You might not know it, but your credit card company is tracking your every move. Advances in how card providers and networks process massive amounts of data from card usage means they often alert consumers to potential fraud before consumers notice anything amiss.
That's what happened to Ted Sindzinski, a digital marketer who lives in Orange County, Calif. A few months ago, out of the blue, his card provider called and asked him if he had recently made a purchase at the women's retailer Anthropologie. He hadn't. The company immediately shut down his card and denied several more online charges. "I was surprised when [the card provider] called me. I know card fraud can happen to anyone, but I didn't think I'd have an issue given how diligent I am," Sindzinski says. He still doesn't know how or where the fraudster got his card number.
Banks are increasingly responding with that kind of aggression. While card providers and networks have long analyzed shoppers' spending data to look for problems, they now have more automated systems in place as well as more sophisticated methods of sorting through data. And by the end of the year, consumers will start noticing an even newer technology that will almost completely shut down point-of-sale fraud.
"[Card companies] look for patterns and search for anomalies," says Kurt Helwig, president and CEO of the Electronic Funds Transfer Association. "If you typically use your card in the D.C. area, and then suddenly it's being used in Eastern Europe, they'll flag that. Or if you usually keep your spending under $1,000 a month, and then there's suddenly a purchase for $6,000, it will raise flags," he says. The card provider will then call the customer and ask him or her to verify the purchases.
Companies are often first alerted to problems from customers themselves, and the information can then be used to identify other instances of fraud. "As consumers recognize fraud on their accounts, they call in, and [card providers and networks] note that in their system, and then they'll build a sort of heat map of all the areas where they are seeing consumers report fraud," says Julie Conroy, a research director at Aite Group, a Boston-based research and advisory firm. After the card providers and networks identify hot spots, like a certain merchant that keeps coming up, then they will proactively notify customers, she explains.
While much of that data analysis is automated, once computers pick up on a potential problem, a manual review is initiated, which is when customers get notified. Conroy says companies are increasingly moving to automated systems for customer notification, too. Instead of a phone call, customers might get a text message, for example, asking them if a transaction was really made by them and to respond "yes" or "no." Conroy says, "Some credit card issuers give consumers the ability to set their own preferences, so if something over $500 hits your card, we'll let you know … Companies are putting that power in the hands of consumers."
Doug Johnson, American Bankers Association vice president of risk management, says card companies and networks have long been evaluating massive amounts of data and looking for changes in patterns, but they are getting better at finding problems. "They have increasing abilities to monitor larger amounts of data to quickly search through the data to find trends," he says.
Johnson experienced the efficiency of that system over Christmas, as he made a purchase from an unfamiliar website. "I took a chance because I wanted the present … I hit the key to make the purchase, and my phone rings. It's my bank, asking if I made the transaction, and if I also agreed to an additional monthly fee for a club of some sort," Johnson recalls. He had not agreed to any such monthly fee, so the card company shut down the transaction. It had acted so quickly because that particular retailer had already been flagged for making secondary fraudulent transactions on customers' accounts.
One potential problem is when card companies incorrectly flag legitimate purchases. In the worst case scenario, a customer who doesn't usually travel overseas might be on his first major international trip and have his card shut down because the card provider notices unusual activity and is unable to contact the customer directly. Usually, though, companies verify the fraud first with the customer before shutting down the card. Companies can also allow some types of transactions, like monthly automated bills, to continue for a period of time until payments can be set up on a new card.
New technology, dubbed EMV, which stands for Europay, MasterCard and Visa, is already widely used in Europe and is poised to move into the U.S. market later this year. The technology involves a computer chip inside credit cards, which creates a dynamic transaction code for each purchase – making it impossible to create counterfeit cards at the point of sale. Toward the end of this year, consumers will begin receiving these new types of cards from issuers, Conroy says.
In the meantime, consumers can take extra steps to protect themselves against what Aite describes as an increasing amount of fraud since 2011, partly a result of large data breaches. ABA's Johnson says every customer should monitor transactions regularly by checking accounts online more than once a month. "Don't wait for the monthly card statement to come in the mail," he says. He also suggests using a credit card, not a debit card, for daily and online purchases because unauthorized transactions on debit cards can affect the balance available.
Johnson adds that customers should alert their card providers to any international trips in advance to avoid having a card flagged for suspicious activity. "If you're in Europe, it's inconvenient to have those transactions questioned," he says.
Helwig also says you should beware of emails purporting to be from your bank that ask you to enter personal information on a website. These so-called "phishing scams" use fake emails and websites to steal personal information and money. Instead of clicking on URLs within emails, always visit your financial institution's website by typing in the URL yourself, and make sure you're on the correct website.
"Customers really still are the first line of defense, and a lot of the analytics in place rely on getting those in-bound calls from consumers," Conroy says. She checks her own accounts at least three to four times a week to make sure there are no unauthorized transactions. She also suggests being particularly careful about browsing the Internet on mobile devices. "Mobile fraud is increasing more quickly, partly because consumers don't treat their mobile devices as the tiny computers they are. Put a password on your device so if you lose it, someone can't transact," she says.
In almost all cases, banks cover the cost of any fraudulent purchases, but victims can still find themselves inconvenienced by temporarily frozen accounts and cancelled cards. That inconvenience, though, is far less off-putting then being the ongoing victim of identity theft.