For a little while I’ve been experiencing lousy service from my credit card providers, and judging by what I hear from others I’m far from alone on this. The level of false positives from card company fraud detection systems has reached a point where it’s creating a bad customer experience, and it often seems that ‘common sense’ has been thrown out the window.

A personal example

I recently went on a family holiday to the US. Within hours of arriving my card was blocked and I found myself having to call the fraud department.

What should have happened

I booked my airline tickets using the card. It shows clearly on my statement that one of the tickets was in my name, and the destination of the flight. It should therefore have been no surprise when I showed up in Tampa on the appointed day and started spending money[1]. The key point here is that the card company had very specific data about my future movements.

What actually happened

I picked up my hire car in Tampa (card transaction for future fuelling fees etc.) and headed off towards my ultimate destination of Kissimmee. On nearing my destination I needed to fill up with fuel [2], so I stopped at a 7-11 to gas up. I tried to pay at the pump [3], but this failed, so I went into the store to pre authorise a tank full of fuel. My card was declined and I had to use another. When I checked my email shortly afterwards there was a fraud alert, and when I switched on my UK mobile it immediately got a text saying the same [4]. I called the fraud line (and got through straight away, as it was early in the UK morning), and explained that the (attempted) transactions were genuine, and that I would remain in the US for another couple of weeks. The card was unblocked and I continued spending… for a while at least.

What happened next

Two weeks later, another gas station, another transaction that I had to use another card for, another text asking me to call the fraud department. This time it took almost 9 minutes to get through, as it was Easter Saturday and still the middle of the shopping afternoon back at home. I was pretty angry – at the wait, and because it had happened again within the time that I’d specified I’d be using the card in the US. There were apparently three suspicious transactions, with the last one causing my card to be blocked:

1. Buying gas at the same 7-11 that had caused the problems last time.
2. Some groceries from Super Target [5].
3. Another attempt to buy gas (at a place on the road back to Tampa).

What’s going on here?

I necessarily need to speculate here a little, as the card company can’t/won’t explain how its fraud detection algorithms work[6]. It’s a classic case of ‘computer says no‘. Likely there are a bunch of heuristics about transaction types that are more likely to be fraudulent[7]. My guess would be that convenience stores rank as pretty high risk, and the problem in my case is that it’s almost impossible to buy gas at anywhere that isn’t also a convenience store. Somewhere else somebody has done a cold analysis of the cost of dealing with false positives (which mainly falls on me the customer) versus the costs of fraud. There is no doubt a lot of analysis going on here.

Doing better

So data and analysis are at the heart of this, but is it the right data leading to the right analysis? I think not. As a customer I think the experience is lousy precisely because things that seem obvious to me are being apparently ignored by the card company:

• Location – if I’m buying airline tickets with my card then the card company knows in advance where I should be. These data points should take precedence over heuristics about ‘normal’ spending locations.[8]
• Inference – if I rent a car for 2 weeks then I’m pretty likely to buy some gas to go in it.
• Explicit overrides  – if I tell the company where I’m going to be, and what I’m likely to be spending on then the fraud pattern matching should adjust to suit.

Conclusion

[1] In fact the fraud bells should have started ringing if I started making in person transactions somewhere other than Tampa.
[2] Why the car wasn’t supplied full like I’d paid for is another story.
[3] The pumps always ask for a zip code, which is likely where the problems begin for anybody outside of the US. Perhaps the card companies should allow users to register fake ZIP codes for such purposes (I always input the ZIP for an office where I used to work – which is generally OK for buying MTA cards in New York, and a variety of goods that are delivered online).
[4] Luckily for me it seems that I wasn’t charged some extortionate roaming rate for receiving that text.
[5] Why that transation was flagged an the other 4-5 times I bought there weren’t is a total mystery.
[6] Presumably in the belief of security by obscurity – if the bad guys don’t know how the system works then they can’t engineer around it.
[7] Possibly some big data type tools have been used behind the scenes here.
[8] For bonus points the companies should provide an easy way for me to notify travel plans for when I’m buying tickets with another card e.g. my TripIt feed has all of this data. There’s a huge opportunity here for companies to become ‘friends’ in social networks that brings utility beyond just better targeting of ads.