shawbridge

Our Chase Hyatt card has had several instances of fraud over the last two years. In all but one case, Chase caught the problem before we did. They have handled things proactively and we have suffered no loss except for time spent switching the number on automatic accounts like Uber.

This seems highly inefficient and I wonder if there isn't a better solution than just fraud detection. Is it possible to use two-factor authorization in which they send an authorization code (a single use PIN) to the phone before each charge?

Is the problem here an incentive problem. Who currently eats the cost of the fraud? Is it the banks like Chase? Who would have to put up the money for two-factor authorization equipment/software changes? Visa/MC/Amex? The banks? Vendors? If it is the banks that pay for fraud and Visa/MC/Amex who would pay for fraud prevention, Visa/MC at least would have no incentive to reduce costs paid for by others.

tev9999

I can't see banks or merchants requiring two factor authentication for every transaction. It would take forever, many would fail and they would lose more in lost transactions than they would save in reduced fraud.

Basically with chip cards today, the bank pays if a chipped card is run with the chip (ie stolen card). If the merchant doesn't support chip and a cloned card mag strip card is presented, the merchant is liable.

Yoshi212

Why the US didn't shift to Chip+Pin is beyond me as that is the most secure standard on the market.
The retailers are responsible for the cost of the processing machines. With the "new" US Chip+Signature (mostly) cards if the merchant doesn't have an updated machine and there is fraud the merchant is responsible for the charge. If they do have an updated terminal and the card has a chip it's the banks problems.

In your scenario it's be card processor (Visa/MC/Amex ect) and the Banks sharing the cost to implement such a 2-step system which I think would be a foolish way of dealing with the millions of transactions per day.

tev9999

They did not go with PIN for the exact same reason - fear they would lose more in lost transactions than they would save in fraud.

The US market is different than the rest of the world. People use credit more and carry more cards. If a transaction fails because of a forgotten or incorrect PIN, the merchant, bank and processing network lose. I, along with many others here, have dozens of cards. No way do I want to memorize all those PINs so I would end up with bad behavior - using the same PIN, selecting something obvious, etc.

The primary advantage of PIN is it stops in-person use of stolen cards. That is a small piece of the fraud pie. It also has the negative of allowing cash withdrawal if the PIN is compromised, which could escalate violent crime - pickpockets become muggers because they need your PIN too.

Chip and Signature stops the use of cloned cards just as well as PIN and is more merchant/user friendly. Neither helps with online/phone fraud.

philemer

Continue Chip & Pin discussion here: http://www.flyertalk.com/forum/credi...signature.html

Continue card fraud discussion here: http://www.flyertalk.com/forum/chase...solidated.html

Thanks