But keep your red hot fingers off my heart

[venta]

Urgh. Feeling this rubbish with a cold, for this long, ought not to be allowed.

However, while I've been lying in bed, whinging, my credit card's been off having fun.

MBNA rang me yesterday, and explained there were some suspicious transactions on my card. Before going into details, they'd need me to answer some security questions. Oh dear, here we go again...

No, I'm not prepared to answer security questions until they prove they're actually MBNA.
But they're only going to ask for partial information, like the first two digits of my mothers' maiden name instead of the whole name.
I don't care, I'm not answering their questions.

This conversation is at least shorter than usual, as the bloke on the other end offers me the options of ringing the number on my card and asking to speak to security, or ringing a direct dial number he gives me. I take the former.

When I ring them back, the person I talk to mentions before clearing down that I'll get a letter through the post, because they were unable to contact me.

Eh ?

Apparently, at the point at which I refused to go through the security clearance, I was logged as uncontactable and a letter automatically dispatched to warn me of possible fraud. In case I didn't call them back. By the time I returned the call fifteen seconds later the letter was irretrivably sent.

Surely credit card companies, banks, etc ought to be encouraging people to behave like I did, not treating it as a strange anomaly. "Keep your personal information safe", they tell us. "Don't give out to anyone... unless they claim to be your bank. Which criminals never do. Oh no."

I understand that it's way more convenient for my bank to be able to ring me, rather than having to ask me to ring them. It's cheaper and more efficient. However, I do wish that the person who rings me would at least be able to grasp the reasons for my objection to the process.

Instead, you're made to feel like a paranoid loon for not giving out... well, exactly the kind of information someone would want if they were going to use your card fraudulently.

And yes, it seems my card has been off having fun at iTunes and Napster. Not a huge amount of fun, though - three songs, which totals about £3.

What I want to know is how did the credit card company spot it as suspicious ? Admittedly, I don't buy music from iTunes but it's the sort of thing that I might very plausibly do. I do buy downloadable music online occasionally, and MBNA probably don't know that I'd rather eat my own foot than use iTunes.

I've no idea what information iTunes (or any other online retailer) might log which would make it possible to deduce the purchaser wasn't me. And if they thought the transaction suspicious, wouldn't they stop it at the point of sale ?

I guess the heuristics used are kept secret by the credit card companies, just to make it harder to work round them. But does anyone have a clue how it works ?

Comments

[bopeepsheep.livejournal.com]

NatWest, on the one or two occasions they've rung me which happen to include this morning (a pending transaction tipping them off that I went out of the UK), have asked me to 'confirm & enhance' [i.e. they tell me part of the transaction and I tell them the other part] recent activity on my account which seems to work pretty well. You'd have to be a really dedicated stalker scammer to know exactly where I went shopping on Saturday & how much I spent, I suspect, since it doesn't even show up on my online banking yet.

[j4.livejournal.com]

Happy National Identity Fraud Prevention Week. (Or, as RBS's cash machine told me, "National Identity Fraud Week", which sounds much more lucrative.)

[reddragdiva]

Anything outside the usual spending habits will trigger a check. Usually it's flagged during the transaction in a shop, or I get a letter asking me to call them.

[kissifa.livejournal.com]

I'm experimenting with a new type of fraud prevention. I put as much as I can as often as I can into the savings account I have which has no card linked to it. When I want to buy anything I use my magic intarweb banking to put money into my account which has a debit card. It's a good way to control frivolous spending too.

Plus I watch my bank balance like a hawk. Internet banking is a good thing. :)

[broadmeadow.livejournal.com]

Yesterday I tried to make a purchase from Pixmania. The order process included going through the Verified By Visa thing which gives added online security, and I requested delivery to work which is an address I have registered with my credit card. Once Pixmania had the money they then emailed me asking for scans of passports etc to prove my identity. I told them to get lost and cancel the order.

[bateleur.livejournal.com]

But does anyone have a clue how it works ?

Most likely the IP address was in an unlikely country for use of a UK credit card and this drew iTunes' attention.

PS. You seem to have caught my former punctuation spacing habit!

[qatsi.livejournal.com]

Don't worry, it will probably be weeks before you get the letter ...

The only time something like this has happened to me, I got an answering machine message from Nationwide, so I had to call them. But I have seen other colleagues dealing despairingly with call centres in the way you describe.

[mrph.livejournal.com]

*Sigh* Security checks on unexpected outbound calls are a complete pain. It's much easier if you're calling back and the customer's expecting a call.

When it's unexpected - which covers 90% of the initial possible fraud calls - it's a no win situation.

The closest I've come to an ideal solution is putting a freephone 'fraud prevention' number somewhere prominent on the website/stationery, then giving customers who don't want to go through security a reference # and asking them to call that freephone number, explaining that they can check it beforehand using the website/stationery.

Any bank who wants you to happily provide security details when they unexpectedly call you has to balance this against the fact that online fraud's getting harder and telephony banking fraud's becoming an increasingly popular alternative (the two combine beautifully, I'm afraid...).

[(Anonymous)]

In spite of verification from our bank that we had the loot, and being offered a security number given us by the bank when they first turned down our card, Visa refused to let uy pay the balance on our new kitchen on our debit card. Luckily, the firm was old-fashioned enough to take a cheque.

[shrydar.livejournal.com]

My ATM card was stopped when I tried using it twice in 15 hours at two dodgy and geographically disparate points. The first withdrawal was at Newcastle central train station, and the second was declined outside a nightclub in Oxford at one o'clock in the morning.

[ao-lai.livejournal.com]

A few weeks ago some people tried to persuade me to take out some sort of Sky box maintainance cover-thing with them. I'm pretty sure they had nothing to do with the ordinary maintainance contract you get, and the format of their letter, with the big angry red lettering, looked kind of suspicious. So I ignored it. And there is a point to this.

The point is that they then started to phone me. When they did, they would launch into a little bluster about how my maintainance cover thing was due to expire (but not imminently, I suspect ;) and that they were just going to sort out a new one for me, if that's okay, so could I tell them some stuff? Starting with what sort of box I had, perhaps?

I fended off a couple of these, since they were very persistent, but the third and fourth ones (I think) I tried to reason with, the fourth one particularly. I told them that there was no way I was going to give anything like payment details to someone who had *phoned me* out of the blue.

This seemed to confuse them. I told them that I might consider it if they gave me some other way of contacting them, like a phone number that I could get from a known Sky website, or from an existing bill, or something. (It probably didn't help their case that I still suspect they weren't affiliated with Sky at all, but were just trying their luck as independents, but hey ho.) Still, this was too much for them, and they said, still slightly confused, that they could tell me a number, and I could call them back on that number. I tried to explain that any number they gave me after calling me out of the blue was no more inherently trustworthy than they were right now, but this seemed to be beyond them. Eventually they settled for sending me a third, or possibly fourth, copy of their urgent-looking letter with the big red font. Then, apparently, they gave up.

So yes, I too am disturbed by companies that seem to be actively out to encourage people to do *entirely the wrong things* as regards identity theft and general fraud. I am very disturbed indeed...

[mrlloyd.livejournal.com]

Combination of time of day, Geo-IP address and purchasing habits I suspect. Perhaps along with your using your card somewhere else at around the same time?

[glittertigger]

I made lots of expensive purchases scattered around Europe earlier this year and HSBC got all antsy (letter and phone calls) and tell me they still have a "keep a watch on this one" mark on my account. Even though I've assured them it really was just me being extravagant on an extended business trip.