• filter:

Credit card security

  • Page :
  • 1
  • Text Only
  • Search this Topic »
Voting History
rated:
Recently a unknown charge from Best Buy showed up on my credit card. Fortunately, Citi send me an alert to register my purchase for price rewind or warranty - not sure which one - but that prompted to look at my online transactions and realized that the card number must be compromised.

This got me thinking - seems like the credit card security is fundamentally flawed. When you go to a restaurant and provide the organization with the credit card, in theory they have access to your credit card and CID info. They don't have your billing address - but I suspect that a Google search could reveal the person's address. So at this point, a staff person at the restaurant could be fully armed to make an online purchase using your credit card and have the merchandise be shipped. They would have to figure out some address which is not theirs but they can somehow pilfer a parcel.

Similar thing for phone payments - e.g. hospital bills. They ask for the billing address and CID number. So they have everything.
----------
Looks like the restaurant problem is non-fixable but you can hope that the person doesn't find your address if there are multiple people with the same name. For the phone payments, can you refuse to provide the CID? Seems like that should be an accepted norm - but I read this:

"By providing the security code you are verifying that you actually have the credit card, adding a layer of protection for you and the business. That is what the security code was designed to do."

But that seems like crap - once you provide the security code on phone, anybody can use it.

1. Any of you guys worried about this issue? Is using virtual card numbers the only way to get around it?
2. Do you refuse to provide CID number on phone transactions?
3. Even though I reported the transaction as fraud, citi opened it as a billing dispute. That seems wrong to me. Any opinions on this?

Thanks

Member Summary
Most Recent Posts
It has both, cash and credit price, but you have to click on the price to see both.

scripta (Apr. 04, 2017 @ 12:00a) |

They've had that feature for a long time.  Initially, GasBuddy was slow to catch on so you drove to the station thinking... (more)

qcumber98 (Apr. 04, 2017 @ 4:44a) |

Most of my gas purchase is Costco - so I don't bother getting another gas card. And the Costco card is 4%.

PrincipalMember (Apr. 04, 2017 @ 2:51p) |

Staff Summary
Thanks for visiting FatWallet.com. Join for free to remove this ad.

rated:
There's a reason why we're moving towards 100% chip acceptance for in-person transactions, and that some retailers will only ship to your billing address.

rated:
1 - virtual numbers only protect you from purchases where you use it. Won't help you at restaurants or phone transactions. I would use a Ziosk or a place where you can scan your card. Some allow mobile payments.
2 - You'll never get away with not giving it. For phone transactions I will give them a virtual number
3 - That's the procedure. It is a dispute. Depending on the amount they will either absorb it or go after Best Buy

Some suggestions...

* Dedicate cards for different type of transactions, i.e. one for dining, one for online purchases, specially for those places that you don't see where you use it.
* Sign up for mobile alerts and set the threshold to the lowest value possible (I have $1 on my cards). The mobile apps are better and faster than txt messages
* Review right away any non-authorized transactions and call if an authorization charge hits without you knowing. Thieves try a small charge to see if it goes through. Then they go after the big purchase.
* Always use chip, and look carefully at swipe terminals for skimmers.

rated:
stanolshefski said:   There's a reason why we're moving towards 100% chip acceptance for in-person transactions, and that some retailers will only ship to your billing address.
  
I like the system in European restaurants where they bring the card machine to your table. For most of the dine-in restaurants, I am still providing the card to the wait person who disappears with the card.

With regards to "ship only to the billing address", very few enforce that. Part of the reason is that you could be buying gifts for somebody else. I do this all the time for my son - when I see a deal, I ping him and I will place his order with credit card and ship it to him.

rated:
rsuaver said:   1 - virtual numbers only protect you from purchases where you use it. Won't help you at restaurants or phone transactions. I would use a Ziosk or a place where you can scan your card. Some allow mobile payments.
2 - You'll never get away with not giving it. For phone transactions I will give them a virtual number
3 - That's the procedure. It is a dispute. Depending on the amount they will either absorb it or go after Best Buy

Some suggestions...

* Dedicate cards for different type of transactions, i.e. one for dining, one for online purchases, specially for those places that you don't see where you use it.
* Sign up for mobile alerts and set the threshold to the lowest value possible (I have $1 on my cards). The mobile apps are better and faster than txt messages
* Review right away any non-authorized transactions and call if an authorization charge hits without you knowing. Thieves try a small charge to see if it goes through. Then they go after the big purchase.
* Always use chip, and look carefully at swipe terminals for skimmers.

  
I don't know if I am ready to pollute my normal life with more text messages everytime I/my wife makes a transaction. The thing that is frustrating is that I called Citi soon after I got the email and I suppose that if they got on the phone with BestBuy, the parcel could probably be intercepted. Instead what do they do - create a paperwork billing dispute. No chance that they can recover the parcel.

rated:
PrincipalMember said:   Looks like the restaurant problem is non-fixable but you can hope that the person doesn't find your address if there are multiple people with the same name.You've never been outside the country, have you? Even in Canada the waiters bring the chip card reader to the table. Pretty sure they're not even supposed to touch your card.

rated:
Set up to text you whenever you place a charge.

I wish I did this before my house was burglarized, I would found out a few days sooner because they started to charge right away.

rated:
scripta said:   
PrincipalMember said:   Looks like the restaurant problem is non-fixable but you can hope that the person doesn't find your address if there are multiple people with the same name.
You've never been outside the country, have you? Even in Canada the waiters bring the chip card reader to the table. Pretty sure they're not even supposed to touch your card.

  
I only go to Europe . I did post earlier, "I like the system in European ...".

By non-fixable I meant that it would take a cultural shift in the US and I see no signs of that right now.

rated:
I don't think it has anything to do with culture. Nobody would object or care if their waiter brought the card reader to the table.

rated:
PrincipalMember said:   Recently a unknown charge from Best Buy showed up on my credit card. Fortunately, Citi send me an alert to register my purchase for price rewind or warranty - not sure which one - but that prompted to look at my online transactions and realized that the card number must be compromised.

Fortunately for Citi. You simply report the charges as unauthorized, be it one or a dozen, $10 or $10,000.

This got me thinking - seems like the credit card security is fundamentally flawed.

 Well...duh! Hasn't that been a pretty well know dirty little secret for a while now?

rated:
PrincipalMember said:   
By non-fixable I meant that it would take a cultural shift in the US and I see no signs of that right now.
 

  Several chain restaurants have table side kiosks that you can scan your card at and print your receipt.  My mother lives in a resort area on the east coast and many of those restaurants have started offering this service to combat fraud associated with large staff turn over you'd expect in a resort community.  It also helps enhance customer loyalty, my mother and her friends (who have all been subject to fraudulent changes shortly after going to a "standard" pay restaurant) have started frequenting more often the places that have table side pay options.  I've also been to a few mom/pop places in my own area that have cordless hand held readers, they bring the reader to the table, scan the card in front of you and hand it back.

The overall culture will change when it starts affecting the restaurants bottom line.  If Visa/MC/AmEx start charging restaurants more that don't offer a table side pay solution, then there will be a very quick culture change.
 

rated:
It's a massive and old problem but most of the burden is on retailers. For both consumers and banks, it's mostly an annoyance. For some reason, retailers haven't really pushed for any big changes. Most consumers believe that it's a big problem for them, but that's really only the case with extreme ignorance or mishandling of a bogus charge.

rated:
Glitch99 said:    Well...duh! Hasn't that been a pretty well know dirty little secret for a while now?
 


I was thinking that the massive shift to CHIP cards was fixing something - but looks like it didn't fix the online transaction issue in any way. And the CID, while in theory can fix the online problem - it will work only if CID is not to be revealed for things like phone transactions.

rated:
AverageGuy09 said:    If Visa/MC/AmEx start charging restaurants more that don't offer a table side pay solution, then there will be a very quick culture change.
 

  
But the credit card companies have to track the transaction to the restaurant. The restaurant worker steals the info and makes the purchase from Best Buy - the restaurant is not feeling the pinch and it has no incentive to fix the issue.

rated:
PrincipalMember said:   
AverageGuy09 said:    If Visa/MC/AmEx start charging restaurants more that don't offer a table side pay solution, then there will be a very quick culture change.
  
But the credit card companies have to track the transaction to the restaurant. The restaurant worker steals the info and makes the purchase from Best Buy - the restaurant is not feeling the pinch and it has no incentive to fix the issue.

  
You're right, Best Buy feels it. They and other large retailers have the resources to push for change in the industry as a whole. The fact that they don't indicates that they don't feel its worth their while. Perhaps, and I'm just speculating here, because issuers have gotten better at identifying and stopping fraudulent purchases, limiting the losses.

I'm dealing with a compromised card right now, ~$100 in fraudulent purchases made in-person with a clone of my card. Sure, I'm a little mad, but I just can't get worked up about it. The system is broken, but I'm insulated from it; if the companies who are hurt by it don't care, why should I?

rated:
doveroftke said:   
I'm dealing with a compromised card right now, ~$100 in fraudulent purchases made in-person with a clone of my card. Sure, I'm a little mad, but I just can't get worked up about it. The system is broken, but I'm insulated from it; if the companies who are hurt by it don't care, why should I?
 

  
Yup - I generally don't care - credit card company problem. Except:

1. Now I had to ask them to send me a new card. So now I have to change the card at few autopay locations and dine-in miles program. Pain in the rear.
2. I don't like the way Citi is handing it. In the past with my FIA card, they just took off the transaction. Citi is doing it as a billing dispute which in theory means that it could go against me. And they send me idiotic notes like - "we received a response from Best Buy. We will update you after we have reviewed their response". Huh - why bother me in the meantime.

rated:
doveroftke said:   I'm dealing with a compromised card right now, ~$100 in fraudulent purchases made in-person with a clone of my card. Sure, I'm a little mad, but I just can't get worked up about it. The system is broken, but I'm insulated from it; if the companies who are hurt by it don't care, why should I?
Interesting, I too had CC fraud on a Citi card within last couple of weeks, also in-person with a cloned card. $100 charge at a gas station in a neighboring state, automatic fuel dispenser - must be a trucker. Wonder why it's taking so long for gas stations to switch to chip readers, as automatic pumps are used with cloned cards all the time.

I disagree that it's just a minor annoyance for consumers. There's a reasonable chance that a fraud transaction will slip through, not caught by either the bank or the consumer.

rated:
olegos said:    There's a reasonable chance that a fraud transaction will slip through, not caught by either the bank or the consumer.
 

  
Really good point. There are times that I get so busy that I don't have time to look at the credit card statement since they withdraw from my TD account on auto pilot.

rated:
PrincipalMember said:   2. I don't like the way Citi is handing it. In the past with my FIA card, they just took off the transaction. Citi is doing it as a billing dispute which in theory means that it could go against me. And they send me idiotic notes like - "we received a response from Best Buy. We will update you after we have reviewed their response". Huh - why bother me in the meantime.
 

  
It could have gone against you with FIA, too. Each bank has their own process, and some make it easier for the consumer than others, but the law regulates it as a "billing dispute" (and technically you have to inform the bank in writing to preserve your rights under the law).

rated:
doveroftke said:   
PrincipalMember said:   2. I don't like the way Citi is handing it. In the past with my FIA card, they just took off the transaction. Citi is doing it as a billing dispute which in theory means that it could go against me. And they send me idiotic notes like - "we received a response from Best Buy. We will update you after we have reviewed their response". Huh - why bother me in the meantime.
  
It could have gone against you with FIA, too. Each bank has their own process, and some make it easier for the consumer than others, but the law regulates it as a "billing dispute" (and technically you have to inform the bank in writing to preserve your rights under the law).

  
How can it go against me? Wouldn't it violate my fraud limit? From what I read elsewhere:

"If the thief uses your card by phone or the Internet, you have no liability." 
 

rated:
I was shocked to find out a a scammer (at least on EBates Visa) can change the bill to address on the credit card just by having card no, exp date, and 3 digit code.  Happened to me, and confirmed by Synchrony fraud dept.  Luckily I have an account aggregator that I review transactions in daily, otherwise I would be further down the identity theft highway.

rated:
scripta said:   
You've never been outside the country, have you? Even in Canada the waiters bring the chip card reader to the table. Pretty sure they're not even supposed to touch your card.

In this day and age when I can plug a tiny card reader into my phone, and process micro-transactions for barely above 2% fee by a simple swipe, it's really infuriating to see how much behind many US restaurants are in terms of security. We end up paying for it in overhead for the transactions since card processors and networks just pass the buck to vendors who themselves pass it to customers.  Not that you get a discount for paying cash though... except maybe at some gas stations.

rated:
PrincipalMember said:   
doveroftke said:   
PrincipalMember said:   2. I don't like the way Citi is handing it. In the past with my FIA card, they just took off the transaction. Citi is doing it as a billing dispute which in theory means that it could go against me. And they send me idiotic notes like - "we received a response from Best Buy. We will update you after we have reviewed their response". Huh - why bother me in the meantime.
  
It could have gone against you with FIA, too. Each bank has their own process, and some make it easier for the consumer than others, but the law regulates it as a "billing dispute" (and technically you have to inform the bank in writing to preserve your rights under the law).

  
How can it go against me? Wouldn't it violate my fraud limit? From what I read elsewhere:

"If the thief uses your card by phone or the Internet, you have no liability." 

  
It could go against you if the credit card issuer determines that you, not the thief, made the charge. 

rated:
Shandril said:   
scripta said:   
You've never been outside the country, have you? Even in Canada the waiters bring the chip card reader to the table. Pretty sure they're not even supposed to touch your card.

In this day and age when I can plug a tiny card reader into my phone, and process micro-transactions for barely above 2% fee by a simple swipe, it's really infuriating to see how much behind many US restaurants are in terms of security. We end up paying for it in overhead for the transactions since card processors and networks just pass the buck to vendors who themselves pass it to customers. Not that you get a discount for paying cash though... except maybe at some gas stations.

  I have yet to see any gas stations that provide cash discounts.  (I am in a state that doesn't allow surcharges on top of advertised prices.  Approximately zero gas stations in my state give cash discounts.).  When i travel to less fortunate states, usually the posted price is cash only price and there is an unstated surcharge amount for credit so that you can't find out actual price until you already commit to a sunk cost of pulling into the gas station.  Not the same thing as a cash discount.  Basically a legal scam in those states allowing falsely advertised prices.

it would not often make sense for businesses to offer actual cash discounts for the purpose of encouraging the use of cash.  Cash is often more expensive to deal with.  If they received all cash they'd have to deal with large amounts of cash and increased robbery Target or employee theft.  And many places would have to hire more cashiers or even build more registers because it takes more time for people to pay in cash.  The business case in states that allow deceptive advertising is not to get everyone using cash -- it's to trick the bulk of people into paying a large fee on top of the advertised price.

The only exception I see is some really tiny "small business owners" who usually are incapable of quantifying their costs and risks using cash, are hard money types who just like having a stack of bills, or who don't want a paper trail so that they can more easily commit tax fraud.

rated:
Bend3r said:   
Shandril said:   
scripta said:   
You've never been outside the country, have you? Even in Canada the waiters bring the chip card reader to the table. Pretty sure they're not even supposed to touch your card.

In this day and age when I can plug a tiny card reader into my phone, and process micro-transactions for barely above 2% fee by a simple swipe, it's really infuriating to see how much behind many US restaurants are in terms of security. We end up paying for it in overhead for the transactions since card processors and networks just pass the buck to vendors who themselves pass it to customers. Not that you get a discount for paying cash though... except maybe at some gas stations.

  I have yet to see any gas stations that provide cash discounts.  (I am in a state that doesn't allow surcharges on top of advertised prices.  Approximately zero gas stations in my state give cash discounts.).  When i travel to less fortunate states, usually the posted price is cash only price and there is an unstated surcharge amount for credit so that you can't find out actual price until you already commit to a sunk cost of pulling into the gas station.  Not the same thing as a cash discount.  Basically a legal scam in those states allowing falsely advertised prices.

it would not often make sense for businesses to offer actual cash discounts for the purpose of encouraging the use of cash.  Cash is often more expensive to deal with.  If they received all cash they'd have to deal with large amounts of cash and increased robbery Target or employee theft.  And many places would have to hire more cashiers or even build more registers because it takes more time for people to pay in cash.  The business case in states that allow deceptive advertising is not to get everyone using cash -- it's to trick the bulk of people into paying a large fee on top of the advertised price.

The only exception I see is some really tiny "small business owners" who usually are incapable of quantifying their costs and risks using cash, are hard money types who just like having a stack of bills, or who don't want a paper trail so that they can more easily commit tax fraud.

  GasBuddy is your friend for gas.

rated:
stanolshefski said:     GasBuddy is your friend for gas.
 
Don't know if this was a recent change in GasBuddy but it identifies "cash price" in the icon. And with credit cards offering 4%, cash price is almost useless.

rated:
It has both, cash and credit price, but you have to click on the price to see both.

rated:
PrincipalMember said:   
stanolshefski said:     GasBuddy is your friend for gas.
 
Don't know if this was a recent change in GasBuddy but it identifies "cash price" in the icon. And with credit cards offering 4%, cash price is almost useless.

  They've had that feature for a long time.  Initially, GasBuddy was slow to catch on so you drove to the station thinking you found the lowest gas price in town only to find out it's cash price.  Also, there is a 5% card but you have to suffer the inhumanity of a hard-pull and the stars have to align perfectly for the sign-up bonus to be in the range of your sweet spot to even make it worthwhile.  Unless of course, they stop accepting applications for the 5% card and your 4% gets "upgraded" to 2%. 

rated:
qcumber98 said:    Unless of course, they stop accepting applications for the 5% card and your 4% gets "upgraded" to 2%. 
 


Most of my gas purchase is Costco - so I don't bother getting another gas card. And the Costco card is 4%.  

  • Quick Reply:  Have something quick to contribute? Just reply below and you're done! hide Quick Reply
     
    Click here for full-featured reply.


Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.

Thanks for visiting FatWallet.com. Join for free to remove this ad.

While FatWallet makes every effort to post correct information, offers are subject to change without notice.
Some exclusions may apply based upon merchant policies.
© 1999-2017