If I were a bank, I would be buying as many of these as possible and canceling them before someone else buys them. $1.50? That's the fee on like one transaction!
Amusing response on the thread to this same proposal - "The cynic in me suspects that the net profit they make from allowing fraudulent transactions to go ahead exceeds the costs associated with preemptive cancellation, particularly since they try to make the merchants eat the costs of fraud as much as possible."
Obviously this is just cynicism. I assume the main reasons are 1) imagine justifying that to shareholders, 2) it creates a market.
Having said that, the banks could offer a "reward" system for anyone who manages to report a stolen credit card number.
How exactly will a bank make money on a fraudulent transaction? I had my accounts emptied and had the bank give me back everything that was stolen. I fail to see how thousands of dollars being reimbursed is a profitable model.
Your mistake is in assuming the bank is who reimburses their account holders for stolen funds. It's not. Every store your card/account was used at was forced to return those funds to your bank, even if they already provided the products or services that were purchased. They also each had to pay a chargeback fee (usually $15-20).
Say your credit card is stolen, and used to purchase 5 items from 5 stores. Each of those 5 stores will be forced to return all of the money they charged, no matter how impossible it might be for them to know the credit card was stolen. They will also collectively pay $100 in chargeback fees to your bank, which is likely more than it cost to move the couple pieces of paper it took to handle the situation and inform the customer.
The bank has now made a profit.
Each store that accepted the stolen credit card has lost:
- The payment they accepted
- The transaction fees paid on the payment they accepted
- The product they shipped, potentially hundreds or thousands of dollars
- The chargeback fee
And if chargebacks ever amount to more than about 1% of any of those store's transactions, their processing fees can go up, they can have their cash flow abruptly cut as a reserve fund is created to hold their future charges for some time, or they can lose their ability to accept credit cards entirely.
That's not true. This clearly depends on the country you are in, the payment processor you use, and the type of credit card you got. (eg with chip or no chip).
Also chip or no chip doesn't matter for online/telephone/mail order purchases which I would guess would be the only place you can use this stolen credit card info.
had the bank give me back everything that was stolen
Actually, that money most likely never made it very far - the businesses where the cards where used almost certainly never saw a cent of it. Worse, they probably still had to pay for the transaction fees (of the now reversed transaction) and a chargeback fee. The bank and any other service providers in the payment processing chain made more money than if the transaction had been legit, and the thief made off with the goods. Yup, accepting payment by credit card sucks.
This is a direct consequence of the global near-real-time credit card payment authorization system being the Biggest Ball of Mud design you can imagine. Clearly, at each and every stage of getting to where we are now, people did the bare minimum of change to add new functions to the system.
The other aspect of the problem is the length of time the NSA sat on public key encryption. It's within the realm of possibility for credit card companies to have used public key encryption to at least validate that the human user of a card number knew something, a PIN or whatever, related to the card number. The payment authorization system grew up without that math, so it pretty much depends on everyone (like the call center reps or the programmers of shopping cart software) keeping the card number and the CID/CVC/CVV secret and off their disks.
What does public key encryption have to do with it? Password or pin + salt + hash function like MD5/SHA would be all it takes to securely verify that the CC holder knew a secret.
Am I the only one who finds it shocking that it's apparently so cheap and easy to buy stolen credit cards?
Why are the law enforcers (or the banks, or other appropriate organizations) not going after these "re-sellers", atleast to find/track the original thieves?
Or am I missing something? Are these cards all (or mostly) deactivated? And so the buyers are not using them directly, and rather using them as leads/information to do some other nefarious activity?
These organizations are based out of countries with corrupt governments, where law enforcement from the rest of the world can't easily reach. You can track a credit card peddler to Russia, but you can't do much about them there.
> Why are the law enforcers (or the banks, or other appropriate organizations) not goiging after these "re-sellers", atleast to find/track the original thieves?
I know someone who works for an insurance company that covers credit card and identity fraud. They are actively monitoring these sites for their costumers information. Even though that's a private company, I wouldn't be surprised if government organisations do the same.
And following LeCarré, I could easily envision some entities searching for and holding certain of these acquired credit card numbers in reserve, should there be a need to charge p*rn or some financially questionable charges onto those account holders they care to call into question.
I'm pretty sure this article was written with tongue firmly in cheek, but it's just so... out there.
I dare the author to make this $2.10 purchase using one of his own valid credit cards.