Monday, May 12, 2008

We've come a long way -- fraud 2008

Today's news makes me nostalgic for the modest worldwide fraud of JK Publications et al ...

IdentityBlog - Digital Identity, Privacy, and the Internet's Missing Identity Layer

Francois Paget ... "Last Friday morning in France, my investigations lead me to visit a site proposing top-quality data for a higher price than usual. But when we look at this data we understand that as everywhere, you have to pay for quality. The first offer concerned bank logons. As you can see in the following screenshot, pricing depends on available balance, bank organization and country. Additional information such as PIN and Transfer Passphrase are also given when necessary..."

Fraud has come a long way since those simple schemes of ten years ago, but VISA and MasterCard security has barely budged. We had to cancel a lost credit card recently; VISA told us they couldn't stop transactions on the old card. We would have to monitor all future transactions for old-card fraudulent transactions. They sent us the replacement card 4-5 days after our call.

As Schneier has reminded us many times, VISA and MasterCard won't clean up their act until the banks are made liable for the full costs of fraud and identity theft - preferably including punitive damages.

On the other hand, American Express, my choice ten years ago, continues to excel. Each person in our family account has their own card number -- so if one card is lost only one number is changed. They can track charges against the closed number. They got us the replacement in about a day.

Obviously we run almost all our expenses through our AMEX BLUE Cash back card. I never use the VISA online -- AMEX only. Fantastic service, excellent security, buyers assurance, etc, etc. What's not to like?

We keep the VISA for small transactions with businesses that can't do AMEX. I should probably get VISA to substantially decrease our credit limit...

No comments: