Credit Card Fraud is profitable to companies

There is zero incentive for them to stop it.

By Jack E. Lohman

Wisconsin merchants should take note. And consumers too, because credit card companies make money on fraud and you bear the ultimate costs. They pay for it in higher prices as retailer’s costs go up, and it drives more customers to buy online.

None of the new credit card rules address fraud. But card companies don’t care because fraud is charged back to the vendor and the card company gets its profits nonetheless. The company that implements these changes will get my business overnight:

Fix 1

The card companies should send the cardholder an email every time their card is used.

I can handle the 30 or so emails I might generate every month, but if my card is being used by someone else I’ll find out today, not 30 days from today when I look at my bill.

Once their computers are programmed, this is a FREE process!!! But if you don’t like this, opt out or don’t give them your email address.

Fraud is not VISA’s or Mastercard’s problem, it’s the merchants. When I gave these ideas to VISA’s fraud department, all I received in return is a big yawn. How dare I step between them and profits.

Fix 2

They should add a picture to the card …

… and when the card is swiped the computer returns the picture it has on file. If they don’t match there are problems that can be immediately addressed. Yea, the retailer would have to update the swipers, but if he is concerned with fraud he gladly will.

Fix 3

They should delay online shipments …

… until confirmation is received back from the cardholder. I had a $2000 device charged against my card and shipped to a bogus (but valid) address. The following would have prevented that: 

  1. Merchant logs onto card company’s secure site with the suspected card number.
  2. Card company notifies legitimate card holder by email that a transaction is about to be made (even lists the items and vendor).
  3. Card holder clicks on a link that advises card company that the transaction is legitimate, or another that sends it to the fraud investigators.
  4. Card company responds to retailer by email with a positive or negative finding.

All for free and all in seconds. The card company would have to program their computers just once and then everything is automatic. They could fix it, overnight, if they wanted to.

You would think that these product improvements would be embraced by the card companies to attract business. Sorry. VISA told me thanks but no thanks. “Visa’s policy is not to accept unsolicited idea submissions.” Duh!

Tidbits

— Now we have Reps. Jane Harmon (D-CA) and Nancy Pelosi (D-CA), both tied to funny goings-on in passing favors to cash constituencies and Dianne Feinstein’s husband’s business interests. If not charged with corruption these politicians should be fired for outright stupidity.

— Why they continue supporting a system of political corruption that virtually 100% of politicians ultimately are drawn into is puzzling. But our state politicians support it too.

9 Responses to Credit Card Fraud is profitable to companies

  1. Tom Mahoney says:

    Jack,

    You’re correct that all of these could have an impact on fraud reduction but, as you pointed out, it’s all about money. The title of you post might be better if it said that there is a disincentive for them to stop it. The fact of the matter is that, especially in on-line transactions, Visa, MAC, et. al. have a revenue stream in chargeback fees passed on to the merchants and, ultimately, the consumer.

    In fairness, I should point out that the three fixes you mentioned are not quite as easy as they sound. Account information, and therefor verification, comes from the card issuing banks, not the “credit card company.” Visa and MasterCard are merely “associations” comprised of the issuers and acquiring banks. The logistics of integrating the banks into the systems are next to impossible.

    And, of course, the minute the good guys build a 10 foot wall, the bad guys build a 12 foot ladder.

    Tom Mahoney, Director
    Merchant911.org
    Uniting merchants against fraud since 2001

  2. Thanks for the comment, Tom, and you are right that things are never as easy as they sound. But as a former computer programmer I am convinced that a lot more can be done in this area. Fix 1, for example, should be a piece of cake. Fix 3 not as easy, but doable. Hopefully your organization can pressure them to give you the tools necessary to limit fraud.

    Jack

  3. Tom Mahoney says:

    Hopefully we can. There’s certainly strength in numbers. We’re currently at almost 3900 but I don’t know how strong we need to be to make them listen. One thing we do know – they know about us. This is good.

  4. Wilma Kramer says:

    I worked as a computer programmer for VISA at their International HQ in California. What a bunch of dictatorial, non-thinking Executives. I had worked for two other very large corporations like VISA before coming here. The bunch of clowns who run this corporation are the sleaziest of the sleazy. I regularly was required to ‘FIX’ the computers of these mega-maniacs. They were too good for the helpdesk so they had to have their head programmer service them, but here was the catch. I WAS REQUIRED TO FIX WHATEVER WAS WRONG WITH THEIR COMPUTER WITHOUT LAYING MY HANDS ON THE COMPUTER ITSELF. YES THAT IS RIGHT. I WAS NOT ALLOWED TO TOUCH THE COMPUTER BUT I WAS MANDATED TO FIX IT! I left the company shortly after this incident!

  5. Paul says:

    Hi Jack.

    Totally agree that the card companies have stacked the system so that they win at everyone else’s expense. But issuers and consumers also pay the costs, not just merchants.

    Visa’s response to fraud is 3D Secure, which absolves the merchant of liability if they use it. Sounds great on the surface, but in the only country in the world where it is widely deployed (UK), fraud has actually gone up.

    Why? Because with merchants not liable for fraud, many have stopped checking for it and simply put all orders through. The issuers (who were handed the liability without their agreement or any negotiation) are left holding the bag if it passes the 3D Secure check, which a very large number of fraudulent transactions do. But, many of those merchants are now in danger of losing their merchant account for too many chargebacks (whether liable for the cost or not). And, what’s more, huge numbers of consumers simply abandon the shopping cart at checkout when confronted with the 3D Secure pop-up, so online revenues are down. So everyone is hurt except Visa (and Mastercard’s branded version of 3D Secure). Issuers have bigger costs, which they must either mitigate or pass along to merchants in the form of higher fees, merchants lose revenue and pay higher fees and risk losing their account if they don’t keep checking for fraud, and consumers pay higher costs for everything.

    You’ve hit on a very sore spot that few are aware of, but I’m not convinced about your proposed fixes. Here’s why:

    1. Send an email whenever card is used. You don’t use your card very much. It’s not uncommon for me to have several hundred charges a month, many of the them auto-debited to pay various accounts. Where you might get one email a day, I’d get up to 20 some days (lots of business stuff goes through my primary card) — I would either never turn this on, or I’d end up ignoring most the emails cluttering my inbox. If I ignore them, any fraud detection benefit goes away pretty quickly. There are many more people like me who would consider this a nuisance than there are like you who would welcome it, therefore I think it would have limited impact in stopping fraud (and the consumer doesn’t suffer direct losses anyway, so why would they get so actively involved).

    2. Add a picture to the card. Not a bad idea, but over reliance on technical solutions is why we have an increasing fraud problem to begin with. It’s easy to get a card issued on a stolen identity, and if that stolen identity results in a card that has the criminal’s picture on it, I’m not sure how this stops fraud — it actually helps fraud happen because the card wouldn’t get questioned for irregularities if it had the card presenter’s picture on it. The same “free pass” for fraud happens with Chip and PIN technology — if the fraudster figures out a technical work around (as many have done), Chip and PIN becomes a license to print money. The picture idea would work in combination with other things, but not so much on its own.

    3. Delay online shipments. Consumers would not stand for this. One of the biggest benefits of shopping online is getting what you want fast, even (and especially) if it isn’t available locally. If I pay for overnight delivery, I want overnight delivery, and I shouldn’t have to wait when 99 out of 100 transactions are good and only 1 percent bad. If one vendor starting doing this, his competitor would differentiate his service by pointing out that vendor (a) delays their online orders for fraud checks, but we (vendor b) have sophisticated and transparent fraud checking as part of our process and we ship right away. In other words, competition and the free market would prevent this from ever happening.

    In general, I would not agree with any solution to fraud that makes life less convenient and more costly to me as a consumer. You are an exception who appears ready to accept both, but if you want to design a process that will actually work, you need to do exactly the opposite — ease-of-use and more convenience are key to getting consumers to adopt anything that isn’t legislated. I’d be thrilled with a solution that forced the card companies through legislation to do the right thing, but I’m not holding my breath, and there’s a big danger that legislators will get it wrong and the unintended consequences will be greater than the costs that we already have to deal with.

  6. Tom Mahoney says:

    Paul,

    With all due respect, in regard to number 1, I don’t think your (or anyone’s) personal preferences on receiving email are necessarily a valid reason no to try it. I think that just as merchants need to take a multi-pronged approach to fraud prevention, so do card holders. I’d agree that they might not, given their limited liability and in my opinion, that’s a weak link in the system.

  7. Thanks for your feedback, Paul. I’m a consumer and this is your business, though I do believe ther are some options.

    On sending an email, that need only be one email per day and in your case it is a list of transactions. You could of course turn it off, but the option to other users would result in gobs of fraud elimination. I can also point to situations where I’ve been charged recurring monthly fees on a service I thought I had canceled, and this would alert me to those (though so does the paper copy).

    You are right that a stolen identity could result in a falsely issued card, but that will have to be detected another way. But I’ve had my card stolen and used, which it would not have been if my picture were on it.

    On delaying online shipments, I and most others would opt into that, but if it is optional there’s no reason to not do it. We are talking about perhaps a 30 minute delay so I don’t think that would be troublesome.

    And though I may be an exception willing to accept delay, you can make these things optional with perhaps a 1% discount for those who agree to help fight fraud.

    But I’m not an expert on this, though I have been a computer programmer and understand the technology. The emails are virtually free.

  8. Paul says:

    @Tom. You are right — my preferences are not a reason not to try it, but when you design systems, you have to design them around people’s natural behaviors, or they fail. You can’t push water up a hill and expect it to stay there. In any case, I wasn’t trying to suggest that my preferences are universal, simply that they are what they are, and a sizable minority, if not the majority of people are the same way. You correctly point out that lack of consumer liability is a “weakness” in the system, but you must remember that it’s a weakness that is unfixable. If consumers were held liable, credit cards would disappear virtually overnight. Credit cards are about convenience, and if you take away the convenience, you destroy the product. I don’t have any objection to you getting emails, or to anyone else who wants them. But it won’t stop fraud. And the benefit doesn’t go to you, or the merchants, or even the issuer but right back to Mastercard or Visa.

    @moneyed. You are right — if your card was stolen and used, a picture might have helped, but again no guarantees. If the thief used it online, it wouldn’t have made any difference, and even in person, it still depends on the clerk following security protocols and checking the ID — how often do they even look at the signature on your card? I’ll bet not often. My wife’s wallet was stolen, and it had her credit card and driver’s license in it. Within fifteen minutes of being missing, the card was used at Macys to buy several leather jackets. My wife’s name is Christine, but the person using the card was a man. Still, he walked out of Macys with the merchandise. Fortunately, he was stupid, and immediately went down the mall to JC Penney where he tried to buy some luggage and electronics, but the clerk was suspicious not because a man was using a woman’s card, but because he was buying several of the same thing, so the clerk asked to see ID (this is what they told the police). Of course, with a female picture on the driver’s license he said he didn’t have ID with him and walked out.

    So, he left that counter, and went to another store, only this time sent his girlfriend in with the card (and drivers license) to make the purchase. In the third store, they asked to see ID, and the girlfriend produced my wife’s drivers license. At this point, it was finally game over because the thief’s girlfriend was rather heavyset, and my wife has a thin build and face. So they alerted security and apprehended the pair. Surprisingly though, even with a photo on the driver’s license, the clerk didn’t notice that the criminals were black and my wife was white. Detecting fraud, even when the cardholder is present, does require some basic common sense and the ability to see obvious inconsistencies.

    On the other hand, if a thief had a strong stolen identity in their possession, and had managed to get a new card in someone else’s name issued with a photo of himself, this card is virtually unstoppable, except by velocity detection (card used too often in a short period of time), because if the picture matches the user, there is no reason not to accept it. i.e. it actually helps to increase fraud.

    Regarding delaying shipments, many online merchants do this if they are suspicious, or if some red flag is tripped during automated screening. If this happens, they refer the order for manual review, and then they look at other information, may send an email to the consumer asking for more info, or in some cases even place a phone call to verify identity. Generally this most manual and costly of steps is taken only with high risk, high value items such as flat screen TVs. However, calling the customer for more info is also annoying, both because it signals lack of trust and tells the consumer that his order has been deliberately held back

    But the question is, why would you as a consumer opt-in to delaying your shipments? You don’t bear the liability. There have been many instances where I ordered something online days before Christmas, and the only reason I placed the order at all was because the merchant guaranteed delivery of the goods before Christmas. And, if I have the option of overnight shipping, which I’ve paid a lot extra for, there’s no way I’m going to tolerate the order taking even one extra day, let alone 2 or 3 more to ship.

    Regarding offering a discount to those who help fight fraud — it’s conceivable that this might help a little, but fraudsters are pretty smart. They’d register their stolen card info, probably before legitimate consumers. Our customers repeatedly tell us that real consumers make lots of mistakes when entering their data in online forms, but that fraudsters never do — they know exactly what to enter to get away with the crime, and enter it all perfectly.

    Credit card fraud can be reduced, maybe even stopped, but to do so requires a lot of data, much more than any stakeholder on their own possesses, and that means global cross-industry collaboration by merchants, banks, issuers, anti-fraud vendors, law enforcement stakeholders as well as incentives for the consumers to assist by “owning” their reputation and helping to protect it.

  9. Paul, you are giving all the situations where it won’t work, but no cogent reason as to why it shouldn’t be done.

    At least with online purchases the product is shipped to an address, though it may be to a plant (with nobody home). But those addresses are not easy to replace once found out (assuming they are flagged as a potential drop).

    But delayed shipment shouldn’t delay for more than a couple of hours, while email confirmation is obtained. And though I am not responsible for fraud, I’d likely do it for a small discount. But maybe it should be mandated by the feds and don’t give consumers an option.

    That said, I’m not willing to do “nothing.”

%d bloggers like this: