IIRC, in response to a massive porn-authorizing credit card problem back in the 90’s the credit card companies made it very difficult for on-line credit orders. If a company had more than X% reversals of charges in a period, they were hit with a massive penalty. (I.e. You’re making it to easy for the frausters, we want to charge you a huge amount extra).
For teh regular merchant, if the card was present and the signature matched, the CC issuer at the loss (i.e. your high interest rate helped pay for that along with all those bad debts from overspending card holders).
Of course, the trick is to get untraceable money from a fraudulent CC transaction. Buying goods to fence is an obvious one; or useful stuff like gasoline (but the station may have your license plate on camera). The problem is the need to put in a personal appearance - buying one-shot items like meals, so-so. (what if the card is declined?). Obviously, paying your home cable and phone bill with it is a really stupid idea (does not mean it’s not done. One friend was shocked to find a housemate had swiped the neighbour/landlord’s credit card and was ordering pizza with it. Doh! Another time, I saw a dozen police going into my ritzy downtown hotel in Vancouver - they were after a welldressed guy who had apparently spent his way across Canada living the high life on stolen cards. Only a matter of time…). So certain transactions, especially anonymous ones like on-line ordering of expensive stuff, is best.
That’s probably the pattern the companies are looking for. Did a pattern break in such a way that it looks like either the person is trying to check the card, get money quick, or live the high life before getting caught?
My wife recently had her debit/ATM card account “stolen.” That card is never used except as an ATM card so I don’t know how it was done. What did the thief charge? Six months of credit monitoring presumably giving all kinds of personal information.
Either that was a mistake through and through or it was by one of the dumbest credit card thieves imaginable.
Different country so different regs and procedures, but in Spain a CC always has to be from a company that’s set up as a bank. If you get, for example, a “MySupermarket” CC/fidelization card, it has to be issued by the “My Supermarket Bank”. My CCs are from train company Renfe (which I use only to but train tickets) and from two banks with brick and mortar offices.
The banks have a two-step algorithm:
flag “unusual behavior”
have the office to which the CC is assigned verify whether there is an issue.
Since my bank offices know I travel a lot, they don’t usually bother contact me unless they’re getting charges from different, physically-distant locations in a very short time. Brussels airport and a service station in northern France? They didn’t even bother, they just told their central offices “that’s normal for her”. They’ve asked me to warn them if I ever travel to China, in which case they’ll issue me a temporary CC valid only for the length of the trip.
Mrs Iggy and I get this every time our debit card reaches its expiry and is reissued. The bank suddenly flags routine transactions as possible fraud.
Our internet service is a recurring charge. Same amount on same day of month for many years. And yet it is suddenly suspicious when a new debit card is issued? Same for other monthly recurring charges, withdrawals at our usual ATMs, and purchases at our usual supermarket.
Such overactive fraud control makes me lose confidence in my ability to use my card to pay for routine purchases. The first time I can’t pay for a cart full of groceries is mildly embarrassing. After three times I simply will not go to the supermarket if I don’t have the cash in my pocket because I have no idea if my card will be randomly declined.
Then add the fun of the bank deciding to cancel the card because of too many “suspicious” transactions. Reissue the cards and start all over again. And guess who has to pay the FedEx fee to get the cards sent overseas?
When I got my first credit card, I used it very seldom. Never more than $20-50 a month. Then one day I spent $250 on a new video game system. Before I even left the store, I got a call from my card company asking if I had really made the purchase. They detected it because it violated the pattern I had established.
One time someone sent me a debit card. I opened it up and called the number to activate it. The very first time I attempted to make a purchase, they told me the card was declined. It turns out someone had tried to steal my card number before I even got the chance to use it. Not cool.
I have friends who have been burned by this. In addition, in the western US, Chevron gas stations exert special measures to protect themselves: if they see you use the same credit card for a string of small fuel purchases at Chevron stations, at some point they’ll make you come inside and physically hand your card to the clerk. IOW, you can still use the card, it’s just a bit more of a pain in the ass.
Last month I went out of town – my husband and I drove from Ohio to Virginia, where I made a fairly large purchase on my Visa that most people might think was unusual.
I bought a tuba. OK? I bought a tuba.
Not a peep from Bank of America. But two weeks later I got an email and phone call telling me my card had been frozen because of “unusual activity,” and that I should call. So I called, and they asked me if I’d ordered $500 in business supplies from a place in Seattle. No, I did not. They removed the charge, cancelled my card, and sent me a new one.
I had to ask. What was it about my first charge did not draw their attention? What was it about the second charge that did? And they could not answer. As it happened, of course, the first charge was legitimate and the second was not, but I didn’t see how they could have known that.
Then I figured it out – I paid for the Virginia hotel on my Visa. They knew I was in Virginia!
Maybe as you say - they had a trail.
Also - IIRC the card purchase registers whether it was swiped, typed in, or over the internet (i.e. card not present).
Perhaps another flag is buying “office supplies” a long way from home. That sort of thing would be bought locally, you’d assume.
Or “office supplies” may be a code for easily resold computer equipment, a popular way to convert a credit card number to cash.
Actually, it’s relatively easy to build predictive models against credit card fraud. Consumers typically report charges they didn’t make, so the credit card company ends up with a pretty good data set of what is and is not fraud. At least compared to some other types of fraud where you don’t always know when fraud is taking place.
I suspect they don’t look at the individual purchasing patterns of hundreds of thousands of customers with unique models. More likely they look at stuff like types and sizes of transactions or spending patterns that indicate fraud. ie buying $900 of office supplies in another state or a sudden rash of big ticket purchases in a short period of time could indicate someone with a stolen card trying to cash in as much as possible before the owner finds out and cancels it.
I usually do this when I travel out of the country and getting my card turned back on would result in an expensive international call.
Apparently, by having a strange charge show up shortly after the card was used in one’s hometown.
SWMBO got a call a couple of years ago. Chase Security asked her if she was in New York. She said no. They said we didn’t think so but we needed to confirm it. And you’re probably not a six foot two black male with a shaved head, either. Dude was busted, charges were cleared off and she had a new card within a week.
I saw an article on skimmers recently. They are now using 3-D printing to build ver realistic-looking feeder slots that stick onto the ATM, and pinhole spy cam to note the PIN typed in. The slot has the swoops and curves that make it look “not home-made”. Some even have their own LED’s or light-pipe plastic so it looks like the flashing lights around the original slot if the bank uses that trick.
Would the CC company know that the ticket was to Seattle? I thought they would just see a charge for $XXX from Airline Ticket Company Inc, not details of the purchase itself?
Correct. I worked for a cash register software company, and I personally helped develop a module that handles credit card tenders. The information sent from the register to the card processing company (essentially, a sort of clearinghouse) consists of the card number, expiration date, and amount, and of course the merchant number. (ETA: This is sent securely, so there is additional authentication information coded with it too.)
There is also an indicator whether the card number was read by swiping the card through the reader, or hand-entered by the cashier. Hand-entered card numbers are considered riskier, and thus the merchant pays a higher fee for those than for swiped cards. If you look closely at your credit card receipt, you may see “SWIPED” or “MANUAL” or similar printed on it (or possibly a single-letter code like S for swiped or M for manual).
The information on the magnetic stripe on the back of the card contains much more than that, and the pin-pad where you swipe your card reads all this, and the register can see all this (the better to print your receipt with all that information).
The information returned from the processor to the register is a simple “Accepted / Declined” code and little more.
For most travel-industry related purchases, the major credit card providers collect a far greater level of detail than for your purchase at a grocery store.
It used to be called “club billing.” It was named for Diners Club. Diners Club and later American Express, back when charge slips were filled out by hand and mailed to a processing center, used to include actual copies of your charge slips with your monthly statement. (Just like banks used to send you back your canceled checks.) This was an important feature for business travelers who needed receipts. In the case of airline tickets, this would be an actual carbon copy of your ticket. Later on, they moved to providing a photocopy of your charge slip.
Visa and Mastercard wanted to take a piece of the business travel market that almost exclusively belonged to DC and AX. So they began penalizing travel industry providers who did not do club billing.
Time has passed, nobody does paper charge slips (or paper tickets) any more. Electronic analogs have been developed. Visa calls theirs “Visa Enhanced Data.” Basically to get the lowest rates, travel industry providers have to send what is called “Level III” data which includes elements such as ticket number, fare class, destination, traveler name, etc. You can see all of the Visa Level III data requirements for the different travel industries here.
Every credit card statement I receive always includes the details of my itinerary.