Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
2915 posts

Uber Geek
+1 received by user: 414

Trusted
Subscriber

  Reply # 741684 8-Jan-2013 15:11
Send private message

groynk:
Kyanar: 

Wrong again.  The MERCHANT is the one that gets held liable for all fraudulent transactions - banks get off scot-free.  Why do you think adoption of 3DS is so damn slow?  Because as soon as a merchant attempts 3DS validation, then the bank becomes liable for fraudulent transactions.


I think it's slow because of tablet and phone games, plus not much marketing from Nintendo in this country.
Didn't know it could check for fraud though, could be used as a selling point Tongue Out


Haha, 3DS is 3DSecure.  I'm guessing (um, hoping Wink) that you knew that though!

637 posts

Ultimate Geek
+1 received by user: 2

Trusted

  Reply # 741718 8-Jan-2013 15:41
Send private message

surfisup1000: Where do you think the money to cover fraud comes from? You know it comes out of your pocket right? 

It is in all of our interests to protect against fraud. 

While in general I agree with your line of thinking; I have to disagree with the immediate implication you make. I already pay the bank a fee to use my credit card, and they earn a percentage of my transactions in addition. This is based on their existing risk models and profit margin, all of which assumes a percentage of fraud* will happen. Their computerized algorithms have never caught legitimate fraud on my account (I have), but have seriously inconvenienced me in the past by being incorrectly applied - which cost the bank revenue from that transaction/subsequent transactions.

The protection mechanisms attempt to protect the issuing bank, since it is their money that is temporarily disbursed until they recover it from the merchant which was either fraudulently using the card or had been defrauded by someone else. That does not directly cost nor save me money; and if they put up their fees for me to use the card because of their poor security implementation** then I would use an alternative payment mechanism or an alternative bank.

I take offence to them saying their algorithms protect me, because other than in the ridiculously long run (and if you really want to take their statement to the logical end they're effectively saying I'd be better protected if I didn't use a bank at all) there is no direct cost to me. It is just security theater.

* Yes I'd like this to be zero, but it isn't. 
** Reality is the current credit card security infrastructure is terrible. If banks were serious about fixing or reducing fraud they would have ensured that by now mag stripes were completely removed (remember 100% chip based transactions was planned to be in place by 2006 in Asia) and card numbers themselves would have moved to a one-time generated style. Instead card issuing banks and the networks are happy to carry fraud as a cost of doing business until it becomes too expensive -- then they move to fix it.

Kyanar: Wrong again.  The MERCHANT is the one that gets held liable for all fraudulent transactions - banks get off scot-free.  Why do you think adoption of 3DS is so damn slow?  Because as soon as a merchant attempts 3DS validation, then the bank becomes liable for fraudulent transactions.

That is a fair point, yes. Overall the merchant wears the cost of fraud (which indirectly then comes back to me as a consumer). However the issuing bank does still have to minimuze their money being sent  fraudulently towards the acquiring banks.

Kyanar: And for what it's worth, any merchant using a $1 authorisation to validate a card is doing it wrong. The correct way is to post a $0 charge to the card (which has been possible for about 3 years now as a validation methodology - $0.01 and $1 auths can actually get you a "misuse of authorisation" fine now).

That is interesting - I went and read about this. It looks like Visa USA implemented it in 2009 but it doesn't seem to have gone more worldwide, although I didn't look terribly closely. However the majority of e-commerce and even meat-commerce gateways still seem to use $1 authorisations so either Visa has never bothered with their misuse of authorisation fee (especially since some incredibly large retailers that I doubt they'd dare annoy continue with the $1 auth practice) that it seems clear they're not really worried. My banks that show pending auth all have a note saying "Why is there a $1 transaction shown here?" with an explanation when a $1 auth is visible.


The only $0.00 auth (or validation) I've seen showed up very weirdly and appeared to be a grocery store self checkout. Given the billing descriptor was completely garbled I was actually wondering what it was for a while.

Behodar: I got a "card declined" message from Apple, followed within seconds by a call from Westpac asking whether it was legitimate. It really makes me wonder how some of these rules work; I've made dozens of purchases from iTunes so why did it decide to flag that particular one?

Beats me too - they even acknowledged when I called in that I used iTunes regularly and that they couldn't really see any issue, but the hassle of having to call in while boarding a flight meant I didn't do it until I was elsewhere -- and hadn't been using the card for several days.

The irony I've found - consistently - with automated fraud detection systems is that they never catch real fraud, only legitimate transactions. And the same bank which is over-sensitive on credit card transactions at relatively consistent merchants (iTunes, etc) never blinks when I withdraw cash using a debit card in multiple cities/countries in a row, e.g. Auckland one day, Vientiane the next. Which *is* a suspicious looking (but legitimate) transaction. Go figure.

 
 
 
 


209 posts

Master Geek
+1 received by user: 19


  Reply # 742189 9-Jan-2013 12:31
Send private message

Kyanar:
groynk:
Kyanar: 

Wrong again.  The MERCHANT is the one that gets held liable for all fraudulent transactions - banks get off scot-free.  Why do you think adoption of 3DS is so damn slow?  Because as soon as a merchant attempts 3DS validation, then the bank becomes liable for fraudulent transactions.


I think it's slow because of tablet and phone games, plus not much marketing from Nintendo in this country.
Didn't know it could check for fraud though, could be used as a selling point Tongue Out


Haha, 3DS is 3DSecure.  I'm guessing (um, hoping Wink) that you knew that though!


Couldn't get a tongue in cheek emoticon could we?



15056 posts

Uber Geek
+1 received by user: 3893

Trusted
Subscriber

  Reply # 742192 9-Jan-2013 12:34
Send private message

Interestingly it would seem Kiwibank are going to review the mandatory 24 hour block.

They have apologized for all the incorrect information (Including telling me Amazon triggered the alert when it was actually Groupon.com) and have credited me the airpoints I missed out on by having to use another card whilst my primary card was down.

1976 posts

Uber Geek
+1 received by user: 252

Subscriber

  Reply # 742203 9-Jan-2013 12:46
Send private message

My credit card was put on hold by ANZ just after new years due to some cretin attempting to put $1,600 worth of Jetstar Asia flights on it. In some cases the automatic detection does work.

I kinda wonder though if they should just have let the fraudster fly Jetstar as punishment...

209 posts

Master Geek
+1 received by user: 19


  Reply # 742207 9-Jan-2013 12:49
Send private message

networkn: Interestingly it would seem Kiwibank are going to review the mandatory 24 hour block.

They have apologized for all the incorrect information (Including telling me Amazon triggered the alert when it was actually Groupon.com) and have credited me the airpoints I missed out on by having to use another card whilst my primary card was down.


Nice complaining work! (genuinely)
It will likely benefit me in the future



15056 posts

Uber Geek
+1 received by user: 3893

Trusted
Subscriber

  Reply # 742224 9-Jan-2013 13:18
Send private message

Satch: My credit card was put on hold by ANZ just after new years due to some cretin attempting to put $1,600 worth of Jetstar Asia flights on it. In some cases the automatic detection does work.

I kinda wonder though if they should just have let the fraudster fly Jetstar as punishment...


Would it be really bad if I sent this to the jetstar twitter feed?


1976 posts

Uber Geek
+1 received by user: 252

Subscriber

  Reply # 742226 9-Jan-2013 13:19
Send private message

networkn:
Satch: My credit card was put on hold by ANZ just after new years due to some cretin attempting to put $1,600 worth of Jetstar Asia flights on it. In some cases the automatic detection does work.

I kinda wonder though if they should just have let the fraudster fly Jetstar as punishment...


Would it be really bad if I sent this to the jetstar twitter feed?



Be my guest!



15056 posts

Uber Geek
+1 received by user: 3893

Trusted
Subscriber

  Reply # 742243 9-Jan-2013 13:34
Send private message

Well that's my first lot of 2013 unkindness for the year! (My wife tells me most people are nice with a mean streak but I am mean with a really really thin nice streak!)

I wonder if I ever need to fly Jetstar in the future (I can't imagine how bad things would need to be), if I will be extremely thoroughly cavity searched by a man with ham like fists as a result!

20429 posts

Uber Geek
+1 received by user: 3899

Trusted
Subscriber

  Reply # 743300 11-Jan-2013 14:27
Send private message

Cards and their use of the number are just retarded.

Last time I had to change card number, I forgot a couple of regular billers to it (was back when water was 3 monthly and a garden bag or something)

Anyway, its a right PITA having to give a new arbitary number to people and then update it when the number becomes compromised. I MUCH prefer paypal.




Richard rich.ms

637 posts

Ultimate Geek
+1 received by user: 2

Trusted

  Reply # 743315 11-Jan-2013 14:48
Send private message

richms: Cards and their use of the number are just retarded.

Last time I had to change card number, I forgot a couple of regular billers to it (was back when water was 3 monthly and a garden bag or something)

Anyway, its a right PITA having to give a new arbitary number to people and then update it when the number becomes compromised. I MUCH prefer paypal.

My approach to that problem is to have one card that I use for all recurring payments (Internet, Phone, etc) that isn't used for anything else. Minimizes the likelihood of that particular card number getting compromised to just those recurring billers, and makes it easy to check which billers use the card number (look at the statement for the last 90 days). 



If I have to cancel a card due to number compromise/loss of card/wallet, then it won't impact those particular transaction types.

20429 posts

Uber Geek
+1 received by user: 3899

Trusted
Subscriber

  Reply # 743322 11-Jan-2013 14:55
Send private message

my card selection is usually based on billing dates so I get the most time to not pay.

really a unique billing number should be made for each biller so it becomes a non issue.




Richard rich.ms

637 posts

Ultimate Geek
+1 received by user: 2

Trusted

  Reply # 743329 11-Jan-2013 14:58
Send private message

richms: my card selection is usually based on billing dates so I get the most time to not pay.

really a unique billing number should be made for each biller so it becomes a non issue.

While having a unique billing number would be fairly useful - and some card issuers in the past have had something like this with one-time card numbers - I find that the consistency of knowing one card will have all the bills on it is worth losing a few days of payment deferral. It makes life easy.

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

UFB connections pass 460,000
Posted 11-Dec-2017 11:26


The Warehouse Group to adopt IBM Cloud to support digital transformation
Posted 11-Dec-2017 11:22


Dimension Data peeks into digital business 2018
Posted 11-Dec-2017 10:55


2018 Cyber Security Predictions
Posted 7-Dec-2017 14:55


Global Govtech Accelerator to drive public sector innovation in Wellington
Posted 7-Dec-2017 11:21


Stuff Pix media strategy a new direction
Posted 7-Dec-2017 09:37


Digital transformation is dead
Posted 7-Dec-2017 09:31


Fake news and cyber security
Posted 7-Dec-2017 09:27


Dimension Data New Zealand strengthens cybersecurity practice
Posted 5-Dec-2017 20:27


Epson NZ launches new Expression Premium Photo range
Posted 5-Dec-2017 20:26


Eventbrite and Twickets launch integration partnership in Australia and New Zealand
Posted 5-Dec-2017 20:23


New Fujifilm macro lens lands in New Zealand
Posted 5-Dec-2017 20:16


Cyber security not being taken seriously enough
Posted 5-Dec-2017 20:13


Sony commences Android 8.0 Oreo rollout in New Zealand
Posted 5-Dec-2017 20:08


Revera partners with Nyriad to deliver blockchain pilot to NZ Government
Posted 5-Dec-2017 20:01



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.