Saturday, October 02, 2010

Compromised credit cards a pain when used for autopays

A couple of days ago I received ANOTHER call from the security department of a credit card that I use for all of my online autopayments telling me that a new card they just sent me a month ago has already been compromised.  I'm afraid I lost my temper and really gave the poor security representative a piece of my mind.

As a retired director of information systems for a college at a major university for over 20 years, I am well aware of hazards involved with e-commerce and have always taken all of the prescribed precautions.  I have used online credit transactions since the time they were first introduced on the internet and I have gone years without problems.  Now in less than two months one of my credit cards has been compromised twice.

Naturally, this makes me immediately suspicious that the bank's own database has been compromised, especially since the new card had not been used for anything but autopayments to my electric company, my satellite TV provider, my long distance company, etc. but they insist that it hasn't.  I asked them how they knew to call me to check on a suspicious transaction then and they told me that the perpetrator of the fraudulent purchase did not use the correct security code or my correct address.  These types of thieves use a number generator to generate random 16-digit numbers that are then used online to see if they will be accepted for online purchases.  If a small transaction goes through, it lets them know the number is a valid credit card number.   Then they attempt even larger purchases. 

So I asked them why, then, did their system allow the transaction to go through? I've written computer programs and I know their system could be programmed to automatically deny these types of fraudulent purchase attempts.

I also explained to them that I was using their credit card for my online autopayments so having to reset all of my account information for all of my service providers was very time consuming.   They just kept repeating to me that they were sorry for the inconvenience but wasn't I gratified that they were so observant.

Then they asked me how I wanted to receive my new card.  They "offered' to send a replacement card to me for ONLY $30 by express delivery.  I snapped back that I wasn't going to pay $30 for what I deemed was their mistake!  I told them if they would put the new card in US mail I would have it in a couple of days anyway.  Oh no, they said.  It would take time to prepare the new card so I wouldn't get it for 10 days to 2 weeks.  I just snorted back that I had a whole drawer full of empty credit cards and I'd just pick another one, then, to use in the meantime!!  I don't think the credit card rep expected that response.

This last ploy to get $30 out of me made me suspicious that the bank itself was pulling a scam trying to get yet another fee to replace all the fees they used to make before the government cracked down on them a couple of months ago.  After all, both compromises occurred right at the end of the month when autopayments are being processed.  Both compromises involved two very small transactions from an online vendor I couldn't even find online.

Anyway, now I had the problem of what to do about my autopayments again. 

So, I decided to use a card for my autopays from a different bank.  I have a Bank of America card and I noticed that they offer a free service called "Safe Shop".  To use it you set up an online banking account then you go under your credit card account and click on a link for More Details.  There you will see a link to set up a Safe Shop card. 

Safe Shop is like a virtual credit card with its own number, its own security code and its own credit limit that you set that is connected to your real credit card.  If you want to set up a recurring payment for something like Netflix you create a virtual Safe Shop VISA and specify a maximum amount allowable per month for the transaction and how many months of transactions you wish to authorize up to a maximum of 12 months. 

For example, I generated a Safe Shop VISA for Netflix and set a $10 payment limit for 12 months.  Then I logged into Netflix went to my account settings and entered the new "virtual" Safe Shop VISA information as my new source for autopayments.  Each Safe Shop VISA can only be used at one location. 

To set up my next autopay for my puppies' pet insurance account I generated another Safe Shop VISA, set a credit limit sufficient to cover the premiums for 12 months then called VPI (my pet insurance company) and gave them my new Safe Shop VISA information for their account. 

Only Bank of America has the association key to link these virtual VISAs to my real credit card.  My real credit card number is never given to any online vendor and each vendor has a different virtual VISA number that cannot be reused so it eliminates the possibility that an employee of any of the online vendors could use my credit card number anywhere else. 

I just have to set myself a reminder next September to go back and reissue new virtual VISAs for my next 12 months of autopayments since the maximum number of months of credit you can set per virtual card is 12.  It's worth an hour once each year to be able to take care of bill paying in a more secure fashion.  By the way, you can also generate a virtual VISA for just a single online purchase too for those occasional online bargains!

The service is entirely free.

I realize this process is not as convenient as the One-click shopping that many larger vendors are attempting to get you to use but it's worth the piece of mind.
Post a Comment