State of the art in credit-card antifraud

Let’s start the day by recounting a recent encounter with American Express’s finest customer service.

This is not the first time that AmEx has engaged in dubious practices when it comes to protecting user information. For a very long time their login page did not use SSL, instead trying to make up for that by placing an ersatz padlock icon on the page, no doubt playing to the confusion in users’ minds about the meaning of web browser security indicators. Their latest exploit involved the pioneering of RFID chips in credit cards– perfect time, considering these new Blue cards came out around the same time as news stories about the ease of cloning RFID chips and skimming information from RFID devices carried by unsuspecting victims.

The incident in question started out as a simple unauthorized charge from DirectTV, a satellite provider. Considering that this blogger has cable at home, this was clearly a case of mistaken customer. At least in the US such errors are easy to dispute. Onus is on the merchant to prove that the charge did take place. After a cordial phone conversation with a representative, the charge was suspended pending investigation.

Fast forward one month. Another charge from DirectTV, about the same amount. Clearly this is set up as recurring charge, one of those auto-payment options where the company bills subscribers every month after the user provides their credit card number once. Another call, another dispute, charge placed on hold again. Only this time the conversation is less cordial. The customer service rep claims that American Express has no way to block payments from a merchant. In other words, until DirecTV wises up to the error, they will continue billing every month and this dispute charade must continue each time.

That’s right: for all the sophisticated fraud detection algorithms, designed to cry foul when a bachelor used to buying beer starts purchasing diapers on his card, the credit card networks can’t implement a simple rule along the lines of: “block all charges to this account from this merchant.”



One thought on “State of the art in credit-card antifraud

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s