Thursday, January 27, 2011

More credit card fraud

Geez, you'd think we'd had enough trouble with credit card fraud, but no. Every time we travel, we seem to have a problem.

Okay, that's not fair. The first time, after we went to San Diego, we came back to find that we'd had a fraudulent PayPal transaction; but it had already happened before the trip, and we only found out about it afterwards. And besides, the PayPal account in question had nothing to do with our travel. The second time, after our trip to the UK, the fraud was on the same credit card we'd been using in the UK (our Amazon Chase card), but again, it had happened back in the States before we left, and it was just coincidence we found out after getting home. (And this created a lot of extra problems, since closing and reopening the account cut off my access to the online activity report, which I needed to get all the UK-to-US currency amounts.)

This time, though, the fraud definitely seems to be related to the travel. We went to New York City and again used the Amazon Chase card for most of our expenses (since many of them will be reimbursed by my employer, as it was a business trip). About a week after we got back, I got a call from Ticketmaster asking about the two sets of season tickets I'd apparently purchased on that card. It's very nice that they double check, because the guy who called immediately reversed the transactions. I was suspicious of the call -- wondered if the call itself weren't a scam, trying to get the rest of my card number or something -- but he didn't ask for any more information. Even so, I waited on it, checking online activity, and for a few days, nothing showed up.

This morning the ticket purchases showed up, and the cancellations. They were for teams that a New Yorker might want to see (NJ Nets and Boston Celtics), so it seems likely that someone in New York who took our card wrote everything down and then got my zip code and phone number from other sources to do fraudulent transactions -- or that someone we did business with, in turn, had their systems compromised.

Chase, naturally, tried to blow it off as being just a mistaken key entry of a card number, as they always do. I know that mistaken entries are not that easy -- the sixteenth digit is a "checksum" so if you transpose numbers, or mistype one digit, the odds are very tiny that the resulting number will be valid, and if you make up a random number, there's only a 1 in 10 chance it'll even be a possible number (to say nothing of the odds of it being a real account number). But more than that, whoever did these two purchases also provided enough information to bypass the Visa checks (that includes my zip code at a minimum) and also enough information for Ticketmaster to get my cell phone number (either by giving Ticketmaster my number, or giving them enough information for them to find it themselves). There's no way that can be a simple data entry error.

Even so, the burden is on Chase, not us. If more fraudulent transactions appeared, it'd be their problem. But after talking with them, we decided to go ahead and, once again, close the card and get a new one sent to us.

I wonder if any of the credit card companies offer a service where they create a temporary credit card number and card, and send it to you to use while you travel. The new card would have a different number, but would still go into your usual account like purchases on the main card; the difference is, it would only work during the days of your travel, and would immediately stop working afterwards. This would be good for the traveller: more peace of mind about not having to deal with fraudulent transactions (because even if the cost falls on the credit card provider, it's still a hassle, and what if you end up maxed and can't use credit you need in an emergency until it can be cleared up?). And it would be good for the credit card company (less fraud they're going to end up paying for). And that means it's good for all the customers (since ultimately we end up paying for the fraud in the form of higher rates). I've seen something like this for online transactions (you go to a website and get an account number that'll last for just long enough for your one transaction of a set amount, and won't work after it), but not for a physical card, which you'd need to have for travelling. If no one offers this service, they really should. It'd be a win-win.

No comments: