Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
The Almighty Buck Security

Dealing with Internet Credit Card Fraud? 84

Where's My CreditCard asks: "Recently There has been a large increase in the amount of press relating to identity theft and the related crimes. I have recently been subject to several fraudulent transactions on my credit card and debit card through the internet. It has been over a month and my bank is still stringing me along saying it will take up to 10 weeks to get my money back. What have other on Slashdot done in this type of situation. What is the best way to keep things moving forward?"
This discussion has been archived. No new comments can be posted.

Dealing with Internet Credit Card Fraud?

Comments Filter:
  • by Asgard ( 60200 ) * <> on Thursday May 26, 2005 @11:15AM (#12645161) Homepage
    My answer has been to never use my debit card on the internet. Why give out something that provides instant access to your bank account, when a credit card should always be sufficient? Credit cards put the primary risk on the credit issuer, not on your bank account.
    • Amen to that. Debit cards are so much more dangerous then a credit card. ON a credit card at least you can cancel the card and dispute the charges. The only thing I ever use my debit card is for getting cash from an ATM machine (and shopping at the one major grocery store I know of that does take credit).
      • Reg E limits the liabilty that you have when using your debit card - as long as you keep an eye on your statements and report fraudulent transactions to your bank right away!
        • Ahh but that would require extra work :-) No seriously though you have to watch any statement. Credit or debit. If you don't you are just asking for trouble.
        • Reg E limits the liabilty that you have when using your debit card

          Ahh.. but the fundamental difference between a debit and a credit card is that on a debit while the fraudulent charge is being contested, the money isn't in your account. He said the bank told him it will be up to 10 weeks before he gets his money back. I've heard of horror stories where it takes over 6 months and (cumelatively) 20 or 30 hours on hold before the money is put back in your account. I remember protesting strongly that I di

          • I remember protesting strongly that I didn't want that Visa/MC symbol on my ATM card for that very reason, but pretty much no bank offers an ATM card without it any more. (It's too big a profit center.)

            I have had no problems getting an ATM-only card on those occasions when I needed one. I opened a new account about 6 months ago for buffering in property taxes (my mortage is just about up) and I was duly issued an ATM-only card when I asked for one.

            I have a seperate account for the debit card, tha

            • Just make the point before signing up that you want an ATM-only card for an account

              I bank with Wells Fargo. I've had my account long enough (10 years) that debit cards didn't exist when I signed up. One day when I got my replacement ATM card, it had a M/C symbol on it. I called to complain, and after arguing with the customer service rep for about 20 minutes, I was given the definite impression that getting an ATM card without debit card link wasn't possible. I was tempted to close my account and mov
          • It also can be a bank policy. A year or two ago, my locally owned credit union happily "loaned" me the disputed amount while it was investigated. It was only about $40 or so (double charged at a Wal-Mart I beleive) but they had no problem crediting my account. It did end up being in error, so I kept the money. If it had not been in error, they would have debited the money back out.
        • Far as I know, Reg E only applies to "recurring charges". The phrase is googlable, but I can't trace it back to the text. Do you know where I can find the text of Reg E online?
      • I have had a paypal account for a long time, I know almost instantly what's happening on it just by hitting the website. They do have credit and debit cards as well. If I don't like a charge I am on the phone to them and they deal with it. Also a lot of online sellers are taking paypal directly.

        - Disclaimer, I don't work for Paypal.
        • Paypal is way too dangerous to trust with your debit card (and almost too bad to trust with a credit card), which you will find out if you ever have a problem with a bogus transaction. The reason? Paypal is NOT a bank [] and consequently has much fewer regulations and controls. If Paypal wants to, they can declare any transaction valid and YOU would have to sue them to prove otherwise.
          • If it walks like a bank, talks like a bank, and acts like a bank - it should be regulated like a bank.
          • I hear these complaints trotted out every now and again. But in the 6 years I've been using it it's worked as promised. It's tied to my savings and web transactions are pulled directly. If I don't have enough in the account it will not do regular card transactions. If I do a web transaction to another paypal users it will pull the needed funds out of my account. Plus your complaint that paypal is not a bank is old data. Please consult their website and stop rehashing old rumors. []
            • Plus your complaint that paypal is not a bank is old data. Please consult their website and stop rehashing old rumors. i c-outside []

              Now which part of that page says that PayPal *is* a bank? All I see is things like "PayPal is an agent for an unaffiliated bank ... money market funds are not FDIC insured ... balances held in other currencies are not FDIC insured ... FDIC pass-through insurance does not protect you against PayPal's insolvency ..."

              So if, for
    • Well, unless you're like me and your debit card is Visa while your credit cards are Discover and Amex. Which means that not everywhere takes your credit cards. Most places, but not all.

      (Yes, I do plan on getting a visa or MC credit card as soon as I can, but b/c of medical bills my credit isn't good enough to qualify for a card without an annual fee etc right now. Trust me, I know this is not an ideal situation - I've had to borrow my boyfriend's visa to pay a vet bill b/c I didn't have the money in my ba

    • Who do you bank with? My bank provides instant rollbacks on unauthorized transactions on my debit card, just as the credit card companies. I get all the benefits, they take all the risk. And yes, I have had to test this. Some clown in Texas used my debit card to charge $400 in DSL fees. Called the bank and had the money back in my account in 15 minutes.
      • I had an incident about six months ago. I bank through the state credit union. I got a call on my cell from their security company. Since I wanted to make sure it wasn't some kind of phishing scheme, I asked for their number and who they were. I also was not about to discuss credit info over a cell phone. It was late, so the next morning I called my credit union, asked about it, found out it was legit, and called the security company back. THEY had detected the fradulent charges, they warned me, and t
    • Uh... Maybe because not everybody HAS credit cards. If you have ever had issues with credit as a result of say... a tech stock downturn, or divorce, you would realize that credit cards are not given to everybody instantly. Many of use are forced to use debit cards. Just like many people will want to use CASH (you know that old paper stuff) for their transactions, don't assume everybody uses credit cards or even checks.
      • by MarkGriz ( 520778 ) on Thursday May 26, 2005 @11:45AM (#12645502)
        "Uh... Maybe because not everybody HAS credit cards."

        While that is certainly true for some, I know several people that have credit cards, yet actually prefer to use a debit card.
        I can't for the life of me understand why, particularly because with a credit card
        1) I keep my money for an extra 25 days or so
        2) I actually EARN money using it
        3) I don't have to keep track of my usage to make sure I have enough money in the bank
        4) I don't have to worry about any problems giving people direct access to my bank account

        It's true that many banks have gotten better about providing protection of your account when fraud occurs, but I'd rather not worry about it. Besides, #1 and #2 are certainly enough incentive to use credit over debit if you have the choice.
        • 3) I don't have to keep track of my usage to make sure I have enough money in the bank

          Ya, and neither does my wife! *That's* why I force both of us to use debit cards.

      • Uh... Maybe because not everybody HAS credit cards.

        However, it's not too difficult to get a credit card, even if you've been in bad financial situations. If you cannot get a card through typical means (applying via mail order stuff and on cc websites), there are other avenues.
        First, you can try and apply for those in-store Visa cards. Target has a Visa card (it's valid everywhere, not just Target).
        A second possibility is secured credit cards. To get one of these, you basically send 500 or so dollars
    • There is a fundamental misunderstanding here.

      Just because the fraudulent transactions were done over the internet doesn't mean the card numbers were stolen from an internet transaction. Many of the stories of credit card number theft are about institutions that did not secure their computers and had been broken into by someone on the internet. For example, locally, we had a warning about DSW (Discount Shoe Warehouse). Their computer was broken into and many card numbers were taken, but those numbers wer
    • I replied once and it never showed up.

      Why is this rated insightful when the statement is ignorant?

      Just because some fraudulent transactions were made over the Internet, this poster and the person writing the original question assume (and you know the word play you can do with that word) the card info was stolen over the internet. That is not necissarily so, and likely not true -- or rather it is likely not true the card info was stolen as the result of it being used over the internet. (I can't believe t
      • "I'm not an expert, but I hear the chances of a cc number being stolen over an open phone line are greater than it being stolen over a secure transaction on the internet. If anyone has more info on that, I'd be interested in hearing it."

        That's true -- if you are talking about someone trying to intercept your communications by tapping into a network.

        The real dangers in internet commerce are in the backend systems. Online merchants may be using insecure means to store cc information (like text files and eas
        • The real dangers in internet commerce are in the backend systems. Online merchants may be using insecure means to store cc information (like text files and easy to exploit databases) or may keep transaction logs on easily accessible web or ftp servers!

          But since many merchants are being broken into and having cc numbers stolen from their systems that handle point of sale transactions, it seems that the risk of having an internet backend or a POS backend broken into are both bad. Of course, storing logs on
        • The transaction houses don't help, I spent a couple hundred hours programming, programming around missing functions (everybody has a different idea of which functions are a security hazard) in the host's php for a website, only to get everything working so I did not have to store anything related to the CC info on my server, then the transaction house turns off the API i was using.

          Next time around everything goes into a database with a good password, and if it gets cracked I play stupid; doing things wrong
      • You still may be overthinking the problem.

        Watch yourself the next time you eat at a sit-down restaurant. End of the meal, smiling waitress brings you the check and what do you do? Hand her the card, that's what, and wait for her to come back.

        Skills for her to steal your number (including the magic little number on the back)? Nothing more technical than pencil and paper.

        Not that I'm suggesting that waitresses, per se, are the major source of stolen CC numbers, just that I'd wager that more numbers are s

        • Good point -- about how theft can occur at that point. Thee are other times like that where the same thing can happen.

          1) Someone doing that has to use the card in a physical location or have purchases sent somewhere. They still need the skills to figure out how to dodge discovery there.

          2) One breakin will result in tens of thousands of numbers stolen. Compare that to one at a time being stolen at a restaraunt. People doing breakins often have wasy of automatically rotating through cards and using as m
          • As for point 1, having spoken to a cop about this after I was a victim, it's not terribly hard. Vacant apartment, big screwdriver. You know, thug skills -- the brazen effrontery to stand there and sign for it with a fake name. Part of the reason the thief was able to use my card this way is that didn't concern itself with address verification (even after I called the dumb bastards within two hours of the transaction) -- they just blithely shipped it off.

            Yeah, I know that Bad Guys can max out

    • Ah, but I have NO credit cards and likely will never have one. No credit card debt means I don't work for money grubbing credit card companies (a serious problem for many Americans []).
      • The credit card companies work for me. I pay off my credit card every month, and they pay me 1% for using their card. I also pay my bill after the first of the month, which means the money has earned a little interest sitting in my savings account in the mean time.

        If you are like the millions who use the credit card for credit, you are stupid. (there are some exceptions, but they are rare) If you use the credit card as I do, - I have the cash for the purchase in the bank, and pay it off when the nex

  • I use a technology credit union. []

    If I have a problem I call them and fax in a chargeback form. The money is returned the next day. I've only had to do it twice but it was very easy.

  • Your debt card should never be used for anything other than cash withdrawal at the ATM. I pay my credit cards off each month, so I treat it as a convenient version of my checkbook. As a credit card, I am protected from fraudulent use - a maximum $50 liability without any special 'identity protection' program. Your debt card has none of this... In practice, my wife had her credit card number nicked. She audits our account each statement and caught it right away. (One of the advantages of on-line statements, btw) The credit card company canceled the card, issued a new one, and reversed all the charges. The longer delay between the time you figure out the theft and report it, the more you will pay out of your own pocket.
  • change cards to someone.

    Vote with you feet. If they don't provice a decent service move.

    Also you say what country you're from so we can't give any legal advice.
  • by bofh31337 ( 521771 ) * <bofh31337@g[ ] ['mai' in gap]> on Thursday May 26, 2005 @11:34AM (#12645378) Journal
    Several Credit Card companies, including CitiCard, will allow you to generate a one time use only virtual credit card number. CitiCard's is especially nice, because you can set a limit to how much can be charged to that number.

    In the case of unauthorized use of your card, you should report the fraud to one of the major credit bureaus:

    TransUnion: 800-888-4213
    Equifax: 800-525-6285
    Experian: 800-397-3742

    While you're at it check out [] for more information about your rights in resolving credit card problems.
    • This seems nice from a fraud prevention point of view, but as a cc user, I would hate it if I had to do this to use my card. If the credit card issuer wants you(me) to use thier product, they damn well better make it secure, easy to use and limit my liability for others actions. The user shouldn't have to jump around like a trained monkey just to make a purchase, remember they are trying to loan you money, that is the point of the thing. Of course, you are safer, you feel safer, and thus you are going to us
      • Sure, it's not something I do all of the time. When I do, it only takes about 30 seconds to generate one. Mostly I use it on sites that I've not delt with before or have a not so positive history. Of course, i'll try to go somewhere else first; but that is not always possible.

        Sure, they do need to make their products more secure and limit our liability, but until that happens I find this a good work around.

    • I know this is getting a little off topic but I don't have a credit card, and yet purchasing books saves you a TON of money (30-70%) if you buy online. So how do I do it? Of course I could get someone to buy it and I would pay them back - OR - I could go into a store and put money on the gift card, and then I could go home and use that gift card's # to purchase my books, and I end up saving a lot of money. So if you're so paranoid that you don't even want to use a credit card or a bank card, try to look
  • In the uk, you can threaten them with going to the ombudsman if you think that things are taking too long. s/civil_rights/how_to_use_an_ombudsman/index/your_ rights/civil_rights/how_to_use_an_ombudsman.htm [] Shows you how they are used in the UK. Looks like an ombudsman is a lawyer, so if you cannot find one, maybe a Lawyer will do.
  • My Own Experience (Score:3, Interesting)

    by the darn ( 624240 ) on Thursday May 26, 2005 @11:44AM (#12645482) Homepage
    I have a MasterCard type debit card. Late last year, someone got ahold of it's info (including the 3-digit code form the back). I suspect that it may have been related to an insecure form I submitted for an online purchase. I noticed 2 charges that I didn't recall making on my (online) statement; they totaled a bit over $200. After contacting my bank, they suggested I first try to contact the businesses that charged the card, then come back to them if I had any difficulty. They assured me my maximum liability was $50, and issued me a new card with a new number. So, armed with a pair of phone numbers, I called the two businesses: one was a phone-card seller, and the other issued prepaid debit cards. In two weeks, all my funds had been returned. A few weeks later, my bank's investigations unit contacted me to ask if I knew anyone in Lansing, MI, where the charges had originated. I answered "no," as I'm not sure I've ever known a Michigander (or whatever). And that was the last I've heard of it. Scary, but not as awful as it might have been.
    • the address they found could possibly be fake anyway. Some people buy some random stuff to random address to test if the owner discover of the fraud. In my case, I have own a credit card for 3 years in total. I have used it to apply for paypal in the first year and purchase NOTHING, nor did I ever use the card at all. In my third year of owning the card, someone actually being able to use it to buy a CD. This card have always been in my wallet without being used but I don't see how people can get my
  • Banks SUCK (Score:2, Interesting)

    by mekkab ( 133181 )
    I had this happen to me. My debit card is also a some-time credit card. I used it for a web purchase in 2000. I found out that charges (for "male enhancement pills", no less!) had been made to my card.

    My bank was USELESS. The same 10 weeks, no protection, we don't really care, and are actually rather annoyed that we have to find these forms for you to fill out.

    The online company got wind of it (I presume through the bank), CALLED me, said "hey, where you ever in Khazakstan? No? Okay, this is obviousl
  • My story (Score:5, Interesting)

    by It doesn't come easy ( 695416 ) * on Thursday May 26, 2005 @12:00PM (#12645719) Journal
    This happened to me about 4 years ago...

    I had a bogus $400 charge show up on my checking account debit card. I saw the charge almost immediately (about two days after it happened) because I routinely monitor my checking account from online daily. I contacted the bank and the police. The police told me that they couldn't take the report unless the bank initiated it. The bank said they would start an investigation, which they did. In the meantime, they put $400 back in my account.

    My statement to the bank was as follows:
    My debit card has never been missing
    My debit card has never been used by anyone other than myself
    No one else knows my pin number (not even my wife)
    I had never used the ATM where the charge was recorded (the bank sent me a statement from some third party bank showing the address of the ATM and the transactions that had been attempted. There were 8 tries late at night for different amounts, starting at $1100 and going down until the $400 transaction worked).

    About 4 months later (after bugging them about once a week to find out what was going on), the bank came back and said the transaction was valid because a debit card had been used to make the transaction and so they were taking their $400 back. This is actually what they said, even after I had told them that I had not used my card for the transaction and the pattern of transactions obviously showed that someone was fishing for an amount that would be accepted.

    As far as the bank was concerned, case closed. Fortunately for me, I had the foresight to marry a lawyer. Being a personal injury attorney, my wife was somewhat familiar with the rules the bank had to follow in a situation like this and luckily for us one of their duties was to perform a timely investigation, which had been defined in our area of the world as within 45 days. So, only because they took so long we were able to make them hand us back the $400.

    However, in the course of our investigation, we learned a number of things I found quite fascinating. First, we found out many (if not most) ATM cameras are no longer maintained. So, a lot of the time there is no visual record of who is using the ATM machine. Second, the bank didn't consider the pattern of tries to be significant, as they felt it was only an attempt by me to fool them into thinking it was someone else(and obviously ignoring the fact that by the same logic if I was trying to defraud them, I would have also said my card had been stolen or lost). Third, the only place I had EVER used my pin prior to this transaction was at the local grocery store. I mean EVER. I am very careful about where I use my pin and up to that point I had only ever used it at the local grocery store (I had never even used it at the bank's ATMs). This probably means someone at the store saw me enter the pin (probably using the store's surveillance cameras) and had enough access to my bank's debit card information to create a new card using my account number and pin. This last part is speculation but I don't know of any other way they could have used a real debit card to make the withdrawal. Unless, of course the bank was lying to us and their computers had been hacked (but in that case, why the multiple tries?). In any case, we concluded something out of our control was wrong at the grocery store and/or the bank, so we stopped using the store and changed banks.

    Since then, we keep two checking accounts at our current bank: One for the money and one for the debit card. We keep a minimum balance for day-to-day purchases (gas, food, etc.) in the debit card account and we plan big purchases and ALL online purchases in advance by transferring the money from the money account to cover the purchase right before we make it. At least that way the debit card has a lowered risk because the balance is always very low and the other account is only accessed through the bank's computer. Yes, I know it isn't perfect, but it is better than having all of our cash exposed.
    • Why would you go through all of that hassle when you can just use a credit card? Then the bank's money is exposed!
      • By your logic (avoid the hassle by using a credit card), the only way to avoid the hassle in this case is to never have a debit card to begin with. Remember, I didn't use the card, someone else did (and it wasn't even my card, assuming a physical card was even involved).
        • "Remember, I didn't use the card, someone else did (and it wasn't even my card, assuming a physical card was even involved)."

          Sure you did. Unless the thief somehow conjured up your card number & pin, they obtained your information from some sort of rigged device somewhere.

          I use my ATM card at banks only -- I don't use random ATMs in malls and such. Many banks consider pin-based transactions inviolate, so I treat my ATM card with care!
  • Report them (Score:4, Interesting)

    by E_elven ( 600520 ) on Thursday May 26, 2005 @12:07PM (#12645803) Journal
    Your financial institution is required by law (in the U.S.) to either resolve any EFT (debit or credit) dispute within 10 business days or, if it has not been able to resolve the dispute, provisionally credit your account with the amount in question until it is able to do so.

  • I'd never get a debit card! A Visa hose for a clerk at a store to steal? Jeez, you asked for it.
    • First, a clerk would be better off stealing a credit card - higher limits.

      Second, as others have pointed out, you aren't liable for more than $50 anyway, although there's more hassle with debit since it's your checking account.

      Third, what clerk actually takes your card these days? I can't remember the last store I was in that didn't have the scanners that I used, so the card never even leaves my hand. (Exception: restaurants. But even there #1 and #2 still apply.)
  • Get real! (Score:3, Insightful)

    by fm6 ( 162816 ) on Thursday May 26, 2005 @12:56PM (#12646477) Homepage Journal
    It has been over a month and my bank is still stringing me along saying it will take up to 10 weeks to get my money back.
    Like so many Ask Slashdots, this one revolves around somebody's misperception that the world revolves around them. Ten weeks is not "stringing along". It's a reasonable period to investigate a serious fraud. You don't mention how much money is at stake, but I assume it's a substantial amount, or you wouldn't be so pissed off. In effect, they're handing that money over to you, money they're probably never recover. Do you really expect anybody to do that without checking everything out carefully?

    Put yourself in their shoes. Suppose somebody called you up and said, "You owe me $1000 because ..." Never mind the "because", it's a reason that might or might not be valid. Are you immediately going to write them a check? No, you're going to carefully examine their claim, check the facts, maybe talk to a lawyer. Why should your bank be any less careful? Because they have lots of money? They soon won't have any money at all if they give it away to anybody who claims they deserve it.

    • In his defense, some banks will issue an "emergency" credit almost immediately for the amount in dispute and later take it back if needed.

      My advice - Only use your credit cards online. Fraud on your checking account via debit card is usually far more painful than fraud on a credit card.
      • Not everybody has a credit card. If you're in credit counselling, the first thing they do is make you give up all your cards, so you can only spend ready cash.

        You can now plunk down some cash and buy a debit card that's only good for the amount you put into it. That might be a good alternative. Expensive though.

        But all these strategies require common sense and caution. I suspect this guy has neither, since he's dealing with several alleged frauds on more than one card.

    • What's a lot of money to you and me isn't a lot to a bank. I might find $500 to be a tough loss, but to a bank it's probably the bright spot in their day. They probably have cases where thousands are missing, and those will probably get a higher priority.
  • 10 weeks?! (Score:1, Interesting)

    by nilbog ( 732352 )
    10 weeks?! Who is your bank, paypal? Because if so, paypal is not a bank, and will not act like one - especially when it comes to your rights pertaining to fraudelent transactions.

    I believe for real banks there is a federally imposed time limit for adressing fraudelent use of your account, and it certainly isn't 10 weeks.

    I had my credit card attached to my paypal account, and someone broke into my paypal account and emptied it (thereby cleaning out my credit card and bank account). I called paypal w

  • Need clarification (Score:4, Informative)

    by Michael Spencer Jr. ( 39538 ) * <(spam) (at) (> on Thursday May 26, 2005 @05:45PM (#12649351) Homepage
    (I work for a major credit card processor, First National Merchant Solutions. We represent businesses on the other side of these kinds of disputes -- we process cards for merchants, and we must *answer* chargebacks like this one.)

    I'm a little confused by whether this is a Visa/Mastercard issue or a debit network issue. Debit networks (Interlink, Maestro, AFFN, Shazam, Cash Station, Tyme, Star, Mac, NYCE, Pulse, Accel, Honor, etc.) require both the card and the pin number be present at the point of sale, so if these were Internet merchants then these are not debit sales.

    (If someone else has more information about debit cards, please reply. We are trained to believe that these debit networks are only available card-present with pin. If that's wrong -- if people can take debit network account numbers over the Internet -- cards which are not also Visa/Mastercard/Discover/AMEX/JCB/International Diners/Novus etc. -- please let me know.)

    So in the absence of more information, I would say because the transaction is over the Internet, and the original poster seemed to indicate it was also a debit card, it's probably been processed either as a Visa or a Mastercard.

    If that's true, here's the flow of events:

    1) Customer notices a fraudulent charge. They notify their bank, and their bank issues a chargeback with a reason code of something like M85 (Fraudulent Transaction - No Cardholder Authorization)
    2) Along with the chargeback, the bank who issued the customer's card sends a debit to the merchant's processor (a company like us). So in accordance with the rules, the bank now has the customer's money back in their hands.
    3) The bank provisionally credits those funds to the customer. This isn't risky (in case the customer was lying) because if regulations say the bank must pay the merchant back, the bank is responsible for collecting those funds from the customer. (So if the customer closes their account and flees to Mexico or something, the bank still has to pay.)
    4) The merchant's processor (again, a company like us) usually then bills the merchant the amount of the chargeback, and notifies them that a chargeback has been filed against them. The merchant then has some time (30 days? 45 days?) to prepare their case, and submit documentation defending their charge.
    5a) If the merchant doesn't respond, or the documentation they provide is obviously faulty ("But this gentleman from Nigeria sounded so honest!"), no response is sent. The time to respond to the chargeback case expires, and the bank (and customer) get to keep the money. STOP
    5b) If the merchant does respond, with documentation which proves the charge really was authorized, the merchants processor (a company like us) sends the documentation back to the bank, along with a debit which takes money back from the bank and gives it back to the merchant.
    6) The customer's bank now has documentation which explains both sides of the story. I don't know what really goes on here, but I assume the bank consults with the customer and tries to get more information from them. The bank is then given some time (30 days? 45 days?) to respond back.
    7a) If the customer sees the documentation and says "oops, sorry, I guess I did authorize that one, never mind" then the bank just doesn't respond, and the chargeback drops. STOP
    7b) If the bank talks to the customer and finds out the charge really *is* unauthorized, the bank debits money *again*, and things go back to the merchant for the last time.
    8) The merchant's processor consults with the merchant, and they decide what they want to do. If the merchant wants to dispute the bank's second decision:
    9a) If the charge is a Visa, that second chargeback is actually a "pre-arbitration notice", where the bank is stating that they're prepared to go to Visa for a (costly) independent arbitration. They're *sure* they're right. If the merchant (and their processor) are also *sure* they're right, and no agreement can be reached, the case goes to arbitration. Visa hears facts, makes a ruling, and the losing bank pays for the arbitration. These don't happen very often.
    9b) If the charge is a Mastercard, the second chargeback leads to a second reversal. I don't really know how the arbitration process works here, because once the process hits second-chargeback or pre-arb, you really want a chargeback *specialist* to be helping the merchant. My degree is Computer Science -- I never had to learn *that much* about chargebacks.

    Now the chargeback -> reversal -> prearb or second-chargeback -> arbitration or second-reversal flow happens for any kind of transaction, but there are *many* different chargeback types. The Visa and Mastercard corporations are not stupid -- they know virtually all of the ways and business scenarios their cards can be used in, and they've had *decades* to learn all the different kinds of disputes people have. If you have a unique situation, I guarantee there's a chargeback code for it, and dozens of pages of regulations describing how to resolve that dispute. Not every chargeback is for "fraud".

    Of course, if it's a pin-based debit card, over the Internet somehow, then I'm really confused and someone needs to enlighten me. I don't mean debit as in "it takes money from my checking account so it's a debit card" -- even if the card draws from a demand deposit account, if it's run as a Visa/Mastercard, it's not debit in my world.

    Hope this helps! Feel free to ask any followup questions.

    Oh yeah, disclaimer time: the opinions expressed in this post are my own, and may or may not be those of my employer, First National Merchant Solutions. This is not banking advice -- contact a rep from your own bank for advice specific to your situation. The information in this post is not confidential -- we explain this process to merchants all the time. (Not sure if they always understand or listen, but we explain. :-) )

    Michael Spencer
    First National Merchant Solutions
    Mail Stop 3270
    1620 West Dodge
    Omaha, NE 68197
    800/228-2443 x4690
  • My debit number was stolen and $600+ of vitamins and other drugs were charged to my account. I tracked down the company, though they were in another country. Before I could call my bank, they called me first, saying they suspected fradulent activity. I called them back, launched an investigation, and the funds were returned to my account almost immediately. That's how a bank should work: to protect its clients and resolve all problems immediately. This is the reason I am nervous about smaller banks and cred
  • First of the month, I received a BoA credit card statement. Problem is, I don't HAVE a BoA card! I immediatly called their customer service phone number. Woman on the line wanted to know all of my personal info - SSN, mother's maiden name, etc. Which I refused to give out; I've never had one of their cards, never applied - there is NO WAY they could verify this information. The woman refused to help, refused to allow me to speak to a supervisor, refused to give me contact info for their legal dept., an
    • I agree with you - I have had experience with this bank and they are not very user-friendly. I have continued my relationship with them but I constantly monitor my accounts online and when there are issues, I contact customer service immediately, jump through all their hoops to get the problems resolved, etc. One particular issue to watch for is if you lose a BOA credit card or it's stolen and the account has to be closed and they set up a new account, they will charge you a balance transfer fee in the pr
  • by jafo ( 11982 ) * on Tuesday May 31, 2005 @06:02AM (#12682494) Homepage
    My company has a merchant account, which allows us to process credit cards. The number one thing we get fraudulent orders for is Linux based Virtual Private Servers (VPS). Last week we got orders for two VPSs. The orders claimed to be from different people, but used the same root password and were from the same IP address in Russia. The orders were also both placed twice.

    I decided to try tracking this down on our end to see where we could lead it. I called our merchant processor with what they call a "code 10", but the result of that call was basically just that they would tell me what bank had issued the cards and what the phone number to that bank was. Both cards were issued by Citibank.

    After spend around 30 minutes on the phone with Citibank, all they would do is verify if I had the correct information for the account, and tell me that they wouldn't do anything unless the card-holder called in.

    The interesting thing was that on one card the expiration date was wrong. I don't know how my merchant processor authorized the charge with the wrong expiration date. Also, the phone number on both was wrong, but it was correct in the first 6 digits, it was just the last 4 that were different. I wondered if the person making the charge was using VoIP to make it appear that they were in that area when actually they were in Russia.

    We ended up reaching one of the actual people by phone that afternoon, and they confirmed that they had not made this charge, the phone number was incorrect, and they also said that they weren't using that card actively at the moment. The other person I couldn't track down by other means, so we sent them a letter.

    I find it extremely odd that, as a merchant there is relatively little I can do when I get a fraudulent charge. I guess maybe I should report it to the police and see if there's anything they want to do with it. Citibank couldn't have cared less, no requests for the IP addresses the charges were made from, etc.

    If I were to get screwed by a credit card company for charges I didn't make, I'd probably start looking at things like this that make it clear they don't really follow up on this fraud, which could be seen as negligence. Particularly if they had authorized a charge on a card with the wrong expiration date and/or billing phone number, I'd wonder what they're doing to earn their cut in the first place.


"Gravitation cannot be held responsible for people falling in love." -- Albert Einstein