HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » General Discussion (Forum) » How NOT to Deal with Cred...

Tue Aug 5, 2014, 04:32 PM

How NOT to Deal with Credit Card Fraud: A Case Study

First, a disclaimer:

In general terms, I like my locally-owned and controlled bank. Because I have both personal AND business accounts to manage, with an array of services and needs that are beyond many smaller credit unions and "alternative" financial services providers, I've stuck with them. It's been a good trade-off for me. They support local charities, engage in volunteer projects, and work hard to be good community citizens. As banks go, they're less toxic than most. So I'll change their name, here, while I eviscerate their bad choices in fraud management strategy.

My partner and I live in a small city, barely a city at all- more of a somewhat urbanized small town. And I bank at a locally owned and operated bank, "Nortera Bank," because I want my money locally managed. Nortera has our personal joint checking account, our savings account, two small business checking accounts, and extends us a line of credit for cash management. It also supplies us with Visa debit/credit cards, free of charge, no fees, attached to the checking accounts.

We use the cards for just about everything, because it makes record keeping easier. We do have a classic credit card account, used mostly for business travel, but the Nortera cards are in pretty much daily use. Since we've had them (nearly ten years now,) we have twice had episodes where card numbers have been stolen and misused, not for vast sums (once for about $1700, once for about $300, IIRC,) but productive of much annoyance and hassle all around.

So when Nortera sent us a notice last month telling us that they were implementing a new fraud protection system, we said, "Great, fine, yay! Well done, Nortera."

Until yesterday, when I encountered it, thusly: I needed a new doodad. It was an essential doodad, used daily for personal and business use, and the loss of the old doodad had been most stressful. So I got online to order the new doodad from DRU (Doodads R Us) a reputable national online retailer, one I have an established account with, and use fairly regularly, although at erratic intervals. I ordered the doodad, and entered my Nortera card number.

DRU appeared to complete the transaction, but a few moments later an email popped into my inbox: The card had been declined.

My first assumption was that I hadn't been quite quick enough clicking on the anti-script-blocker plugin on my browser during the transaction, and I'd messed it up somehow. So I put in a call to DRU customer service, left my order number for a callback, and 15 minutes later I asked them to repeat the charge, explaining about the browser thing. No prob, DRU said they'd run it again, but couldn't tell me whether it went through or not over the phone because it took a few minutes. They'd email me verification.

The email arrived but it was not verification. Again, declined.

Fortunately, it's during business banking hours, so I called Nortera and got quickly connected to the credit card customer service department (which, as far as I can tell, is three women all named something like Moira.)

"This is Myra, can I help you?"

"Yes, I had a charge declined, and it shouldn't be."

(Various back and forth about account number, secret authorization codes, etc.)

"And the specific charge that was declined?"

"It was fifteen minutes ago... the $76.99 charge from DRU."

"Oh, yes, THAT one. Well, it's from California."

"No, it's from DRU. On the internet. I ordered something on the internet."

"Yes, but the charge originated in California. There's a LOT of credit card fraud originating from California. Like, more fraud than valid charges, even."

"Seriously? You guys blacklisted the WHOLE STATE of California?"

"Yes."

"So... anything I order online from someone based in California... or anything I order over the phone from someone there... or if I'm traveling there... it's going to be automatically declined?"

"Well, if you plan to travel there, you need to let us know in advance. Like, tell us how long you plan to be there and what days and cities you'll be visiting, and then we won't decline stuff from there. On those days."

"Wow. Umm... well. I buy things from DRU several times a year. Can I have them whitelisted, so I don't have to call you every time?"

"No, we can't do that."

(Thumping sound, me banging head on desk.)

"And this is going to save the bank money in fraudulent charges."

"Oh, yes, we lose a lot on fraudulent charges."

"But you don't mind paying people to answer customer service calls every single time someone wants to order something online, or over the phone, from the ENTIRE STATE OF CALIFORNIA, or any time someone with travel plans needs to give you their itinerary in advance, or any time someone is traveling and FORGOT to give you their itinerary in advance."

"Well, we're not a very large bank."

"And god help anyone who's traveling and forgot to submit you their itinerary and discovers it when they're standing at the rental car counter at 7:30 pm on a Saturday night, is that it?"

"We have an automated service you can set up to verify with your smart phone using security codes, but it's not online yet."

"And if you don't have a smart phone?"

"It would be good if you remember to let us know when you're traveling."

"Have you ever heard of this thing called a 'microchip?' Advanced nations with modern financial networks put them on credit cards and have practically no fraud."

"We can't afford that."

"But you can afford to lose customers who make lots of online, phone, and other out-of-area purchases and don't want to have to go through the process of phoning you to enable every transaction."

The sad thing is, I think Nortera probably CAN'T afford to upgrade to a microchip-enabled VISA network. They're a small local bank, and they don't want to implement extra fees to the customers. And right now, VISA and the other big credit-card networks are dragging their heels, kicking and screaming, at the cost of upgrading those networks to enable reliable fraud protection. It would, after all, cut into their already obscene profits. And the banks are between a rock and a hard place.

So, for now, I'm hanging tight. I think Nortera is going to figure out the downsides of this new fraud protection system pretty quickly, and we'll be back to something closer to normal within a couple of months. If not, I WILL be re-evaluating how we bank. But we'll cross that bridge down the road.

For now, I just wonder why the BIG banks, who must be absorbing MASSIVE fraud losses (while passing as much as they can along to the customers in fees and jacked-up interest, etc.) aren't putting the pressure on the big credit card networks to upgrade.

Anyone know?

Anyone....?

curiously,
Bright

19 replies, 1675 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 19 replies Author Time Post
Reply How NOT to Deal with Credit Card Fraud: A Case Study (Original post)
TygrBright Aug 2014 OP
PoliticAverse Aug 2014 #1
TygrBright Aug 2014 #3
MrNJ Aug 2014 #2
TygrBright Aug 2014 #4
SheilaT Aug 2014 #5
TygrBright Aug 2014 #6
tammywammy Aug 2014 #7
mwooldri Aug 2014 #11
brooklynite Aug 2014 #8
TygrBright Aug 2014 #9
brer cat Aug 2014 #10
msongs Aug 2014 #12
tritsofme Aug 2014 #16
laundry_queen Aug 2014 #17
mwooldri Aug 2014 #13
Initech Aug 2014 #15
GeorgeGist Aug 2014 #18
Initech Aug 2014 #19
Initech Aug 2014 #14

Response to TygrBright (Original post)

Tue Aug 5, 2014, 04:36 PM

1. "My Internet packets will be travelling to California today, they'll be there for 10 seconds"...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to PoliticAverse (Reply #1)

Tue Aug 5, 2014, 04:44 PM

3. I'm imagining little "customs" nodes springing up everywhere.

"Been to California? Anything to declare?"

"0010010100101011101001010101010101010101101010101010100001010101010100101010000101"

"Sorry, you're going to have to step into this little holding loop..."

amusedly,
Bright

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TygrBright (Original post)

Tue Aug 5, 2014, 04:41 PM

2. Just because you like you local bank doesn't mean you cannot get credit cards from other banks

I have my Credit Union with checking, savings and debit card.

I also have my no-fee American Express card with cash back which I use for everything.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to MrNJ (Reply #2)

Tue Aug 5, 2014, 04:45 PM

4. Oh, yes, we have other cards.

However, by using the Nortera cards, every transaction shows up on our online statements and downloads seamlessly with a single click into our bookkeeping system.

I'd hate to have to start setting up manual downloads from other card suppliers, so I've put it off.

lazily,
Bright

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TygrBright (Original post)

Tue Aug 5, 2014, 04:46 PM

5. I'm under the impression that none of the credit cards

 

issued in this country have the kind of chips the cards in Europe have. I haven't been overseas since 2001, but I gather that Americans often have problems using their credit cards in other countries.

One more example of how we are nowhere near the most advanced country on the planet.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to SheilaT (Reply #5)

Tue Aug 5, 2014, 04:49 PM

6. No, they don't.

In order to implement fraud-protected networks, the credit card companies would have to upgrade all of their Point-of-Sale equipment, as well as their own networks and data management systems.

It would be a significant cost, but it's really hard for me to believe it would be as much as fraud is costing their customers-- both banks and card holders-- throughout the system.

Problem is, none of the fraud costs reach the credit card companies.

irritatedly,
Bright

Reply to this post

Back to top Alert abuse Link here Permalink


Response to SheilaT (Reply #5)

Tue Aug 5, 2014, 04:56 PM

7. Chase Sapphire Preferred has the chip. n/t

Reply to this post

Back to top Alert abuse Link here Permalink


Response to SheilaT (Reply #5)

Tue Aug 5, 2014, 06:08 PM

11. EMV is being rolled out over here.

American Express (who I work for, and these are my words and not Amex's) are ramping up the roll out of EMV chip cards. If you have an American Express charge or credit card and if you want an EMV chip card, you can call and ask for one. Selected card members are receiving EMV chip cards ahead of renewal, and if you need a replacement card it's likely you'll get an EMV chip equipped card. Eventually all the cards will have EMV chips on them.

Other organizations are ahead of the game too. State Employee's Credit Union (here in NC) have EMV enabled cards for all of their members and have had for quite some time.

I call it the EMV chip because it comes in two main flavors - Chip & Pin and Chip & Signature. I'm not aware of any plans my employer has to have card products that are Chip & Pin enabled in the USA.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TygrBright (Original post)

Tue Aug 5, 2014, 04:56 PM

8. In your situation the microchip card would be useless...

...unless your computer comes with a chip reader, which they don't (even in Europe). Microchip cards are great AT THE POINT OF SALE (store terminal or vending machine); however, the reason we don't have them here by and large is because we have a more reliable phone network, so the stripe reader can validate the card and transaction fast enough to be useful. HOWEVER, if you're buying something online, there's no way to validate the card other than with the security code (which could also be stolen), so microchip cards don't add any additional security.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to brooklynite (Reply #8)

Tue Aug 5, 2014, 04:59 PM

9. Good point!

However, with the growing push for 2-factor authentication throughout all forms of secure transaction/communication, I would not be at ALL surprised to see future generations of mobile tech - phones, tablets, etc., and even desktop computers - equipped with reader capability.

We're almost there.

hopefully,
Bright

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TygrBright (Original post)

Tue Aug 5, 2014, 05:59 PM

10. We order items regularly from Canada

and often have this same problem...cards denied for no reason as far as our account is concerned. I have not had that problem within the US. We also use a small bank.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TygrBright (Original post)

Tue Aug 5, 2014, 06:11 PM

12. microchip cards are an invite to be cyber-robbed by thieves with scanners nt

Reply to this post

Back to top Alert abuse Link here Permalink


Response to msongs (Reply #12)

Tue Aug 5, 2014, 06:42 PM

16. Have you travelled to Europe recently?

Those types of cards are the standard, Americans stick out like sore thumbs with our barely compatible credit cards.

If they are having widespread issues with that type of fraud, I haven't seen much about it.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to tritsofme (Reply #16)

Tue Aug 5, 2014, 07:35 PM

17. We have those chip cards in Canada too

I've heard that scammers might be able to scan them, but from what I understand, it's not easy to do so (basically, if it's in your purse or wallet with other chipped cards, it won't scan). I've never been concerned about it.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TygrBright (Original post)

Tue Aug 5, 2014, 06:19 PM

13. I'm certain small hometown banks can have chip cards and better fraud tools through outsourcing.

There's lots of small credit unions that offer these kind of features and probably don't have anywhere near as much money as a hometown bank. Yet they can get you a checking account with a debit card, and they'll probably offer a credit card as well. You'll get access to your account online and have billpay... and there are these kind of companies that can handle it all for a credit union. I'm sure there's something similar for banks.

So if small hometown banks do outsource to a particular company and in large enough number the cost to roll out EMV can be shared around and banks like Nortera can offer the same features as the big banks do.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to mwooldri (Reply #13)

Tue Aug 5, 2014, 06:31 PM

15. I'm with a small credit union.

They don't have the resources and tools that the big banks do. I was recently the victim of fraud. I also had a credit card stolen not too long ago. I know big banks like Wells Fargo are public enemy number one around here but I can say there's a massive difference between the two when it comes to fraud. The credit card I had stolen, it was nearly instantaneous for Wells Fargo yo catch the fraudulent activity. The credit union? Didn't catch it until it was too late, and I had to go to the branch and file a claim and wait 10 days to get my money back. The big banks get a lot of shit, and deserve it, but there's things they do and do better than small banks and credit unions, and fraud claims are definitely one of them.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Initech (Reply #15)

Wed Aug 6, 2014, 07:53 AM

18. Your anecdote is hardly convincing.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to GeorgeGist (Reply #18)

Wed Aug 6, 2014, 10:59 AM

19. In what way?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TygrBright (Original post)

Tue Aug 5, 2014, 06:21 PM

14. I had my entire checking account wiped out by fraudsters a couple weeks ago. Been there, done that

Thankfully I was able to get my account restored but dealing with that sucks! I had quite a bit of money in that account but in two days it was completely gone - all spent rather ridiculously at gas stations, ATMS, and point of sale terminals.

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread