not crypto, but fraud detection + additional

Anne & Lynn Wheeler lynn at garlic.com
Tue May 27 10:32:24 EDT 2008 

Allen wrote:
> I don't know what the policy is in Ireland, but here in the USA there 
> is no stop loss on debit cards so the banks are not obligated to make 
> good on fraudulent withdrawals. I believe that most have out of fear 
> of bad PR, but you have to fight for it if it is just a few that it 
> happens to. If this happens too much then people might stop using 
> debit cards. I have advised my mother, 87, to not use them as she is 
> getting a little slow on the uptake and might miss something like this 
> if it happened to her.
>
> Now to show how screwy the system is, I was shopping the other day and 
> the power went off in the grocery store I was at. They had backup 
> power so they were able to check out people; however, they couldn't 
> use debit cards, except.... Well, the screwy thing was if you entered 
> the charge at terminal as a credit card, even when it was only a debit 
> card, it would accept it. I checked my bank, and sure enough the 
> charge showed as a POS charge!
>
> I think the logic is a little screwy and might be able to be exploited 
> though I'm not sure how at the moment.
in theory "signature" debit (i.e. debit transaction w/o PIN) and credit 
could both work ...  since they both go thru the same way.

pin-debit goes thru in real time and the merchant has assurance that the 
transaction has been approved (and pin authenticated).  as a result, the 
interchange fee is much lower ... because the related risk/fraud is 
presumed to be much lower.

signature debit and credit basically go thru the network the very same 
way. the machine (either the actual POS terminal or a store controller) 
remembers all the transactions and there is periodic batch "settlement" 
(end of shift, or end of day). Settled transaction may or may not have a 
separate, associated "real time authorization" transaction.

The merchant pays extra charge for each "real time authorization" 
transaction (which tend to be credit card specific regarding whether the 
account is active and the new transaction is within the card's credit 
limit or "open to buy").

the associated "interchange fee" is lower on transactions with "real 
time authorizations" (presumably transactions with "real time 
authorizations" tend to have lower risk/fraud). However, transactions 
may also be settled w/o an associated "real time authorization" (which 
will have a higher interchange fee since there is presumption of higher 
risk/fraud). there are some old merchant "small fraud" stories ... where 
the merchant claimed in the settlement transaction to have a separate 
"real time authorization" ... when there wasn't one (they got both the 
lower interchange fee w/o actually having to pay for a real-time 
authorization transaction ... this was before some financial 
institutions had the ability to reconcile the information).

All have associated risk/fraud ... one of the tricks is for the 
financial institution to appropriately adjust the interchange fee to 
cover the financial institutions associated risk.

There has been recent congressional hearings, EU anti-trust actions and 
merchant complaints that the financial institutions have adjusted the 
interchange fees way over what is needed to cover the associated risk. 
There were snide articles that financial institutions are making 
significant profits off of the risk adjusted interchange fees. 2-3 yrs 
ago supposedly something like 40percent of US financial institution 
bottom line was coming from these (risk adjusted) interchange fees ... 
and for many retailers it represented their single largest expense.

this is been highlighted in the significant expense going into TV spots 
to promote "signature debit" .... since the "interchange fee" and 
especially the profit is significantly higher (vis-a-vis pin-debit).

some of this was discussed in the "bank fraud blame game" thread that 
went on in this mailing list
last june, july ... my posts archived here.
http://www.garlic.com/~lynn/aadsm27.htm#31 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#32 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#33 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#34 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#35 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#37 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#38 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#39 a fraud is a sale, Re: The 
bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#40 a fraud is a sale, Re: The 
bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#41 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#42 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#43 a fraud is a sale, Re: The 
bank fraud blame game

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list