Yet, many online services are giving me hell with their "smart" anti fraud detection and things like that, at this point I can really understand the position of the people who are dooming about cashless society, because at some point here I felt trapped not being able to get services I needed so much (until I asked shop owner to pay for me and I paid him in cash + small profit...).
The thing is, the attitude of these companies is so frustrating; like if my card was already accepted once and I successfully approved the payment via 3D secure with my bank, who are you (as a random online service) to assume you can act as my big brother? Even more, if I'm using a balance paid by gift card, who give Amazon or other services the right to put my account on hold while it still contains my hard earned money (I had to try literally multiple services just to buy expensive gift card as Amazon payment won't allow me to choose the correct currency of my Card). Mind you, I'm just a random guy and not world class criminal, or an Activist who's being actively targeted, this make me wonder what these services can do once we go completely cashless.
Simple tasks like downloading region-specific Indian apps become unnecessarily complex, as Google play have this "smart" rule that says I can only change my region once per year, what?? It's just an app just give me the apk, and you can just ask for my location! (I had to install the apks from some random websites at risk of getting some malware...).
I would said what this experience taught me as a developer, but it won't matter, as most products are designed to help the stake holders and upper managers and even Governments, and a dev's empathy won't matter much...
Apologies for this vent, but I really felt I need to post something about this frustrating situation I'm in.
-- A mobile phone number uniquely identifies a single person.
-- Every person has a mobile phone number and they only have one mobile phone number.
-- If a person's mobile phone number is associated with VoIP or Google Voice, that indicates fraud.
-- Every person always has their mobile phone handy and it is always able to receive calls and SMS messages under all circumstances.
-- Mobile phones are never lost or stolen and their batteries never run down.
-- Mobile phone numbers last forever.
-- An email address uniquely identifies a person.
-- Every person has an email address and they only have one email address.
-- Every person is always able to receive email under all circumstances.
-- Email addresses last forever.
-- People never travel to foreign countries.
-- A person's IP address always determines where they are located.
-- Geolocated IP addresses are always accurate.
-- Geolocated IP addresses always indicate the preferred and correct human language of the person on the other end.
-- The IP address for a customer will never change during a given session (i.e. LEO satellite internet does not exist).
-- If the IP address for a customer changes "too quickly", that indicates fraud (i.e. LEO satellite internet does not exist).
-- Your customer will never connect to you through a VPN.
-- If your customer connects to you through a VPN, they are doing something fraudulent, rather than trying to get around your geolocation brain damage.
> If a person's mobile phone number is associated with VoIP or Google Voice, that indicates fraud.
I’ve been using this heuristic (along with VPN and IP geo lookup) when screening job candidates after a massive influx of developers outside the US applying for US-only remote roles. I discovered that VOIP phone numbers on a resume is extremely highly correlated with the applicant lying about where they live.
If it weren’t for this screening step, I literally wouldn’t be able to hire anyone because the volume of fraud is so incredibly high that it drowns out legitimate candidates.
I wish there were a way to detect fraud while never having a false positive.
But the reality is that a lot of the heuristics you listed are indeed strongly correlated with fraud. It sucks, but it’s also not realistic to optimize for the 1% of false positives at the expense of the 99%.
Temporarily slowing down down 99 scammers is not worth stranding one normal person in a foreign country with no means to access their money and no means to recover their account.
The reality is that most lockdown-type protection schemes are just a roadbump, not a solution. They slow down the attacker. In fact, hackers are employing account lockouts to lock security teams and management out of their own accounts when they launch an attack.
I'm with OP on this one. The banks have completely failed to protect against fraud while causing massive economic damage with their clueless security design.
I have been considering migrating away from GV for unrelated reasons, but if that sort of thing automatically makes me less attractive when looking for gigs then I'd like to prioritize actually doing that.
There is: networking. People you trust will tell you about candidates they know about.
> it’s also not realistic to optimize for the 1%
It's not about what's realistic, it's about what's right. Nobody should be falsely treated like a criminal. That 1% should carry enough legal liability to completely offset if not exceed the gains of preventing the 99%. If even one innocent person suffers, it's unacceptable.
* your phone number keeps working even if you lose your phone (I could still answer phone calls when my phone broke). * Traveling abroad is a breeze, just change sim cards on arrival and your US phone number still works via data on Google Voice. No need for expensive travel passes, and you get to choose your operator that has a lot more data. * Having full SMS & call support on a website is very nice, I always hate typing with the phone. iMessage doesn't solve everything since you need a mac (I frequently switch OS & devices).
Also I think e-sims will make lying and fraud much more common. A month ago chatgpt was denying creating a work account for me because I've already had this phone number associated with my previous account. And they were blocking Google Voice. I went to USMobile.com, payed 7$ to create an esim with another phone number, and I had sms with a second phone number on my phone working in less than 10 minutes.
As opposed to, for example, demanding a video feed (and giving time for an alleged engineer to engineer their way past an alleged broken camera.)
It used to be that demanding a photo or video was frowned upon as being a bit too easy to use to filter on race or gender. But I guess not anymore.
That’s the key. It may very well be the wrong business decision to care about this 1%.
I encounter anti-fraud challenges fairly regularly just because I have the same name as another family member and we once shared an address. Years ago.
A number of clients and friends have reported constant hassles wrought of poor anti-fraud implementations.
Older folks and less technically inclined are particularly at risk of falling through these cracks, as are frequent international travelers.
The 99%/1% thing is a good colloquialism but I don’t think the numbers would be there.
Loads of people are using VoIP numbers everyday for perfectly legit purposes. I’m not saying you’re making up your troubles. Just that clearly there are assumptions in anti-fraud technology generally that impact wide swaths of people, whether they understand why or not.
When I had asked T-Mobile to enable international roaming on a particular date, they said they would, but then didn't end up doing it, messing up my travel plans because I didn't have Internet when I arrived. Luckily I was in my home country (Australia) where I could speak the language, but it was a foreign city.
I eventually used someone else's phone to speak to a T-Mobile rep and was sent through a credit check, asking me my American social security number. I'm not American, I don't remember off-hand what government ID I was given there. Luckily I happened to have taken my social security card with me on vacation. I told them, if I can afford to travel internationally, you'd probably think I could also afford a phone plan; why am I being put through this bullshit and why can't you just keep your promises?
OK this is probably an overstatement, but the 99% to 1% ratio must to be questioned though.
VOIP phone numbers can indicate an increase in the chance of fraud in some contexts, and be almost meaningless in others
The entire premise of remote is that it shouldn't matter where you work from, as long as you get the work done. This is extremely, incredibly harmful. I hope you know that.
But the betting sites don't allow you to use an ethernet cable to connect to your router o_O (unless you also enable wifi.. except my desktop doesn't have wifi)
https://helpcenter.il.betrivers.com/hc/en-us/articles/360049...
- a charge back can come up to 6 months later. A loss of that is not only a loss of funds but a charge back fee
- too many charge backs could affect the merchant account with the potential of a loss of being able to run your business and this can extend to PayPal or anything merchants run charges through.
- Fees may go up like interchange fees on running credit cards if an account is deemed higher risk.
- blacklisting from visa or Mastercard or merchant accounts in general is not unheard of. Loosing access to running credit cards would be the end of many businesses.
So mom and pop shops need to be aware of fraud and ensure it is low or taken care of. You can’t just accept every order and hope for the best. Fraud does exists and when only a few percentage of users meet your list of incorrect fraud assumptions it’s easy to see why they are used at least for extra verification.
One good thing for merchants for those who accept crypto like Bitcoin is all the risk moves to the sender not the merchant. There are no charge backs - so merchants who take crypto should be able to be a bit more lenient on payments and verification.
This is a market failure: to save the cost of a few bucks, huge costs are imposed on these individuals. The answer is to have some mechanism whereby people who run into these issues can pay (once) the small cost of being validated in an alternative way (like, actually talking to a human and explaining what's going on, which is how these issues got solved in meatspace originally)
Few percent of transactions for a payment processor means a few billion transactions. Visa on its own processes ~200B transactions a year. That's not a great threshold.
My Google Maps language (on my PC) is STILL in Portuguese, but I only happened to be visiting Portugal (for 3 days) when they did the subdomain switch... Every time I change it back to English, it changes the language back the next time I visit the site. It's super frustrating.
I had a similar issue with some history item that would annoyingly point me to the previous version of a page. Only to realize that I was opening a permalink to it.
-- People will never have a physical mailing address that contains "funny" numbers like "000", "420", "69420", or "80085".
-- Forced SMS based MFA should be used to protect logins for mobile phone accounts
- The networks Twilio etc. can’t deliver to are small and don’t have millions of users
This one is only tangentially related to fraud prevention. But I've never really understood this. Is the Accept-Language header really so inaccurate?
I'd say so yeah. Many many old people here (in a country where English isn't the primary language) use 'misconfigured' browsers.
It's getting better nowadays I suppose with new installers defaulting to our native language but (even though I tend to prefer the English version myself) I think it's a good default. I do prefer an easy way to change it though (or a quick confirmation on the first visit.)
You can see the issue better on this visualization:
I have been in Germany for 6 weeks. I have spent thousands of dollars between flights, train tickets, and hotels. Guess what I have to do every, single, time I buy a 3EUR train ticket? Receive an SMS on my American cellphone number.
Their "solution" is to have a family member in the US add their number to my account, wake up in the middle of the night and relay TOTP codes to me. FOR A 3EUR TRAIN TICKET. Multiple times a day. From the same damn train company.
I'm willing to pay $1000 yearly fee for a competent credit card company that sends me TOTPs over Email (just like they send me charges [but of course, not refunds/canceled-authorizations]). Or let's me use a Security Key.
The funny thing is, they happily text these codes to VOIP SMS numbers, which I can (and do) route to my email anyway.
It's abusrd that my Xbox account is both more secure and less annoying to use than my credit card. Again, for a 3EUR train ticket. I feel like we're slowly entering this dystopia Kafque-esk nightmare, and yet, as always, there's people in the comments here insisting this is fine, or that I deserve it.
I'm going to assume the people saying "use cash" have never set foot into the real world. Yes, let me put cash into the non-existent train ticket machines, or to the non-existent train attendants. In the 3 minutes I have before my train comes.
As for C1, they updated the app while I was in Ukraine, and it wouldn’t even let me log in; I had to use a VPN.
I loathe American financial companies, mostly because they all seem rankly incompetent.
I permanently live overseas but with US bank accounts and cards, and all my cards go through cycles and phases. Sometimes they want to send SMSes for months to verify account access, then they stop. Same for transactions. Some will refuse to work on Amazon.de for months, then start working. Some physical cards will work on contactless terminals then completely stop working or become unreliable. (The workaround is to add them to Google Wallet).
One interesting thing is that even when banks insist you notify them that you're OS, if you keep using your card OS they will just accept it and ignore the period you've stated as being OS.
Just spend a few dollars per month on an MVNO SIM card and put a 2FA MULE on your desk back home:
Just reaffirms my suspicions that I need to shop around. I'm traveling and putting enough money on this card to start looking at ones that actually charge a fee and have decent "rewbates", I mean "rewards".
Less sarcastically, thanks for the heads up. I'd be greatful for any other hints of people that might not hate their credit card provider they want I do.
In my region of the world there's currently one bank that lets you register such a device.
And that apparently is some sort of ground breaking innovation.
Insisting on paying cash is how you prevent those machines from disappearing.
That's why it's important.
I think you can even get a prepaid card in Germany for that if the trip is long enough. You might need a mailing address for that
> let me put cash into the non-existent train ticket machines, or to the non-existent train attendants
That's a bit weird, I've always seen machines around
So many online stores will approve my purchase and bill the card with no issue, then cancel it a few hours later for vague security reasons. I remember when the credit card companies ran commercials about how easy and secure credit cards are, especially compared to checks, but now I feel like a criminal every time I try to use mine. I wonder if this violates any part of the merchant agreement that these stores are getting a 100% valid authorization on my credit card, but still aren't willing to accept my payment.
Anyway, they're doing you a service and notifying them is good etiquette. And like good etiquette, it often greases the wheels of commerce.
Also fun story about how your advice doesn't always work, I was locked out from my money multiple times on my honeymoon in Greece despite repeated calls to the bank, repeated unlockings of said account, “hi I am actually standing at an ATM in this bank branch, can we track this account lockup in real time?”... I think with all of the time on hold I actually might have spent something like 20+ hours in the trip trying to debug it over the several times it happened.
When we finally resolved it, I'm not 100% sure about the explanation, but it was something like “the person you called a week ago put in country code GE for Georgia rather than GR for Greece, and that is the first place everybody else who has serviced your request has probably looked, but they all probably thought GE was right because you have to memorize that DE is Germany and so people get confused real easily...”
I did have success with a privacy.com card once, at a store that cancelled orders from all of my other cards. I'm guessing they see it as a prepaid card and can't get as much info on those.
And yet, I also have started to make preemptive contact with them to avoid the complete hassle of having the card blocked for fraud that is NOT fraud.
you seem to be older. I used this too. Until 5 or so years ago. Now my bank just says i "don't have to notify them anymore as they don't have this in the system, since it is all automated for my convenience"
Same thing if someone used a VPN.
It is probably exceptionally rare for a fraud protection algorithm to be in place to inconvenience and spite you. Rather, some ne'er-do-well has cooked up a bafflingly complicated scheme that looks like your legitimate business. Such is the tragedy of operating at scale.
I can't think of a payment hurdle for online purchases that I haven't been able to overcome in the past year or two while spending 99% of my time OCONUS.
(I have no idea if they would work, I'm just curious)
A recent incident at my child's school serves as a pertinent example. They transitioned from a traditional cash-based food delivery system to a new digital platform. While trying to register on this platform, I was prompted to provide an "email". I input my usual email address only to be met with an "invalid email" response. After multiple back-and-forths with both the school and the platform's support, I discovered that by "email", they actually meant a "Gmail account".
For context, I've been using my own domain for my email, which ends in .international, for over a decade now—longer than my 9-year-old child has been alive. Despite this, they deemed my email domain "new". The situation reached a head when the school's principal called me, trying to understand the issue. After explaining the situation, he assured me that the problem was on my end, stating that he had consulted with other teachers and they were in agreement that "<my domain name>.international" wasn't a "real platform".
In your other comment you mention that people handling email should be familiarising themselves properly with RFCs. Yeah. Maybe. Probably actually you're right.
Putting aside the problem of ehether they actually _have to_ or _will_ for a second. Do you think it's reasonable that the people at your child's school will? No, of course not. And they're the ones who will choose these providers. Not you.
To support digitisation is to support the tyranny of technical ignorance in every facet of our lives.
But in other cases the results are much more severe.
I got vaccinated for Covid. But I couldn't get a "Covid passport" because I didn't have the right government account and couldn't get one as I didn't have eligible housing. I literally had the "proof of vaccinations", but turns out that doesn't count as "proof". Great. You know what sucks more than a Covid lockdown? One where you see everyone else go out and have fun and you're allowed to do fuck all.
Even worse yet, by refusing to get a google account, you could be tried for child abuse, since the school won't feed your child if you won't agree to google's ToS.
I really hope you didn't acquiesce. And I hope you hired an attorney to fight these laughable and horrific abuses.
It's like me attempting to demonstrate my possession of a private key for an SSL certificate to someone who lacks even a basic understanding of what a "browser" is, or who has never encountered terms like HTTP or HTTPS.
Another thought, more closely aligned with the original poster's point: if someone pushes to transition everything to a digital format, he must first understand what that means. For instance, if you're looking to gather email addresses, take the time to familiarize yourself with relevant RFCs. Understand that the local part of the email is determined by the user, not you. So, if I decide my email address should be "john with space here-doe!@#$%^&"@example.international, and I've set up my server to accept messages directed to this address, and given that IANA recognizes ".international" as a valid TLD, then it's a legitimate email. For clarity's sake, my actual email is of the format first.last@example.international, without any "non-standard" characters.
And as a connection to the OP - they are pushing for debit/credit cards society and when they make sure that all your money are with them and you don't have a single cent on you - they just cut you because you're just 0.001% and an edge case. But that is their point of view. From your point of view its like this: At home if my card stops working i can go to my bank the very next day and get it sorted. I can walk for 15 minutes and be at my mom's place where I can eat everything for free. The next day you are in another country where you don't know anybody and if your card stops there, they just leave you to the wolves. For them you're the edge case - 0.001%. For you - this is all your food, shelter, health. It feels a bit unfair.
There are many payment methods around the world that have different rules, but for Visa, MC, and Amex cards issued by American banks, the merchant, not the card issuer, has the liability to repay fraudulent on-line purchases (so-called "card not present" transactions). The merchant is the one accepting the risk, not your bank. So they decide which transactions they will accept liability for and which they will decline and what you need to do to prove that their liability is low.
In addition, some second-factor systems (like possibly 3D secure) shift the liability from the merchant to the issuer when passed, but banking rules are arcane, and it is likely that 3D secure only shifts the liability for the one transaction that triggered it, and not any subsequent transactions.
It's like the risk threshold got a reset with the new issued plastic. Eventually the algorithm was trained I suppose, back it was back to where it was, and stopped getting alerts for anything out of the usual. This resonates with the experience of friends in the same bank, who hardly ever use their credit cards, so whatever they buy gets flagged and someone calls to make sure it's them.
Old fashioned banks who are behind the times in technology, but keep richer clients, are usually less annoying, both with the fraud algos thing and also the KYC stuff, and sometimes the difference is massive.
And then as to buying/using gift cards in India, on a non-Indian account, of course that's going to raise every suspicion under the sun, given that that's a mechanism used by some of the most prevalent scams in the world.
So I'm really confused, because this "vent" reads like somebody not going through the basic steps to use credit cards abroad, and then engaging in the biggest red-flag types of transactions.
And the fact that they're complaining the airport doesn't allow them to carry enough cash (isn't the limit $10K?) really raises red flags for me. If you need to transfer large amounts of money safely between countries to your family, that's what wire transfers or Western Union is for. That's been the case for many decades now.
The more I re-read this post, the less and less sense it makes.
The verification and such required are difficult. Most cards do not allow you to load INR on them (local currency). So there are a lot of foreign transaction fees.
PayTM, pay through mobile, the country’s biggest online wallet, doesn’t allow you to charge money with a foreign card. This means that PayTM doesn’t work for foreigners. The only way to load money on a PayTM wallet as a foreigner is to have an Indian friend transfer funds with his or her local debit or credit card.
https://travel.economictimes.indiatimes.com/news/technology/...
There is a lot of anti-terrorism money laundering issues. Someone I know had their facial recognition stop working and they had to go to the bank to get it working again. In person. Traveling overseas? Sorry.
Citation needed. At least in my experience, over the last 12 months, the last time I saw "Apple Pay broken" was at one location, affected all tap-to-pay, and lasted for maybe 2 days.
2- It's not technically non-Indian account, I'm opening accounts using valid Indian mobile number (tied to my visa and a real address), I always disclose that I'm not Indian when needed.
3- I was even trying to open Indian bank account to transfer money but no success so far (while possible in theory as I understood).
There are legitimate reasons for not wiring money if that was even an option, because you don't pay the hospital large amount ahead, and when it's time there's not enough time to wire the money.
I still don't understand why you couldn't wire money though. That's what wiring money internationally is for. If timing with the hospital is an issue, you just wire yourself or your family member in advance -- that's usually more common than attempting to a the hospital directly. (And even if you do have to wire the hospital directly, you can provide proof of the fact that the wire was initiated from your bank.) The only problem I can think of with wiring money is the fact that the money is illegal or someone is trying to evade taxes or something. If the money is perfectly legal, then what is the problem?
So I did an instant transfer to another bank account and used its debit card without a hitch, as usual.
Some banks just won’t let you use your money as you please. Your luck is in finding a bank that does.
For transferring thousands of dollars, that's what wire transfers are for, and basically every bank has supported them for decades. You shouldn't need any luck at all.
Somebody mentioned Google services, and that was a big issue as well. I still have bank accounts in my former country of residence, so I need access to apps from that country (the 2fa App that is used there). On the other hand I need to access some apps here (school notifications, banks...) Google obviously knows better than to allow me to get apps from different regions. The solution was again to just create another account. The whole system is really screwed up. I'm not sure what they are actually trying to prevent, considering that in the end one can work around the restrictions quite easily with multiple accounts, but one would think with the world moving closer together these things would actually get easier.
There's not even a real phone number (0s) or address (ABC nonsense) on the bloody thing, but of course giving up some PII they don't have will somehow verify that I have the authority to close an account which is basically name + email address (I've provided those!).
(↑: it comes from the scummy dark park pattern checkout process where you say you want to pay with card not PayPal, and the it turns out the card payment is actually provided by PayPal and here you go have an account with the details you provided to the merchant not PayPal, wouldn't that be helpful. It's certainly not GDPR compliant, but try making PayPal care.)
we're the people who suffer the consequences of the fraud. if your card gets used fraudulently, you call your bank and get the transactions cancelled, no big deal.
if my website lets a fraudulent transaction through, my processing fees go up. if my website lets more than a couple fraudulent transactions through (or not even necessarily frauddulent, but transactions that the issuing banks classify as high-risk) the credit card companies shut off my ability to process payments and my business shuts down. so yeah, sorry if it inconveniences you, but accepting a payment from some random guy who even slightly matches some fraud characteristics isn't worth risking my business over.
From a bank's POV, they're losing billions of dollars to card fraud operations, and there are very clever fraudsters who do their best to be indistinguishable from legit users.
Legit users in rare situations (such as being cross-border) are often collateral damage. You can only understand what heuristic you're triggering by knowing a bit about patterns of fraud, which is an unreasonable demand on innocent consumers.
Even if it was just 1% of users, outright ignoring their issues is not acceptable. And far more than 1% travel abroad or do other suspicious activity (such as buying things at a place you’ve never purchased from before).
And there are services that handle this correctly. Starling bank (UK) is a fave of mine. Confirm in an app, enter full password in some cases, but that’s it. I had to make some sketchy looking transactions and no matter, they never block your account or make you jump through additional hoops.
That's only on the bank's side. There's a major problem where the merchant later cancels the transaction on their side despite successful 3D-Secure.
Either 3DS doesn't actually offload liability (so even accepting a fully 3DS-verified transaction is a risk), or merchants aren't up to date on what they are and aren't liable for.
It becomes a tense situation when you are trying to buy a flight that you absolutely have to take, and despite 4 different credit/debit cards you still can't get any purchase on multiple different airlines go through! I even tried to go to the offices, but they were often difficult to find, non-existent, or just not open at the times you'd expect them to be. And good luck trying to purchase on a telephone, between trying to dial in international number, bad connections, and language issues!
FWIW, I had the most success with debit cards. I suspect it's because international companies feel more comfortable with cash in hand, vs. an American CC which can be easily charged back.
"According to our records, you originally registered this account while in Russia, and there is no way to change the country of the account. So we will continue to apply sanctions to this account despite the well-confirmed fact that you have moved out for good. We will also not allow attaching any non-Russian debit cards to that account, as we generally prohibit attaching foreign cards to any account. Please make a new account and enjoy."
I had a number to call and talk to someone with no wait if I had an issue.
I dealt with some issues and I ultimately found out that they(the store) want to fingerprint you online. Things you do to avoid that make purchasing things online difficult.
My ip address didn’t match the city I was in or receiving the item in = flag. Using a non-default dns service or vpn? I turn all that off and WiFi when I make a purchase.
If you’re okay throwing money at the problem, get a second phone to buy things with that you don’t do anything else on which has separate logins.
My favorite joke scene about a cashless society was that some criminals couldn’t figure out who to rob because no one accepted cash anymore or held it in a store. Their only option was to rob another gang.
In a cashless society, the robbers who are left are the ones in the credit card money chain itself, where everybody is taking their share of the money flowing through it. I.e. “The best way to rob a bank is to own it.” The best kind of crimes are the legal ones.
The worst part is that they don't pro-actively notify me of the flagging via app notification, email, or phone call. I have to track them down and tell them the transaction was authorized. Or more likely I just get out a different credit card and use that one instead.
But it does not need to be that way and the government can and should help.
In my country (Brazil) banking is well regulated industry and we also have some good consumer laws. Both those things help a lot to show a clear impact of badly designed anti-fraud system to the banks. For example, the central bank has an online channel, where you can open a complaint, which the bank is obligated to answer/solve in 5 days and might get fined millions if they get lots of valid ones.
I used to get my card denied very often, with no heads-up or call to confirm. So I raised a complaint at the Central Bank, got an apology letter and call from my bank manager and I never again had my credit card blocked anywhere.
Every 3 months, I have to pay the school fee for my 3 kids. The amount is almost the same for all three. The first payment always goes off without a hitch. But, when I go to pay for the second kid, bam, it locks up the account. Our local branch is utterly clueless. Then we will have to jump through multiple hoops to get the account activated. This whole drama happens like clockwork every three months. It doesn't matter that it's just a school payment, and doesn't matter that thousands of parents are making payment around that time.
Friends holding accounts in other banks face the same issues. So, it is not isolated to my bank and changing banks will not help.
So, now, we've decided to take the one-kid-a-day approach. It's a bit more work, 'cause I have to remember to make those payments over three days, but it sure beats the headache of reactivating the account every time.
They are not trying to protect you. As a card holder you would not be damaged by fraudulant purchases apart from the inconvenience of reporting them. They are protecting themselves because if that transaction is later found to be fraudulant then they will have to return the funds and will likely be unable to recover the product they shipped or other costs incurred.
I am wasting so much time explaining that they need to contact their bank, and they waste so much time calling their banks… it's disheartening.
Wow amazing logic there
Sometimes I do wonder if there's one or two thinking neurons in the whole "fraud prevention" department of US banks or if they're just cargo-culting practices someone invented in the 70s
I've worked as an 'IT guy' (short form for 'I do basically everything') for many small businesses, a lot of which were computer repair shops that, in their small town feel, spent a lot of time just helping old people navigate how to use a computer. Many times I had people come in that found a clearly fake site advertising some too good to be true deal and didn't realize, spent their money, and never got anything or got like a toothbrush when they ordered a desk.
This fraud protection doesn't protect in any way against that. I've helped probably 2,000 instances of fraud in this way just telling them "you need to file a claim with your bank and get your money back because you're never going to get that product" and hundreds upon hundreds of issues where they're like " oh Microsoft is going to delete my computer if I don't pay them 30 Bitcoin" and other bullshit like that. Maybe two times in my 10 plus year career has anyone actually had their cards stolen and used overseas.
Just kinda wild to think about that my bank cares more about me travelling to new York than it does making a 6000$ purchase on coinbase.
I don’t particularly like to carry cash. But being shadow banned from existing by deliberately obscured algorithms could be much worse.
My mom loves that story.
Now that everyone (including third-world countries) have figured that out; and legacy companies (big Tech, MasterCard/Visa, big banks) know that this makes their customer life hellish however it kills competition: They'll bend over backward, forward and multi-laterally to implement anything that any lawmaker asks them for.
If you are a very simple simpleton, say a government official with a single income, a regular rental, and regular bills (your groceries and your kids pencils), you'll very unlikely face any issue. But start to deviate from that, and everything starts breaking. Governments are becoming hostile to anything that doesn't fit their narrative.
This is only getting worse from here...
Are there any such systems that do have effective escape/appeal paths? If so, what do they look like?
I eventually learned that what they meant by "invalid" was "sure, your payment information is already associated with your account, but it doesn't match the preferred card listed on your account".
So they build “fraud prevention” systems, and heavily discount any notion of customer service — they’re perfectly willing to lose some customers in the name of fraud prevention - not because they must, but because their focus and incentives are indifferent to customer service. They see it as an inevitable cost of business - when it’s an inevitable cost of not caring about that aspect of the business.
With the natural problem that many of them won't be all that good at it.
I also think that the other countries started doing the same thing and this is starting to make the system as weird as it gets.
I'm not American but have held and used cards from a European and Asian country and am not sure how the behavior is any different.
I ask because I've thought of doing this but have always been worried Google would not only shut that account down but my main one as well.
It seems that using the VPN 100% of the time has trained many of these smart services to fingerprint that as my default fingerprint.
Of course, this doesn't help when interacting with services that detect/block VPNs. Or the even more annoying situation where VPNs are blocked and also all traffic from the country you are in is also blocked (occurs occasionally when trying to access US sites from SE Asia)
edit: WRT comments mentioning that you can call your bank or set a travel notice: that is how things used to work. Chase, for example, no longer lets you set a travel notice as they use a "smart" automated system. That said, my Chase travel card used via apple/android pay has never given me trouble so their system does seem better than most
It is a use for a Bitcoin like system
(The transaction costs, planet destroying character, and slow speed probably not Bitcoin)
It is the intersection of money laundering and normal requirements
Stopping crime by stopping money laundering will always have these problems, surely?
Is there a way to inhibit CC fraud, and money laundering without making life difficult for people who are in the tails of the distributions?
Even cash will not suffice as many places no longer accept it
AML is a nightmare for banks, most BS they pull off is because the government is worried they won't be able to steal all your tax money.
Strong authentication is another BS regulation with the sole goal of killing small banks with
Chargebacks are convenient for the customer - but they have a cost on the entire system, including banks caring about people stealing a CC and spending.
If possible, find yourself a bank that enables you to spend money and leaves “security” in your hands. My 2FA is via app, never SMS.
Side note: someone stole and used my card number and the bank immediately refunded me. Can’t get any better than this.
Card companies make the random online service pay a fee anytime someone does a chargeback. Yes it shouldn't be their job, but card companies make push this responsibility onto them.
> The information you supplied was reviewed by Amazon but we cannot remove the hold on your account at this time. For details, check for an email or text message from Amazon describing next steps. Please contact us for further concerns.
I provided my visa + passport + card pic + selfie + Screens of latest Gift card order (email and from the website), still they won't remove the hold and effectively stealing the money in the account. I can't believe this is being done in good faith, this is clear theft, because what else they need?
Cash is king-many, many times.
I tried that once, family member specifically. They ended up getting blocked too. Customer support told me to take a hike.
I came close to being bankrupted this year because my US health insurer doesn’t support customers remaining insured if they live a lifestyle that involves being away from paper mail delivery for a few months at a time. (I live elsewhere half the year and they cancelled my policy with only paper mail notice after my payment card on file expired.)
It’s really terrible.
I was literally trying to hand money to the company in 5 different attempts.
I finally gave up, with a borderline ulcer
I ll never try adidas.com again
Also:
> Yet, many online services are giving me hell with their "smart" anti fraud detection and things like that
To provide a contrarian opinion, credit card testing, free trial abuse, and other forms of fraud are a thing, so companies usually have to layer other anti-fraud mechanisms on top of 3D secure.
That being said, what service are you facing issues with? I do see Amazon as one of the listed services, but they do eventually remove such suspensions. (My experience was with AWS though.)
The only issue is some places now accept UPI payments only.
I recently moved to a foreign country, admittedly an "easy" western European country, and I fully expected my credit cards to start refusing more or less every transaction. Not so. Not a single transaction has been delayed, or denied.
I travel back and forth my home country and my new home semi-regularly with no issues with using my credit cards. I'm not sure this is a good thing either.
TLDR: In EU for online purchases, you want to have an PayPal + local debit account to cover most purchases. For interrnational payments, you can have a credit card for those extremely rare cases where vendors only accept credit cards.
If it's an option, it'd be worth exploring using a service that allows you to pay for gift cards (including things like Visa gift cards) to the services you need using Bitcoin.
(of course if you want to keep your bitcoin in a 'bank' you can, but the important thing is that the choice is yours, not the government's; and merchants who accept bitcoin aren't at risk of incurring chargebacks)
online payment is coming one way or another; let's make sure it's self-sovereign, secure by design, and privacy-protecting. we've already gone a long way down a very dark road, and it's going to get a lot worse before it gets better, with oppressive governments freezing the funds of family members of dissidents and journalists, genocides, and targeted overseas assassinations facilitated by our insecure-by-design payment system
today bitcoin already solves the 'hard to carry cash from one country to another' problem pretty comprehensively; you can buy bitcoin in one country, write your electrum seed phrase on a slip of paper (or memorize it, or read it over the phone to a relative who writes it down), reinstall electrum on a fresh, trustworthy phone after you arrive, and change the bitcoin to local currency with a local counterparty. no cell phone for corrupt cops to copy keys from at the airport, no briefcases full of bills, nothing to declare at customs. and you don't have to care if the tiffin wallah accepts bitcoin (does he accept paytm yet?) because you just need to find one willing counterparty in the entire country
zcash is more difficult to use this way because there aren't as many counterparties
From their perspective (at least in this case), it's just business. Using one currency to buy gift cards in India's currency is a huge red flag in and of itself. Scammers exist everywhere, surely, but I don't know of many other countries where it's common news to see an entire office building full of scammers working telephones and computers with remote desktop sessions open on "client" computers to extort money from unsuspecting people (often using gift cards on services like Google Pay or Amazon as the vehicle.)
It's truly terrible that we live in a world where access to those services is almost a necessity for modern living, and that those services are more or less available depending on your region. It's also truly terrible that those office buildings exist. I assume the OP is on the right side of all of this, and is truly a victim of it, but it's hard for me to distinguish if I have more empathy for the innocent casualties of the war on scammers in India, or the innocent casualties of scammers in the rest of the world. Because without a basically divine way of determining guilt automatically, at least one of those groups is going to continue being slammed in the victim seat.
I'd hope that if victims of these anti-fraud algorithms in India were so prevalent, that the Indian government would do more to prevent these bad faith businesses from sprouting up in the first place. It would seem to me like that would benefit literally the entire world. Easier said than done, I'm sure. Probably even talking about an entire government reform for that effort.
Create a work profile and a separate Google account with Island or Shelter.
BR and CN both are painful for me for this reason. Try to use a credit card, they will try to SMS a phone number I haven't used in my bank for 3 or more years.
Now that OP tells us about IN i'm starting to see a pattern: for a fraud and insurance company, or being realistic, the payment processor middle man who offers those services at a loss, making their client lose a few sales while pushing their customers (you) to instant electronic payments (BR:pix, IN:UPI, CN:IBPS etc) is a much better deal (for the middle man)!
Small amount of money compared to the stress.
Yeah, I think we should be worried.
system seems to be working as intended
TLDR: Global money transfer is probably not something you can do casually and frequently. There are specific services, and fees, and headaches. Probably you want to minimize the amount of individual transactions as much as possible to minimize the headaches (of course there are cashflow limitations).
I had to try literally multiple services just to buy expensive gift card
However, if that becomes problematic (like WeChat in China), then things go bad very quickly.
India doesn't put heavy hammer on scammers for various reasons. For example, since the scammers are mostly targeting foreign countries, and Indian police are well known for accepting bribes from these scammers, the scamming business is de-facto welcomed. They are too short-sighted to not see that the "industry" is damaging India's global reputation, which transitively affects you in negative way. It's unfortunate, and hope the situation improves over the time.
[1] https://www.ftc.gov/news-events/news/press-releases/2023/02/...
Case in point: my US bank insists on sending an OTP to my US number (and US number alone) for any transaction, making it impossible for me to move money when abroad. The problem exists in the other direction too, my foreign account only allows verification thru one mechanism. It's really frustrating.
Scammers, as a category, target everyone. You think Indians don't get conned into sharing their OTP/passwords or financial details?
> They are too short-sighted to not see that the "industry" is damaging India's global reputation
India has one of the lowest police officers to population ratios in the world. They are so swamped with day-to-day crimes and other nonsense and providing protection to events and politicians that India's "global reputation" is simply not on their radar.
You cannot buy a SIM for your phone or open a bank account without providing ten types of identity documents but these scammers seem to have an infinite supply of phone numbers and bank accounts. That is just the way things are.
You need to update your information and knowledge