| By Jim Bruene on June 18, 2009 11:29 AM | Comments (6) |
My credit card number was stolen again. It's the third or fourth time since the Internet came along. It's annoying, and a little disconcerting, but not a major problem, thanks to efficient card issuers who take the info, credit my account, and send me a new card. On a ten-point "hassle scale," where 10 is having your hard drive crash, it's only a 2 or 3.
And my previous stolen cards resulted in little financial loss to the issuer, other than the cost to process the chargeback and reissue the plastic. In those cases, either the issuer caught the fraud before anything was shipped, or the items purchased were digital (online subscriptions) and didn't result in any lost inventory.
But this time was different. Someone used my card number to buy a PS3 gaming console and three games at a Best Buy in the Bronx. Assuming Best Buy follows proper procedures, Wells Fargo will be out more than $600 just for the merchandise. All told, with the cost of the investigation and processing, it's probably an $800 to $900 loss to the bank and merchant.
Wells Fargo is generally very good about suspicious charges and usually calls us. I've had the card for almost two decades, and it's been othe primary card for both my wife and me for much of that time. WF knows our purchasing habits better than we do.
Yes, we get to NYC at least once a year, but our charges are usually travel- and tourist-related ones in Manhattan. And we probably visit Best Buy in Seattle a couple times a year (we have teenage boys), so the gaming system charge is understandable. But it's highly unlikely we'd buy a system while visiting NYC, and we've never visited the Bronx, so the authorization request likely triggered flags.
But unless there was inside theft, the bank's authorization system evidently decided the $10 in interchange was worth the risk. Bad call this time, but probably right 99%+ of the time; otherwise, they'd be out of the card business.
What's mobile have to do with it?
But if Wells Fargo had a real-time connection to me via mobile phone, they could have texted me for an OK (similar to the screenshot above, which is a text-based activity request to Wells Fargo). If it really had been I who stood at Best Buy's register, it would have taken a second to reply "yes," and the transaction would have gone through.
Of course, in this case, I would have said 'no, I'm in San Francisco right now.' Or even better, in the not-so-distant-future, if I'd allowed the bank to track me via GPS, they would have known, without even contacting me, that I was 3,000 miles away from that store. Either way, the bank saves nearly a grand from that single text message. Multiply that by the millions of fraud purchases every year and you have serious money, billions by most estimates.
So yes, mobile banking (really mobile payments) does have a robust and tangible business case from fraud reduction and customer service savings. The technology is in the hands of the users now, and most know how to use it. So, let's get moving.
Note: For more information see our Online Banking Report on iPhone Mobile Banking.
Hi Jim!
Great post.
This sounds like the next step of a system that Gene Blishen, CEO of Mt. Lehmen CU in BC, has had going for five years at his shop. MemberNote sends a text message in real time to his members every time they swipe their card. Members love getting confirmation from their financial institution that the transaction has gone through correctly, with the merchant name and amount. If a member ever gets a text message for a transaction that they did not perform, they know right away that their card has been compromised. The member can then inform the CU *immediately* if this occurs.
What you are proposing takes this system one step further, and if a transaction is even suspected of being fraudulent, instead of running an algorithm to guess at the validity, the F.I. can simply send the text message asking the owner of the account if they want to approve it.
Sounds like a winner to me.
Jim I love this post. This is what I am waiting for, realtime transaction authorization! Not just notification, authorizaion. I am looking for it to be smart enough to check my GPS (or my husband's) and if that does not match let me authorize based on dollar amount that I choose and maybe some other user defined parameters or only authorize via text authorization. As a frequent card user who is married, I don't want to go crazy with transaction authorization requests, but I do want to feel secure. I also have had my card replaced several times over the last few years and because I have bills charged to the card, find the replacement process more of a 6 on the annoyance meter than a 2 or 3. I guess I just want my banking to come to me and for me to define the terms of "convenience". Thanks for the post.
Wireless carriers would have to guarantee immediate delivery of the text message authorization request, and I have a feeling that will never happen. I'd hate to be in line behind the guy waiting for his text message to approve the purchase.
Also, wouldn't merchant card systems need to be updated to include this subsequent approval by the cardholder of record? Merchants won't even adopt contactless payment systems!
I agree that it's a great idea to save the bank some money, but I'm not 100% sold on whether there's enough value to the end user compared to the hassle of waiting for the SMS to authorize - if Jim would have been able to decline the transaction, wouldn't he still have needed to get a new card since it was clearly stolen?
@Sarah...Definitely some good points. But, I wasn't advocating across-the-board authorization via SMS. Agree, that's not going to fly in today's environment. I just want to see it for suspicious high-value transactions.
It would work better than the last time I a trans was flagged in Office Depot (about 2 yrs ago) and they handed me the phone to talk to the Citibank rep who needed my mother's maiden name to approve the purchase.
And interestingly, Wells Fargo has not issued me a new card despite the fraud because their hasn't been another attempt. I'm not sure that's a wise move on their part though. -- Jim
A very good discussion Jim and a topic which is very much on the button.
Mapa International have, in the UK, been monitoring customer attitudes to SMS messages sent by Financial Institutions for some time. Where SMS messages were account servicing or customer service related messages ( as yours would be), customers are much more likely to recomend their bank.
http://www.mapa-uk.com/news-press/1648-SMS-Bank-customers-more-positive.aspx
So I would say that customers enjoy relevant messages via their mobiles and your fraud suggestion is right there.
Mark
As a frequent card user who is married, I don't want to go crazy with transaction authorization requests, but I do want to feel secure. I also have had my card replaced several times over the last few years and because I have bills charged to the card, find the replacement process more of a 6 on the annoyance meter than a 2 or 3.