A doubling of overseas card fraud is pushing up industry losses even as domestic fraud decreases. Total credit card fraud losses increased by 26 per cent in the six months to June 2007 to £263.6m compared with £209m in the first half of 2006, according to figures from UK banking industry association APACS. The increase was …
Change of policy required ?
I would suggest the card companies implement an method whereby the card holder has to phone the card issuer to inform them that they will be out of the country for dates A to B and will be in the country named C.
Then the card issuers block all transactions outside the UK by default.
It's then the responsibility of the card holder to inform the card issuer that they intend to use the card abroad .... much like I had to do with my mobile phone when travelling abroad.
This would solve more problems than it creates IMHO.
You'd think that was a great idea wouldn't you
I've had issues in the past where my card stopped working as the bank flagged my card as having "an unusual spending pattern" while i was away on business.
The next time I was away I rang the bank to tell them I was going to be abroad just to make sure that the same thing didn't happen again. On the first afternoon away my card stopped working again.
When i returned to the UK I phoned my bank to be told that there was no way they could tell "the computer" that I had told them I was going to be away.
I believe the banks see the current situation as cheaper than the cost of implementing decent measures to prevent fraud. I guess it's not the banks who have to deal with the fallout of being in a foreign country without any money or trying to repair their credit ratings after they've incorrectly loaned money to someone who happens to live at an address you lived at 20 years ago
Or just better detection
As someone who travels 9 months a year on average and uses the card in virtually every EU country the systems that some providers like MBNA would do the job nicely. Any transaction that does not match an obvious pattern i.e. buying 500 euros worth of kit in Bulgaria automatically triggers an automated call to my mobile asking me if this is OK and for a password.
Low cost to MBNA and the algorithms on their system are already in place looking for patterns.
The providers complaining about the losses are always the ones who do the least to try and work WITH their customer, they also seem to be the ones who are quickest to try and blame the customer.
What about online shopping. Do you just stop UK citizens from buying from an online EU or US retailer. How would the credit card companies validate the identity of the callers, and if they don't what is to stop a fraudster calling up and stopping the real cardholder from using their card?
Your Idea is full of holes. I am imagining being told my flight was delayed and I would have to stay in a foreign land for extra days, with no money because all my card companies think I should be back home by now....
Think before you speak eh?
@ Anon Vulture
I bank with the Coop and they operate just such a system. I tell them that I am going away (last time I told them a good month or so beforehand and the computer managed to deal with this) and they make sure that the card will work wherever I am going. I have to be a bit careful as I told them I was off to Boston a few years ago and forgot to mention that I was leaving from NYC, when I got to NYC my card didn't work, I crapped myself at the time (because my pay should have just gone into my account) but it was all sorted out pretty quickly.
The above system doesn't cause me any problems with Internet Shopping, I guess they thought of that and sorted out some trusted exceptions, or something.
These are only the REPORTED losses, of course.
...and they don't encourage you to report the losses anymore - they certainly aren't reporting losses to the police themselves.
I totally agree with the first comment. "Most" Uk people rarely go abroad or only once a year for their annual holiday. There must be a way of barring overseas use of that card - unless you authorise it. For those that travel regularly then you opt out of that scheme. It works for mobile phones.
Online purchases from the UK can be based upon your IP address much the same as DRM works thus allowing oversea use.
Frank Bough. If you report it to the police as we did last week... they tell you it is now a matter for the card companies as laid out in a change banking policies introduced a while back. Basically police say they do not have either the equiptment or resources to deal with it and have to get all the data from the banks/card companies anyway.
Wrong but there you go, lets all cover our arses and make the punter pay.
This isn't something new the banks are simply formalising their position.
It appears very simple to me - if the banks don't have enough faith in their system to guarantee the transactions abroad then they shouldn't provide the facility. It reminds me of when the CD industry started making burners available to Joe Public then complained because music cd's were copied - Doh!!!!!!
They should force authorisation on the cards & block international transactions by default. This would add an additional hassle factor but ultimately would protect the consumer (that is what this is about - isn't it?)
I had my credit card cloned a few months ago. Luckily my card company spotted some odd transactions almost immediately, and phoned me for confirmation, so it was stopped very quickly.
A week later I get an email from Amazon saying someone has tried to set up an account using a card registered to my amazon account.
Again, very commendable fraud detection.
However, Amazon wouldn't give me the details of the fraudster, as only the Police are allowed to have this, and they didn't register the fraud with the cops. My credit card company also didn't register the clone with the police either. So at the end of the day, whoever copied my card tried to get stuff, failed, and had no comeback at all!
Personally I'm a little worried about how it got cloned. I don't use the card much, and when I do it's almost always online to the same four companies. I'm a techie, I know about SSL, I run Firefox, and I check the owner of the certificate! Yet I still managed to get cloned, which concerns me.
The only new thing I had done was change ISP... Who of course get the number... and have a call centre in India... But that's an entirely different story!
Card holder Auth
Have any of you seen the GrIDsure thing work? They can create reactive, transaction specific, one time pass-codes (PINs) to validate card not present transactions.
It can run here on ATM & PoS machines, or put an app on your mobile. You go abroad or on line, the back end quieries the transaction and sends a text which wakes the app on your mobile. It asks you if you really want to buy x from y for £z, and then creates an OTP with transaction details & their auth method.
That would solve the problem, and be less expensive than Tokens.