Banks continue to control us

Untouched by their reckless behaviour (and blatant lack of any real knowledge of the mystical “market forces”) the true leaders of the Western World continue to flex their muscles and show that the interests of ordinary people are, on the whole, irrelevant. They remain blind to contradiction in demanding huge public subsidies, then refusing any form of public control. They continue to assert, in the face of obvious evidence to the contrary, that “they know best” over the current financial crisis. They ignore the problem of begging money with one hand, and paying out huge bonuses to their own staff. They know they are so important that whatever they do we, the public, will continue to bow to their demands. It beggars belief how most banks haven’t been declared International Terrorist Organisations – they demand money and threaten global meltdown if we don’t comply, they have a non-democratic influence in governmental policy and are happy to crush small businesses; the only thing missing is they aren’t (on the whole) Islamic.

Anyway, enough of that rant. You could easily be excused for thinking that giving a bank your money (often paying for the privileged) would mean it stayed your money and the bank just looked after it (although they would use it to make more money for themselves). You would be excused for thinking that you should be able to get access to your money.  You would, however, be wrong.

Not content with charging customers £1.75 for cash withdrawals (except those customers well off enough to be able to get to the increasingly rare free cash machines [ATM], if they can find a working one), the banks are now unveiling measures to make it harder for you to use your cash/credit card. All in the name of security though… so that makes it ok…

A few years ago we heard how Chip and PIN was being brought in to prevent card fraud. Gone were the days in which your signature was enough to prove who you were, now all it took was a 4 digit PIN. This seemed like madness, and in fact creates the current situation where my wife can use my card without anyone noticing she is not a Mr, but the banks were adamant it would prevent fraud. They added to this the demand for every Cardholder Not Present (CNP) transaction to use the 3 digit verification number (CVV) on the back of the card (ironically where the pointless signature strip lives). It was claimed that this would reduce CNP fraud and the two measures would reduce fraud to such an extent that their costs would be negligible.

Except, it never worked out like that.

People buy things over the internet, and give out their CVV with alarming ease – every time you do an online transaction you are asked for it – so after a while it becomes impossible to use this as verification. You would like to think the people you are carrying out an online purchase from are PCI-DSS accredited, but do you check? Do you read through their audits to make sure your holy grail of card number and CVV are safe? Do you assume the credit card companies are doing that? The padlock icon is just to tell you that the data link between you and the shop is secure, it says nothing about the long term storage of your data. I have even seen companies that email out a receipt with the card number in full and the CVV code used – all in a plain text email… Far from secure.

Anyway, it seems that despite these new measures the banks are still suffering almost as much fraud as before (which begs the question…)  and have now unveiled new measures. Basically they will look at your transactions and if the bank thinks you are doing something unusual they will block your card. Its crucial to note here, that this happens if the bank thinks you are doing something odd. They will monitor your activity and then make a decision as to if your behaviour falls within their idea of what is normal. The BBC report on this is interesting:

A leading bank is introducing new technology that will mean every credit card transaction is scrutinised for fraud.
HSBC is introducing the programme, which will affect 10 million card accounts and millions of transactions.

Hmm. You have to wonder what other data the HSBC will be able to mine from this, but we will leave the big brother rant for another day.

The banking industry has warned that more legitimate transactions will be queried or cancelled as a result.

So, what they are basically saying is that because the banks are losing money, ordinary people will be inconvenienced even more than normal. Imagine the scene, you are on holiday in a foreign country (several time zones away), you go for a meal and pay with your card. Only to have your card rejected. What do you do? The banks don’t care. You have to do the running to get everything sorted and cant even claim back any costs incurred from the banks mistake. Outrageous. The standard banking advice is to tell your bank when you are going on holiday but this is crap. It rarely works. From the same BBC page:

When Sally Wiber went on holiday to Borneo, she followed industry advice and told her bank where she was going.
But her credit and debit cards were blocked when she tried to use them on her first day.
“I spent much of the first day trying to deal with my bank and getting internet access, and then had a rather frustrating phone call trying to make sure that I could use my cards for the rest of my holiday,” she said.

Wonderful eh? I can support this from personal experience. My employment has me travelling around Europe a lot. My bank know this. I have told them about my travel and they know my job. However, in France last year, despite my bank being told in writing about my travel, my card was blocked on the second day. I used it on the first day to withdraw cash and make purchases, but on the second day it was decided my activity was unusual. Apparently, as I was on a family holiday, I had been committing the heinous crime of buying presents… I had told the bank I was going on a family holiday. The first days purchases (to a greater value) were fine, but the second day triggered something. The biggest problem I faced here was being stuck, in France, with no phone and no bank account and no money. How do you resolve that?

Does the banking industry care? Again from the BBC:

But Mark Bowerman of the card issuers’ trade body APACS said it was something consumers would have to accept.

That is a “no” then. He continues:

“If we as customers expect banks to do something about this we have to expect that from time to time we’ll be in a shop and the transaction will be queried or card declined. These systems are designed to stop cards being used fraudulently, so if that’s the price we have to pay I think people should be prepared to pay that price,” he said.

Crikey, doesn’t that sound like the war on terror? It actually reads that because the banks want to put a stop to card fraud people have to pay the price. I love the glib way he says that from time to time we’ll have a transaction declined. Like it doesn’t mean anything. Like it doesn’t mean embarrassment and possible legal problems for you when it happens. Try paying for a meal, having your card declined and then explaining that’s just the price you have to pay. Please let me know how far it gets you.

The BBC continues:

Spending large amounts of money or using your card frequently can trigger the alarm at the user’s bank, and with so much fraud taking place abroad, the same goes for using a card outside the UK.

So, basically, using your card can trigger alarms. This happened to me a few weeks ago when I was buying a new suit. I used a credit card that gives me loyalty points, and as I pay it off in full each month I was well within my credit. I spent a while buying an expensive new suit in the January sales, with a shop assistant fawning over me. When it came to pay, I hand my card over (knowing I had a credit limit more than £2000 over the cost of the suit and coat) only for it to be rejected. Shame is an understatement. Queue of people behind me and a shop assistant now convinced I am a petty thief. All because I tried to spend £300 in one transaction, rather than lots of £50 transactions.

There is a solution, and one which may shoot the credit card companies in the foot, but one I am heading towards more and more. Give up with the card. Credit cards are different, as it enables you to spend money you dont have, but you can live without your bank card. This is the travel advice from ABTA on the BBC, to try and get round the problem of having your card blocked at random:

Take a range of payment methods. Take cash for immediate expenses, take two cards, preferably from different banks and take travellers’ cheques as well for extra security if it goes disastrously wrong.

Why go to all this trouble. The only reason you would take the cards is to spend your money abroad. If you take cards with cash and traveller’s cheques as “backup” you are mad. The card is a back up for the other two, but now you cant trust it. If you have a backup you cant rely on, it is worthless, so don’t take the cards. Go abroad with a bit of cash and traveller’s cheques. You don’t need anything else.

Equally, given the disastrous savings rates, you could probably live your day to day life cash only. Wouldn’t that be weird?

Just to show how effective the banks previous anti-fraud measures have been:

Card fraud is rising – up 14% in the first half of 2008 – and fraud abroad now accounts for 40% of all card crime.

Not very effective then. What is the future for these new checks? Will they learn enough to allow people to go on holiday? Will they work?

What we have seen with chip and pin – it was successful for 18 months, two years – the fraudsters have worked a way round it, so we are now looking at more sophisticated means.

So then, in 18 months we will be encumbered with a system causing us problems, making sure we cant rely on our cards (defeating the purpose of them) and it wont be stopping fraud.

Wonderful.

5 thoughts on “Banks continue to control us

  1. Using the ATM at any branch is free at my Credit Union, but a few years ago, they tried charge if members did more than 5 transactions per month at the teller window (which worked fine for me, because I avoid going into banks like the plague). That didn’t last. They do charge $1.25 if I use my card at another bank’s ATM – the other bank usually charges $2-3 for the same transaction.

  2. In the UK we have a mix. Most bank cashpoints (ATMs) will let you withdraw cash for free, but in recent years they have closed dozens of branches, reducing the number of bank cashpoints people can get to.

    Conversely, there has been a huge upsurge in shop-run machines, which normally charge in the region of £1.50 – £2.00 per transaction. These are often found in petrol stations, or similar shops, where the shop owner wants to make some profit from the machine.

    The problem is banks seem to think of these machines as being a substitute for a bank branch. For example, where I live it is not possible to get to a free cashpoint without a car. Its ok for me – I can drive and afford to run a car. Everyone else is taxed for accessing their own money.

  3. I understand the evils of banking but back then the whole PIN deal was a step forth not backwards, are you going to complain about how CD replaced vinyl discs next? The rest is of course stupid, including this fraud detecting system based on fortune tellers.

    What I don’t understand is why do we still see cards when key fobs are incredibly superior?

    For on-line transactions there are many better strategies, all of them very easy to imagine and set up.

    One-time password lists.
    Single recipient password lists, where once someone uses that password nobody else can.
    Passwords should necessarily be machine generated and good.

    It’s not that hard, it almost makes me think that banks benefit from card frauds somehow. The banks should hire military cryptographers from the cold war era, I’m sure anyone of them can come up with system a million times more secure and cheaper that doesn’t require the use of a crystal ball.

  4. I understand the evils of banking but back then the whole PIN deal was a step forth not backwards

    While I agree with everything else you’ve said, I dont quite agree with this.

    A 4 digit PIN is reasonable secure as numbers go. It is, however, easier to shoulder-surf a persons PIN than it is to accurately copy their signature. The problem with signatures was the lack of staff training (and minimum wage) making sure that most till assistants either didn’t know how, or couldn’t be bothered, to properly verify the signature. There are 10,000 combinations of number to use as a PIN compared to an infinite variety of signatures.

Comments are closed.