Chase fraud alerts & fraudulent charges [consolidated]
May 23, 2016, 7:36 am
#61
Join Date: Dec 2004
Posts: 7,904
For 2nd time in 3 years I had a fraud charge on MileagePlus Explorer (2 diff cards). Cards were hardly used. Fraud charge from country that cards were never used in. Last one $16 from telecomm service in France. Both times Chase system caught the fraud and rejected charges.
Does United MileagePlus have the MileagePlus Explorer card numbers. Can it be United system being hacked?
Does United MileagePlus have the MileagePlus Explorer card numbers. Can it be United system being hacked?
May 23, 2016, 6:42 pm
#62
Join Date: Jul 2015
Location: Florida
Programs: Delta SkyMiles; Hilton HHonors; NEXUS; National Emerald Club Executive
Posts: 365
Well, I closed my MileagePlus Explorer account. Still struggling with Chase's fraud department on other accounts, but no actual fraud anytime recently – just them being VERY quick to label legitimate transactions as potential fraud.
May 29, 2016, 1:48 am
#63
Join Date: Aug 2008
Location: Somewhere in Florida
Posts: 2,622
A couple of thoughts:
1) Credit card #s aren't random numbers.
1) Credit card #s aren't random numbers.
The first 6 digits are basically a routing # for the bank. Lists of these are well-known. So, this reduces the # of available account digits down to 10.
2) Credit card #s are usually part of an algorithm. In the days prior to on-line credit card terminals and POS systems with real-time verification, the banks needed ways to provide verification of a valid account # without having to manually call a human being every time. Enter checksums and algorithms. This system worked well enough at the time to prevent random guessing but it's not foolproof. This also further reduces the # of available legitimate account numbers.
How complex were the algorithms? Not terribly so. Back in my high school days I loved trying to reverse-engineer algorithms with paper & pencil. Credit cards, yep. Software serial #s, yep. I may not have always been able to get the algorithms 100% right on paper, but I could still see the patterns in my mind well enough to create a Windows serial key off the top of my head and get it right about 75%-90% of the time.
3.) There are plenty of places to find lists of compromise credit card information. How complex were the algorithms? Not terribly so. Back in my high school days I loved trying to reverse-engineer algorithms with paper & pencil. Credit cards, yep. Software serial #s, yep. I may not have always been able to get the algorithms 100% right on paper, but I could still see the patterns in my mind well enough to create a Windows serial key off the top of my head and get it right about 75%-90% of the time.
Credit card info is widely available on the 'net. Given some of the massive breaches, along with being able to buy thousands of credit card #s for cheap, especially "dead" accounts, it wouldn't take someone with similar aptitude to analyze a large list of #s and start to make the connections needed to guess new account #s.
4) Chase is the #1 issuer of credit cards in the USASome may dispute this, but even then it only drops Chase down to the #2 issuer. Either way, they issue a ton of cards. If you're looking to fraudulently use a credit card #, it'd make sense to go after the bank codes (first 6 digits) with the most possible targets. It's no different than why more viruses are written for Windows than Mac. It's not that Mac's OS is overly-secure, rather it's that going after Windows machines gives the most bang for the buck due to a much larger market share.
5) Merchants are the #1 source of data breaches, processors are #2 source.Even ignoring the biggies like Target (Got my Amex) & TJ Maxx (Got my Visa), merchants are still where your card #is most likely to get stolen. Payment transactions are just a small portion of a company's point of sale system. It's expect to do inventory, HR functions, etc, and do so without a dedicated IT staffer at every location. These merchant systems hand off credit card payments to 3rd party processors over the public internet. There's thousands of different point-of-sale systems out there and they all have to interact with these processors. As such, security on both ends is a bit of a tightrope walk. Both companies need each others' software to talk, but still remain secure. It doesn't always work.
Banks, on the other hand, maintain very strict controls over their IT systems, are solely focused on transactions, and have an overabundance of IT staff. Can a bank be compromised? Sure. But their infrastructure is designed specifically for handling transactions. Not controlling inventory, phones, cameras, and air conditioning across the country like Target's network used to.
Banks, on the other hand, maintain very strict controls over their IT systems, are solely focused on transactions, and have an overabundance of IT staff. Can a bank be compromised? Sure. But their infrastructure is designed specifically for handling transactions. Not controlling inventory, phones, cameras, and air conditioning across the country like Target's network used to.
Sep 27, 2016, 8:23 pm
#64
Join Date: Sep 2015
Location: flyover country
Posts: 2,435
fraud detection algorithm?
Like many, I have a Sapphire Reserve. Within a few days of receiving the card, I put about $1,000 worth of travel on it, where I made the reservations by phone. No problem. I also put a few hundred non-travel dollars on it by phone. No problem.
I went to the local hardware store and tried to make a less than $20 purchase, and the card was denied. (Yes, I have lots of headroom on the credit line.)
Maybe the travel charges went through because my name was listed as a passenger. Maybe the non-travel charges went through because my address was the ship-to address. But flagging a $20 purchase in my home town? What goes on? Any ideas?
By the way, I called Chase and got the charge approved, but I talked to two heavily accented representatives. Perhaps I was just lucky with the Sapphire Preferred, but I believe I always got first language English speakers on the few occasions that I called customer support. I would have expected first language English speakers for the Reserve card, but I was surprised.
I went to the local hardware store and tried to make a less than $20 purchase, and the card was denied. (Yes, I have lots of headroom on the credit line.)
Maybe the travel charges went through because my name was listed as a passenger. Maybe the non-travel charges went through because my address was the ship-to address. But flagging a $20 purchase in my home town? What goes on? Any ideas?
By the way, I called Chase and got the charge approved, but I talked to two heavily accented representatives. Perhaps I was just lucky with the Sapphire Preferred, but I believe I always got first language English speakers on the few occasions that I called customer support. I would have expected first language English speakers for the Reserve card, but I was surprised.
Sep 28, 2016, 12:17 pm
#67
Join Date: Jan 2013
Location: Hawai'i Nei
Programs: Au: UA, Marriott, Hilton; GE
Posts: 7,144
Chase Fraud Alert
For the first time, I got a fraud alert message. Now, I not only got one message, but one each on two separate cards within 24-hour period. What is going on?
First one I kind of understand, because it was a foreign transaction when I am not yet travelling. The second one was a domestic online store purchase.
I've been with Chase for decades, pay up in full monthly. Anyone have any idea why all of a sudden I'm getting these annoying alerts and what can be done about it?
Thanks.
First one I kind of understand, because it was a foreign transaction when I am not yet travelling. The second one was a domestic online store purchase.
I've been with Chase for decades, pay up in full monthly. Anyone have any idea why all of a sudden I'm getting these annoying alerts and what can be done about it?
Thanks.
Sep 28, 2016, 1:11 pm
#68
Join Date: Sep 2008
Posts: 7,875
For the first time, I got a fraud alert message. Now, I not only got one message, but one each on two separate cards within 24-hour period. What is going on?
First one I kind of understand, because it was a foreign transaction when I am not yet travelling. The second one was a domestic online store purchase.
I've been with Chase for decades, pay up in full monthly. Anyone have any idea why all of a sudden I'm getting these annoying alerts and what can be done about it?
Thanks.
First one I kind of understand, because it was a foreign transaction when I am not yet travelling. The second one was a domestic online store purchase.
I've been with Chase for decades, pay up in full monthly. Anyone have any idea why all of a sudden I'm getting these annoying alerts and what can be done about it?
Thanks.
Sep 28, 2016, 2:43 pm
#69
Suspended
Join Date: Aug 2010
Location: DCA
Programs: UA US CO AA DL FL
Posts: 50,262
Is the complaint that the Chase software flagged you, as a new cardholder, for a third local purchase or that your call was quickly and efficiently handled, but by a person with an accent?
Would this have been better if it had been handled by an incompetent without an accent? Maybe Chase ought to have an opt-in for people who want that.
Would this have been better if it had been handled by an incompetent without an accent? Maybe Chase ought to have an opt-in for people who want that.
Sep 28, 2016, 3:57 pm
#70
Join Date: Sep 2015
Location: flyover country
Posts: 2,435
It's not at all clear if you are addressing the original poster (me). In case you are, I will ask who would not be a new cardholder with CSR? I never said the call was handled quickly or efficiently; in my opinion, it was neither, but I used a subjective measure and am unaware of an objective measure. The fact that it could have been worse does not make it good, which seems to be your suggestion.
Sep 29, 2016, 12:21 am
#71
FlyerTalk Evangelist
Join Date: Jan 2014
Location: San Diego, CA
Programs: GE, Marriott Platinum
Posts: 15,507
Weirdly, I've had very few problems with Chase's fraud detection. I've had Chase credit cards for a while though (my Freedom card, for instance, is something like 6 years old), so maybe they're using my entire history as a basis for verification.
My new corporate card from Citibank, on the other hand, is shaping up to be a complete hassle thus far despite the charges being for legitimate business travel. For instance, the other day it was declined when our travel agency tried to purchase Southwest tickets in my name. We originally were using BofA before we got bought out and I never had problems with them.
My new corporate card from Citibank, on the other hand, is shaping up to be a complete hassle thus far despite the charges being for legitimate business travel. For instance, the other day it was declined when our travel agency tried to purchase Southwest tickets in my name. We originally were using BofA before we got bought out and I never had problems with them.
Sep 29, 2016, 3:37 am
#72
Join Date: Apr 2015
Posts: 456
Chase's fraud department on these cards is pretty gung ho. I had the same problem with the CSP. From discussions on other threads, we have come to the conclusion however that travel charges are rarely denied because Chase gets full detail on the transaction, including the names of the travellers. Since it's pretty hard to travel fraudulently on a ticket booked in another person's name, these probably pass fraud screening pretty easily.
On the other hand, at least with a new card they seem to like to block you around every $2,000 worth of transactions in a short amount of time. If you know you're going on a spending spree, you can call them in advance to flag your account for heavy spending. Or you can have them do it the first time you have to get the fraud alert removed.
Yes, it's a pain because you're trying to get your minimum spend in the short amount of time, and Chase is blocking you at every turn. LOL. When we first got the CSP, my wife went on a shopping spree and popped about 8k on it in a week. I had to call fraud 3 or 4 times.
On the other hand, at least with a new card they seem to like to block you around every $2,000 worth of transactions in a short amount of time. If you know you're going on a spending spree, you can call them in advance to flag your account for heavy spending. Or you can have them do it the first time you have to get the fraud alert removed.
Yes, it's a pain because you're trying to get your minimum spend in the short amount of time, and Chase is blocking you at every turn. LOL. When we first got the CSP, my wife went on a shopping spree and popped about 8k on it in a week. I had to call fraud 3 or 4 times.
Sep 29, 2016, 6:59 am
#73
Join Date: May 2010
Location: Maine, USA
Programs: Delta PM Elite Plus, Aegean
Posts: 132
I am wondering about the initial post with the denial. It shouldn't happen at non-kiosks but was this the first chip insert you've done with the card? I had that problem the first time I used my Barclay World Arrival Elite card at a gas station a few years ago. I haven't used my CSR yet for anything but making plane and hotel reservations online, so I'll see if I have a problem.
Oct 24, 2016, 2:44 am
#74
Join Date: Apr 2015
Posts: 456
No bank likes it when you move money out, but recently I've seen more banks targetting money transfers that aren't done in person.
Oct 24, 2016, 5:29 am
#75
Join Date: Aug 2000
Location: Exile
Posts: 15,656
I've found that Chase gets really aggressive with fraud alerts every time I get a new card with them.
When I got the new Sapphire Reserve a couple months ago, the first few weeks I was being locked out literally every second day due to security flags. It got to the point where I was actually being recognised by the operators at the "security department" since I was calling so often. Often, the same transactions that were being rejected on the Sapphire Reserve were being approved on the Sapphire Preferred when I tried to use that a few seconds later. For the last few weeks though, I have had no issues so the algorithm has obviously learned my spending patterns better.
The same thing happened when I opened my Sapphire Preferred a few years ago and also when I opened my Mileage Plus Explorer a few years before that.
My charges with Chase tend to be primarily in Africa/Middle East and for travel transactions in my own and third party names at short notice (book to fly same day or next day), so traditionally "high risk" type transactions.
When I got the new Sapphire Reserve a couple months ago, the first few weeks I was being locked out literally every second day due to security flags. It got to the point where I was actually being recognised by the operators at the "security department" since I was calling so often. Often, the same transactions that were being rejected on the Sapphire Reserve were being approved on the Sapphire Preferred when I tried to use that a few seconds later. For the last few weeks though, I have had no issues so the algorithm has obviously learned my spending patterns better.
The same thing happened when I opened my Sapphire Preferred a few years ago and also when I opened my Mileage Plus Explorer a few years before that.
My charges with Chase tend to be primarily in Africa/Middle East and for travel transactions in my own and third party names at short notice (book to fly same day or next day), so traditionally "high risk" type transactions.