Credit Card Co. notices "unusual charging pattern"

Factual Questions
21

A significant branch of current research (worked on primarily by people in statistics and computer science) is in an area called data mining. Doing a quick search, this set of tutorial slides came up near the top.

Basically, data mining is the study of VERY large databases of information (such as credit card activity for a particular CC company) in an attempt to find statistical relations that might otherwise be hidden in an immense amount of data. Based on your demographic and your history, they can statistically lump you into a category of what you’re expected behavior is. If you are a cab driver, then 12 purchases of gas a day might be the norm, whereas that would be a huge red flag for most of us. Things like sudden overseas purchases and multiple anonymous transactions are obvious things to look at. The harder problem is to tie together a couple of gas purchases with some online gambling, a plane ticket purchase and an electronics purchase. None of those things individually might be enough to trigger a problem, but taken together, if they are outside your normal behavior pattern, could signal trouble.

This is the same sort of statistical theory that is applied by some grocery stores. If you have a card to swipe at checkout to get sale prices, they have a record of what you bought. Statistically, they might know (just as a toy example) that if you are buying a particular brand of diapers and baby formula but NOT graham crackers or shampoo, then your demographic statistically prefers a certain brand of coffee. If you are not currently buying that coffee, they may print out a coupon with your receipt in an attempt to get you to try it. More controversially, data mining techniques have turned up correlations between things like your credit history and your auto insurance claims. AFAIK, some auto insurance companies are now using credit checks to help determine what your premiums should be.

Anyway, its all the same idea. Mangetout is correct: neural nets are technique in the data mining world (but there are many others). Sorry for the detail if you didn’t want it, but it’s a very interesting field.

22

[Credit Card Fraud Analyst Hat ON]

I apologize beforehand for any vagueness. After all, I don’t want to reveal just how my company and others try to prevent fraud.
All credit card banks do have a system that monitors account activity. It’s stated in the cardmember agreement that we will do this.
The easiest way to state it is that people are creatures of habit. They shop at the same stores and for the same amount. Anything out of pattern may flag the security system.

There are several things that can flag the system. It’s no set dollar amount, no set type of sale. A lot of seemingly innocent transactions are indicators of potential fraud. For example, pay at the pump gas stations. It’s the easiest place for a perp to test the account status - just swipe and see what message you get.

LurkMeister, when the restaurant swiped your card, they got a “referral” message - the terminal will tell the cashier to call for authorization. That’s the bank’s way to see who is using the card. Unfortuately, it’s too easy for the cashier to ask for another form of payment.

[Credit Card Fraud Analyst Hat OFF]

23

The first time I got a call was when I tried to purchase a $500 pair of speakers at Sound Advice. The sales associate had to call the C.C. company to get approval and then they wanted to talk to me to verify my identity.

I had no idea that they did this, and was slightly annoyed, actually, until a year later, when I dined at a Mexican restaurant that tried to run my credit card six!! different times after I had left, for the exact same amount of my bill. They and I knew it couldn’t be correct, and the transaction(s) were cancelled.

24

You guys kinda have it wrong.

While it’s nice that a CC company calls you if they think there are weird transactions going on, they are not really trying to protect you - they are saving their own skin. Any CC transaction that does not have your signature can be queried by you, and you can very easily request a “chargeback”.

This is where the issuing bank - the bank that issued you the card - asks the acquiring bank - the bank the merchant uses - to ask the merchant for a copy of the signed chit. If the crook is smart, he only buys stuff where a signature is not required at the point of purchase, such as phone or fax orders, on the Internet, or perhaps this “pay at the pump” thing (not personally familiar with that - do you have to sign if you use a CC?).

If the merchant does not have a signed chit, he is shit out of luck. The bank “charges back” the merchant for the amount, plus a fee for being such a lax merchant(!), removes the charge from your CC account (and maybe issues you a new card). The consumer never, ever looses in a normal (or even abnormal) CC fraud environment.

And that’s great for consumers, hooray.

But spare a thought for the merchant - he’s still down 20 gallons of gas, no one paid for it, AND they have to pay a “fee” (really, a fine), AND their credit rating changes. They get too many chargebacks in a given period, and their merchant service fee (they pay between 1% and 4% on every transaction they run thru the CC system to their acquiring bank) goes up. Or worse, they can have their merchant account pulled entirely. That could be the difference to putting a small biz totally out of business.

So of course, it’s in their best interest to ensure they get a signature from a customer using a CC, but it’s not always possible, let alone practical.

Luckily, MC and Visa have started listening to merchants (especially internet merchants, of which I am one), and have developed two new systems - “verified by visa” and “securecode by mastercard” (check their websites for more info). This is where every card holder has a PIN, and every non-signature transaction made on that card, the PIN has to be entered. Online merchants will have little pop-up applets, so they never see this PIN - it goes straight to the acquiring bank. I am not sure what they have planned for phone and fax orders, but I am sure it’ll be something strong.

This is great, because it takes risk away from the merchant who can ill-afford to bare it in the first place, and puts a tiny risk with each card holder - distribute the risk. If a no-signature transaction is made, and the PIN was supplied, there’s no question. You as a card holder have to pay. Keep your PIN secret, and we’re all happy campers.

abby

25

Then I don’t want a PIN.

26

When I was getting ready to do my last mailing for my dissertation research, I had a $800 charge at Kinko’s (for the printing of surveys) and a $1500 postage charge (for the stamps) at the post office. That got me a phone call form my credit card. Most people don’t spend that much at those places.

And I wasn’t annoyed at all. It was nice to know they monitored that kind of stuff. I’ve had my purse stolen before and it sucks ass.

27

I have no issues with the CC companies, but I wish the merchants were less stupid about these things. When I last moved, I went out and bought a bunch of stuff - a new couch, a chair, a TV And a VCR and some end tables. About $4500 worth of stuff, at three different stores. For the last purchase, the salesdork told me my card had been declined. I knew I wasn’t over my limit (though I was getting sort of close), but I wasn’t in the mood to fight about it, so I just pulled out the other card and paid with that, instead. Then, when I got home, I called the card company to bitch and they said that they hadn’t declined the purchase, they’d sent the code that meant the retailer should do a verification call - connect me and a card company employee to verify my identity. The salesdork apparently didn’t know what that meant, or was too lazy to go through the hassle, so he just told me I’d been declined and asked for alternate payment.

28

Uh-oh. The credit card computer has become self-aware. Paging John Connor…

29

Here’s my twist on the subject:

We own a small business, and because we get “free miles” for using our CitiBank Visa card, we pay all the company’s bills that we can using the CC. Then we just pay the CC company, so there is no interest payments. Typically, we run about $20,000 through the card a month (yes, we have a lot of free miles built up).

Most of the monthly bills to our distributors that accept CC payments are done over the phone.

About every two months or so, we will get a call from the fraud department verifying the card activity. This has sometimes caused a problem. On some occaisions, they have frozen the card (or whatever the correct term is) until they have verified their flagged activity. If we were not home when they called and did not hear our messages until later, all subsequent transactions were denied (until we talked to them). This is a pain in the rear end, as the distributers then have to call us back and we have to tell them to run it again.

While it seems like this is a good thing (to protect us from unauthorized use of our card), the problem is that the CC company is not nearly as “smart” as everyone seems to be giving them credit for.

One of our distributors, for example, is a large multi-national drug company. For some reason, they don’t run through their monthly payment as a single charge, they run through a seperate charge for each invoice that we paid for in that monthly payment. Apparently those multiple charges set off the CC fraud warning red flags. When they call us about it though, to ask if we made those charges, they cannot tell us what company the charges were to, only a generic category (like drug store, or some such thing). They won’t have the actual store information for several days. Not knowing the name of the store, or even the individual amounts (as we only paid attention to the one payment amount, not how it was broken down into invoices) we had a hard time verifying those charges.

After that happened a couple of times, we learned to just verify all the charges and pay attention to the CC statements ourselves to find out if any improper charges were made.

The fifth or sixth or seventh time this happened, we started complaining, as these flagged charges were always made to the same companies month after month after month!

Now that I think of it, I think I complained about this same thing three or four times, and I haven’t heard about another fraud warning in a while. So maybe they have smartened their algorithms up a bit, or maybe they found a way to flag our account to force one of them to actually look at the account before they placed the fraud warning.

Or maybe we’ll get another message next week…

Anyways, based on our multiple experiences with this, it is clearly not ONLY about deviating from your normal pattern.

30

If it’s an overseas merchant, the credit card usually only gets either the merchant name or category, not both.

The reasons these transactions would flag the system are multiple: Multiple transactions by the same merchant (is a cashier running a stolen number?), overseas sales (very high fraud rates) and pharmacy sales (another very high risk. With the ability to buy drugs online you would need a prescription for, that has become a fraud rich area. Steal an account number and buy some rohypnol. Or pick a tourist’s pocket in Mexico and buy Vicodin to sell in the states)

You’d be amazed to know what people will do nowadays.

31

One of my cards was “double-swiped” and duplicated – within four hours of the copy being used, CC security called me. In this case, it was an issue of geography. They wouldn’t tell me where the card had been used, but said that a charge had been run through in a region that had been red flagged due to a ridiculously high fraud rate.

That and the card was a card that I use only for gas and car-related costs. If the bad guys tried to buy a stereo it would be noticeable.

CC security has also called us when we’ve made weird purchases on other cards. Once we planned vacations well-ahead of time, put three tickets to Panama on one card then two tickets to New Mexico – got a phone call in hours because it was an unusual change in card use. Legit, but not common for that particular card.

32

Personally, I’ve had this happen twice – once with a credit card and once with my ATM card.

The credit card one came up when my husband used the card in Brazil. He spent 6 weeks in South America as an advance laison for the ship he was stationed on at the time. He had a government credit card that he used for food, lodging and transportation, but he also used our personal credit card one time to buy me an anniversary gift. It was a fairly sizable charge – I think it was around $800 – to a Brazilian jewelry store. Anyway, I got a call for him from the CC people. I told them he was in Brazil and that relieved them somewhat, and when he called me next I had him call the bank and speak to them in person. No problem (other than that it somewhat spoiled my anniversary surprise!)

The ATM thing could have been a problem, though. My husband spent the last 6 months of his Navy career in San Diego and the kids and I statyed out here in Virginia. When he retired, I flew out to San Diego and we drove home, taking our time and making it into a second honeymoon. We saved the money for the trip and did it on a cash basis, which meant that I was withdrawing the maximum ($400 a day) on my ATM every couple of days. When we got home after a little more than 2 weeks, there was a letter waiting for us from the bank saying that, if I didn’t call by a certain date, my card would be frozen. So, if we hadn’t gotten home before that date, that would have been a hassle – although not an insurmountable one. Anyway, when I spoke to the bank, she recommended that we call before imbarking on extended cross-country vacations funded with our ATM card, just to let them know.

33

Well, sometimes it’s pretty blatant. I got a call once about a $350 charge for online gambling (as if!). That would raise a red flag that could be seen from the moon.

I still don’t know how the number got stolen, but I suspect it may have been the corner grocery store with its ever-revolving lineup of teenage checkers.

34

Yeah, its cool that they do it, but they aren’t doing it for your benefit. They know that the more bogus charges a thief incurs, the more money they’ll likely have to shell out to cover these debts.