Doing better at dealing with credit card fraud
For a little while I’ve been experiencing lousy service from my credit card providers, and judging by what I hear from others I’m far from alone on this. The level of false positives from card company fraud detection systems has reached a point where it’s creating a bad customer experience, and it often seems that ‘common sense’ has been thrown out the window.
A personal example
I recently went on a family holiday to the US. Within hours of arriving my card was blocked and I found myself having to call the fraud department.
What should have happened
I booked my airline tickets using the card. It shows clearly on my statement that one of the tickets was in my name, and the destination of the flight. It should therefore have been no surprise when I showed up in Tampa on the appointed day and started spending money. The key point here is that the card company had very specific data about my future movements.
What actually happened
I picked up my hire car in Tampa (card transaction for future fuelling fees etc.) and headed off towards my ultimate destination of Kissimmee. On nearing my destination I needed to fill up with fuel , so I stopped at a 7-11 to gas up. I tried to pay at the pump , but this failed, so I went into the store to pre authorise a tank full of fuel. My card was declined and I had to use another. When I checked my email shortly afterwards there was a fraud alert, and when I switched on my UK mobile it immediately got a text saying the same . I called the fraud line (and got through straight away, as it was early in the UK morning), and explained that the (attempted) transactions were genuine, and that I would remain in the US for another couple of weeks. The card was unblocked and I continued spending… for a while at least.
What happened next
Two weeks later, another gas station, another transaction that I had to use another card for, another text asking me to call the fraud department. This time it took almost 9 minutes to get through, as it was Easter Saturday and still the middle of the shopping afternoon back at home. I was pretty angry – at the wait, and because it had happened again within the time that I’d specified I’d be using the card in the US. There were apparently three suspicious transactions, with the last one causing my card to be blocked:
- Buying gas at the same 7-11 that had caused the problems last time.
- Some groceries from Super Target .
- Another attempt to buy gas (at a place on the road back to Tampa).
What’s going on here?
I necessarily need to speculate here a little, as the card company can’t/won’t explain how its fraud detection algorithms work. It’s a classic case of ‘computer says no‘. Likely there are a bunch of heuristics about transaction types that are more likely to be fraudulent. My guess would be that convenience stores rank as pretty high risk, and the problem in my case is that it’s almost impossible to buy gas at anywhere that isn’t also a convenience store. Somewhere else somebody has done a cold analysis of the cost of dealing with false positives (which mainly falls on me the customer) versus the costs of fraud. There is no doubt a lot of analysis going on here.
So data and analysis are at the heart of this, but is it the right data leading to the right analysis? I think not. As a customer I think the experience is lousy precisely because things that seem obvious to me are being apparently ignored by the card company:
- Location – if I’m buying airline tickets with my card then the card company knows in advance where I should be. These data points should take precedence over heuristics about ‘normal’ spending locations.
- Inference – if I rent a car for 2 weeks then I’m pretty likely to buy some gas to go in it.
- Explicit overrides – if I tell the company where I’m going to be, and what I’m likely to be spending on then the fraud pattern matching should adjust to suit.
 In fact the fraud bells should have started ringing if I started making in person transactions somewhere other than Tampa.
 Why the car wasn’t supplied full like I’d paid for is another story.
 The pumps always ask for a zip code, which is likely where the problems begin for anybody outside of the US. Perhaps the card companies should allow users to register fake ZIP codes for such purposes (I always input the ZIP for an office where I used to work – which is generally OK for buying MTA cards in New York, and a variety of goods that are delivered online).
 Luckily for me it seems that I wasn’t charged some extortionate roaming rate for receiving that text.
 Why that transation was flagged an the other 4-5 times I bought there weren’t is a total mystery.
 Presumably in the belief of security by obscurity – if the bad guys don’t know how the system works then they can’t engineer around it.
 Possibly some big data type tools have been used behind the scenes here.
 For bonus points the companies should provide an easy way for me to notify travel plans for when I’m buying tickets with another card e.g. my TripIt feed has all of this data. There’s a huge opportunity here for companies to become ‘friends’ in social networks that brings utility beyond just better targeting of ads.
Filed under: could_do_better, grumble, travel | 1 Comment
Tags: algorithm, analytics, big data, card, convenience, customer, customer experience, customer service, data, fraud, gas, social, travel
Raspberry Pi Downloads
- Making an image file from an SD card on Windows
- Asus Tinker Board - First Impressions
- Raspberry Pi GPIO Joystick
- Forwarding DNS queries to AWS VPC resolvers
- Howto stunnel from HTTPS to HTTPS
- Howto - Factory Reset iLO 4 on HP Microserver Gen8
- Using Overlay file system with Docker on Ubuntu
- Apache 2.2 on Ubuntu 14.04
- Three doesn't feel at home on 4G networks
Lisa Braun on A day in the life of a CT… Steve Williams on Asus Tinker Board – Firs… Chris Swan on Asus Tinker Board – Firs… KillerDAN on Asus Tinker Board – Firs… GARETH HAY on Asus Tinker Board – Firs…
- Navy Builds Ramjet Missile with Model Rocket Engines and a Credit Card
- This Article Won’t Change Your Mind
- A Patent Case That Affects Everyone
- Unspeakable Realities Block Universal Health Coverage In America
- Finding the Region for an AWS Resource ID
- How Many Inventors Does It Take To Invent A Light Bulb
- What every programmer should know about solid-state drives
- The Last AC-3 Patent Expired on March 20, 2017
- How to pick a Microcontroller (for Beginners)
- The productivity paradox
- RT @vAntMet: Cells? Fail often; fail cheap? @swardley, you been playing with rockets? popularmechanics.com/military/resea… 13 hours ago
- RT @RafalHollins: Three books I highly recommend to anyone who thinks seriously about #DevOps @RealGeneKim @jezhumble @botchagalupe @patric… 13 hours ago
- RT @fintanr: Love this lkml.wtf - new weekly round up of the Linux Kernel mailing list, with sarcasm, from @jessfraz :). 20 hours ago
- Very meta quote, as one of the areas of contention is evolution twitter.com/noUpside/statu… 20 hours ago
- RT @pnhoward: you may no longer own anything (after this decision on printer cartridges is made by the Supreme Court) https://t.co/5KyMyiE5… 21 hours ago