Slashdot Mirror
When Fraud Detection Shuts Down Credit Cards Inappropriately
reifman writes: On Sunday, Capital One declined a $280 travel reservation I charged at India-based ClearTrip.com and immediately shut off my card for all transactions until I contacted them by phone. It wasn't the first time that CapitalOne had shut off my card after a single suspect transaction. But, I'd actually purchased from ClearTrip.com using my CapitalOne card on two prior occasions. It was an example of very poor fraud detection and led me on a tour of their pathetic customer service. The banks want to cut their losses regardless of how it impacts their customers.
Having had my own credit card suspended out of an abundance of caution on a different credit card issuer's part (for legitimate charges), but having recently had some widely known scam charges get accepted, the fraud protection algorithms that the credit companies use certainly seem inscrutable sometimes, and so do the surrounding practices about communicating with customers. How would you like it to work instead?
I have had serious problems with the aggressively incompetent HSBC 'fraud' detection.
The 'best' was when they claimed the reason they had (again) blocked my card was that a whole batch of cards had been compromised and it wasn't just my card.
Sadly for the liar at HSBC was I'm a tech journalist, so I immediately contacted their PR department who denied any knowledge of the breach.
It was just made up to make me go away.
Dominic Connor,Quant Headhunter
My CC sends me a text message whenever it is used. It's quick (usually arrives before I've signed the slip), it's free, and it doesn't need some stupid app installed with insane permissions. So, *I* can decide which transactions are bogus, instead of some computer algorithm; and when a truly bogus one does appear, I can notify the bank immediately. The bank can then concern themselves with actual proven bogus purchases, instead of thousands of "suspect" ones.
Well, but there is still a point here. For example, I have had a couple of occasions of fraud on my account - they both happened when the "accounts got out" (massive breach of the credit union's credit card file). The first racked up three charges for $900.00 in Japan The next was a flight in India (in rupees) that came to well over $1,000 plus the foreign currency conversion fee. However, I have had the same card processor block the card and deny the purchases when I made two orders Newegg.com in the same day. The "fraud detection" is completely broken.
Except that it seems not all banks accept that. I tried to warn my bank when I was going travelling for a year & they said the only thing they could do was put a note on my account - that would only be seen when I phoned up to complain about my card being blocked! Completely fucking useless.
In the end I had to just call my bank over Skype after every other transaction, to get them to unblock it again.
I rented a huge U-haul on a citibank card. Day of the move, I was buying gas at gas stations every few hundred miles in a line across the US's major interstates. Citibank cut me off after 4 gas stations. Good thing I had a backup.
Doesn't work.
I travel to the same country about once per year. I call my credit card company in advance and usually, I can make one purchase in that country and after that, my card is blocked.
Sometimes, I even get a fraud warning txt for a small purchase in a US airport where I have a stopover. The tickets were bought using the same credit card, so the card company knows that I will be travelling (as well as my call to warn the credit card company).
The real "Libtards" are the Libertarians!
Chase really has wonderful service. Card declined? Call customer service, it immediately rings to an American call center with people who have the authority to fix your problem. Five minutes later, the transaction goes through.
This would probably fix 99.99% of all credit card fraud.. Will they do it? I doubt it. I swear there is somehow a business in allowing certain fraud. If there wasn't, the credit card companies wouldn't be so shitty in preventing it. Fucking Discover.. I travel a lot (usually within the states). I go to San Francisco and try to buy dinner for clients (after making a previous purchase successfully in San Fran).. DECLINED.. right in front of my clients. Make a phone call to Discover and they 'fix it' and I tell them I want my card to work. Then I go to pay the bar tab at LAX for a layover on my way back.. DECLINED.. right in front of everyone at the bar. It's so fucking annoying that I started carrying cash. Fuck these credit card companies.. I wish Bitcoin was accepted everywhere.
--- We need more Ron Paul!
How about an even better solution - insert your card into a reader, type in your PIN and that's the two factors right there. You know...... the system that's already used everywhere in the world except for America? It works pretty well. I think the USA is starting to roll it out now, albeit a slightly crippled form of it (they managed to take the 2-factor system everyone else uses and make it 1-factor).
As I was saying: "public key cryptography, one time card numbers, smart cards, pins, and instant notification". It means, among other things, that you don't ever get any credit card numbers or billing addresses. All you get is a one time code for a specific amount of money, valid for a limited amount of time and valid only for you. If anybody steals your customer and order database, they can't do anything with it. It also means that you can instantly verify that the payment is valid without contacting the credit card company.
On the customer side, it means that he needs to talk to his smart card credit card in order to generate that code, and that requires either a pin or even a second physical token. In addition, customers get notified of large charges as soon as they get generated (not when you process them), and optionally verify them via their phone.