Slashdot Mirror


When Fraud Detection Shuts Down Credit Cards Inappropriately

reifman writes: On Sunday, Capital One declined a $280 travel reservation I charged at India-based ClearTrip.com and immediately shut off my card for all transactions until I contacted them by phone. It wasn't the first time that CapitalOne had shut off my card after a single suspect transaction. But, I'd actually purchased from ClearTrip.com using my CapitalOne card on two prior occasions. It was an example of very poor fraud detection and led me on a tour of their pathetic customer service. The banks want to cut their losses regardless of how it impacts their customers. Having had my own credit card suspended out of an abundance of caution on a different credit card issuer's part (for legitimate charges), but having recently had some widely known scam charges get accepted, the fraud protection algorithms that the credit companies use certainly seem inscrutable sometimes, and so do the surrounding practices about communicating with customers. How would you like it to work instead?

23 of 345 comments (clear)

  1. This is why you call your bank before tourism by GoodNewsJimDotCom · · Score: 5, Insightful

    If you're going to make out of the ordinary purchases for overseas, or travel overseas, you always want to call your bank ahead of time. This is a standard operating procedure, and nothing to complain about on Slashdot.

    1. Re:This is why you call your bank before tourism by Anonymous Coward · · Score: 5, Informative

      Well, but there is still a point here. For example, I have had a couple of occasions of fraud on my account - they both happened when the "accounts got out" (massive breach of the credit union's credit card file). The first racked up three charges for $900.00 in Japan The next was a flight in India (in rupees) that came to well over $1,000 plus the foreign currency conversion fee. However, I have had the same card processor block the card and deny the purchases when I made two orders Newegg.com in the same day. The "fraud detection" is completely broken.

    2. Re:This is why you call your bank before tourism by Anonymice · · Score: 3, Informative

      Except that it seems not all banks accept that. I tried to warn my bank when I was going travelling for a year & they said the only thing they could do was put a note on my account - that would only be seen when I phoned up to complain about my card being blocked! Completely fucking useless.
      In the end I had to just call my bank over Skype after every other transaction, to get them to unblock it again.

    3. Re:This is why you call your bank before tourism by driblio · · Score: 5, Insightful

      They process billions of transactions a day. Thousands of them are fraudulent. Occasionally they get some wrong. But they do an amazing job - which is why you very rarely find out about fraud for the first time when it shows up on your bill. Most of the time, you never know about it at all. It is far from 'completely broken'.

    4. Re:This is why you call your bank before tourism by Martin+Blank · · Score: 3, Insightful

      Both of my frequent flier-linked cards have expressly said that there is no need to call and notify them. It doesn't really change much aside from them adding a note to the account which may or may not be read by the fraud investigator--if there is one. Every time my cards have been blocked, it's completely automated, and the programs aren't likely to examine notes left in the account.

      --
      You can never go home again... but I guess you can shop there.
    5. Re:This is why you call your bank before tourism by whoever57 · · Score: 3, Informative

      If you're going to make out of the ordinary purchases for overseas, or travel overseas, you always want to call your bank ahead of time. This is a standard operating procedure, and nothing to complain about on Slashdot.

      Doesn't work.

      I travel to the same country about once per year. I call my credit card company in advance and usually, I can make one purchase in that country and after that, my card is blocked.

      Sometimes, I even get a fraud warning txt for a small purchase in a US airport where I have a stopover. The tickets were bought using the same credit card, so the card company knows that I will be travelling (as well as my call to warn the credit card company).

      --
      The real "Libtards" are the Libertarians!
    6. Re:This is why you call your bank before tourism by rossz · · Score: 3, Interesting

      Ditto for me on Chase. They've caught real fraud quickly and got me a replacement card within a week. They've also made it very easy to authorize transactions that trigger their system (large purchases somewhere you've never shopped at will do it). You get a text message on your cell phone that you reply to then ask the shop to try again.

      --
      -- Will program for bandwidth
    7. Re:This is why you call your bank before tourism by brianwski · · Score: 4, Interesting

      > The "fraud detection" is completely broken

      I absolutely agree. They have THE WORST programmers/statisticians working on this.

      How about adding a simple two-factor authentication? Instead of rejecting the payment outright and freezing the card, text message my phone IMMEDIATELY and I can read a 6 digit code to the cashier to allow the transaction. It isn't perfect, but that one simple step would make it about 90 percent better, more secure, and cut down on false positives. I swear this would increase customer satisfaction and increase the amount of money the credit cards make because they would then accept a higher number of legitimate transactions. What is wrong with that industry?

    8. Re:This is why you call your bank before tourism by demonlapin · · Score: 3, Informative

      Chase really has wonderful service. Card declined? Call customer service, it immediately rings to an American call center with people who have the authority to fix your problem. Five minutes later, the transaction goes through.

    9. Re:This is why you call your bank before tourism by brxndxn · · Score: 4, Informative

      This would probably fix 99.99% of all credit card fraud.. Will they do it? I doubt it. I swear there is somehow a business in allowing certain fraud. If there wasn't, the credit card companies wouldn't be so shitty in preventing it. Fucking Discover.. I travel a lot (usually within the states). I go to San Francisco and try to buy dinner for clients (after making a previous purchase successfully in San Fran).. DECLINED.. right in front of my clients. Make a phone call to Discover and they 'fix it' and I tell them I want my card to work. Then I go to pay the bar tab at LAX for a layover on my way back.. DECLINED.. right in front of everyone at the bar. It's so fucking annoying that I started carrying cash. Fuck these credit card companies.. I wish Bitcoin was accepted everywhere.

      --
      --- We need more Ron Paul!
    10. Re:This is why you call your bank before tourism by IamTheRealMike · · Score: 4, Informative

      Instead of rejecting the payment outright and freezing the card, text message my phone IMMEDIATELY and I can read a 6 digit code to the cashier to allow the transaction

      How about an even better solution - insert your card into a reader, type in your PIN and that's the two factors right there. You know...... the system that's already used everywhere in the world except for America? It works pretty well. I think the USA is starting to roll it out now, albeit a slightly crippled form of it (they managed to take the 2-factor system everyone else uses and make it 1-factor).

    11. Re: This is why you call your bank before tourism by NostalgiaForInfinity · · Score: 3, Informative

      I work in online/phone based sales and we have probably the best fraud prevention known in the US, but I'd like to see what YOU think that means.

      As I was saying: "public key cryptography, one time card numbers, smart cards, pins, and instant notification". It means, among other things, that you don't ever get any credit card numbers or billing addresses. All you get is a one time code for a specific amount of money, valid for a limited amount of time and valid only for you. If anybody steals your customer and order database, they can't do anything with it. It also means that you can instantly verify that the payment is valid without contacting the credit card company.

      On the customer side, it means that he needs to talk to his smart card credit card in order to generate that code, and that requires either a pin or even a second physical token. In addition, customers get notified of large charges as soon as they get generated (not when you process them), and optionally verify them via their phone.

  2. HSBC are worse by DCFC · · Score: 4, Informative

    I have had serious problems with the aggressively incompetent HSBC 'fraud' detection.

    The 'best' was when they claimed the reason they had (again) blocked my card was that a whole batch of cards had been compromised and it wasn't just my card.

    Sadly for the liar at HSBC was I'm a tech journalist, so I immediately contacted their PR department who denied any knowledge of the breach.

    It was just made up to make me go away.

    --
    Dominic Connor,Quant Headhunter
    1. Re:HSBC are worse by west · · Score: 4, Informative

      It's likely that your card was used at a location for which an abnormal number of cards were found to have been skimmed. This is usually the reason that a whole batch of cards get cancelled. ("Kill every card used at Joe's Gas Station between Monday and Thursday.")

      Ten years ago, the US banks didn't want the expense of switching to EMV. The cost would be that Americans would have to expect to have several cards declined at any one time because of fraud-fighting measures. The banks knew this was the future.

      As it was, as all the world's bank card fraud organizations migrated to the US, the US was compelled to switch anyway. (You never want to be the last vulnerable man standing.) They'd have been far better going a decade ago.

  3. Text message on use by sunderland56 · · Score: 5, Informative

    My CC sends me a text message whenever it is used. It's quick (usually arrives before I've signed the slip), it's free, and it doesn't need some stupid app installed with insane permissions. So, *I* can decide which transactions are bogus, instead of some computer algorithm; and when a truly bogus one does appear, I can notify the bank immediately. The bank can then concern themselves with actual proven bogus purchases, instead of thousands of "suspect" ones.

  4. Chase cards text and email by peon_a-z,A-Z,0-9$_+! · · Score: 4, Interesting

    My experience has been actually very good with Chase cards...

    They decline the transaction then text you asking to reply "1" for Yes or "2" for No if it was you. Then you just reply "1" and repeat the transaction and it goes through.

    Simultaneously they send an email with a green "yes" and a red "no" button that functions similarly.

  5. Tell me about it by ClickOnThis · · Score: 4, Funny

    My pet frog used my card without me knowing. Do you have any idea what it costs to ship special-order flies, worms and a massively tricked-out terrarium from Bangkok?

    Frog protection my ass.

    --
    If it weren't for deadlines, nothing would be late.
  6. No Bed of Roses by Anonymous Coward · · Score: 5, Interesting

    The person who used my cellphone number before I got it had such a deal, apparently, with her bank. Unfortunately, she never notified the bank that she no longer used that number, so I got frequent calls from Chase Bank asking her to respond to credit card activity. At first, I called Chase's response number to alert them to the problem, but after several fails, I simply took to refusing all credit requests made in her name.

    I'm sure that her experience was even more annoying than mine was -- and mine went on for months, during which time I found out quite a lot about her personal buying habits.

  7. Use cash. by Anonymous Coward · · Score: 4, Insightful

    Use cash.

    Seriously. I remember when we could get on a flight, sit down, then have a purser come by and pay in cash for the flight.

    OTOH, I let 2 of my credit card companies know where I'll be traveling - they have an online tool for that. Amex seems to figure it out, though I've had 3 different CC refused because they weren't chip-n-pin in Turkey (away from tourist areas). It was embarrassing to take 12 people to a business dinner at a nice restaurant and not be able to pay. Amex, Visa, MC all were refused. I made a stink about this to the MC company and 8 months later, I was part of their early test group. Also got screwed in Amsterdam having to wait in line to get a train ticket from the airport because non-chip-n-pin CCs weren't allowed at the train kiosks. 10 line. Should have just gotten on for free - nobody seems to check for tickets into town.

    Also remember traveling around Japan before they started accepting CCards anywhere. Cash was it. It was a hassle to carry the equiv of US$1000 to be able to pay for hotels, but necessary.

    Was in Seoul a few years ago - the subway token machines only accepted cash, but a cash machine was available about 50ft away. Got the feeling they didn't want to be accused of tracking riders by name. I dunno.

    I still use cash whenever it makes sense for trivial purchases under US$50 - except in transfer airports when I don't have any local currency. That $3 cup of coffee while waiting for a connecting flight just isn't worth it. Also feel bad tipping in USD, but sometimes that is the difference for the bellboy - $0 or US$5.

  8. Why no Chip Card Reader at home? by west · · Score: 3, Interesting

    As EMV chip card readers get cheaper, I keep waiting for banks to offer an on-line verification service where they supply a chip card reader to the card owner, which can then be used to verify on-line transactions. After all, the system is already designed to survive the POS terminal being compromised, so the same should apply to what is effectively a home POS terminal.

  9. even worse fraud detection: by doug141 · · Score: 3, Informative

    I rented a huge U-haul on a citibank card. Day of the move, I was buying gas at gas stations every few hundred miles in a line across the US's major interstates. Citibank cut me off after 4 gas stations. Good thing I had a backup.

  10. my credit union calls me in seconds. Cashiers shou by raymorris · · Score: 4, Interesting

    I've been happy with my credit union's fraud prevention and detection (which is outsourced to some company). Sometimes I'm 100 miles from home when I spend about $800 on electronics at Fry's or Microcenter. (The datacenter is 100 miles from my house, for now.) The transaction sometimes returns a "call to verify" code. The merchant COULD call, they are supposed to, but most cashiers just say "it didn't go through". This is a training issue on the merchants' side, in my opinion.

    At the same time that the cashier is saying "it didn't go through", my phone rings. It's the fraud department calling to verify the purchase. The cashier re-runs the card and it works fine. It seems to mainly happen when buying from an electronics retailer, as I also remember the same thing at Best Buy. I'm fine with that. I know that if a crook gets my card, the bank is watching out.

    Occasionally, they'll call about an internet purchase or some other purchase after it happens (fraud detection). It's quick and easy to verify the transaction.

    I used to do another type of fraud prevention and detection, not directly related to credit cards, and I know our false positive rate was under 0.1%, probably under 0.01% - we stopped at least a thousand fraudulent instances for every one we declined in error.

  11. Credit Cards by ledow · · Score: 4, Interesting

    In the EU (but not the UK), banks will send you a text for EVERY credit card transaction. If there's a problem, you can contact the bank. It's also free.

    Are you really telling me, in this day and age, that we can't have suspect transactions result in a text to your phone that you can then authorise - even before the web page refreshes?

    Banking is so in the 1950s of computing that it's laughable. It's done deliberately in some circumstances to profit from charges, fees and the timings of clearing payments. But you can't claim fraud if you haven't taken SIMPLE measures against it.

    Like asking the user to confirm suspect transactions using a secondary method (that can be phone for old people without mobile phones, text for those with phones, maybe even the bank's secure app if you so choose). Declining a card transaction because it comes from an unusual place is no longer a metric to decide on the suspicion assigned to a transaction. I've purchased from all over the world, especially in the run-up to Christmas when Amazon, eBay et al only stock the normal boring stuff and I want something a bit different.

    In one instance, my Italian relative came over, went to a DIY store with us, paid for the transaction and KNEW BEFORE WE'D HIT THE DOORS that he'd been double-charged on his bank account. A text came through, then another, in a foreign country, before he'd even left the shop. And we were then able to cancel the second transaction.

    Why the fuck isn't just this standard practice?