I’ve just received this email [redacted by me]:
Weird. I’ve never heard of a blanket restriction like this. (Not that it affects me, as I don’t use that card at all.)
Doesn’t it seem kind of counterproductive to tell people they can just break up their transactions into multiple increments of 200$ or less?
I think they’re assuming that the fraudsters won’t know about the option, while legitimate users will.
I’d sooner assume the email is a phishing effort. … Card doesn’t work? Call our 800 number & tell our criminals all your account details so we can “fix” it.
Either that or it’s just a prank trying to launch a UL.
If I was the OP, I’d connect to Visa’s site (not using a URL found in the email) to see if they have any thing to either back up or debunk the email.
Especially since many POS systems are set up to prevent exactly that.
I disagree. The email is from my credit union. The 800-number is the actual toll-free number to it. Googling the 888-number only returns three websites, but two of them are .org credit unions and one is a .com credit union. The format of the email and my name are correct. The link in the email (the ‘here’ in ‘To view this email as a web page, go here’) is correct.
But as I said, I don’t use this card. It’s my ‘last ditch, emergency’ card and I haven’t used it since I got my REI and airline miles cards.
Well, it is true that they wouldn’t have received the notice about it, but if they might think of it on their own, anyway.
How good is a phising scam if it only gives the criminals declined credit card numbers? 
You’d be better off just dialing phone numbers in the white pages and claiming to be from the cred card company and hope you get a confused old person.
Most merchant agreements expressly forbid breaking transactions into smaller amount to get approvals. That this would be suggested in writing is VERY unusual. I would be interested to know if any of the mentioned merchants received anything from Visa. I don’t see anything out on the Visa Merchant site about increased fraud or transaction limits but I only looked quickly. If I do find anything, I’ll post again.
They should let their cardholders preemptively authorize their cards for >$200 sales, perhaps on day-by-day basis. I’d be pissed if I wanted to purchase a cheap laptop or flatscreen at Wal-Mart for Christmas, as that’s hardly the type of purchase that can be broken into sub-$200 transactions, and delaying a line of fellow customers when my card is declined and I have to call the card company up, authorize the purchase, then re-ring everything is a bit much.
Around here, gas stations with pay-at-pump card readers all have prominent corporate-provided signage that tell users to break their large fuel purchases into smaller transactions when paying by card (between $50 to $100 depending on card brand) for the same reason-- card companies are denying large purchases at gas pumps due to fraud. If telling folks to break apart transactions is against merchant agreements, then a number of petrochemical conglomerates are in violation…
Sorry, I should have been more clear. Once a card is declined, going back and getting smaller auths is against merchant agreements. If you go out for $100.00 and then another, as long as there is no decline message, you are in compliance and have no risk of losing the transaction in a dispute.
If I were a cashier or manager at Trader Joe’s and didn’t see the letter mentioned above and someone came to me and said they wanted to pay with credit card X and wanted one auth for $200.00 and a second auth to cover the balance, I would think fraud and probably ask for a different form of payment. It’s just far enough outside the norm to raise a doubt.
A couple things here. First, I’s say this isn’t a “blanket” restriction… it applies only to certain specified vendors.
Second, it seems like Visa has identified vendors with very high rates of fraud, and put them on some kind of watch list. I’d be real suspicious that these vendors have security issues and perhaps can’t be trusted to leep my CC number secure. I would be especially concerned that employees at these vendors are retaining the numbers and using or selling them.
Lastly, I’m concerned that Visa doesn’t cancel its contract with these vendors, who seemingly can’t be trusted not to abuse your CC number.
Ahh, gotcha.
Having worked as a cashier in a few retail situations, I’d probably not blink an eye at a customer wanting to split their transactions up even without knowing of the suggestion by the bank. It’s pretty common for people to buy things in one trip for two purposes (personal and work use, personal and charitable use, or getting stuff for one’s self and a neighbor), and they need separate transactions for reimbursment.
I don’t think it’s a Visa thing. I think this is a move on the part of some credit unions who issue Visa cards.
My presumption upon reading the email is that people who steal credit cards (the actual cards, not just the numbers) tend to shop at the stores enumerated. (Though Trader Joe’s surprises me.)
I assure you, declines are not industry specific.
When it comes to protecting your credit card information, merchants are required by CISP to maintain certain levels of security. If your information is compromised, the merchant is required to inform you. If Visa finds, during investigation after a security compromise, that you are not CISP compliant, you can be fined up to $500,000 and lose the right to accept Visa. Merchants don’t want this to happen. That’s why you don’t see full credit card numbers on credit card receipts anymore. Merchants have done other things as well to ensure your information is secure.
That’s why the info in the letter above is so odd. Generally you would get a letter from a merchant saying your card had been compromised and you should get a new card to ensure your safety. I can only imagine the card issuing bank has seen some fraud patterns locally and is trying to mitigate it. That’s why there’s nothing on the Visa website about the above mentioned vendors.
Hi Jane, long time no chat!
I’m not sure if your first comment was directed at me, but no where did I suggest anything about “industry specific”.
My WAG is that Visa isn’t holding these vendors to the letter of their contracts – that they do so much business that Visa doesn’t want to lose that revenue, so they don’t cancel the contracts outright. Instead they’ve created some new rules meant to lower the risk to consumers, while not killing some of their golden egg vendors.
As a consumer I’m not at all happy to hear that Visa knows specific vendors are associated in one way. shape or form with a much higher level of fraudulent transactions than the norm, yet continues to do business with them.
The is reminiscent of stories a few months back about Wachovia bank – they handled the internet transactions of several vendors they know to be fraudulent, but continued to service their accounts because they were so profitable. Not quite the same thing, but similar in principle.
Oops, I read Jane’s comments before I read yours. Are all of those stores local to you?
It seems very strange to me that credit card hieves would patronize such a select group of places. I suppose the professionals sell off the cards (?). Though I would also think the lowest risk fraudulent transactions would be online, not in person at retail stores.
AFAIK, they are all national chains.
It doesn’t seem strange to me that card thieves would use the cards at those stores. (Except for Trader Joe’s, since it strikes me as being more ‘upscale’ than Safeway.) Stores such as Wal-Mart and Kmart (and Big!Lots, formerly Pick-N-Save) tend to cater to the less affluent segments of society. I posited that stolen cards are being used by the thieves. My impression of the kind of person who would steal a card and then use it in a store (as opposed to a more sophisticated fraud) is that they are probably of a lower socioeconomic class and are probably more familiar with those stores than higher-end ones. (Note: I am emphatically not implying that poor people are thieves.)
If this is the case, then it would be reasonable that Wal-Mart has a higher incidence of fraudulent card use than, say, Nieman-Marcus. I’ve been inside of a Wal-Mart a half-dozen or so times in my life. As it happens, since a friend specifically asked for a Wal-Mart gift card for Christmas (she’s a ‘starving student’), I went there today. While I was there I finished my Christmas shopping and the total came to $199 and change. I used my Visa card (not the one from my credit union, from whence the email came) and the clerk did not check the signature or ask for ID. If this is how things are done, then it doesn’t surprise me that some credit unions would place the restrictions on the cards they issue.
I used to be an assitant controller and everything that email says goes against our merchant agreement. Once a card is declined it’s done with. I am looking at a copy of a merchant agreement and it says “Once a card is declined do not run it through again. If you do and it, for some reason, is given approval your transaction in this case will NOT be approved when you submit and if there is any chargeback you forfeit your rights.”
But there are many forms of decline, one says “forget it,” and the other says “Call.” If you call the merchant may OK it. Usually when Visa wants you to call, it’s due to something like you are using your card but didn’t first activate it from your home phone. The call is specific in that the MERCHANT places the call and hands the phone to you, not YOU making the call.
Merchants will NOT be happy with this arrangement, who wants to hold up a line while people call and get an OK. This seems very fishy to me.
The other thing is every merchant has it’s own agreement. In my hotel there were five levels we could choose from. And each have different standards.
Any reason not to contact the purported sender to determine whether it’s legit? Any evidence from the purported sender’s website to support the legitimacy of the e-mail?