Identity Theft

[Howell]

Do people actually have their CC card numbers and security code memorized for ALL of their CCs??? I don't. Therefore I'd need my CC card, in my hand, in order to make an on-line purchase.

I can see a few problems right off the bat however: 1) Merchant places an authorization on your card for your purchase, but doesn't actually charge the card until the item ships, and by then the security code will have changed. 2) Code changes within the few moments it takes to enter data into the web form but before the charge occurs. 3) Monthly re-occurring charges.

The changing security code idea does seem to have some potential for some fraud protection.

I would assume authorization and the $1 hold would be enough for the bank to allow the transaction to complete later.
All changing auth schemes I've worked with have count down timers so that you know when the number is about to flip. I would hope this card does too.

 

[LunarMist]

I would assume authorization and the $1 hold would be enough for the bank to allow the transaction to complete later.
All changing auth schemes I've worked with have count down timers so that you know when the number is about to flip. I would hope this card does too.

60 minute intervals should make the rollovers less of an issue. I always wonder if there is an allowable overlap.

 

[LunarMist]

You are going to start paying in cash but you don't want to be burdened by having a physical CC present?

I'm already quite annoyed by the stupid amount of time it takes to authorize a card now with those internal ICs. It's worse than 20 years ago. Great progress in technology, eh?

 

[Stereodude]

I'm already quite annoyed by the stupid amount of time it takes to authorize a card now with those internal ICs. It's worse than 20 years ago. Great progress in technology, eh?

I know, the slight inconvenience of a much safer transaction is just too much to bear.

 

[blakerwry]

Do people actually have their CC card numbers and security code memorized for ALL of their CCs??? I don't. Therefore I'd need my CC card, in my hand, in order to make an on-line purchase.

I can see a few problems right off the bat however: 1) Merchant places an authorization on your card for your purchase, but doesn't actually charge the card until the item ships, and by then the security code will have changed. 2) Code changes within the few moments it takes to enter data into the web form but before the charge occurs. 3) Monthly re-occurring charges.

The changing security code idea does seem to have some potential for some fraud protection.

I turned on notifications for my CC's so that I receive an email whenever a transaction is made that is greater than $1. What I acually receive is an email when there is an authorization, which means that I see the authorization amount in most cases. Sometimes this is different than the actual amount debited from my account. For instance, when pumping gas I will receive an email indicating a charge for $50-$150 (I believe this is while I'm still pumping). The actual charge must get amended at some point because the CC web interface shows the amount reflected on the gas pump. I've seen similar elsewhere. My guess is that these kind of authorizations, charges, and amendments are likely very common and handled automatically by the payment processors or back-end systems. I believe being able to amend a charge would address the concern about delays between authorization and the charge itself.

Also, reoccurring charges are handled differently than a one time charge and don't actually use the CCV2 (at least not past initial authorization). I've had my CCV2 change (due to a changed card) and reoccurring charges continue to work just fine.

 

[LunarMist]

I'm sure it benefits the store and bankers, but such slow technologies make more work for the consumer. If I have to enter a 4 Gidget number in addition, I don't know what...

 

[Stereodude]

I'm sure it benefits the store and bankers, but such slow technologies make more work for the consumer. If I have to enter a 4 Gidget number in addition, I don't know what...

Like locks on your car and house doors? What an inconvenience! wneddnce:

 

[ddrueding]

Every system I've seen like this has a rolling window. Frequently the previous code doesn't stop working until the completion of the next window.

 

[LunarMist]

Like locks on your car and house doors? What an inconvenience! wneddnce:

The whole point of the card is that you pay later and are only responsible up to $50.
I understand we all pay for the fraudulators.

 

[LunarMist]

Every system I've seen like this has a rolling window. Frequently the previous code doesn't stop working until the completion of the next window.

I thought so. The accuracy of the device clock has to be considered over its lifetime of a few years. I recall those RSA ones had an expiration date.

 

[snowhiker]

I turned on notifications for my CC's so that I receive an email whenever a transaction is made that is greater than $1. What I acually receive is an email when there is an authorization, which means that I see the authorization amount in most cases. Sometimes this is different than the actual amount debited from my account. For instance, when pumping gas I will receive an email indicating a charge for $50-$150 (I believe this is while I'm still pumping). The actual charge must get amended at some point because the CC web interface shows the amount reflected on the gas pump. I've seen similar elsewhere. My guess is that these kind of authorizations, charges, and amendments are likely very common and handled automatically by the payment processors or back-end systems. I believe being able to amend a charge would address the concern about delays between authorization and the charge itself.

Also, reoccurring charges are handled differently than a one time charge and don't actually use the CCV2 (at least not past initial authorization). I've had my CCV2 change (due to a changed card) and reoccurring charges continue to work just fine.

I also get email notifications from Chase when my credit cards or debit card is used. For gas I just get, "As you requested, we are notifying you of a gas station charge. This charge was authorized at xxxxxxxxxxx #xxxx on {date} {time}." No dollar amount. At restaurants the email displays the "pre-tip" total. I don't receive follow-up emails with actual dollar amounts of gas bought or total restaurant "meal+tip" totals. Other purchases actually list dollar amount in the email.

Regardless, what you said about the chain of events from authorizations to actual charges makes sense and shouldn't be a problem for a CC with revolving security codes. You are correct about reoccurring charges, forgot about how those work.

Every system I've seen like this has a rolling window. Frequently the previous code doesn't stop working until the completion of the next window.

So the current code AND last code are both valid. When a newer code is generated, the "current" code becomes the old code that still works, while the old old code drops off. That would prevent many problems with code changes during authorizations, etc. Did not knot that. Thanks.

 

[Howell]

Every system I've seen like this has a rolling window. Frequently the previous code doesn't stop working until the completion of the next window.

This is not the case for RSA devices or Gauth. They have a key expiration indicator.