Kiwibank Credit Card Fraud Restrictions

Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor.

To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification.

If investing please consider our affiliate link for new accounts: Sharesies.

Forums › Finance and wealth management › Kiwibank Credit Card Fraud Restrictions

1 | 2

Kyanar

3874 posts

Uber Geek

Trusted

Subscriber

#741684 8-Jan-2013 15:11

groynk:
Kyanar:

Wrong again. The MERCHANT is the one that gets held liable for all fraudulent transactions - banks get off scot-free. Why do you think adoption of 3DS is so damn slow? Because as soon as a merchant attempts 3DS validation, then the bank becomes liable for fraudulent transactions.

I think it's slow because of tablet and phone games, plus not much marketing from Nintendo in this country.
Didn't know it could check for fraud though, could be used as a selling point

Haha, 3DS is 3DSecure. I'm guessing (um, hoping

) that you knew that though!

Norton

Get easy to use, easy to install Norton antivirus protection against advanced online threats (affiliate link).

PenultimateHop

637 posts

Ultimate Geek

Trusted

#741718 8-Jan-2013 15:41

surfisup1000: Where do you think the money to cover fraud comes from? You know it comes out of your pocket right?

It is in all of our interests to protect against fraud.

While in general I agree with your line of thinking; I have to disagree with the immediate implication you make. I already pay the bank a fee to use my credit card, and they earn a percentage of my transactions in addition. This is based on their existing risk models and profit margin, all of which assumes a percentage of fraud* will happen. Their computerized algorithms have never caught legitimate fraud on my account (I have), but have seriously inconvenienced me in the past by being incorrectly applied - which cost the bank revenue from that transaction/subsequent transactions.

The protection mechanisms attempt to protect the issuing bank, since it is their money that is temporarily disbursed until they recover it from the merchant which was either fraudulently using the card or had been defrauded by someone else. That does not directly cost nor save me money; and if they put up their fees for me to use the card because of their poor security implementation** then I would use an alternative payment mechanism or an alternative bank.

I take offence to them saying their algorithms protect me, because other than in the ridiculously long run (and if you really want to take their statement to the logical end they're effectively saying I'd be better protected if I didn't use a bank at all) there is no direct cost to me. It is just security theater.

* Yes I'd like this to be zero, but it isn't.
** Reality is the current credit card security infrastructure is terrible. If banks were serious about fixing or reducing fraud they would have ensured that by now mag stripes were completely removed (remember 100% chip based transactions was planned to be in place by 2006 in Asia) and card numbers themselves would have moved to a one-time generated style. Instead card issuing banks and the networks are happy to carry fraud as a cost of doing business until it becomes too expensive -- then they move to fix it.

Kyanar: Wrong again. The MERCHANT is the one that gets held liable for all fraudulent transactions - banks get off scot-free. Why do you think adoption of 3DS is so damn slow? Because as soon as a merchant attempts 3DS validation, then the bank becomes liable for fraudulent transactions.

That is a fair point, yes. Overall the merchant wears the cost of fraud (which indirectly then comes back to me as a consumer). However the issuing bank does still have to minimuze their money being sent fraudulently towards the acquiring banks.

Kyanar: And for what it's worth, any merchant using a $1 authorisation to validate a card is doing it wrong. The correct way is to post a $0 charge to the card (which has been possible for about 3 years now as a validation methodology - $0.01 and $1 auths can actually get you a "misuse of authorisation" fine now).

That is interesting - I went and read about this. It looks like Visa USA implemented it in 2009 but it doesn't seem to have gone more worldwide, although I didn't look terribly closely. However the majority of e-commerce and even meat-commerce gateways still seem to use $1 authorisations so either Visa has never bothered with their misuse of authorisation fee (especially since some incredibly large retailers that I doubt they'd dare annoy continue with the $1 auth practice) that it seems clear they're not really worried. My banks that show pending auth all have a note saying "Why is there a $1 transaction shown here?" with an explanation when a $1 auth is visible.

The only $0.00 auth (or validation) I've seen showed up very weirdly and appeared to be a grocery store self checkout. Given the billing descriptor was completely garbled I was actually wondering what it was for a while.

Behodar: I got a "card declined" message from Apple, followed within seconds by a call from Westpac asking whether it was legitimate. It really makes me wonder how some of these rules work; I've made dozens of purchases from iTunes so why did it decide to flag that particular one?

Beats me too - they even acknowledged when I called in that I used iTunes regularly and that they couldn't really see any issue, but the hassle of having to call in while boarding a flight meant I didn't do it until I was elsewhere -- and hadn't been using the card for several days.

The irony I've found - consistently - with automated fraud detection systems is that they never catch real fraud, only legitimate transactions. And the same bank which is over-sensitive on credit card transactions at relatively consistent merchants (iTunes, etc) never blinks when I withdraw cash using a debit card in multiple cities/countries in a row, e.g. Auckland one day, Vientiane the next. Which *is* a suspicious looking (but legitimate) transaction. Go figure.

groynk

233 posts

Master Geek

#742189 9-Jan-2013 12:31

Kyanar:
groynk:
Kyanar:

Wrong again. The MERCHANT is the one that gets held liable for all fraudulent transactions - banks get off scot-free. Why do you think adoption of 3DS is so damn slow? Because as soon as a merchant attempts 3DS validation, then the bank becomes liable for fraudulent transactions.

I think it's slow because of tablet and phone games, plus not much marketing from Nintendo in this country.
Didn't know it could check for fraud though, could be used as a selling point

Haha, 3DS is 3DSecure. I'm guessing (um, hoping ) that you knew that though!

Couldn't get a tongue in cheek emoticon could we?

networkn

Networkn
30209 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#742192 9-Jan-2013 12:34

Interestingly it would seem Kiwibank are going to review the mandatory 24 hour block.

They have apologized for all the incorrect information (Including telling me Amazon triggered the alert when it was actually Groupon.com) and have credited me the airpoints I missed out on by having to use another card whilst my primary card was down.

Satch

1985 posts

Uber Geek

#742203 9-Jan-2013 12:46

My credit card was put on hold by ANZ just after new years due to some cretin attempting to put $1,600 worth of Jetstar Asia flights on it. In some cases the automatic detection does work.

I kinda wonder though if they should just have let the fraudster fly Jetstar as punishment...

groynk

233 posts

Master Geek

#742207 9-Jan-2013 12:49

networkn: Interestingly it would seem Kiwibank are going to review the mandatory 24 hour block.

They have apologized for all the incorrect information (Including telling me Amazon triggered the alert when it was actually Groupon.com) and have credited me the airpoints I missed out on by having to use another card whilst my primary card was down.

Nice complaining work! (genuinely)
It will likely benefit me in the future

networkn

Networkn
30209 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#742224 9-Jan-2013 13:18

Satch: My credit card was put on hold by ANZ just after new years due to some cretin attempting to put $1,600 worth of Jetstar Asia flights on it. In some cases the automatic detection does work.

I kinda wonder though if they should just have let the fraudster fly Jetstar as punishment...

Would it be really bad if I sent this to the jetstar twitter feed?

Satch

1985 posts

Uber Geek

#742226 9-Jan-2013 13:19

networkn:
Satch: My credit card was put on hold by ANZ just after new years due to some cretin attempting to put $1,600 worth of Jetstar Asia flights on it. In some cases the automatic detection does work.

I kinda wonder though if they should just have let the fraudster fly Jetstar as punishment...

Would it be really bad if I sent this to the jetstar twitter feed?

Be my guest!

networkn

Networkn
30209 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#742243 9-Jan-2013 13:34

Well that's my first lot of 2013 unkindness for the year! (My wife tells me most people are nice with a mean streak but I am mean with a really really thin nice streak!)

I wonder if I ever need to fly Jetstar in the future (I can't imagine how bad things would need to be), if I will be extremely thoroughly cavity searched by a man with ham like fists as a result!

richms

26394 posts

Uber Geek

Trusted

Subscriber

#743300 11-Jan-2013 14:27

Cards and their use of the number are just retarded.

Last time I had to change card number, I forgot a couple of regular billers to it (was back when water was 3 monthly and a garden bag or something)

Anyway, its a right PITA having to give a new arbitary number to people and then update it when the number becomes compromised. I MUCH prefer paypal.

Richard rich.ms

PenultimateHop

637 posts

Ultimate Geek

Trusted

#743315 11-Jan-2013 14:48

richms: Cards and their use of the number are just retarded.

Last time I had to change card number, I forgot a couple of regular billers to it (was back when water was 3 monthly and a garden bag or something)

Anyway, its a right PITA having to give a new arbitary number to people and then update it when the number becomes compromised. I MUCH prefer paypal.

My approach to that problem is to have one card that I use for all recurring payments (Internet, Phone, etc) that isn't used for anything else. Minimizes the likelihood of that particular card number getting compromised to just those recurring billers, and makes it easy to check which billers use the card number (look at the statement for the last 90 days).

If I have to cancel a card due to number compromise/loss of card/wallet, then it won't impact those particular transaction types.

richms

26394 posts

Uber Geek

Trusted

Subscriber

#743322 11-Jan-2013 14:55

my card selection is usually based on billing dates so I get the most time to not pay.

really a unique billing number should be made for each biller so it becomes a non issue.

Richard rich.ms

PenultimateHop

637 posts

Ultimate Geek

Trusted

#743329 11-Jan-2013 14:58

richms: my card selection is usually based on billing dates so I get the most time to not pay.

really a unique billing number should be made for each biller so it becomes a non issue.

While having a unique billing number would be fairly useful - and some card issuers in the past have had something like this with one-time card numbers - I find that the consistency of knowing one card will have all the bills on it is worth losing a few days of payment deferral. It makes life easy.

1 | 2