Simple way to prevent most online credit card fraud?

Get credit card fraud help: For victims of credit card fraud and identity theft, and those that can help.
6 posts
dimstthomas
Green Member
Green Member
 
Posts: 3
Joined: Wed Jan 11, 2017 8:55 am

Simple way to prevent most online credit card fraud?

Postby dimstthomas » Wed Jan 11, 2017 9:13 am

Hello

I run my own business that sells software online and have just had my first chargeback. This got me thinking of how credit card fraud could be stopped. I came up with a solution that is so simple I don't understand why it hasn't already been implemented.

Credit cards have a physical address associated with them that merchants can use to validate the card. But often people want things delivered to a different address or there is nothing to deliver (like my downloadable software or mobile phone top ups). This allows fraudsters to use stolen credit card details.

Why not just associate an email address with a credit card as well and allow this to be included in the card validation process? Order details for physical objects, download details for software (and a code for mobile top ups?) would be sent to this email address. So even if a fraudster knew the email address associated with the card, they would also have to have access to that email address. Customers would notice very quickly if they had lost access to an email address associated with their credit card.

Is there any reason why this can't be implemented or why it wouldn't work? It could be phased in gradually as an option initially, but eventually online sites would only accept cards with associated email addresses. I suppose there are still people out there without email addresses, but they can't use most online shopping sites now anyway.


User avatar
CarefulBuilder14
Centurion Member
Centurion Member
 
Posts: 4439
Joined: Thu May 08, 2014 7:42 pm
Location: United States

Re: Simple way to prevent most online credit card fraud?

Postby CarefulBuilder14 » Wed Jan 11, 2017 10:10 am

Some email services are not very secure. Some people use yahoo email, and there have been enormous hacks there.

I do like cards that offer card-not-present transaction alerts, though: Chase, Amex, Citi, Discover...not Barclaycard, though.
Warranties and sketchy merchants: Schwab Platinum
Price rewind: Costco
Travel insurance: Prestige, CSP
Perks: IHG, Hyatt
Rewards/Offers: Discover, Freedom, ED, BCE
Taxes/Misc: SPG

Limited value, might close: Arrival

Might add: First Tech, proper business card

dimstthomas
Green Member
Green Member
 
Posts: 3
Joined: Wed Jan 11, 2017 8:55 am

Re: Simple way to prevent most online credit card fraud?

Postby dimstthomas » Thu Jan 12, 2017 3:03 am

CarefulBuilder14 wrote:Some email services are not very secure. Some people use yahoo email, and there have been enormous hacks there.


Yes nothing is totally secure, but the fact that the fraudster needs both your credit card information AND access to your email account will surely make it much more difficult for them.

swipe_masta
Centurion Member
Centurion Member
 
Posts: 227
Joined: Tue Feb 19, 2013 5:22 pm
Location: USA

Re: Simple way to prevent most online credit card fraud?

Postby swipe_masta » Sun Jan 15, 2017 1:28 pm

If they can skim a credit card and are smart enough to know how to use it, they can surely find a way to get into your email account.

I think it also has to do with having too much information being in one place. Credit card number, physical address, and email, as well as a digital footprint all in one package? That's a lot of personal information that can be stolen. Also, don't merchants store customer information for a period of time? What if the theft of information comes from the merchant's end? Also, Like the billing and shipping address example, what if someone who is buying downloadable content is buying it for someone else? Then the email the content is "shipping" to is not the same as the buyer's. People also have multiple email addresses too.

dimstthomas
Green Member
Green Member
 
Posts: 3
Joined: Wed Jan 11, 2017 8:55 am

Re: Simple way to prevent most online credit card fraud?

Postby dimstthomas » Wed Feb 01, 2017 5:49 am

swipe_masta wrote:If they can skim a credit card and are smart enough to know how to use it, they can surely find a way to get into your email account.

I think it also has to do with having too much information being in one place. Credit card number, physical address, and email, as well as a digital footprint all in one package? That's a lot of personal information that can be stolen. Also, don't merchants store customer information for a period of time? What if the theft of information comes from the merchant's end? Also, Like the billing and shipping address example, what if someone who is buying downloadable content is buying it for someone else? Then the email the content is "shipping" to is not the same as the buyer's. People also have multiple email addresses too.


Yes, it's possible hackers will start trying to hack into email providers in order to get access to email accounts. But this is orders of magnitude harder than just buying credit card details on the dark web.

As for the email address being extra information, every online transaction requires an email address anyway so they already have this information. Yes, people have multiple email addresses, and they can choose one to be associated with their credit card. If they are buying downloadable content for someone else they can just forward the email to them.

mountaindewvoltage
Centurion Member
Centurion Member
 
Posts: 383
Joined: Mon Oct 10, 2016 8:40 pm

Re: Simple way to prevent most online credit card fraud?

Postby mountaindewvoltage » Wed Feb 01, 2017 10:50 pm

dimstthomas wrote:Hello

I run my own business that sells software online and have just had my first chargeback. This got me thinking of how credit card fraud could be stopped. I came up with a solution that is so simple I don't understand why it hasn't already been implemented.

Credit cards have a physical address associated with them that merchants can use to validate the card. But often people want things delivered to a different address or there is nothing to deliver (like my downloadable software or mobile phone top ups). This allows fraudsters to use stolen credit card details.

Why not just associate an email address with a credit card as well and allow this to be included in the card validation process? Order details for physical objects, download details for software (and a code for mobile top ups?) would be sent to this email address. So even if a fraudster knew the email address associated with the card, they would also have to have access to that email address. Customers would notice very quickly if they had lost access to an email address associated with their credit card.

Is there any reason why this can't be implemented or why it wouldn't work? It could be phased in gradually as an option initially, but eventually online sites would only accept cards with associated email addresses. I suppose there are still people out there without email addresses, but they can't use most online shopping sites now anyway.


This is what you do... Have a policy where the software cannot be delivered to a P.O Box or another address other than the one on file. What really should be used is an encrypted PIN at checkout where a box from the bank or Visa/MasterCard/Discover/AMEX pops up on the screen and requires you to enter your PIN before the purchase can be made. The PIN could be 4-6 digits and changed in online banking every 90 days or longer (to prevent hackers from getting into your bank login and changing your PIN for one purchase). The PIN is then validated and if it's correct, the transaction goes through, if not, the card is declined and you have to try again... After three times the card is locked out from use anywhere and you have to call the bank to either reset it or request a new card.



Return to “Credit Card Fraud”

Who is online

Users browsing this forum: No registered users and 3 guests