction number and initiate the payment from your end, rather than having the merchant handle your card? That makes stealing the card pointless, because just having the card isn't enough to let you make a charge.
All the carriers will be doing this soon. Your cell phone will eventually replace your credit cards (the industry is just waiting on Apple to put a NFC in the iPhone, and Apple is just trying to figure out how to charge the CC industry for the privilege :P ).
This is basically the beginning of the end of Credit Card fraud. For all we love to romanticize hacker thiefs the reality is that in 10 years big data + cheap powerful handheld computers + geolocation will make it damn near impossible to commit. The only thing holding it back was that it was cheaper to let the fraud happen. With computing power getting cheaper and more common place that's not true anymore.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
nothing in TFA (or the ATT page it links to) say this is **international only**
I did note this in TFA however...
this is tracking your phone, all the time, and letting your credit card company access the data
I see this as using fraud to justify spying on you
Thank you Dave Raggett
A lot of people don't travel with their phones to foreign countries because it's too damn expensive.
If the default is to allow charges when your cell-phone location is not known, then it should not be a problem. In other words, it only blocks a card charge if the charge is in one location and the active phone in another. The risk still remains they could smash your phone and charge something real quick, but that's not the kind of theft/fraud this is meant to stop.
I wouldn't mind this if it were opt-in.
I have never understood this problem. Let me opt in and out of purchases outside my country... or even my state. The code would be trivial. Let me log into my CC admin page and check off where I can use the card. It's that simple.
and $15-$20 a meg data roaming will kill that idea
Are incoming messages expensive too?
In EU, incoming SMS are free wherever you are (home network or roaming).
Us european tend to keep an older phone around. Swap your *home* SIM card into the old phone and put whatever you use when abroad (SIM with plan in target country, prepaid SIM for target country, or just some random sim that is cheap while roaming like XX-Sim).
We're still reachable on the usual number (can get message for free, can also acept calls but that has roaming charges), and have the travelling option on the main phone.
The Banks I've seen simply contact you instead of relying on complex tracking (you receive an SMS: "your credit card has been used in an usual place. Please contact us"). Just call the bank back and either authorise the payment or announce a stolen card/number.
Other banks alternatively use a side-channel confirmation (3DSecure, for example) while shopping online.
It has the advantage of being less invasive and not require an active collaboration of Phone provider. (you only confirm when a flag is raised, you don't need the bank and the phone provider continuously monitoring you).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
A lot of people are starting to put their money in bitcoin so they can actually have some control over it for once.
As a way to do fast person-to-person transaction, bitcoin protocole (and other crypto-coins) is a good idea (it's like cash transaction, but over the internet, although a bit slower. Or for EUropeans: it's like SEPA, direct payment without an intermediate, except that it's a bit faster).
But please, unless you're a gambler DO NOT store money as BTC (nor any other crypto-currency): its value fluctuate too much (1 BTC is 500$, perhaps 10$ tomorrow or 1000$ the day after tomorrow) , also if you rely on an on-line service ("web wallet") rather than your own bitcoin-protocol client ("wallet" software) there are risks out of your control (think about MtGox and similar scandals).
Otherwise cryptocoin protocols are really interesting, by making an intermediate un-necessary. (There's no "bitcoin company" handling the actual transaction, unlike Visa/Mastercard), and complete freedom of choice for each end-point of the transaction (both the merchant and the client can use any wallet software, exchange platform, payment processor, etc. as long as both end-point follow the bitcoin protocol. Just like any of them could be using any european bank for an online payment as long as both banks support SEPA)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Tried that. They still blocked the card after my first transaction abroad.
Then tell them to go fuck themselves and switch to another bank.
Mine (europe) not only support that, but its directly accessible from the e-banking web interface, so you can do it at any time conveniently and quickly.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
A text whenever your credit card was used saying "Card with number ending in xxxx was used in location yyyy, if this was a fraudulent charge reply to this text" would work just as well without the privacy issue of tracking locations.
As currently done by several other banks.
(I'm in europe)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
This service is already done by the credit card company's. So you clear it with your credit card company, and then call your phone company? Really? This smells of a way to sell Geo location data, but you don't get any money for their transaction about you.
It's interesting how (what we perceive as) capitalism is the opposite of (what we perceived as) communism in every aspect, yet the results are the same: A small leading group has everything, the rest of the population has nothing. The main difference is that in communism there was nothing you could buy, in capitalism you could buy anything but you lack the money. The net result is the same: You don't have anything.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I'm not sure how that would help, then, given that most people in the US are using US carriers that would totally not work outside of North America... and most of the rest are still using a US carrier, that would absolutely ream them a new one in roaming charges (i.e. AT&T - which I suppose is why it's AT&T who wants to implement this, so they can trick people into letting them get reamed with roaming charges?)
My old smart phone holster wore out recently, so I bought a new one. This one has a convenient extra pocket for credit cards and other forms of ID. It seems to me that putting your ID, credit cards, and your phone all in one conveniently stealable container might not be the brightest thing to do. All it needs is a key ring...
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
It's interesting how (what we perceive as) capitalism is the opposite of (what we perceived as) communism in every aspect, yet the results are the same: A small leading group has everything, the rest of the population has nothing. The main difference is that in communism there was nothing you could buy, in capitalism you could buy anything but you lack the money. The net result is the same: You don't have anything.
I've been fighting this MYTH for many years.
Free-market Capitalism, as defined by Adam Smith (although he did not use the exact phrase, it's pretty much agreed that he defined it), included a strong body of anti-trust laws to prevent monopolies and oligopolies from forming. But government, particularly in recent years, has been failing to enforce any kind of effective regulation which is necessary for the system to work.
The revolving-door government has been corrupting and abusing the system. But that isn't the fault of the system, capitalism. That's the fault of corrupt "leaders". They are not even close to the same things. Any system can be abused. That doesn't mean the system is bad. It only means that it is being abused.
Why not just have number like debit cards?? How hard would that be? Much cheaper then spying on our every move and makes a stolen CC useless.
Jack of all trades,master of none
Just how broad is the radius of this location? If a person living in New York City buys something online from a store in Seattle while he and his phone are in NY, where does the credit card transaction occur? If the answer is Seattle, the definition of what is a reasonable proximity between transaction and phone has to be quite loose, otherwise a lot of legit transactions will be botched. I don't actually know anything about CC processing however, so I would be interested in hearing from people who do.
What changed under Obama? Nothing Good
Yep, have the same option in my ebanking interface too
(make an additional security to the "unusual pattern detected" approach).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
For the low-low price of only $750/minute, you can be sure that no foreigner will run off and buy coffee with your credit card!
1. This is why I call my bank(s) before I go to .
2. I always buy another phone in the other country and get prepaid minutes so I never worry about some insane data roaming overcharge surprise.
Is this really that hard for people to do?
- Zav - Imagine a Beowulf cluster of insensitive clods...
Except the US is a democracy (or democratic republic, whatever) so the blame lies squarely on the voters.
It's often the opposite to what's in the summary.
I've travelled in many countries, and the alarms so far were raised overwhelmingly when card transactions were made in USA.
Bank usually calls when the card has been used in USA, as card security in that country is a big fail - no PIN, just signature that nobody can check. Clerks request and pretend to check your ID for name match, but since they know nothing about non-USA IDs, any fraudulent user can show them any bit of plastic with name matching that on card. At gas pumps you are required to enter "ZIP Code" as security measure (lol), and of course none is valid for a non-USA card. Big joke overall, no wonder that card issuer wants to verify those transactions
Another example were rental car companies. When you rented car in European country, they still charged your card through their USA HQ, resulting in transaction blockage or a call from the bank to clarify fraud (card suddenly used in a country far away, known for fraud).
Or they could just phone you.
If your system is vulnerable to attack by corrupt "leaders", that's the system's fault. It's the problem with Marxism and it's also the problem with capitalism: when people get power, via state-backed control of capital or via a "dictatorship of the proletariat", these use that power in their own interests.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
The fraud prevention systems built into bank credit cards are largely to protect them, not you. More often than not a bank will refund funds that occurred from fraudulent activity (a good thing) but are overly aggressive in trying to mitigate the issue (i.e. traveling == suspected use). I've had my card shutdown *many* times while traveling. I have had to call and waste my time as well as their customer service's time to get it turned back on. I always ask to have fraud prevention turned off - which they refuse.
Chase has recently built a feature to send a text message and automated-call to confirm these kinds of things before shutting off the card - others should follow suit if they do not all ready.
This is all we need to combat unintended card cutoff, not tracking.
what about a system that locks your Att sim when you are overseas? and maybe auto buy a local sim with your credit card if you try to use your phone? or just cut your hand? anything that is not allowing att sim used overseas is a win.
Usually the credit card companies compares your address to the shipping address of the order, not the seller's address. This is why you'll often have problems buying something online as a gift and trying to have it shipped to them directly.
Just let them know if you're going to do some international travelling. They'll flag those countries as being safe for a period of time.
It's nothing new. Your cellphone provider already tracks your phone and knows exactly where it is. How else do you think they route the calls to the correct cell site?
The new part is they're suggesting sharing this data with your bank. Doesn't mean they don't already share it with the NSA.
My credit card makes me money. I've never paid interest, the cashback rewards make much more than the annual fee and I effectively get an interest rebate on my mortgage for my months spending.
Of course it costs the merchants more to process the transaction and that's where the bank makes their money. Sometimes I pay a 2% credit card fee, but that's mostly offset by both the 1% cash back and the effective 0.5% interest rebate.
The argument that "retailers would lower their prices if merchant fees were lower" is flawed. They'd either pocket the money or wouldn't sell as much and need to increase margins because fewer people would buy from them without the convenience of a credit card.
You're not handing more info over to them. They already know exactly where your phone is at all times.
I can think of times when I have been using my card to buy stuff and when I have had no phone service (e.g. been down in the basement of a store or somewhere where my phone cant get a signal or been out in the middle of nowhere at a roadhouse/service station/whatever and buying food etc), how does the AT&T system handle that?
Or what about if your phone is turned off for some reason? (e.g. you are flying on an airplane that takes credit cards for payment for in-flight purchases or you are in a hospital and need to turn off the phone but you are using your card)
I would agree with you if the US were any more a democracy (republic, whatever) than it is a capitalist country.
It's not. It's a one party dictatorship that thinly veils it by pretending that the party consists of two different ones. They MIGHT have been different parties some time ago, but right now, the big show every 4 years is actually little more than just that: A big show. Not unlike American Idol, just with less money for the telcos.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
If your system is vulnerable to attack by corrupt "leaders", that's the system's fault. It's the problem with Marxism and it's also the problem with capitalism: when people get power, via state-backed control of capital or via a "dictatorship of the proletariat", these use that power in their own interests.
Nonsense.
As I mentioned earlier: just about ANY system can be corrupted. And some more than others. Socialism, for example, has proven to be the world's ripest breeding ground for corruption, because it is designed to be led by a relatively few people in the first place.
The U.S. has the longest-standing Constitutional government in the last milennium or two. That says an awful lot for this system, as opposed to others that have been tried in the same period. (That is to say: all of them. Except Communism, because there has never been a real Communist government in written history.)
Yes, sellers usually do check the addresses (though this may not be required depending on their CC handler). The reason they do that is because they don't want the bank to go after them later if the purchase was fraudulent. Any merchant that gets a high quantity of fraudulent traffic is most likely going to have to the CC handling privileges revoked, so the chances of getting away with it for long are slim. The notable exception is places like E-Bay that have a fair bit of financial baking to them and enough presence to keep the banks at bay. I know very well (having caught a credit card thief in-the-act) that stolen credit cards are fairly easy to use on E-Bay to order expensive items to shady destinations for extended periods of time.
Presumably this is some weird American definition, not used by anyone who actually is a socialist.
And I know that there are plenty of corrupt oligarchies that name themselves "socialist". Same as the many countries, like North Korea, that label themselves as "Democratic" don't make the idea invalid.
Parliamentary democracy has lasted well over a millennium (e.g. Iceland continuously since the 10th C) and is doing fine, thanks.
Well, there have, but within a decade of attaining power they all become juntas or oligarchies or even monarchies (North Korea again). Sadly communism is too idealistic about human nature and doesn't have the checks and balances to stop power crazy psychopaths from taking control. Your constitution was written to prevent excessive concentration of power, and is fairly effective at that, frustrating as it is for zealots on either side. But it's not the only workable way to do it.
Presumably this is some weird American definition, not used by anyone who actually is a socialist.
I was using Marx's definition of Socialism.
Parliamentary democracy has lasted well over a millennium (e.g. Iceland continuously since the 10th C) and is doing fine, thanks.
Not under one Constitution, which is what I referred to.
Well, there have, but within a decade of attaining power they all become juntas or oligarchies or even monarchies (North Korea again). Sadly communism is too idealistic about human nature and doesn't have the checks and balances to stop power crazy psychopaths from taking control. Your constitution was written to prevent excessive concentration of power, and is fairly effective at that, frustrating as it is for zealots on either side. But it's not the only workable way to do it.
No, there haven't. Again, using Marx's definition. The closest anybody ever came was a bad form of Socialism.
Communism -- true Communism, by the very definition of what Communism is -- has no government. Name me one country in written history that qualifies.
Marx isn't Mohammed. He doesn't define "socialism" for everyone now, if he ever did, and certainly few if any socialists I know would defer to his definition. Any Marxists still around hate socialists more than anyone else for not being pure enough.
If you're talking about the theory of government, then you either accept the "official" definition, or you're talking about something else.
Historically, Marx defined Socialism in much the same way Smith defined Capitalism. Each described his theory in great detail and had a huge influence on the world in subsequent decades.
I understand that different definitions do exist. But if you're talking about them, then you're talking about something other than what I was talking about. So then what's the point?
That was the final stage, which of course was never attained. Many though did have quite idyllic "all for one and one for all" periods of altruistic government for a short time after the revolution, until the assholes started manoeuvring for power.
Which is what Marx defined as "Socialism": a necessary step on the way to Communism, in which the means of production are owned and controlled by a strong central authority.
And I agree: the problem with it is simply that once you get to that stage, the assholes never want to give up power. Which is precisely (in my opinion and the opinion of some theorists) why Communism never actually came to pass.
Anyway, I wouldn't care about your silly word games except you are using them to say every form of government except your own is shit. A sadly common insular American attitude.
You can call them "shit" if you want, but then you would have to acknowledge that the theory and history of economics is shit, because that's what I'm referring to. I studied this "shit", dude, in pretty exhausting detail.
they're not allowed to do this now....**that's why they need a new plan w/ a new TOS**
see, you're throwing the baby out with the bathwater
we have laws, and corporations are (usually) held accountable when it is proven a law was broken
if this wasn't already a violation of TOS then **THEY WOULD ALREADY DO IT**
stop justifying their assumption that "privacy is dead"
privacy is as alive as we demand
Thank you Dave Raggett
A decade ago I was part of as team coding a fraud detection module for a payment system that looked up where the credit card had been used before and compared it with the current usage location and calculated a travel speed between the two. If the speed was reasonable and feasible all was well, but no consumer travels a warp speed between remote locations on our planet so that would raise a red flag. For online transactions it used the customer IP to geolocate the card user, not the location of the shop - of course.
Why reinvent a similar technology and add unnecessary complications like a cellphone, which may even be lent out during the vacation to avoid obscene roaming charges?
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
You can call them "shit" if you want, but then you would have to acknowledge that the theory and history of economics is shit, because that's what I'm referring to. I studied this "shit", dude, in pretty exhausting detail.
You are the one who declares everything different from the US system is shit. That everyone must accept your definitions of socialism, communism, capitalism, constitution.
Political philosophy evolves. It isn't frozen with whatever the first famous person to write a book about it said.
Studying exhaustively doesn't mean you are impartial. I see far many people here with a wealth of detailed knowledge they use to support their prejudices.
I know socialists and they don't believe what you insist they do. I know communists and they are mostly good, altruistic people. But I know what would happen should they get real power.
I know socialists and they don't believe what you insist they do. I know communists and they are mostly good, altruistic people. But I know what would happen should they get real power.
I don't give a damn what they believe. I wasn't talking about their beliefs. I was talking about the theory of government. I repeat: if you're talking about something else, then fine, but you aren't talking about what I was talking about. So what's the point of arguing?
And no, you don't know communists, because I repeat: there has never been a Communist government in the history of the world. You can use your own definition if you like, but again: if you are, then we aren't talking about the same things. So what's the point of arguing?
You are the one who declares everything different from the US system is shit.
Look, asshole. You can argue with me all you want, but you don't get to put words in my mouth. That isn't what I wrote, that isn't what I meant, and that's not acceptable behavior.
So get stuffed. We're done here.
You are wrong. As long as it is one person on vote it is a democracy. Don't confuse voters not caring with party control. Voters could toss out any politician **if** they cared to. The sad fact is that voters do not care to. In part because voters choose to be loyal to their party, not because the party has any control. The party merely whispers the right things into their ears.