not crypto, but fraud detection + additional
Anne & Lynn Wheeler
lynn at garlic.com
Tue May 27 10:32:24 EDT 2008
Allen wrote:
> I don't know what the policy is in Ireland, but here in the USA there
> is no stop loss on debit cards so the banks are not obligated to make
> good on fraudulent withdrawals. I believe that most have out of fear
> of bad PR, but you have to fight for it if it is just a few that it
> happens to. If this happens too much then people might stop using
> debit cards. I have advised my mother, 87, to not use them as she is
> getting a little slow on the uptake and might miss something like this
> if it happened to her.
>
> Now to show how screwy the system is, I was shopping the other day and
> the power went off in the grocery store I was at. They had backup
> power so they were able to check out people; however, they couldn't
> use debit cards, except.... Well, the screwy thing was if you entered
> the charge at terminal as a credit card, even when it was only a debit
> card, it would accept it. I checked my bank, and sure enough the
> charge showed as a POS charge!
>
> I think the logic is a little screwy and might be able to be exploited
> though I'm not sure how at the moment.
in theory "signature" debit (i.e. debit transaction w/o PIN) and credit
could both work ... since they both go thru the same way.
pin-debit goes thru in real time and the merchant has assurance that the
transaction has been approved (and pin authenticated). as a result, the
interchange fee is much lower ... because the related risk/fraud is
presumed to be much lower.
signature debit and credit basically go thru the network the very same
way. the machine (either the actual POS terminal or a store controller)
remembers all the transactions and there is periodic batch "settlement"
(end of shift, or end of day). Settled transaction may or may not have a
separate, associated "real time authorization" transaction.
The merchant pays extra charge for each "real time authorization"
transaction (which tend to be credit card specific regarding whether the
account is active and the new transaction is within the card's credit
limit or "open to buy").
the associated "interchange fee" is lower on transactions with "real
time authorizations" (presumably transactions with "real time
authorizations" tend to have lower risk/fraud). However, transactions
may also be settled w/o an associated "real time authorization" (which
will have a higher interchange fee since there is presumption of higher
risk/fraud). there are some old merchant "small fraud" stories ... where
the merchant claimed in the settlement transaction to have a separate
"real time authorization" ... when there wasn't one (they got both the
lower interchange fee w/o actually having to pay for a real-time
authorization transaction ... this was before some financial
institutions had the ability to reconcile the information).
All have associated risk/fraud ... one of the tricks is for the
financial institution to appropriately adjust the interchange fee to
cover the financial institutions associated risk.
There has been recent congressional hearings, EU anti-trust actions and
merchant complaints that the financial institutions have adjusted the
interchange fees way over what is needed to cover the associated risk.
There were snide articles that financial institutions are making
significant profits off of the risk adjusted interchange fees. 2-3 yrs
ago supposedly something like 40percent of US financial institution
bottom line was coming from these (risk adjusted) interchange fees ...
and for many retailers it represented their single largest expense.
this is been highlighted in the significant expense going into TV spots
to promote "signature debit" .... since the "interchange fee" and
especially the profit is significantly higher (vis-a-vis pin-debit).
some of this was discussed in the "bank fraud blame game" thread that
went on in this mailing list
last june, july ... my posts archived here.
http://www.garlic.com/~lynn/aadsm27.htm#31 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#32 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#33 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#34 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#35 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#37 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#38 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#39 a fraud is a sale, Re: The
bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#40 a fraud is a sale, Re: The
bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#41 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#42 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#43 a fraud is a sale, Re: The
bank fraud blame game
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list