Doing better at dealing with credit card fraud
For a little while I’ve been experiencing lousy service from my credit card providers, and judging by what I hear from others I’m far from alone on this. The level of false positives from card company fraud detection systems has reached a point where it’s creating a bad customer experience, and it often seems that ‘common sense’ has been thrown out the window.
A personal example
I recently went on a family holiday to the US. Within hours of arriving my card was blocked and I found myself having to call the fraud department.
What should have happened
I booked my airline tickets using the card. It shows clearly on my statement that one of the tickets was in my name, and the destination of the flight. It should therefore have been no surprise when I showed up in Tampa on the appointed day and started spending money. The key point here is that the card company had very specific data about my future movements.
What actually happened
I picked up my hire car in Tampa (card transaction for future fuelling fees etc.) and headed off towards my ultimate destination of Kissimmee. On nearing my destination I needed to fill up with fuel , so I stopped at a 7-11 to gas up. I tried to pay at the pump , but this failed, so I went into the store to pre authorise a tank full of fuel. My card was declined and I had to use another. When I checked my email shortly afterwards there was a fraud alert, and when I switched on my UK mobile it immediately got a text saying the same . I called the fraud line (and got through straight away, as it was early in the UK morning), and explained that the (attempted) transactions were genuine, and that I would remain in the US for another couple of weeks. The card was unblocked and I continued spending… for a while at least.
What happened next
Two weeks later, another gas station, another transaction that I had to use another card for, another text asking me to call the fraud department. This time it took almost 9 minutes to get through, as it was Easter Saturday and still the middle of the shopping afternoon back at home. I was pretty angry – at the wait, and because it had happened again within the time that I’d specified I’d be using the card in the US. There were apparently three suspicious transactions, with the last one causing my card to be blocked:
- Buying gas at the same 7-11 that had caused the problems last time.
- Some groceries from Super Target .
- Another attempt to buy gas (at a place on the road back to Tampa).
What’s going on here?
I necessarily need to speculate here a little, as the card company can’t/won’t explain how its fraud detection algorithms work. It’s a classic case of ‘computer says no‘. Likely there are a bunch of heuristics about transaction types that are more likely to be fraudulent. My guess would be that convenience stores rank as pretty high risk, and the problem in my case is that it’s almost impossible to buy gas at anywhere that isn’t also a convenience store. Somewhere else somebody has done a cold analysis of the cost of dealing with false positives (which mainly falls on me the customer) versus the costs of fraud. There is no doubt a lot of analysis going on here.
So data and analysis are at the heart of this, but is it the right data leading to the right analysis? I think not. As a customer I think the experience is lousy precisely because things that seem obvious to me are being apparently ignored by the card company:
- Location – if I’m buying airline tickets with my card then the card company knows in advance where I should be. These data points should take precedence over heuristics about ‘normal’ spending locations.
- Inference – if I rent a car for 2 weeks then I’m pretty likely to buy some gas to go in it.
- Explicit overrides – if I tell the company where I’m going to be, and what I’m likely to be spending on then the fraud pattern matching should adjust to suit.
 In fact the fraud bells should have started ringing if I started making in person transactions somewhere other than Tampa.
 Why the car wasn’t supplied full like I’d paid for is another story.
 The pumps always ask for a zip code, which is likely where the problems begin for anybody outside of the US. Perhaps the card companies should allow users to register fake ZIP codes for such purposes (I always input the ZIP for an office where I used to work – which is generally OK for buying MTA cards in New York, and a variety of goods that are delivered online).
 Luckily for me it seems that I wasn’t charged some extortionate roaming rate for receiving that text.
 Why that transation was flagged an the other 4-5 times I bought there weren’t is a total mystery.
 Presumably in the belief of security by obscurity – if the bad guys don’t know how the system works then they can’t engineer around it.
 Possibly some big data type tools have been used behind the scenes here.
 For bonus points the companies should provide an easy way for me to notify travel plans for when I’m buying tickets with another card e.g. my TripIt feed has all of this data. There’s a huge opportunity here for companies to become ‘friends’ in social networks that brings utility beyond just better targeting of ads.
Filed under: could_do_better, grumble, travel | 1 Comment
Tags: algorithm, analytics, big data, card, convenience, customer, customer experience, customer service, data, fraud, gas, social, travel
Raspberry Pi Downloads
- Making an image file from an SD card on Windows
- Forwarding DNS queries to AWS VPC resolvers
- Asus Tinker Board - First Impressions
- Howto stunnel from HTTPS to HTTPS
- Goodbye CSC, Hello DXC Technology
- Raspberry Pi GPIO Joystick
- Three doesn't feel at home on 4G networks
- Apache 2.2 on Ubuntu 14.04
- AirPlay on Raspberry Pi the easy way
- Self Encrypting Drives
The Politics of Data… on The Politics of Data Hello DXC – Ne… on Goodbye CSC, Hello DXC Te… kevinphilp on Goodbye CSC, Hello DXC Te… Lisa Braun on A day in the life of a CT… Steve Williams on Asus Tinker Board – Firs…
- Tinker Board | Single-board Computer | ASUS United Kingdom
- How just 639 people could have stopped a Tory election majority
- Nuh-uh, Google, you WILL hand over emails stored on foreign servers, says US judge
- Corbynism or barbarism, part II
- Opinion: Big banks will fall because they keep hiring people
- A Mind Is Born
- I2C Master
- Tensor Processing Unit
- Language is training artificial intelligence to replicate human bias
- SSH Port
- Love it that I can get a whole 660ml bomber into my @monkigras Homebrew Edition glass https://t.co/maThmAX1bq 8 hours ago
- RT @CarolineLucas: Sacrificing our economy at the altar of ending freedom of movement. I don't say this lightly, but that's exactly what th… 9 hours ago
- @alexgalbraith of course not - it was a beater test 🥁 Tim here all week, tip generously. 11 hours ago
- RT @CraigMurrayOrg: I think this is a good moment to ask people to look back at this on how scarily authoritarian May's Britain is https://… 12 hours ago
- @ianmiell Is that the same way as `scp` arguments? Is that the same way as `ln -s` arguments? Are they all the same… twitter.com/i/web/status/8… 14 hours ago