Safer System for online spending discussion area

James

Martin,

The Cahoot Webcard seems ideal for as you say paying for legal !!!!!!, movies or on-line gambling or on-line services.

Webcard is almost universally-accepted. Meanwhile Verified by Visa and MasterCard Secure Code are not embraced by ALL online retailers, and are password based. Unfortunately, none of these systems deters the fraudulent use of Card Details on the telephone, or by Mail Order or Fax. Nor do they deter the theft of goods at the point of delivery, and this is where the actual crime (theft of goods) occurs.

So let’s go back to basics and examine an alternative that would cover YOUR, cards, passbooks, cheques etc and should be embraced by ALL retailers/vendors world-wide. If they fail to do so it’s at their peril, not yours.

Application Fraud:

Suppose someone steals your ID and successfully applies for a Cahoot Webcard or any other sort of card or account? Methinks they could do no end of damage.

Application Fraud is easy to deter and you can do something now. Use the Thumbprint System (details click here) and insist that if an application is submitted using your details, then that application must be authenticated with a Thumbprint.

Account Takeover:

This is when someone uses accounts you’ve already opened. I’d include the following: Cloned cards used with your valid PIN. Using a stolen card, or Card Details. Using stolen or cloned passbooks to withdraw funds from savings accounts etc., etc.

Deterring Account Takeover:

I’ve been using the very same system as I do to deter Application Fraud for face-to-face transactions (click here). I’ve been using this system with my Visa & MasterCard Cards for the last 2 years. I use Chip & Signature Credit Cards vice Chip & PIN. Rather than sign the back of my card with a written signature which can be copied or cloned, I sign with my Thumbprint. This is visually easier to check and can’t be cloned or copied when submitted in front of shops staff. The advantages to me are, unlike a PIN there’s NO CARDHOLDER liability.

May I suggest that it would relatively simple and cheap to take this one step further by integrating the Thumbprint system into all types of Plastic Cards. Used with a Webcard in particular would deter most types of card fraud which I had no answer to in my original posting on this topic (Click here).

How would it work?

• OVERTLY: These types of cards would carry a Thumbprint Logo sending a message to opportunist thieves if they want to use this card, they’ll need to submit THEIR PRINT.
• COVERTLY: Utilise the Chip and the Magstrip to convey a message to Retailers that the Card Holder PRINTS on transactions slips at point of sale, thus deterring cloning.

Deterring the Fraudulent Use of Card Details:

For ordering goods via the Internet, or by Phone or Mail Order the vender when carrying out basic card checks would be informed that the card owner (on their insistence) PRINTS at point of delivery. (Prints would be submitted by either the cardholder or their representative, thus making it safer to deliver goods to shipping addresses other than the cardholders address).

Picking up goods where you need to prove your Identity – simple because you’ve placed your order using this sort of card, you’d submit your print at the point of collection.

WebCard would as you say be ideal for covering the types of fraud Thumbprinting doesn’t. But a combination of both, in my humble opinion would be as safe as it gets.

I would suggest that this type of Card would be safer to carry than any other sort of Card.

I would also suggest that any cardholder using this system should have no liability issues whatsoever.

There however would be liability shifts.

Onto the Card Issuer if they failed to check an application submitted without a PRINT (If Fraud Occurred).

Onto the Point of Sale Retailer if a transaction slip was submitted without a PRINT (If Fraud Occurred)

Onto The CNP Retailer / Carrier if they failed to get a PRINT at point of delivery. (If Fraud Occurred)

Onto the Internet retailer (movies, betting etc) if it weren’t a Webcard.

Onto the Crook (THEY’VE SUBMITTED THEIR PRINT).

Additional Information.

There would be NO databases of PRINTS. Transaction slips, Delivery or Receipt Notes would be kept for a period of time as they are now. Nothing changes. Prints are usually on these documents anyway. Using this system puts you in control; it allows you to force crooks to show their hand.

If however a PRINT was submitted by a Fraudster, then this PRINT would be given the Police to act upon, and prove the genuine cardholders innocence. Victims wouldn’t be treated like criminals and their accounts should be reimbursed instantly. The rest is up to the long arm of the law. Victims however would have to submit their print for elimination purposes (just the same as you would do now if you were burgled).

There is no reason why this system can’t be used for passbooks, cheques etc etc. Thus making anyone using this system less susceptible to ID Theft.

Drawbacks:

You couldn’t use Cash Machines. But very few do with Credit Cards. For Debit Card use there are ways round this too. Shops do offer Cash Back when Banks are closed. Another alternative is to get hold of a Banks Own Savings Card. These cards can’t be used in overseas ATMs or in shops. Just as you would with a Webcard, transfer money to this account when required. You then don’t have to worry about your Current Account being hit and Direct Debits, Standing Orders etc going unpaid (this is just a suggestion, which you can do now)

It is of course be YOUR choice. All we need to do is get the Financial Industry to get onboard and make Banking and Card use safer for us all.


PS For Martin,

I wonder if you'd embrace the Free ID Protection system and add it to Ones Not to Miss? Robert Goodwilll MP has on his website. Neil Munroe of Equifax has (On the Equifax Website & Radio 4), as has Barry Stamp (ID Theft Expert and Author of Books on the Subject).

davidrudman

My elderly father tried to download Avast the anti virus programme and ended up on a fraudulent site after searching for Avast on Google. They asked for a £6 registration fee but took £32. The Bank says as it was on a debit card they can do nothing about it. Is there a way he can recover it. I have told him never to use a debit card again.

bias27

Cahoot have just confirmed that their Webcard facility will be withdrawn in October 09. (Users will be notified by email). They are "working on a replacement" but it will not be available before Webcard shutdown - when pressed they admitted that they do not know when (or if) the replacement will be available. I use the webcard a lot - it does have a few problems but overall works well. Does any other bank use webcards - I would change bank just to get this feature.

jago25_98

Other card providers (inc. Egg, Nationwide) have started using this system where you have the option of using an additional password.

I think it's got secure or veri in the title. Can anyone fill me in?

However, it's a total pain in the neck and because it's optional each time, it achieves nothing.

Pain in the neck because:

- The password has big constraints on requirements. It has to have letters and numbers in it (good), but it has to be shorter than 7 letters or more (aggh!) I have spent ages trying to devise a password that is memorable but have failed in finding something that is exactly 7 letters long.
- I have been given a electronic calculator looking thing that seems unrelated but I haven't been asked to use it yet, and it's optional anyway (no way to enforce it's use on the online banking page or over the telephone)

Basically instead of empowering users to make their own choices they're trying to force a one size fits all to everyone. Quids in for the expensive and bad reputation Paypal.

Perhaps there is a solution in another currency/country to be aware of.

edit: Especially important when this Confickr worm is doing the rounds at work, which logs keystrokes. I can't disable it because I don't have the admin rights to do it, and, being stuck on a boat I then can't attend to finances online, falling back to using the phone