[LINK] Card Cancellation as a Condition of Statement-Entry Enquiry
Roger Clarke
Roger.Clarke at xamax.com.au
Wed Oct 2 12:00:34 AEST 2019
On 2/10/19 11:07 am, Bernard Robertson-Dunn wrote:
> I had my credit card cancelled because the company (ANZ) detected a
> transaction from a known overseas fraudulent source. They informed me by
> SMS.
> This could have been a bit awkward, as I was traveling and needed the
> card to pay for hotels etc. When I spoke to their call centre they
> agreed to re-instate the card but to bar any Card Not Present transactions.
> After some stupidity on their part (they sent the card to an old
> address) I got new cards.
Where transactions are reasonably judged to have been conducted
fraudulently (and by someone other than the card-holder), re-issue may
be necessary, on the grounds that sufficient of the data is in the hands
of a third party.
But there are multiple stupidities involved in the system:
(1) Statements show minimal information, in my case:
01 Sep Telstra Melbourne $150
(2) I was making an enquiry, not disputing the transaction, but:
(a) the only additional data available to the call-centre
was that the tx was CNP (and even that wasn't volunteered)
(b) the systems of (some?) card-issuers and/or processing
companies fail to service the need for a request for
further information, i.e. are seriously consumer-unfriendly **
(3) Where the nature of the fraud is consistent with CNP transactions
and the fraudster appears not to have access to the content of the
chip, then a bar on CNP transactions, possibly coupled with a
parallel re-issue process, could be a justified and effective
safeguard; whereas cancellation-and-re-issue is not
(4) The slowness of re-issue services is simply consumer-hostile
** I've *once* received meaningful data. It was a dump of the EFTPOS
terminal log. Deep down amongst the remarkable amount of data, I found
evidence that the tx was 'Not Authenticated' - which negated the claim
made by both the Slovakian and the local banks that it was
'Authenticated'. Confronted with that evidence, NAB refunded the money.
Aside: When I'd eventually reconstructed what happened, I had mixed
feelings. I bought petrol after entering Slovakia from Poland, via the
Tatra Mts. The attendant talked at me in Slovakian, but I have no
Slavic (other than 'dobra pivo'), and he spoke neither English nor
German. He got upset when I (so he thought) ignored him and left. So
he entered an unauthorised charge for 60 Euros. I later realised that
it was for a year's Motorway Vignette. I hadn't been in Slovakia for 30
years, hadn't (yet) been on a motorway, and hadn't (yet) seen any signs
about a vignette being needed. If he'd charged me EUR 15 for the
minimum 5 days, I'd have probably dropped the dispute - or even not
disputed it in first place.
_______________
> On 1/10/2019 7:15 pm, Roger Clarke wrote:
>> Has anyone encountered this before? On the odd occasions I've queried
>> a statement-entry (as often resulting in dispute-and-refund as not),
>> I've faced the prospect of a fee, but not card cancellation.
>>
>>
>> My WhichBank Visa account statement shows:
>> 01 Sep Telstra Melbourne $150
>>
>> I've not used Telstra for anything for a couple of years now, could
>> (initially) find no documentation, and can find no email-traffic. And
>> it's my company card, so my 'paperwork' is pretty reliable.
>>
>> The IVR process was actually pretty good, and only c.10 mins.
>> (That's sufficiently unusual to be worth recording!).
>>
>> At first 'Michael' said he could see no other information.
>>
>> During the conversation, he accidentally mentioned that it was a 'card
>> not present' transaction.
>>
>> I could have pressured him more, but as far as I could tell that means
>> either phone or Internet (or he doesn't know either).
>>
>> The killer was 'I can put a dispute through. We'll cancel your card'.
>>
>> Probing didn't unlock any fallback position available to him.
>>
>> For example, the propositions that (a) the possibly valid, possibly
>> fraudulent transaction occurred precisely 1 month ago, and (b) every
>> fraudster knows to extract what they can before the boom lowers,
>> rather than sitting back for a month. I could have added (c) any
>> fraudster knows that it's less obvious if you use a little-known name
>> rather than a major brand as your cover-story.
>>
>> He offered to record the complaint. (He may have had to deal with
>> more astonished callers than just me).
>>
>>
>> Can anyone see anything other than security theatre (and consumer
>> hostility) in such a policy?
>>
>>
>> P.S. After due consideration, I remembered a telecomms-related
>> transaction. It was a Boost 4G Prepaid/Data-Rollover service.
>> Sure enough, in the Boost fineprint is "service provided by Telstra").
>>
>>
>
--
Roger Clarke mailto:Roger.Clarke at xamax.com.au
T: +61 2 6288 6916 http://www.xamax.com.au http://www.rogerclarke.com
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Visiting Professor in the Faculty of Law University of N.S.W.
Visiting Professor in Computer Science Australian National University
More information about the Link
mailing list