by aiProgMach on 10/27/23, 2:15 PM with 388 comments
Yet, many online services are giving me hell with their "smart" anti fraud detection and things like that, at this point I can really understand the position of the people who are dooming about cashless society, because at some point here I felt trapped not being able to get services I needed so much (until I asked shop owner to pay for me and I paid him in cash + small profit...).
The thing is, the attitude of these companies is so frustrating; like if my card was already accepted once and I successfully approved the payment via 3D secure with my bank, who are you (as a random online service) to assume you can act as my big brother? Even more, if I'm using a balance paid by gift card, who give Amazon or other services the right to put my account on hold while it still contains my hard earned money (I had to try literally multiple services just to buy expensive gift card as Amazon payment won't allow me to choose the correct currency of my Card). Mind you, I'm just a random guy and not world class criminal, or an Activist who's being actively targeted, this make me wonder what these services can do once we go completely cashless.
Simple tasks like downloading region-specific Indian apps become unnecessarily complex, as Google play have this "smart" rule that says I can only change my region once per year, what?? It's just an app just give me the apk, and you can just ask for my location! (I had to install the apks from some random websites at risk of getting some malware...).
I would said what this experience taught me as a developer, but it won't matter, as most products are designed to help the stake holders and upper managers and even Governments, and a dev's empathy won't matter much...
Apologies for this vent, but I really felt I need to post something about this frustrating situation I'm in.
by dreamcompiler on 10/27/23, 11:13 PM
-- A mobile phone number uniquely identifies a single person.
-- Every person has a mobile phone number and they only have one mobile phone number.
-- If a person's mobile phone number is associated with VoIP or Google Voice, that indicates fraud.
-- Every person always has their mobile phone handy and it is always able to receive calls and SMS messages under all circumstances.
-- Mobile phones are never lost or stolen and their batteries never run down.
-- Mobile phone numbers last forever.
-- An email address uniquely identifies a person.
-- Every person has an email address and they only have one email address.
-- Every person is always able to receive email under all circumstances.
-- Email addresses last forever.
-- People never travel to foreign countries.
-- A person's IP address always determines where they are located.
-- Geolocated IP addresses are always accurate.
-- Geolocated IP addresses always indicate the preferred and correct human language of the person on the other end.
-- The IP address for a customer will never change during a given session (i.e. LEO satellite internet does not exist).
-- If the IP address for a customer changes "too quickly", that indicates fraud (i.e. LEO satellite internet does not exist).
-- Your customer will never connect to you through a VPN.
-- If your customer connects to you through a VPN, they are doing something fraudulent, rather than trying to get around your geolocation brain damage.
by k8svet on 10/27/23, 10:42 PM
I have been in Germany for 6 weeks. I have spent thousands of dollars between flights, train tickets, and hotels. Guess what I have to do every, single, time I buy a 3EUR train ticket? Receive an SMS on my American cellphone number.
Their "solution" is to have a family member in the US add their number to my account, wake up in the middle of the night and relay TOTP codes to me. FOR A 3EUR TRAIN TICKET. Multiple times a day. From the same damn train company.
I'm willing to pay $1000 yearly fee for a competent credit card company that sends me TOTPs over Email (just like they send me charges [but of course, not refunds/canceled-authorizations]). Or let's me use a Security Key.
The funny thing is, they happily text these codes to VOIP SMS numbers, which I can (and do) route to my email anyway.
It's abusrd that my Xbox account is both more secure and less annoying to use than my credit card. Again, for a 3EUR train ticket. I feel like we're slowly entering this dystopia Kafque-esk nightmare, and yet, as always, there's people in the comments here insisting this is fine, or that I deserve it.
I'm going to assume the people saying "use cash" have never set foot into the real world. Yes, let me put cash into the non-existent train ticket machines, or to the non-existent train attendants. In the 3 minutes I have before my train comes.
by brianmiddleton on 10/27/23, 3:06 PM
So many online stores will approve my purchase and bill the card with no issue, then cancel it a few hours later for vague security reasons. I remember when the credit card companies ran commercials about how easy and secure credit cards are, especially compared to checks, but now I feel like a criminal every time I try to use mine. I wonder if this violates any part of the merchant agreement that these stores are getting a 100% valid authorization on my credit card, but still aren't willing to accept my payment.
by Habgdnv on 10/27/23, 3:39 PM
A recent incident at my child's school serves as a pertinent example. They transitioned from a traditional cash-based food delivery system to a new digital platform. While trying to register on this platform, I was prompted to provide an "email". I input my usual email address only to be met with an "invalid email" response. After multiple back-and-forths with both the school and the platform's support, I discovered that by "email", they actually meant a "Gmail account".
For context, I've been using my own domain for my email, which ends in .international, for over a decade now—longer than my 9-year-old child has been alive. Despite this, they deemed my email domain "new". The situation reached a head when the school's principal called me, trying to understand the issue. After explaining the situation, he assured me that the problem was on my end, stating that he had consulted with other teachers and they were in agreement that "<my domain name>.international" wasn't a "real platform".
by jp57 on 10/27/23, 3:40 PM
There are many payment methods around the world that have different rules, but for Visa, MC, and Amex cards issued by American banks, the merchant, not the card issuer, has the liability to repay fraudulent on-line purchases (so-called "card not present" transactions). The merchant is the one accepting the risk, not your bank. So they decide which transactions they will accept liability for and which they will decline and what you need to do to prove that their liability is low.
In addition, some second-factor systems (like possibly 3D secure) shift the liability from the merchant to the issuer when passed, but banking rules are arcane, and it is likely that 3D secure only shifts the liability for the one transaction that triggered it, and not any subsequent transactions.
by ryandrake on 10/27/23, 2:49 PM
by crazygringo on 10/27/23, 3:51 PM
And then as to buying/using gift cards in India, on a non-Indian account, of course that's going to raise every suspicion under the sun, given that that's a mechanism used by some of the most prevalent scams in the world.
So I'm really confused, because this "vent" reads like somebody not going through the basic steps to use credit cards abroad, and then engaging in the biggest red-flag types of transactions.
And the fact that they're complaining the airport doesn't allow them to carry enough cash (isn't the limit $10K?) really raises red flags for me. If you need to transfer large amounts of money safely between countries to your family, that's what wire transfers or Western Union is for. That's been the case for many decades now.
The more I re-read this post, the less and less sense it makes.
by cycomanic on 10/27/23, 10:36 PM
Somebody mentioned Google services, and that was a big issue as well. I still have bank accounts in my former country of residence, so I need access to apps from that country (the 2fa App that is used there). On the other hand I need to access some apps here (school notifications, banks...) Google obviously knows better than to allow me to get apps from different regions. The solution was again to just create another account. The whole system is really screwed up. I'm not sure what they are actually trying to prevent, considering that in the end one can work around the restrictions quite easily with multiple accounts, but one would think with the world moving closer together these things would actually get easier.
by notatoad on 10/28/23, 2:56 AM
we're the people who suffer the consequences of the fraud. if your card gets used fraudulently, you call your bank and get the transactions cancelled, no big deal.
if my website lets a fraudulent transaction through, my processing fees go up. if my website lets more than a couple fraudulent transactions through (or not even necessarily frauddulent, but transactions that the issuing banks classify as high-risk) the credit card companies shut off my ability to process payments and my business shuts down. so yeah, sorry if it inconveniences you, but accepting a payment from some random guy who even slightly matches some fraud characteristics isn't worth risking my business over.
by tlb on 10/27/23, 3:02 PM
From a bank's POV, they're losing billions of dollars to card fraud operations, and there are very clever fraudsters who do their best to be indistinguishable from legit users.
Legit users in rare situations (such as being cross-border) are often collateral damage. You can only understand what heuristic you're triggering by knowing a bit about patterns of fraud, which is an unreasonable demand on innocent consumers.
by miav on 10/28/23, 1:12 AM
Even if it was just 1% of users, outright ignoring their issues is not acceptable. And far more than 1% travel abroad or do other suspicious activity (such as buying things at a place you’ve never purchased from before).
And there are services that handle this correctly. Starling bank (UK) is a fave of mine. Confirm in an app, enter full password in some cases, but that’s it. I had to make some sketchy looking transactions and no matter, they never block your account or make you jump through additional hoops.
by gameshot911 on 10/27/23, 3:23 PM
It becomes a tense situation when you are trying to buy a flight that you absolutely have to take, and despite 4 different credit/debit cards you still can't get any purchase on multiple different airlines go through! I even tried to go to the offices, but they were often difficult to find, non-existent, or just not open at the times you'd expect them to be. And good luck trying to purchase on a telephone, between trying to dial in international number, bad connections, and language issues!
FWIW, I had the most success with debit cards. I suspect it's because international companies feel more comfortable with cash in hand, vs. an American CC which can be easily charged back.
by patrakov on 10/27/23, 3:27 PM
"According to our records, you originally registered this account while in Russia, and there is no way to change the country of the account. So we will continue to apply sanctions to this account despite the well-confirmed fact that you have moved out for good. We will also not allow attaching any non-Russian debit cards to that account, as we generally prohibit attaching foreign cards to any account. Please make a new account and enjoy."
by instagib on 10/27/23, 4:39 PM
I had a number to call and talk to someone with no wait if I had an issue.
I dealt with some issues and I ultimately found out that they(the store) want to fingerprint you online. Things you do to avoid that make purchasing things online difficult.
My ip address didn’t match the city I was in or receiving the item in = flag. Using a non-default dns service or vpn? I turn all that off and WiFi when I make a purchase.
If you’re okay throwing money at the problem, get a second phone to buy things with that you don’t do anything else on which has separate logins.
My favorite joke scene about a cashless society was that some criminals couldn’t figure out who to rob because no one accepted cash anymore or held it in a store. Their only option was to rob another gang.
by gnicholas on 10/28/23, 12:48 AM
The worst part is that they don't pro-actively notify me of the flagging via app notification, email, or phone call. I have to track them down and tell them the transaction was authorized. Or more likely I just get out a different credit card and use that one instead.
by dakial1 on 10/27/23, 3:05 PM
But it does not need to be that way and the government can and should help.
In my country (Brazil) banking is well regulated industry and we also have some good consumer laws. Both those things help a lot to show a clear impact of badly designed anti-fraud system to the banks. For example, the central bank has an online channel, where you can open a complaint, which the bank is obligated to answer/solve in 5 days and might get fined millions if they get lots of valid ones.
I used to get my card denied very often, with no heads-up or call to confirm. So I raised a complaint at the Central Bank, got an apology letter and call from my bank manager and I never again had my credit card blocked anywhere.
by gdulli on 10/27/23, 8:49 PM
by sharmi on 10/28/23, 4:16 AM
Every 3 months, I have to pay the school fee for my 3 kids. The amount is almost the same for all three. The first payment always goes off without a hitch. But, when I go to pay for the second kid, bam, it locks up the account. Our local branch is utterly clueless. Then we will have to jump through multiple hoops to get the account activated. This whole drama happens like clockwork every three months. It doesn't matter that it's just a school payment, and doesn't matter that thousands of parents are making payment around that time.
Friends holding accounts in other banks face the same issues. So, it is not isolated to my bank and changing banks will not help.
So, now, we've decided to take the one-kid-a-day approach. It's a bit more work, 'cause I have to remember to make those payments over three days, but it sure beats the headache of reactivating the account every time.
by singlow on 10/27/23, 3:04 PM
They are not trying to protect you. As a card holder you would not be damaged by fraudulant purchases apart from the inconvenience of reporting them. They are protecting themselves because if that transaction is later found to be fraudulant then they will have to return the funds and will likely be unable to recover the product they shipped or other costs incurred.
by jwr on 10/27/23, 3:04 PM
I am wasting so much time explaining that they need to contact their bank, and they waste so much time calling their banks… it's disheartening.
by THENATHE on 10/28/23, 6:35 PM
I've worked as an 'IT guy' (short form for 'I do basically everything') for many small businesses, a lot of which were computer repair shops that, in their small town feel, spent a lot of time just helping old people navigate how to use a computer. Many times I had people come in that found a clearly fake site advertising some too good to be true deal and didn't realize, spent their money, and never got anything or got like a toothbrush when they ordered a desk.
This fraud protection doesn't protect in any way against that. I've helped probably 2,000 instances of fraud in this way just telling them "you need to file a claim with your bank and get your money back because you're never going to get that product" and hundreds upon hundreds of issues where they're like " oh Microsoft is going to delete my computer if I don't pay them 30 Bitcoin" and other bullshit like that. Maybe two times in my 10 plus year career has anyone actually had their cards stolen and used overseas.
Just kinda wild to think about that my bank cares more about me travelling to new York than it does making a 6000$ purchase on coinbase.
by Aldipower on 10/27/23, 11:35 PM
by csomar on 10/28/23, 8:24 AM
Now that everyone (including third-world countries) have figured that out; and legacy companies (big Tech, MasterCard/Visa, big banks) know that this makes their customer life hellish however it kills competition: They'll bend over backward, forward and multi-laterally to implement anything that any lawmaker asks them for.
If you are a very simple simpleton, say a government official with a single income, a regular rental, and regular bills (your groceries and your kids pencils), you'll very unlikely face any issue. But start to deviate from that, and everything starts breaking. Governments are becoming hostile to anything that doesn't fit their narrative.
This is only getting worse from here...
by anish_m on 10/27/23, 9:30 PM
by ellyagg on 10/27/23, 3:31 PM
by roshin on 10/27/23, 11:57 PM
by LeonB on 10/28/23, 12:41 AM
So they build “fraud prevention” systems, and heavily discount any notion of customer service — they’re perfectly willing to lose some customers in the name of fraud prevention - not because they must, but because their focus and incentives are indifferent to customer service. They see it as an inevitable cost of business - when it’s an inevitable cost of not caring about that aspect of the business.
by nitwit005 on 10/28/23, 2:45 AM
With the natural problem that many of them won't be all that good at it.
by tjpnz on 10/28/23, 1:12 AM
by vertis on 10/27/23, 3:11 PM
by time_is_scary on 10/28/23, 5:58 AM
It seems that using the VPN 100% of the time has trained many of these smart services to fingerprint that as my default fingerprint.
Of course, this doesn't help when interacting with services that detect/block VPNs. Or the even more annoying situation where VPNs are blocked and also all traffic from the country you are in is also blocked (occurs occasionally when trying to access US sites from SE Asia)
edit: WRT comments mentioning that you can call your bank or set a travel notice: that is how things used to work. Chase, for example, no longer lets you set a travel notice as they use a "smart" automated system. That said, my Chase travel card used via apple/android pay has never given me trouble so their system does seem better than most
by codetrotter on 10/27/23, 3:42 PM
by belk on 10/27/23, 3:00 PM
by jokethrowaway on 10/28/23, 8:17 AM
AML is a nightmare for banks, most BS they pull off is because the government is worried they won't be able to steal all your tax money.
Strong authentication is another BS regulation with the sole goal of killing small banks with
Chargebacks are convenient for the customer - but they have a cost on the entire system, including banks caring about people stealing a CC and spending.
by corbezzoli on 10/28/23, 5:03 AM
If possible, find yourself a bank that enables you to spend money and leaves “security” in your hands. My 2FA is via app, never SMS.
Side note: someone stole and used my card number and the bank immediately refunded me. Can’t get any better than this.
by uoaei on 10/27/23, 3:16 PM
by welder on 10/28/23, 12:40 AM
Card companies make the random online service pay a fee anytime someone does a chargeback. Yes it shouldn't be their job, but card companies make push this responsibility onto them.
by camhart on 10/28/23, 2:17 AM
by aiProgMach on 10/28/23, 1:47 PM
> The information you supplied was reviewed by Amazon but we cannot remove the hold on your account at this time. For details, check for an email or text message from Amazon describing next steps. Please contact us for further concerns.
I provided my visa + passport + card pic + selfie + Screens of latest Gift card order (email and from the website), still they won't remove the hold and effectively stealing the money in the account. I can't believe this is being done in good faith, this is clear theft, because what else they need?
by pm24601 on 10/27/23, 11:56 PM
Cash is king-many, many times.
by its-summertime on 10/27/23, 3:54 PM
I tried that once, family member specifically. They ended up getting blocked too. Customer support told me to take a hike.
by sneak on 10/28/23, 1:43 AM
I came close to being bankrupted this year because my US health insurer doesn’t support customers remaining insured if they live a lifestyle that involves being away from paper mail delivery for a few months at a time. (I live elsewhere half the year and they cancelled my policy with only paper mail notice after my payment card on file expired.)
It’s really terrible.
by IG_Semmelweiss on 10/28/23, 12:02 AM
I was literally trying to hand money to the company in 5 different attempts.
I finally gave up, with a borderline ulcer
I ll never try adidas.com again
by idontwantthis on 10/29/23, 6:50 AM
by supriyo-biswas on 10/27/23, 3:33 PM
Also:
> Yet, many online services are giving me hell with their "smart" anti fraud detection and things like that
To provide a contrarian opinion, credit card testing, free trial abuse, and other forms of fraud are a thing, so companies usually have to layer other anti-fraud mechanisms on top of 3D secure.
That being said, what service are you facing issues with? I do see Amazon as one of the listed services, but they do eventually remove such suspensions. (My experience was with AWS though.)
by softveda on 10/28/23, 10:15 AM
The only issue is some places now accept UPI payments only.
by gorbachev on 10/27/23, 4:06 PM
I recently moved to a foreign country, admittedly an "easy" western European country, and I fully expected my credit cards to start refusing more or less every transaction. Not so. Not a single transaction has been delayed, or denied.
I travel back and forth my home country and my new home semi-regularly with no issues with using my credit cards. I'm not sure this is a good thing either.
by rglover on 10/29/23, 6:00 AM
If it's an option, it'd be worth exploring using a service that allows you to pay for gift cards (including things like Visa gift cards) to the services you need using Bitcoin.
by pshirshov on 10/27/23, 9:09 PM
by kylehotchkiss on 10/28/23, 12:03 AM
by kragen on 10/28/23, 4:06 AM
(of course if you want to keep your bitcoin in a 'bank' you can, but the important thing is that the choice is yours, not the government's; and merchants who accept bitcoin aren't at risk of incurring chargebacks)
online payment is coming one way or another; let's make sure it's self-sovereign, secure by design, and privacy-protecting. we've already gone a long way down a very dark road, and it's going to get a lot worse before it gets better, with oppressive governments freezing the funds of family members of dissidents and journalists, genocides, and targeted overseas assassinations facilitated by our insecure-by-design payment system
today bitcoin already solves the 'hard to carry cash from one country to another' problem pretty comprehensively; you can buy bitcoin in one country, write your electrum seed phrase on a slip of paper (or memorize it, or read it over the phone to a relative who writes it down), reinstall electrum on a fresh, trustworthy phone after you arrive, and change the bitcoin to local currency with a local counterparty. no cell phone for corrupt cops to copy keys from at the airport, no briefcases full of bills, nothing to declare at customs. and you don't have to care if the tiffin wallah accepts bitcoin (does he accept paytm yet?) because you just need to find one willing counterparty in the entire country
zcash is more difficult to use this way because there aren't as many counterparties
by goodboyjojo on 10/27/23, 9:42 PM
by tayo42 on 10/27/23, 3:32 PM
by gumballindie on 10/28/23, 6:13 PM
by pshirshov on 10/27/23, 8:57 PM
Create a work profile and a separate Google account with Island or Shelter.
by yuumei on 10/28/23, 5:29 AM
by nonsense123 on 10/27/23, 3:43 PM
BR and CN both are painful for me for this reason. Try to use a credit card, they will try to SMS a phone number I haven't used in my bank for 3 or more years.
Now that OP tells us about IN i'm starting to see a pattern: for a fraud and insurance company, or being realistic, the payment processor middle man who offers those services at a loss, making their client lose a few sales while pushing their customers (you) to instant electronic payments (BR:pix, IN:UPI, CN:IBPS etc) is a much better deal (for the middle man)!
by didip on 10/27/23, 10:03 PM
Small amount of money compared to the stress.
by salad-tycoon on 10/27/23, 10:54 PM
Yeah, I think we should be worried.
by blibble on 10/28/23, 2:10 AM
system seems to be working as intended
by edg5000 on 10/28/23, 5:26 AM
TLDR: Global money transfer is probably not something you can do casually and frequently. There are specific services, and fees, and headaches. Probably you want to minimize the amount of individual transactions as much as possible to minimize the headaches (of course there are cashflow limitations).
by RadixDLT on 10/27/23, 8:48 PM
by al2o3cr on 10/27/23, 2:59 PM
I had to try literally multiple services just to buy expensive gift card
by deepsun on 10/27/23, 10:22 PM
However, if that becomes problematic (like WeChat in China), then things go bad very quickly.
by ChrisArchitect on 10/27/23, 4:02 PM
by CrendKing on 10/27/23, 3:12 PM
India doesn't put heavy hammer on scammers for various reasons. For example, since the scammers are mostly targeting foreign countries, and Indian police are well known for accepting bribes from these scammers, the scamming business is de-facto welcomed. They are too short-sighted to not see that the "industry" is damaging India's global reputation, which transitively affects you in negative way. It's unfortunate, and hope the situation improves over the time.
[1] https://www.ftc.gov/news-events/news/press-releases/2023/02/...
by tpmx on 10/27/23, 2:23 PM
by maryfisherr6 on 11/1/23, 2:14 AM
by matheusmoreira on 10/28/23, 1:09 AM