How NOT to Deal with Credit Card Fraud: A Case Study
First, a disclaimer:
In general terms, I like my locally-owned and controlled bank. Because I have both personal AND business accounts to manage, with an array of services and needs that are beyond many smaller credit unions and "alternative" financial services providers, I've stuck with them. It's been a good trade-off for me. They support local charities, engage in volunteer projects, and work hard to be good community citizens. As banks go, they're less toxic than most. So I'll change their name, here, while I eviscerate their bad choices in fraud management strategy.
My partner and I live in a small city, barely a city at all- more of a somewhat urbanized small town. And I bank at a locally owned and operated bank, "Nortera Bank," because I want my money locally managed. Nortera has our personal joint checking account, our savings account, two small business checking accounts, and extends us a line of credit for cash management. It also supplies us with Visa debit/credit cards, free of charge, no fees, attached to the checking accounts.
We use the cards for just about everything, because it makes record keeping easier. We do have a classic credit card account, used mostly for business travel, but the Nortera cards are in pretty much daily use. Since we've had them (nearly ten years now,) we have twice had episodes where card numbers have been stolen and misused, not for vast sums (once for about $1700, once for about $300, IIRC,) but productive of much annoyance and hassle all around.
So when Nortera sent us a notice last month telling us that they were implementing a new fraud protection system, we said, "Great, fine, yay! Well done, Nortera."
Until yesterday, when I encountered it, thusly: I needed a new doodad. It was an essential doodad, used daily for personal and business use, and the loss of the old doodad had been most stressful. So I got online to order the new doodad from DRU (Doodads R Us) a reputable national online retailer, one I have an established account with, and use fairly regularly, although at erratic intervals. I ordered the doodad, and entered my Nortera card number.
DRU appeared to complete the transaction, but a few moments later an email popped into my inbox: The card had been declined.
My first assumption was that I hadn't been quite quick enough clicking on the anti-script-blocker plugin on my browser during the transaction, and I'd messed it up somehow. So I put in a call to DRU customer service, left my order number for a callback, and 15 minutes later I asked them to repeat the charge, explaining about the browser thing. No prob, DRU said they'd run it again, but couldn't tell me whether it went through or not over the phone because it took a few minutes. They'd email me verification.
The email arrived but it was not verification. Again, declined.
Fortunately, it's during business banking hours, so I called Nortera and got quickly connected to the credit card customer service department (which, as far as I can tell, is three women all named something like Moira.)
"This is Myra, can I help you?"
"Yes, I had a charge declined, and it shouldn't be."
(Various back and forth about account number, secret authorization codes, etc.)
"And the specific charge that was declined?"
"It was fifteen minutes ago... the $76.99 charge from DRU."
"Oh, yes, THAT one. Well, it's from California."
"No, it's from DRU. On the internet. I ordered something on the internet."
"Yes, but the charge originated in California. There's a LOT of credit card fraud originating from California. Like, more fraud than valid charges, even."
"Seriously? You guys blacklisted the WHOLE STATE of California?"
"Yes."
"So... anything I order online from someone based in California... or anything I order over the phone from someone there... or if I'm traveling there... it's going to be automatically declined?"
"Well, if you plan to travel there, you need to let us know in advance. Like, tell us how long you plan to be there and what days and cities you'll be visiting, and then we won't decline stuff from there. On those days."
"Wow. Umm... well. I buy things from DRU several times a year. Can I have them whitelisted, so I don't have to call you every time?"
"No, we can't do that."
(Thumping sound, me banging head on desk.)
"And this is going to save the bank money in fraudulent charges."
"Oh, yes, we lose a lot on fraudulent charges."
"But you don't mind paying people to answer customer service calls every single time someone wants to order something online, or over the phone, from the ENTIRE STATE OF CALIFORNIA, or any time someone with travel plans needs to give you their itinerary in advance, or any time someone is traveling and FORGOT to give you their itinerary in advance."
"Well, we're not a very large bank."
"And god help anyone who's traveling and forgot to submit you their itinerary and discovers it when they're standing at the rental car counter at 7:30 pm on a Saturday night, is that it?"
"We have an automated service you can set up to verify with your smart phone using security codes, but it's not online yet."
"And if you don't have a smart phone?"
"It would be good if you remember to let us know when you're traveling."
"Have you ever heard of this thing called a 'microchip?' Advanced nations with modern financial networks put them on credit cards and have practically no fraud."
"We can't afford that."
"But you can afford to lose customers who make lots of online, phone, and other out-of-area purchases and don't want to have to go through the process of phoning you to enable every transaction."
The sad thing is, I think Nortera probably CAN'T afford to upgrade to a microchip-enabled VISA network. They're a small local bank, and they don't want to implement extra fees to the customers. And right now, VISA and the other big credit-card networks are dragging their heels, kicking and screaming, at the cost of upgrading those networks to enable reliable fraud protection. It would, after all, cut into their already obscene profits. And the banks are between a rock and a hard place.
So, for now, I'm hanging tight. I think Nortera is going to figure out the downsides of this new fraud protection system pretty quickly, and we'll be back to something closer to normal within a couple of months. If not, I WILL be re-evaluating how we bank. But we'll cross that bridge down the road.
For now, I just wonder why the BIG banks, who must be absorbing MASSIVE fraud losses (while passing as much as they can along to the customers in fees and jacked-up interest, etc.) aren't putting the pressure on the big credit card networks to upgrade.
Anyone know?
Anyone....?
curiously,
Bright
= new reply since forum marked as read
