Here's a quick note on my recent experience with credit card fraud, in case anyone wants to compare companies or experiences.We (wife and I) have a Capital One CC that we use for all regular purchases due to the cash back. I received a call last week from a Capital One agent saying they suspected fraudulent activity on my card. After she listed a couple of small charges that didn't sound valid to me, I agreed that it sounded like the card had been compromised. They immediate issued a new card number and made the old number invalid. They assured us that we would not be responsible for any fraudulent charges.Later in the same day, I checked my account online and found 18 fraudulent charges totaling over $4000! I called the fraud department to report all of the additional charges. I got through to a representative quickly and started detailing the fraudulent charges. After listing a few, I was told I would be transferred to a specialist to go over them all in more detail. I did have to go over the charges I had already listed again, which was inefficient. Also, the specialist seemed to want to wrap up the call quickly and I kept having to say "wait, there are more charges!". After that call, I was fairly sure that some adjustments would be made to the account but that they would not get them all correct. I waited two days and called again. Again I got right to a representative, and again I had to list a few charges, then get transferred and go over them again. This time, the specialist seemed more on-the-ball and I felt that I had cleared up all the remaining fraudulent charges, as well as one charge which they had reimbursed me for which was NOT fraudulent.It is now a couple days later and all charges reimbursed now appear to be accurately reflected. This was all completed before the statement closing date, so there is no confusion over how much to pay or whether I might get dinged for any interest (I pay in full each month).As a followup, I was asked to complete an online form categorizing each charge in question as fraudulent or not. It was fairly quick and simple.Overall, I would say:- Capital One did a good job in detecting the fraud.- Capital One employees were generally pleasant and reassuring about my not being held responsible for the fraudulent charges.- The process of reporting the charges over the phone was a bit clumsy - needing to repeat things multiple times (and took 2 phone calls to get it right).- Things seem to have been resolved correctly and quickly.-progmtl.
It still amazes me that so little has changed with credit card security since the advent of Diner's Club in 1950. If a thief has a valid name and number, he can use a card. Of course validating the name and number in real time didn't start until a couple of decades ago. Before that the most a merchant could do was validate the luhn checksum of the card's number - which was mainly used to detect transcription errors. (That was one of my first tasks as a programmer in the early '80s working for a small mail order company. That and working up a simple PC-based order-entry system.)All despite legislation that basically makes the fraud the issuer's - or more often the merchant's - responsibility.Of course we all bear the cost of this fraud in higher product costs. But the way things stand today, the credit card industry seems completely unmotivated to do anything more about actually preventing credit card fraud.And just so my response will be on-topic, let me say that I've had similar experiences with Chase. I have two credit cards with Chase. BOTH have been compromised at a time when both had not been used recently. Chase contacted me within hours of the first fraudulent charge. Personally I think it suspicious that the only cards I have had compromised recently were from Chase. And there were two cards from them. And all the fraudulent charges were in the New York area. I also have cards from Bank of America, Citibank and Discover as well. I have held them all for years and they have not been compromised. I'm not saying it's true, but it makes me wonder if Chase or a provider it uses was compromised but they chose not to tell their customers...At least Chase was prompt to take care of the charges and replaced my cards quickly. Still, I feel badly for the merchants that were likely scr*wed ... all so we can keep a system that seems broken to me. (It's broken because there is no real, secure authentication step required before a charge is authorized or processed.)- Joel
Before that the most a merchant could do was validate the luhn checksum of the card's number - which was mainly used to detect transcription errors. And before that the most the companies could do was send out lists of stolen or delinquent cards. They used to have these long lists, and if you offered your card the merchant would look it up in a booklet to see if the card was still valid.Nancy
Windowseat,You wrote, And before that the most the companies could do was send out lists of stolen or delinquent cards. They used to have these long lists, and if you offered your card the merchant would look it up in a booklet to see if the card was still valid.I remember that! Actually I remember seeing the cashier compare the card number against photocopied lists on or next to the register. Pretty ugly scheme. How often could you update it? The thief might get away with the fraud for weeks before the card got flagged. Of course credit wasn't as ubiquitous as it is today, so there were things you just couldn't purchase with it. That might have reduced it as a target for fraud somewhat.- Joel
I've had a few fraud detection situations.The only real one was a Citibank one. I noticed my card was missing from my wallet. When I got home I couldn't find it around my house and so looked online. I noticed a couple charges that weren't mine (I suspect I left it at the supermarket counter and someone else picked it up). Called the company they canceled the card and mailed me a new one. They also sent a paper form that I had to mark what was/wasn't my charges. Other than the pain of having the form notarized it was fairly easy.My only other experiences is with Bank of America. Although I haven't actually been the victim of fraud, I've occasionally had transactions flagged as such (one time I paid for gas at a pump, when I found it was defective I moved to a different one at the same station and tried again). They both call and send me an email about the fraud. I've been able to log into my online account and tell them which are legitimate right away and then begin using my card again. But I suspect that if there had actually been fraud the process might have been more complicated.
I think things are improving, but I think there needs to be more information out there to people about what they can do to monitor their credit cards. I don't know if they aren't aware of the features or just haven't taken the time to set them up. Most people don't use two factor authentication for their bank and credit card logins. This is very highly recommended. They also use the same login for site after site. I've got text alerts set up on my Amex account. A person can customize them to send a text if: the card is not present, a foreign transaction is processed, a large amount is spent (and you set the amount), if someone takes out cash. I also get alerts if the billing address, my password, or anything else irregular is noticed. I have foreign and large amount set up and those alerts come to my phone within seconds of me clicking "process". More then enough time for me to call back and Amex to reverse the charges and let the merchant know to not ship that merchandise.I'd like to get the point where I don't carry cards in a wallet at all and everything is on my phone, but then I would want my phone or the vendor to require something biometric in addition to the card information.Lara Amber
Best Of |
Favorites & Replies |
Start a New Board |
My Fool |