What tipped off the credit card company for fraud?
May 26, 2010 4:08 PM Subscribe

Just got a call from my bank, Chase, for credit card fraud. Got it all taken care of, card canceled, new one on the way...no worries. I'm just wondering, what tipped them off?

They asked me about 2 charges, one for one song off of iTunes, (probably the thief testing the card they said) and one for about $150 worth of tools. I didn't get a chance to ask what about these made them suspicious enough to contact me. Why did those raise flags and not the time I spent $1000 on new appliances? Was the mp3 a country song, and they just know that much about me to know that I don't do country???

posted by Caravantea to work & money (58 answers total) 17 users marked this as a favorite

When this happened to me a few months ago, my bank's fraud department told me that this was a pattern. One small charge at iTunes to test the card information and then a larger totally out of character purchase often from someplace geographically ridiculous to where the card holder lived, to a place they'd never spent money. My guess is that they flag every one dollar iTunes purchase, do some sort of "what got purchased next?" scan [in my case, $500 worth of online game credit which is not something I've ever bought before] and call if looks weird. When I got the call it was automated until I said "no, that's not my charge" and then I got a person on the line who wanted to hear about it.
posted by jessamyn at 4:11 PM on May 26, 2010 [4 favorites]

They did that to me some years back when I was at CompUSA buying some hard drives. They said someone had charged something to the card just a couple of minutes prior at a Wal-Mart in Arkansas. After talking to me for a while, they approved the CompUSA charge and sent me some stuff to dispute the Wal-Mart charge, which incidentally never appeared on the bill, so never got disputed. I chalked it up to some sort of confusion.
posted by wierdo at 4:12 PM on May 26, 2010

I assume these were both online transactions. This is some form of behavioural profiling. I have had a warning and subsequent cancellation and issue of a new card based on attempt from someone in Belgium to take £1 from my card. Perhaps the small initial transaction with someone you have never dealt with before causes alarm bells.
posted by epo at 4:14 PM on May 26, 2010

My experience is the same as Jessamyn's. One iTunes charge and then a second charge (though the second one on mine was only about $20). They said both the geography and the iTunes tipped them off.
posted by BlooPen at 4:17 PM on May 26, 2010

I was also contacted by Chase (via email, not phone) about some fraudulent credit card activity - the tipoff was an iTunes purchase. Actually, the transaction was with some site that's connected with iTunes (in a way I'm not clear on), so maybe it was the use of the other site rather than iTunes itself?

Chase swooped in before anything else could get purchased, so it seems like iTunes/this other site is a big red flag for them.
posted by Quietgal at 4:17 PM on May 26, 2010

Adding to the statements above, some stores have higher risk factors for fraud based on the what the store is, or the geographical location of the store. For instance, Wal-Mart transactions might get flagged in concert with other factors.

I'm fascinated that iTunes seems to be one of these high-risk stores.
posted by jabberjaw at 4:19 PM on May 26, 2010

Something similar just happened on my Citi card, the fraudulent transactions were on iTunes and the Steam/Valve online game store. I'm still not sure how the thieves manage to monetize these transactions though - they can't just be buying downloadables, can they?

On a related note, a corporate accounting person recently told me that some nefarious folks have a way to use a valid CC number to generate something like the next 100 valid numbers. So perhaps the bank fraud software looks for a pattern of questionable purchase across certain sets of card numbers?
posted by Fin Azvandi at 4:28 PM on May 26, 2010

Tools are high value items that can be returned?
posted by k8t at 4:29 PM on May 26, 2010

I've never had a credit card fraud problem, but did have a pretty major one with my debit card a couple years ago. My bank called me and asked if I'd made a particular purchase. What happened was that somehow they got my card number and pin (apparently there was a rash of cameras installed by some unscrupulous employees), and made their own card. They made a significant "deposit" (actually an empty envelope) at a branch I'd never been to before to make sure the card worked, and then spent almost $800 at a 7-11 in another neighbourhood I've never frequented. Obviously, not my usual spending patterns. The bank canceled the card, called me, and then I had to go in and sign the affidavit that no, I did not make those transactions. But seriously... $800 at a 7-11? Who does that? That's a lot of smokes and calling cards. (This is BC, you can't even buy booze in a 7-11!)
posted by cgg at 4:30 PM on May 26, 2010

I had a similar issue with Chase a couple of months ago -- an online purchase from somewhere in Georgia for $20 (the Chase rep couldn't see what the company was -- OLP Inc.?), and then a few other big-ticket items that were flagged by Chase.

I still don't know how it happened, but I was impressed that Chase representatives called me almost immediately to say, "We think your card has been compromised, and we want to check it out."
posted by vickyverky at 4:40 PM on May 26, 2010

This information is very interesting to the law-abiding members of this forum. However it is somewhat unhelpful to those protecting us from the fraudsters.

Can I suggest the mods remove this thread as I, and I presume most of you, would rather the fraudsters not have this information.
posted by GeeEmm at 4:41 PM on May 26, 2010

Are you supposed to warn your credit card and debit card companies that you're going out of town, or can they see if you've bought travel tickets somewhere?
posted by anniecat at 4:41 PM on May 26, 2010

More generally speaking, credit card companies have pretty sophisticated algorithms watching purchasing patterns, because most people use their cards in pretty predictable ways, i.e. a bunch of low-ticket items with the occasional splurge, mostly in a single geographic area. Now a single transaction isn't likely to trip the system, as the Internet means that people can purchase things all over the place without really thinking about it. But multiple transactions in a short period of time looks funny even for legitimate purchases, and when you combine that with geographic disparity, the odds are pretty good that it's fraudulent.

Seriously, how many times do you swipe your credit card more than once in ten minutes? Pretty freaking rarely, and when you do, it's almost always at the same place. The only time I've gotten a false positive is the time I tried to buy components for a new computer from half a dozen online retailers without telling my card issuer first. Got flagged immediately.

Because credit card companies--and their insurers--wind up eating the costs of fraud, they've got a pretty decent incentive to make sure they detect fraud almost immediately.
posted by valkyryn at 4:46 PM on May 26, 2010

anniecat: I called my credit card company and told them our wedding dates and plans after my card got flagged for fraud when I made an unusual purchase for me (jewelry in the form of wedding rings from a Canadian company). Just told them I would be in FL and on what dates so little things like out reception payment wouldn't get denied.
posted by Captain_Science at 4:47 PM on May 26, 2010 [1 favorite]

I've been amazed at how clever Chase's trip wires are. I have a job that sometimes involves sudden trips to far-flung places, and even though I'll abruptly be buying drinks on the Vegas strip or a rental car in Jerusalem, they never call. But when someone bought sports equipment in the Bronx with my card, they knew immediately. It's enormously comforting really, even if a little scary how well they know me.
posted by CunningLinguist at 4:58 PM on May 26, 2010

I was recently traveling out of state and two cards from different banks were both declined when I tried to buy gift cards at Target (among other things). I had used both of the cards for several days before, so apparently it was the gift cards that triggered the flag.

When I called the banks, they advised me that I should call them before traveling and asked when I would be home.
posted by kenliu at 4:58 PM on May 26, 2010

It's important to note that CC companies can easily see the difference between online transactions vs. card-swiped transactions.

In my experience, card-swiped transactions in your home town or consecutively in a USA location (ie, a domestic vacation) are unlikely to trigger a check from the CC company. However, foreign card-swipe transactions in certain countries or multiple card-swipe in proximity in different USA regions will trigger it pretty quickly. That's why it's recommended that you call your ATM or CC company in advance if you are traveling abroad, particularly to strange places.

Online transactions seem to trigger based on profiling of previous vendors and things like the $1 test charges discussed above, or shopping spree type online purchases for many expensive things from different places at once.
posted by jameslavelle3 at 5:00 PM on May 26, 2010 [1 favorite]

Can I suggest the mods remove this thread as I, and I presume most of you, would rather the fraudsters not have this information.

The smart ones already know, and the stupid ones aren't looking for it (or they'd have learned it long ago -- how do you think everyone's able to answer?) Nothing here's even vaguely secret.
posted by mendel at 5:02 PM on May 26, 2010 [2 favorites]

CunningLinguist wrote: "I've been amazed at how clever Chase's trip wires are. I have a job that sometimes involves sudden trips to far-flung places, and even though I'll abruptly be buying drinks on the Vegas strip or a rental car in Jerusalem, they never call. But when someone bought sports equipment in the Bronx with my card, they knew immediately. It's enormously comforting really, even if a little scary how well they know me."

I've had the same experience. I travel around quite a bit and never hear a peep from them (or anybody else) due to that sort of thing, even when traveling internationally. I usually don't buy the plane tickets with the same card I use while traveling, either.
posted by wierdo at 5:04 PM on May 26, 2010

Tools are high value items that can be returned?

If they were bought with credit then the return would have been for credit too. I don't think any store gives cash for returns on items bought on credit. But tools are something that are commonly sold in pawn shops and I'm presuming they get a fairly good re-sale value since they are durable and their condition can be inspected by eye. If the thief was looking for something to buy that they could immediately unload so as to get rid of the evidence, then tools might not be a bad idea.

In my version of this story I bought gas two or three times in a relatively short timespan from the same gas station and that set off the bank's fraud warnings. They said one of the first things thieves did upon stealing a card was to go and fill up their tank and the tanks of all their friends. From a criminal perspective I suppose they were thinking that if they got caught with a tank full of gas it would be a lot harder to implicate them compared to getting caught with a flat screen LCD, but then again gas stations tend to have cameras so I don't know if that passes the smell test.
posted by Rhomboid at 5:13 PM on May 26, 2010

GeeEmm: haha, fraudsters have this information. This is basic stuff to even an incompetent thief.

I used to work fraud detection for a shall-not-be-named card service department, so I can walk you through my process that I used at the time...

We used software that I can remember the name of that basically tied a bunch of different databases together.

These databases were directly fraud related (collections and customer service had access to the same databases, but filtered through a specific portal that probably made more sense for their job).

The first thing that we did in this program was go into a queue. These queues were sorted by priority of how likely you were to find fraud in them, and accounts would go into queues at different times depending on the risk factors. So, risk factors:

1)Testing charges. These are usually online charges through known online vendors that a scammer can use to test a card number as valid. These have been mentioned before in the thread, but there were certain vendors that would fade in and out of popularity (I'm not naming names) that would allow very small (usually 1 dollar) charges on a card and produce some sort of digital product that allowed them to verify “yes this card works” or “no, this card is already being monitored”. They also told us that sometimes there were random guessing programs just trying to stumble across cards (as cards follow certain numbering rules, making it slightly more probable, and there being so many unused cards like college students get at football games and never touch). I'm not sure that I believe that last part, but that's what they told us. So Amazon MP3 followed by newegg... probably going to get called.

2)Another type of testing charge (usually in cases of physical card theft) is the gas charge. Gas is something you can buy almost anywhere without being on camera or talking face-to-face with a clerk. A crook will steal a card, test it at a pump, and then go on a spending spree. So gas followed by best buy.... probably going to get called.

3)Out of Country charges. This is an indication that a card has been compromised by a foreign entity (Russia and Turky were two concerns at the time) and fake plastic has been made and is being used until it's found. Many, many customers are legitimately using their cards in foreign countries and get cut off for what they see as no reason. You card company has a reason: mostly that they're legally obligated to refund you for any transactions that are made on your card and pissing off a handful of people versus catching stuff before it becomes tens of thousands of dollars is an economical choice. This is also the case if we almost always see charges coming from Delaware and all of sudden California. Cards leave a datatrail of where they're used, so almost always used in X suddenly used miles away in Y... probably going to get called.

4)SIC Code doesn't match. SIC codes (I think that's what they're called) are different types of merchants. Let's say that a person always uses their card for fast food, gas, and sometimes clothes shopping. All of a sudden we have $2000 dollars coming through from electronics. Probably going to get called.

5)Time in queues. If something starts off as low risk, but keeps coming back again and again it's going to get moved up in the queues until someone finally looks at it.

There are also queues that get specially created. When TJ Max lost a hard drive with credit card info on it, then all of the effected accounts were moved to a TJ Max queue, which we would put priority on working. There were byzantine ones that we were told never to touch, but probably had some highly classified purpose.

We could work whatever queues we wanted to. Basically we would start our systems up in the morning, and there would have been a message from management saying “We've been getting a lot of fraud-found cases in X45, start there and work until its done, and then work other high priority queues”.

Where this comes into play was our incentive. We had a lot of freedom – a scary amount of it, in retrospect. We could work whatever queues we wanted to. If we suspected fraud we would try and contact the customer to verify the charges. If we couldn't contact them, then we had the power to stop that card. BUT, if we mis-indentified fraud, then there was a monitoring system that told our boss. If we didn't work fast enough there was a system for that. If we worked fast by spending all day in a queue with little priority and almost no fraud in it, then our boss would know. The pay sucked, but a monthly incentive of a few hundred bucks could make it decent. There were also teams of fraud finders, and quarterly incentives for teams (like free lunches, baseball tickets, etc.)

The way that I worked was this:

I know that a certain queue pulls certain accounts for certain reasons. I tended to trust the initial computer selection to do its job, more or less, so I used that as my base point.

My first task was to take a look at the charge that specifically tripped the fraud alarm. I would look at it and first think to myself “Do they have a history of this?” I would compare this against demographics. An 80 year old woman who buys food for 6 months, and all of a sudden a charge coming through from steam? Probably not passing on that one. A 20 year old college student who charges everything from clothes to books, and then an iTunes purchase? Maybe they just got an iPod, I'll pass on it.

Cases weren't always cut and dried, so there's other things I can look at. I could see where plane tickets were purchased to and from. So if we have a plane ticket bought from BWI to LAX and sudden out-of-character charges for shopping in California, well... yeah, probably. I could see previous history through a comment log. Other operators (regardless of department) are obligated to comment each interaction with an account. For example, after working an account that I passed on I might write:
“CHRGS COMING FROM OOS (out of state) BUT GAS TRAIL FROM HOME LOCATION TO CURRENT LOCATION PLUS HISTORY OF TRVL. N/A”

The reps who took the incoming calls would also comment. If I looked in there and saw “PERSON CALLED IN AND WAS UNABLE TO VERIFY NON-TRAD (non traditional info: stuff like previous address and drivers license number ). DENIED ACCESS” I might be suspicious. If they'd recently changed their address, that was a red flag. We also had access to databases like lexis-nexis to search records in the DMV and whatever.

So here's a TLDR answer to your question:
When you use that card you're being watched. Sometimes by a person, but most often by computers that analyze and store every purchase you make. Even if you don't know it you have a data trail, and that data trail has a signature to it. When something breaks that signature, and is surrounded by other suspicious details, it either get automatically handled by a computer, and will eventually be handled by a human. The testing charge was suspicious, but maybe by itself wouldn't have mattered. Followed by tools (easy to fence, so a pretty common flag charge) it's no question. Especially if it looked at your account and couldn't find strong previous history with either. So your account gets sent to a high priority queue, and some underpaid dude on the eastern seaboard looks at it, tags it as fraud, and calls you to confirm, maybe helping him make an extra 200 bones at the end of the month.
posted by codacorolla at 5:16 PM on May 26, 2010 [245 favorites]

To counter all the perfect experiences with Chase, I'll just say that they have twice cut off my card when I was in a foreign country and had limited options for obtaining funds or calling them. One of these times was after I explicitly called them and told them I would be visiting said country. They have never stopped my card for an actual instance of fraud.
posted by grouse at 5:18 PM on May 26, 2010 [1 favorite]

I used to do research on credit card fraud detection. The credit card companies have a fair incentive to stop this stuff as quickly as possible, while also not accidentally shutting off your card when it's being used legitimately.

So there's a lot of cat and mouse by thieves and by the companies. A credit card thief would like to test the card in an environment where they are unlikely to detained if the card is flagged as stolen. So they do an initial small charge where they don't have to talk to anyone, maybe filling up at a gas pump, maybe an iTunes purchase to verify the card is working. If the card is dead, they stop using it. If it's good, they then next get in as many valuable purchases as possible before it's flagged.

So credit card companies have various rule-based and analytic systems that look for known patterns that are good predictors of fraud, given previous fraud examples as training cases. They also look for patterns that are out of your normal behavior, like a sudden spate of purchases abroad, when you don't normally travel, or buying two home stereos (or plasma TVs) in a day, or buying big ticket items outside of your normal home area.

You can probably come up with lots of purchase ideas that would be valuable (easy to resell) and also out of character for your profile. And so can the credit card company. The companies know they cannot catch all fraud (and certainly not without shutting down a bunch of valid transactions, too), so they balance fraud prevention with convenience.
posted by zippy at 5:19 PM on May 26, 2010

One time when I ran out of checks, I had to use my debit card to buy a (fairly large) money order at the post office to pay a bill. The bank called my husband asking about the charge, he of course was like "what charge? I don't know anything about that charge!" and had the card frozen.

Then he called me to tell me what had happened.
posted by Lucinda at 5:33 PM on May 26, 2010 [1 favorite]

It's also worth stating that after we found fraud we would either mark it as "Probably random one-off", "Probably stolen plastic", and "Probably serious-shit ID Theft"

We determined this by looking for other accounts and verifying those.

They would then get routed to the proper department, and we would try to advise best-practice legal recourse.

Needless to say the best practice was an ID protection service that we charged for and got an incentive per account for pushing...
posted by codacorolla at 5:33 PM on May 26, 2010

Seconding Grouse. I travel frequently for pleasure. Nearly every time, my card gets cut off, even when I call to let the companies know in advance where I'm going and when I'll be there. Both Chase and Citibank have done this to me; Citibank is particularly horrible. Nothing more fun than a 22 hour flight to Delhi on Don't-Worry-It'll-Fly Air and you can't even check into your hotel because Citibank can't believe you're actually there even though you talked with them immediately before boarding the plane. And then the customer service representative you call at unholy non-roaming mobile phone rates spends 4 minutes trying to hard-sell you overdraft protection...

That said, they did catch once instance of fraud recently, amounting to $400. And have probably cost me about 20-30 hours of pain while traveling over the past decade.

So yeah, geographic triggers figure prominently. But I dispute anyone's contention that the algorithms are in any way sophisticated. If I could find a single credit card company that did fraud detection competently I'd switch in a New York minute. Or make that a Chicago minute. Switching in New York would probably be flagged as fraud.
posted by centerweight at 5:38 PM on May 26, 2010

centerweight: I have no idea either. It's good about some stuff, but travel it's NOT. I remember having a guy yell at me for about 45 minutes straight because his card got stopped in Europe. He constantly said "I'm not mad at you buddy, I'm mad at the company," and then proceeded to cuss up a storm. I agreed with him, but had to defend the company or risk getting fired (they record the calls and pick a 'random' sample for your monthly reviews). I wish I could've just said "yeah, it's fucked up, sorry man." One of the more surreal expriences of that job.
posted by codacorolla at 5:53 PM on May 26, 2010

My card company has been very good at monitoring and I got calls twice about fraud. The tip=off purchases were 1) for very large amounts 2) at stores I never shop at and 3) not anywhere near where I live. I think the combination of these three factors is the tip-off. I am very regular in my habits and if they see $100 a month on books and groceries at stores in City X and then all of a sudden $5000 in sporting goods in City Y, it's pretty obvious. Both times I was called right away and I feel they handled it well.

I think geography is the biggest factor though. A few times, I have house-sit for my parents when they go on major trips abroad, and sometimes the bank will call for them. If I say 'if this is about the overseas transactions in City Z, they are on vacation there' they end the call. They won't say that's why they're calling, but it's pretty obvious from their behaviour that it is.
posted by JoannaC at 5:56 PM on May 26, 2010

There were byzantine ones that we were told never to touch, but probably had some highly classified purpose.

I'm sure you can't really elaborate on this one, but I'm a bit confused by the wording, as it sounds more nefarious than I'm sure it is. Are you saying there are queues that are composed of VIP customers that some other department of the company monitors? It seems strange they would tell the fraud department to never touch some queues, unless of course they didn't want some guy making minimum wage stumbling upon Bill Clinton's credit card transactions.
posted by geoff. at 6:13 PM on May 26, 2010

I once drunkenly tried to transfer $5000 from my maxed-out credit card to my savings account. This was about one in the morning and I had a phone call from my bank literally a minute later telling me there had been some "suspicious activity" on my account. The bank servers would have hundreds of megabytes of algorithms stored on them, checking transactions against thousands and thousands of different metrics. jessamyn is spot on in telling you that a tiny transaction followed by a bizarre one for a significantly greater amount is precisely the sort of thing the bank computers would flag.
posted by turgid dahlia at 6:15 PM on May 26, 2010

I'm sure you can't really elaborate on this one, but I'm a bit confused by the wording, as it sounds more nefarious than I'm sure it is. Are you saying there are queues that are composed of VIP customers that some other department of the company monitors? It seems strange they would tell the fraud department to never touch some queues, unless of course they didn't want some guy making minimum wage stumbling upon Bill Clinton's credit card transactions.

;D

Those weren't 'secret' per se, but we would do work for certain companies that seemed high class and didn't want to be associated with the company we were actually associated with *ahem* so the VIP accounts were limited to senior and skilled reps. Ordinary reps would most definitely get fired if they went into that queue and started mucking around.

There were some that we were told were only used by the computers, so going in there would throw things off.

There were others that I had no idea about, other than the fact I shouldn't go in there, and there always seemed to be pending cases in them.
posted by codacorolla at 6:22 PM on May 26, 2010

My card issuers have generally gotten it right. I don't go to India often, but a couple of years ago, I went there for two weeks -- for the first time as a holder of credit cards; all previous times were as a cash user and besides, I was too young to have credit cards. Made a few charges here and there, sometimes at relatively posh places, and not a single call, e-mail, or interruption in charging privileges. Last year, my wife and I went to Cabo for our anniversary. I've never went to Mexico as a credit card user before. No issues there, either.

I like to think I'm kind of erratic in my spending habits on occasion -- a few months of a relatively predictable pattern, then I'll throw them a curve ball for a few days -- and yet I hear nothing from them.

But I have gotten the call a couple of times on legitimate purchases. I got them a few times when I acquired a business a few months ago, and started using one of my cards for inventory purchases a LOT. For the first three months or so, I'd get the calls relatively often . . . then they'd drop off, and now they've stopped. So these guys will adapt to your behavior.

(Diner's Club, AMEX Platinum, Chase/United Airlines Visa Signature, for what it's worth. I mention this because I think it would be interesting to hear some of the former CC industry insiders shed some light on these particular cards' fraud-detection practices, etc. They're DAMN good.)
posted by CommonSense at 7:04 PM on May 26, 2010

If they were bought with credit then the return would have been for credit too. I don't think any store gives cash for returns on items bought on credit.

Walmart gave me cash yesterday from a returned item that was bought with a credit card. I didn't even ask for it - they just gave it to me.
posted by CathyG at 7:33 PM on May 26, 2010

My debit card got flagged recently when someone tried to use it at a campground in Klamath Falls, OR. I'm in Gloucester, MA. The rep who called me to verify said that they'd seen a lot of the same charges happening in the same concentrated geographical area - since I'd made a couple trips to the West Coast in the past year (with the plane tickets purchased on my husband's card with another company) and not been flagged, that made sense. Seems odd, and like the thieves would be too easily caught at a campground, but there you have it. Maybe there was a crooked employee at the campground running a lot of cards for small purchases.
posted by kpht at 7:43 PM on May 26, 2010

Someone cloned my Visa card in 2008 and used it to buy $900 of goods at a gas station in Georgia in 3 separate charges; I'd like to know what he was filling up, my guess is tyres. Visa caught it but I had to swear an affidavit that it wasn't me.

Earlier this year, I spotted 2x $400 on my Amex at a Toys R Us in Humble TX via my daily email showing a balance larger than usual. The miscreants celebrated at Taco Bell afterwards - way to live large! I called Amex and I got an instant refund no questions asked. Treatment by Amex was much better, they behaved like they believed me rather than Visa making me prove myself.
posted by arcticseal at 7:59 PM on May 26, 2010

codacorolla has most of it; I'll add on by telling what I can.

There are several different layers of analysis that go into fraud detection, one of which being criteria set in place by strategists that determine what flags in the system. Reasons things flag can range from the purchase being a lot of money, to the transaction being x miles out of the customer's home area, to the transaction being keyed in instead of swiped, etc etc.

So it gets flagged if it hits criteria and ends itself up in one of the many, many, pre-set queues to be worked by us specialists. We review it first to see if it looks suspicious. If we strongly suspect fraud, i.e. a retired knitting aficionado who spends a chunk of her money on craft stores in Nebraska suddenly spending $40k on jewelry in the Cayman Islands, we'll block the card. If it's just something that we want to verify to be sure of, we'll call and try to verify it with the customer.

A designated person watches the fraud system daily to ensure that if there's a huge spike in one of the queues, or a sudden trend, it gets worked immediately.

Granted, a lot of stuff I have to leave out, but one thing I can say is that a LOT of fraud detection is gut feeling. At about the 6 month mark of working at the bank, I started to be able to pick up on what's just Not Right. I've been able to save my customers a lot of money :)

Anyway, more to the point of your question, internet transactions tend to raise a flag because the card doesn't have to be present to make the purchase. Counterfeiting the card is a workaround to that, but we have strategies in place for that, too, and we find out just as easily and send the attack ninjas to destroy the offender (kidding. or am I?).

Also:
Are you saying there are queues that are composed of VIP customers that some other department of the company monitors?

Dunno about anywhere else, but we have that, yes. Our area has several different teams that handle different customer sets. One group handles a large pool of clients, the other handles your "special category" clients, i.e. Public Figures, People who Poop Money, Government People, Really Big Businesses, etc. You have to be REALLY GOOD on the phones and not a window licker to work with those customers.

Are you supposed to warn your credit card and debit card companies that you're going out of town, or can they see if you've bought travel tickets somewhere?

Yes, please! It helps us rule out fraud if we know where you're going. Yeah yeah, "it's none of your business." Honestly, it may be your money (in the case of a debit card), but it's our card. We issue the card to the user with the agreement that we can revoke it whenever we wish, and other such things. Besides, we need to reimburse you if there's fraud on it, so fucked if we're going to just sit around and let fraud happen if we can do something to prevent it. So please, it's a two-way street. Let us know if you're going to do something super unusual, we'll work with you.

Can I suggest the mods remove this thread as I, and I presume most of you, would rather the fraudsters not have this information.

You tell funny jokes. They already know.
posted by Verdandi at 8:06 PM on May 26, 2010 [9 favorites]

ArticSeal: Having to pay AMEX's kinda stiff annual fees tends to pay off.

Of course, if your airline delays your baggage just ONCE, AMEX pays for itself that year. (Up to $500 to use as you wish to buy clothes, necessities, etc. to cover you until the baggage arrives.) And if you use airport lounges, say, twice or thrice in a year, you've paid for it again (depending on that particular lounge's a-la-carte rate.) Contest a charge that you'd have no chance in hell of getting approval on the contest from another cardholder, and you've (at least partially) paid for it yet again.

Of course, as a small business owner who accepts AMEX from customers also, I know all too well who, in addition to the cardholder, is paying for all those perks. 2.89% of every transaction. And when you sell Macs, that's pretty damn sizable. (And why the hell is it that the ones who buy the most tricked-out 17" MacBook Pros insist on using AMEX? ARGH!)
posted by CommonSense at 8:10 PM on May 26, 2010

Walmart gave me cash yesterday from a returned item that was bought with a credit card. I didn't even ask for it - they just gave it to me.

That must have been cashier error then, as I can't imagine that their merchant agreement would allow that as policy. If that was possible then you could essentially get a cash advance on any credit card without paying the special fees and higher rates that cash advances always incur.
posted by Rhomboid at 8:19 PM on May 26, 2010

To add to what's been said above, the algorithms used by credit card issuers are stunningly complex and mind-bogglingly efficient.

As a credit analyst I was never told every single thing which would trigger a flag and freeze, but when you're dealing with 80+ accounts daily which the system has flagged and frozen you quickly learn to detect the similar patterns not just in what caused the flag but how fraud "looks" on the card history and how it "sounds" when you contact the customer to see what's going on.

I'm not breaking any confidentiality agreements by saying that credit card issuers are extremely aware that those who've found "loopholes" like to brag about it online and that there are people whose sole job within the organisation is to monitor online information about how to bypass anti-fraud measures. The speed with which the tech people can add new algorithms to counter the latest fraud attempts is awesome, and often so rapid that the system will be freezing cards before the credit analysts themselves have received updated information on the latest scam du jour.
posted by Lolie at 9:05 PM on May 26, 2010 [1 favorite]

I get calls from Amex all the time about fraud. The two times our card numbers had been stolen, it was an I-tunes purchase that tipped them off. The other times, when our purchases were legit, we've been out of town and been flagged buying gas or something normal. My Chase check card was flagged when I used it out of town, then came back home and used it for a catagory I had never used it for before. They've always called first before they cut it off. B of A (holes), on the other hand, left Mr. Zin stranded out of town without calling first and wouldn't even let him tell them if the charges were legit.
posted by zinfandel at 9:19 PM on May 26, 2010

FWIW, those complex algorithms I talked about above aren't just for fraud detection. They also decide if you're in line for a sudden credit limit drop, too - again, based on all sorts of statistical data about the likelihood of your recent use pattern indicating that your potential to default has increased.
posted by Lolie at 9:22 PM on May 26, 2010

Yes, Rhomboid, you can use credit cards for cash advances at walmart.

Over the holiday season I received several of the Visa Gift Cards which, while a nice present, are not as convenient as cash (because I can put cash into my bank account.)

My solution was to go to walmart and purchase small items that cost a lot of money, which I then returned and asked for cash back.
posted by 47triple2 at 9:41 PM on May 26, 2010

My card got halted a month or two ago... When I called they said, 'we have charges in one week from California, Denver, Chicago, St. Louis, Tennessee, South Carolina, Pennsylvania, and Paris.' Which was actually exactly the trip I was on: I took the train to St. Louis via Denver and Chicago, drove to Tennessee to visit grand parents, then had a two-stop flight to Paris, with hour-long layovers in Charlotte and Philly. It was annoying, but I can't say I blame them for flagging the account.
posted by kaibutsu at 5:57 AM on May 27, 2010

I have an HSBC credit card. Last summer I bought a bus ticket to go to the NY Renaissance Faire, just outside the city, followed by a ticket for the faire itself. My card got frozen, but nobody called - I didn't find out till I was trying to pay for a cab. I called and assured them that yes, I was actually going to the ren fair like a huge dork. Then a couple days later, at the fair itself, the card got declined again when I tried to pay for food, and I had to spend twenty minutes on the phone with customer service explaining again that yes, I really was at the ren fair like a huge dork.

So no, their algorithms aren't perfect, or at least HSBC's isn't.
posted by miskatonic at 6:04 AM on May 27, 2010 [1 favorite]

Spooky: I was just reading Codacorolla's comment when the phone rings..."This is xxCard Fraud department, we would like to verify something with you...." Seems that when I charged a hotel booking on my card this morning, they charged me in Euro's instead of US$, then tried to reverse the charge and charge again. That was enough to have the Fraud lady call...very neat.
posted by BozoBurgerBonanza at 6:26 AM on May 27, 2010 [1 favorite]

AMEX is very good. They have caught a couple instances of fraud before they ever hit our account - we didn't see a balance jump or anything, just came home to a vague phone message and when we called they were all, so there is this iTunes charge (we don't use our Amex for iTunes for Crissakes) and then $400 at a retro/vintage boutique. Which was not me again, but it could have BEEN me. I've made similar purchases before - but the iTunes thing is what tipped them off. Very cool. And Amex has always been super cool.
posted by Medieval Maven at 7:01 AM on May 27, 2010

I got a call from my bank that opened with the question, "have you been in Bulgaria recently?" I had not. However, we had just been at the Montreux Jazz Festival and I remember feeling wierd about a stand alone ATM. It gave me money, but something was off. A month later, I knew why.

I think the lesson I learned is don't trust stand alone atms.
posted by mearls at 9:05 AM on May 27, 2010

I've been flagged and called within minutes several times for buying stuff from Newegg using both Bank of America and Chase cards, so sadly echoing what others above have said, Newegg seems to be a huge red flag. Oddly enough, I've never been flagged for buying loads of $2 crap from the Hong Kong-based DealExtreme, which makes no sense. And I was never called when someone advanced $20,000 from an 18-month dormant credit card to a random bank checking account thousands of Km from my home. So the monitoring programs apparently fixate on some merchants and locations more than others.
posted by meehawl at 9:33 AM on May 27, 2010

Interestingly I used to work for an online gaming company. There was a continuous game of cat and mouse with the credit card companies that did not like their cards being used for this sort of thing because there were so many rejected charges. (Very often the spouse of the cardholder sometimes b/c the card had been stolen).
Part of my job was tweaking the algorithms we used to *avoid* coming to the attention of the main issuers. We did this by using a range of 'front' retailers that would channel the funds to us in exchange for a fraction of the throughput. Each transaction was disguised in a number of ways - the most obvious being that we varied the amounts coming through: So for a $10 credit purchase we would put through $9.50 - $10.15 to avoid the rule that looked for lots of 5, 10 and 20 dollar transactions over a short space of time. Time mattered as well: lots of transactions before a major sporting events? That'll do it. Transactions from Russia/Ukraine/Turkey etc. going to a retailer in suburban Toronto? All of this had to be managed.
Every so often one of these dummy gateways would be shut down and we would move on to the next - no big deal.
This was all extremely marginal and I left after a while. What this taught me is that if you have the merchant side of the equation in place you can do far more complex things with legit cards. With stolen cards? Very hard to detect and stop. Note that this information is well known to criminals and in fact, is probably pretty outdated now.
(Right now the big money is blackmailing gaming firms by threatening to DDOS them prior to major sporting events).
posted by fingerbang at 9:53 AM on May 27, 2010

Chase shut me off when I was in Iceland after I'd called two weeks prior to the trip and told them I was going to be there. When I got back and called, the rep said it happened all the time, call twice and make sure it gets into the computer.

Next time I went, I called the second time, rep refused to tell me if it was in the computer or not. Refused to tell me if he was putting it in or not. Eventually, he transferred me (without warning or me asking to be transferred) and that person assured me it was in the computer.

2 months later, they called me about suspicious charges. I donated to two charities in one day, and they apparently thought this was excessive (day after the Haiti earthquake, IIRC).

AMEX is a lot easier to deal with on these issues, and not all their cards have fees.
posted by QIbHom at 11:42 AM on May 27, 2010

So I have my own fraud story, and maybe someone can answer a little bit of a piggyback question: someone got my debit card number and PIN and did the ITunes thing as well... but then they proceeded to buy $500 dollars worth of flower arrangements (I think) from 1-800-Flowers and other flower delivery sites.... as well as a $250 charge to a brick and mortar flower store in Michigan. Can't fault them for taste, if I had someone else's card number I would probably buy $750 worth of flowers as well. But what I can't figure out is WHY? Did they just really really want flowers? It's not like you can return them for extra profit, or resell them. What the hell is the point?
posted by WidgetAlley at 1:34 PM on May 27, 2010

I've gotten calls from my CC company a couple of times, always when making unusual and pricey purchases (tickets for my first vacation in ever, a laptop from an online vendor). I really liked that they called me, and was fantastically impressed by the speed - for the travel payment they called within 15 minutes, and for the laptop within half an hour.
posted by L'Estrange Fruit at 3:10 PM on May 27, 2010

But what I can't figure out is WHY? Did they just really really want flowers?

It's easier to get your girlfriend to be your alibi for your other heinous acts if she remains sweet on you. My point being, people that steal credit cards or debit cards aren't usually exclusive to the sole criminal act of stealing credit cards and debit cards.
posted by jabberjaw at 3:34 PM on May 27, 2010

Had a bad experience with Capital One. I tried to buy airline tickets for the first time on a card I have held for a year and a half and use every single day for all household purchases. Capital One refused the transaction, and the airline showed the message "Card is over the credit limit". I check online, clearly that is not the case. So I try another credit card issued by my credit union, one I hadn't used in months, and successfully made the purchase.

Afterwards, I had fraud detection emails from both Capital One and the credit union based on the purchase. But, the credit union got their cut of the $1200 tickets and Capital One did not. Sorry over-aggressive banks, you'll lose money if you pull this shit.
posted by crazycanuck at 9:23 PM on May 27, 2010 [1 favorite]

I am the innocent (not) abroad. Blush. Thanks to all for the education :-)
posted by GeeEmm at 1:18 AM on May 28, 2010

Fascinating account, codacorolla!

Cases weren't always cut and dried, so there's other things I can look at. I could see where plane tickets were purchased to and from. So if we have a plane ticket bought from BWI to LAX and sudden out-of-character charges for shopping in California, well... yeah, probably.

How do you actually get access to this travel information?
posted by storybored at 7:20 AM on May 31, 2010

storybored wrote: "How do you actually get access to this travel information?"

If you buy it using one of the company's cards, they know. Apparently the airline sends along the flight information with the charge. Amex and a few others print it on your bill to help remind you of which journey the charge is associated with. It makes billing expenses much easier.
posted by wierdo at 12:38 PM on May 31, 2010

@WidgetAlley: But what I can't figure out is WHY? Did they just really really want flowers?

Did they actually buy the flowers, or did the charge just show up and then disappear a few days later? 1-800-FLOWERS is often used by fraudsters to verify balances - they charge a few hundred dollars to send flowers to an address that doesn't exist, the charge is accepted (showing up as a pending charge on the account), then the order is later rejected and the pending charge goes away.

1-800-FLOWERS is aware of this, and (last time I spoke to them) had no intention of changing anything.
posted by hanov3r at 11:25 AM on June 25, 2010

« Older Additions, suggestions, and ge... | Which Chicago bars have cockta... Newer »

This thread is closed to new comments.

What tipped off the credit card company for fraud? May 26, 2010 4:08 PM Subscribe

What tipped off the credit card company for fraud?
May 26, 2010 4:08 PM Subscribe