2008-08-03

Visa Desjardins' fraud detection

Visa Desjardins has, for the second time in as many months, deemed some of my account activity suspicious. Since they're on the hook, financially, for unauthorized transactions I can understand them having a certain bias towards prudence, but in both cases when I spoke to a CSR, the reason stated was quite vague ("this activity doesn't fit your account's pattern").

I would love to learn (out of personal interest, really, I'm not complaining!) about the decision rules or heuristics that apply here considering the two suspicious charges that were delayed this weekend.

The first is a 25$ renewal of my Flickr Pro account, charged by Yahoo. The CSR said that getting a charge from an online service provider was flagged. Never mind that I've got monthly credit-card charges from my ISP for Internet access, and from rsync.net for storage space, and that my account has, in the past, seen charges from a large gaggle of other online sellers.

The second is even more comical: it's a charge from a gas station in Kanata.


The green placemark is the Esso station where I always fill up, it's at the corner of Solandt and March in Kanata, right next to the office. It was closed this week, so I went to the Shell station instead (the red placemark) 1200 meters away. That got me flagged. Really.

7 comments:

Jean said...

I've never really had a problem with Visa Desjardins, except for that one time when I got a call from a representative about three successive transactions I did through the Steam game platform (love some of those Popcap games :) ) They somehow found this suspicious and were ready to block it if they would not have been able to contact me that day.

I really enjoy some of your blog postings. Keep 'em posts coming!

jpdaigle said...

jean, that's hilarious! It makes sense that everything would be automated and use heuristics to flag suspicious activity, but it seems like false positives like these wouldn't stand up to human evaluation.

Anonymous said...

I know its a bit late but here's my 2 cents :)

For the flickr.. theres a rule in the fraud detection software wich flags accounts when they have transaction done in a known POT (point of test). a POT is a small transaction in wich the card isnt physically present, its to test if the card number+expiry dateis valid. Those points of tests transactions are usually followed by way bigger transactions.

And for the gas station, it really depends on a lot of stuff; like if you had put gas very recently.. Else that place could be a POC (Point of Compromise) where that terminal was known to be compromised at some time.... Your card is more likely to be blocked right away if it went trough a POC and theres a suspicious transaction on your account...

jpdaigle said...

oooh, thanks for the info!

I've heard before that CC thieves often do a small test transaction to verify account credentials before proceeding with the real large transaction... it's just interesting because I've used the same credit card number to pay Flickr in the past with no problems.

Anonymous said...

heuristics are updated frequently..fraudulent patterns are changing weekly; we try to stay one step ahead... The System isn't perfect.... :)

jake sakic said...

Nice, I was flagged and block using the same atm i use for the past 2 years here in Philippines.

I was about to have a baby and did start spending hundreds of dollars a day for couple of days, so i guessed it was a false positive just like your shell story,and called to have it rectified....

That's not the kicker! I made sure on the phone that the clerk notified my account and that i would be able to withdraw the 1500$ needed for the hospital on the next day(as i knew it could trigger another false positive).

You guessed it, they block me again anyways but this time i have no money, a new-born and sliced up mother in hospital being discharged and because it's the weekend i will need to sleep on the floor of a 3rd world hospital because all office are closed on the weekend and i cannot contact visa.
(online accessD as been down all day)
(Phone number only auto-respond, no humans)
(each time I withdraw-ed any money I did go online right after to pay the bills online so that they wouldn't claim it was suspicious)

YEP!


jake sakic said...

Still doesn't beat my sister though, Booked 3 times by a retard Chinese airline company, charged 3 ticket on the same plane with same name 3 times and Visa said to her:

"We can't do anything to refund the duplicates, you will need to call the airline company because we at Visa Desjardins do not speak Mandarin"

I think she managed to get 1 ticket refunded after going to the HEAD_OFFICE of visa and deal with it but i am not sure, after their statement my head already had exploded so i am not sure what happen, hehehe