robsaw

Sorry, my pet peeve, but can we stop referring to contacting "VISA", "VISA" doing something or not - the party in play here is the card-issuing financial institution not VISA.

VISA provides some back-end security and fraud detection algorithms, but it is the financial institution that is responsible for and makes all decisions with respect to a card account.

So, let's name the financial institution involved as then recommendations on specifics relevant to that financial institution (like card-not-present transaction alerts setup) could be suggested where applicable.

RangerNS

Consider a situation where you have
a) A named PAX, which has been ID verified(ish) on previous travel
b) Using different CCs issued to a name different from the PAX, and several transactions from different cardholders CCs
c) Cards from different brands, different issuing banks
d) Travel to/from locations not associated with a different traveler who normally uses the cards in (b)

None alone are a hard block. (c) would make it hard/impossible for "VISA" to detect.

Combined, the named PAX is likely buying tickets fraudulently, and future transactions are fraudulent.

Stranger

RangerNS

Working backwards, OP needs a new CC number. Or do a better job not handing out his often compromised CC number to fraudsters.

Remember the episode of Sporano's where Tony gets pissed the restaurant is caught skimming cards and loses their vendor account? That is relatively easy to detect. Customer disputes a charge go back to the last 500 charges and +1 each vendor on the suspicious scale. Repeat. Sort suspicious vendor scores, deploy human investigators.

If there is a mass breach of 10,000, 50,000, a million cards, what do you do as a bank? Well, at ~$5/card to reissue... nothing. Most are never going to be used fraudulently, anyway and crushing your customers ability to use their CC isn't going to make you any friends. Maybe a geolock, but at $50 for a CC number, its going to include the zipcode (this indeed was a key point of what made the Target breach especially unusual, not juts in volume but in useful data). Have the bots be more suspicious, yeah, but you can't just block out the card use in this situation.

And then there are one off compromised cards you don't yet know are compromised that you can only apply baseline fraud detection rules too.

A smart user of their new-to-them $50 CC number is going to use it once, and burn it. Gas or groceries is probably a smarter way to use it, but whatevs.

Buying a airline ticket for an apparently un-associated person isn't that unusual you can just block them all as the CC company.

And since different credit cards would be used for a series of transactions, it would be the airline in a position to see the weirdness.

canadiancow

Agreed.

I have purchased tickets for passengers who don't share a name with me, with them on their own PNR.

AC could tell that I was also on the flight, but the card issuer could not. And there's no guarantee I'd always be on the flight.

Sopwith

My card has been compromised 5 or 6 times over its life span (i.e. since I dumped my CIBC Aeroplan card), probably close to 20 years. It used to happen every year or two before the advent of chip and pin, typically when restaurants and gas stations had to take your card away to swipe it. Since they issued the chip and pin cards this is the first or second time it's happened, and first in the last four of five years.

I'm speculating that the perp phoned in to buy a ticket, gave my card # over the phone. Possibly there is a flag in the system to require the passenger to produce the card if the name on the ticket doesn't match the name on the card? When she couldn't produce the card they canceled. One possible scenario. The other possible scenario is that AC just screwed up and charged it to the wrong account - keyed in the wrong number or something. Who knows?

My frustration is that no one seems to be taking this seriously, so it's going to keep happening.

canadiancow

I've booked tickets for my mom and a friend, and neither had to produce a card. Nor would they have been able to.

Bohemian1

CC fraud regarding airfares is a big ticket (no pun intended) problem and one of the transactions likely to trigger a higher fraud score for the transaction.

Purchasing tickets for others, purchasing tickets for itens that originate in another city other than your home, and purchasing tickets between / within certain continents/countries can all trigger either the airline's fraud detection threshold or the issuing bank's, regardless of payment network.

True, some banks / networks are more sophisticated about weeding out valid versus invalid transactions, but it's a far from perfect process despite the amount of analysis they try to do. Full disclosure - all of the major CC payment processors have been my clients from a security perspective.

But I've always found it ironic when an airfare purchase gets denied online and I have to call the issuing bank to get them to 'unblock' (or whatever they do) the respective airline so I can go and purchase again. Especially since all my CCs are affinity cards marketed for global travellers and even have little airplanes on them. For me, BMO and TD were worse than CIBC and Amex, but like many things your mileage will most certainly vary.

Marketing versus the real world, I guess.

RangerNS

6 times in 20 years isn't often, if you are a traveler who is frequently outside of their regular haunt. You don't necessarily consciously or subconsciously select "safer vendors" (... ever that might mean); you get what you get when you need it. Even then, 6 in 20 years isn't uncommon.

For them to key in someone else's number wrong enough to get your number is unlikely. CC numbers are not sequential, there is (a published?) validation process. Luhn algorithm, if you care to geek out.

Stop handing over your card to sketchy gas station attendants?

But seriously, they are taking it seriously. The charges were reversed. The industry has decided that some fraudulent charges are acceptable, and that some fraudulent charges that are never caught are acceptable, and that some/most fraudsters won't be prosecuted. It is engineered to operate in an imperfect reality.

You seem to wish for a more proactive system. Fair enough. .... Isn't happening.

Fiordland

I would be surprised if the person who is booked on the flight was trying to scam AC. There is probably a middle man somewhere in the mix pretending to be a travel site or a travel agent or something like that.

StuckInYYZ

Need anyone need to be reminded of Captain Kool?

1Newflyer

Why do you need the credit card that was used to buy the ticket when traveling? I never necessarily have the same card when traveling. I understood that anyone can purchase a ticket in my name just like anything else. Just don't use my card to purchase your ticket.

pmarrsouth