Wednesday, December 13, 2006

Credit-card fraud

Last night a friend was telling me about a recent surprise call she got from the Visa Fraud department. One Friday she had donated some money to four charities online, using her credit card. At 5AM the next morning, Visa were calling her to inquire about suspicious charges on her credit card.

That's a pretty quick turn-around and seems to implicate one of the charities she donated to. Either the charity was hacked, or a 3rd-party they contract with to process credit cards was hacked, or an employee somewhere along the line leaked the information.

All of this reminded me of how stupid and weak the current credit-card system is (and online shopping in general). Online merchants should not be able to store information in their systems that can later by used to charge you
A few years ago I was also the victim of credit-card fraud after vising South Africa. (The most likely point that my card information was "stolen" was when I bought some CDs in a store at JHB airport - I'm guessing my card info was copied down there or the card was cloned).

Online credit-card fraud seems to be the most rampant - and there's a large underground market in stolen card numbers and customer information. So why is it that Visa, Mastercard et al haven't come up with a more secure solution?

One-time use cards (1, 2, 3)have been around for a while now, and sound like a good stop-gap solution, since the underlying credit-card processing system can remain unchanged. Some card issuers (MBNA, Discover, CitiBank) offer this to their customers, and some banks that issue Visa cards offer it, but not all. (Not mine).

"Verified by Visa" is another solution, but doesn't seem to be being used by many people.

PS: If you're using a debit card for online purchases, be aware that the bank will not cover you for fraudulent charges (beyond a tiny amount, I believe). You're much better off using a credit card online - if fraudulent charges are made, you will not be held liable.

No comments: