Credit Card Fraud

by Colin Berkshire

Colin Here. In my last article I wrote how the phone company could have trivially shut down phone phreakers using blue boxes. This sub-culture had devised clever way to cheat the long distance billing network into giving free phone calls.

The AT&T marketing department prevented my recommended fixes from being made because  the Phreakers were generating profits for the company by increasing the cost of the long distance rate base. Yes, Blue Boxing was actually a profit center for the phone company! Fraud was profitable.

Well folks, we have the same thing going on now in the US with Credit Card fraud. Credit Card fraud is a hugely profitable business for the banks, and they are doing everything that they can to NOT implement a solution in the US.

Let me explain the math on credit card fraud. When something is purchased at a store, the credit card company remits only 97% of the purchase price to the retailer. This 3% “discount rate” is where the credit card companies make their profit. Merchants are happy to only get 97% on the dollar because they get increased business. For Internet purchases the “discount rate” is even higher no the banks make even higher profits because where is an eCommerce merchant going to go…they must accept cards.

When you report a fraudulent purchase on your credit card, the bank happily, instantly, and greedily refunds you 100% of the amount. You, the consumer are happy. The regulators are happy. Everybody is happy. Well, not quite.

What the bank does is to go to the retailer’s account and they take 100% of the purchase price away from them for having “accepted” a fraudulent transaction. Follow the math carefully here: the card fraudster buys $100 online, the merchant then gets $97. You call in the fraud and get your $100 back. The bank then takes the $100 out of the retailer’s account. The bank is out nothing.

But it gets worse. The bank then charges the retailer what is called a “chargeback fee” that ranges between $10 and $25. The retailer is charged this chargeback fee every time you dispute any bill or any time you claim fraud. The bank keeps this fee. So, every time there is a reported fraudulent transaction the bank makes an additional $10 to $25 in addition to the 3% purchase price discount fee.

The poor retailer is helpless. Along with the credit card number they took the name and address of the purchaser and they did an address match. The retailer got back from the bank an “authorization code.” The retailer could have done nothing more, and yet on this $100 fraudulent transaction they are now out about $175. The bank yanked back $100, the retailer shipped the product to the fraudster, and then the bank charged the retailer an extra $25 chargeback fee.

Meanwhile, the banks are busy advertising their “Zero Liability” policies to consumers.

Credit Card fraud generates billions of dollars a year in risk free profits for the banks.

And here is the sad part of it all: just as AT&T could have stopped the Blue Box phone Phreaks with a 250 line code change, the credit card companies know how to stop fraud. The. Credit Card companies choose to promote fraud because it is so profitable.

In Asia, for years the credit cards have had chips embedded into them. The chips encrypt all of the information and are not easily reproduced. The chips stop fraud. When you make a credit card purchase in many countries you must enter a PIN number to complete the purchase. The PIN stops fraud.

Whoops, back up here. We use PIN numbers for debit transactions and we don’t have much of a fraud problem with debit cards do we? You see, if there was a fraudulent debit card transaction the retailer would not be held liable. It would be the bank that would be out the money. So, the banks choose to NOT use PIN numbers on credit card transactions but they choose to use PIN numbers for debit card transactions. Do you see what is going on here: the banks are protecting themselves by using PIN numbers for debit cards and are choosing to make fraud easy with credit cards. It is pure evil.

There are numerous technologies readily available that would stop credit card fraud. Using PIN numbers, using cards with chips in them, and not printing the CVV2 password on the back of credit cards would be another. (The CVV2 number is a password…how stupid is it to actually print this password on the back of the cards? It’s not stupid…it’s profitable.)

In Asia the laws on fraud are different than in the US. Retailers are not liable for credit card fraud.  Guess what: the banks use chips and PINs there.

I find it remarkable that for decades the banks haven’t been called out on their scamming retailers out of billions of dollars in fraud. But then, AT&T went 25 years profiting from Blue Box fraud. Weird.