Two Credit Card Fraud Questions

General Questions
#1

It seems like it would be fairly easy for someone who worked in retail to copy credit card numbers down, go home, and starting buying things online and shipping them to friends who are always on the move.

Eventually either the credit card company or rightful card owner will notice an in appropriate charge, but by then the transaction may have already happened and the person receiving the merchandise is long gone.

I believe the legitimate card owner is protected from any fraudulent charges over $50.

So that leaves me with two questions:

  1. Why does the innocent party have to pay the first $50? What is that suppose to discourage?

  2. How often do they catch these guys and send them to jail? I doubt our local sheriff is running around looking for someone who fraudulently charged $25 on a stolen credit card.

#2

Has “Chip & Pin” not made it to the US yet?

to 1) I presume, it has something to do with your contract and maybe they want you to be more careful/vigilant yourself. In Ireland there is no “first 50 rule” on credit cards (as far as I know)

to 2) very seldom and even if they do - it takes a long time to catch them. However, the shop clerk that copied your card is in deep shit, if he gets caught.

#3

No cites, but I’m pretty sure while banks up here (Canada) can nail you for the first $50 I seem to recall reading that they typically don’t.

As to why they might, one possible reason I can think of is to encourage card holders to be careful without either causing significant impact to the customer if a fraud happens or the bank needing to investigate every fraud to see if the card holder was at fault.

#4

Chip and pin doesn’t really help with online fraud. In places with chip and pin, fraud has substantially shifted to “card not present”.

#5

Credit card companies will also waive the $50 for online fraud. Generally, if there are charges that don’t fit your regular patterns, they will contact you about it. You can then say the cards are fraudulent and they’ll be taken off your record. I’ve had the same thing happen when I noticed charges that I didn’t remember making when I check my bill (you do check your bill each month?). I called the credit card and disputed the charge; they’ve usually removed them (the only exception was when a restaurant took a year to list a charge; I had made it, but so long ago I hadn’t remembered).

I also have one card I use exclusively for online purchases. Any online purchase that shows up on another card is going to be a red flag, and if I see suspicious activity, I can cancel the card and still have something for my everyday charges.

#6

Is it the credit card that flags purchases shipped to addresses that are not your own, or just the online retailers (I recall this coming up for me once when I ordered something for delivery to my work, but I can’t remember whether it was Chase or Amazon I had to talk to to get it cleared up)?

Either way, a sudden spate of purchases shipped to strange addresses is going to get flagged by someone.

#7

It is rarer than hen’s teeth here. A few banks will issue one special line of cards with Chip & PIN on request. Most of the time, however, you will get a Chip & Signature card if you ask for C&P. True C&P is very hard to get.

This also presents problems for travelers. If a US resident goes abroad they can’t use unattended train station machines or gas pumps. If a foreign resident shows up in the US with a card that doesn’t have a magnetic stripe, they will be similarly inconvenienced. Even at the few large retailers who have installed C&P readers, the clerks likely won’t know about them.

The card associations have set various deadlines for the US to convert, but everyone is dragging their feet.

#8

Congress passed a law a long, long time ago that under certain conditions, the holder of the credit card cannot be held liable for more than $50 in fraud. The law requires the credit card issuers to notify the card holders of this fact. In practice, card holders are seldom held liable for any amount, not even the $50 that is allowed by law.

#9

By “Chip & Signature” do you mean a card that includes a chip, mag stripe, AND signature area on the back? That’s what we have up here. The chip and its associated PIN are used in preference to the stripe, but if for some reason a chip reader is not available then the stripe and signature are used.

#10

The downside of chip-and-pin is that the banks take the stance that if money is taken from your account using your PIN - it must be your fault and you are liable.

From a TV documentary I learned that criminal gangs, mostly from Eastern Europe, are skilled at stealing cards from American Tourists. Once they have the card, they can extract information from the magnetic stripe and draw cash from the cardholder’s account. Who is the loser in that event?

Oh - they also fit tiny cameras in the ATMs to ‘see’ the PIN.

#11

For the U.S. it looks like it’s just a matter of time before we have P&C cards. Target security breach accelerates adoption of chip-and-pin cards.

I wasn’t aware that VISA and MasterCard had set a deadline of Oct 2015 to convert to pin and chip although it seems like that is more of a “goal”.

#12

Somebody fight some ignorance here.

For us uninformed Merkins who haven’t seen these wondrous Fish & Chips cards, can someone give a brief tl;dr-style overview of how they work?

I also have a notion that there’s some general level of reluctance in America to adopt new-fangled information-processing technology, due to generalized fears about “surveillance” and “information gathering”.

I gather that the “chip” isn’t the same thing as an RFID chip, which many cards already have here. Is it? I wonder if lots of Merkins think, like me, whenever they hear “chip in a card” they think RFID. If so, there might be some backlash against it, because of all those stories we’ve read about how identity thieves can read all our RFID data from a distance, just by walking by with a reader device.

Add to that all the stories about NSA, FBI, CIA, banks, insurance companies, web sites, etc., collecting ever-more information about us, and I imagine that there’s some significant ambient level of general-purpose paranoia in the air about adding one more chip to track our every waking breath.

#13

Instead of swiping the magnetic stripe, you plug the card in and the terminal reads from a chip. And instead of signing, you enter a PIN. Since the chip is far harder to duplicate than a magnetic stripe, the bank has a much higher confidence that a C&P transaction is legit.

Some terminals allow contactless transactions for low value purchases, where you just hold the card up to a reader for a second or two. Usually there’s no PIN required for those - just like some retailers won’t ask for a signature for low value purchases.

#14

Near one end of the card is a round set of copper contacts. Stick your card in a slot at one end of the reader (at least in Canada the reader typically has a slot at the bottom for chipped cards as well as one along the side for non chipped ones). Reader will warn you what you are being charged and ask you for your PIN. Wait until it tells you (hopefully) that the charge was accepted and take your card out.

Just to make life interesting there is a THIRD way to charge purchases. Assuming you are at a store that allows it, your purchases are under a relatively small limit, and your card has that feature, you can just tap the card against the reader without sticking it in and without being prompted for a PIN. I forget what that is officially called, but that has a security concern that it is possible to read somebody’s card info from a (short) distance without the victim realizing, if you have the appropriate equipment.

ETA Looks like I got ninja’d, but since I spent a few minutes typing my reply, I’ll leave it anyway. :slight_smile:

#15

This has not been the case since 2009 in the UK. I believe most other countries have adopted similar positions - basically, you are assumed not to be at fault unless the bank can prove otherwise.

#16

No one had their credit cards actually stolen under the Target account breach. No one has to pay anything. Too bad the media failed to report that. No so with debit cards.

#17

Visa and MasterCard have already started offering those chip cards over here.

I’ve always heard about the $50 rule, but at least once over hear I reported an unauthorized charge of about $5 on my statement and did not have to pay it. It was two years ago. We were paying for and reserving a lot of stuff online for our East Coast USA trip, and my guess is it was related to that. Someone may have made a small purchase to see if I would notice, then if I hadn’t, they would have made a more serious one. It was for some sort of comic cursor for use onscreen, and there was no way I would have ordered something like that. The local Citibank branch didn’t make me pay it, then investigated and verified a month or two later that it was fraud and told me not to worry about it.

#18

Right. Retailers indeed want chip and PIN cards. We are in the process of adopting PIN and signature cards, which are much worse because basically nobody checks the signature. We are doing this because of our ass-backwards financial overlords.

The law was passed in the 1970s. It presumably addresses moral hazard. Note that debit cards have much weaker protections. They were introduced after consumers lost a chunk of political power in congress. I don’t own a debit card, incidentally.