Saturday, April 2, 2016

1-800-427-0459 also, Thanks US Bank!

Nothing like waking up to what sounded like a phishing phone call talking about fraudulent charges yada yada. Please call 800-427-0459. 

Googling the number led to a back and forth discussion of people alternately saying it was a fraud and it was legit. That wasn't too helpful except that fraudulent numbers usually result in a discussion that uniformly agrees something is a scam. In my mind, however, the people saying it was legit could easily be plants. There are plants on Yelp and Amazon that try to artificially drive up the credibility of a service or product so it's easy to imagine a fifty cent army doing the same for a phishing scam.

Fortunately there was some good advice in the forum suggesting to call the number on the back of your card. And that's what I did. They actually verified the number and their precrime fraud prevention unit blocked a number of spurious charges. I'm actually happy about that since disputing charges is a huge pain.

I'm curious as to how someone got my card information, though, since I'm very careful with it. Now from what I read, it seems the 800-427-0459 might be an automated third party fraud prevention service. However, the following does not inspire confidence

It's best to call the number on the back of your card anyway since the odds are much lower for a fraudster to have changed that. But it seems logical for the bank to at least list that particular number on their website since I ended up being transferred there anyway and had to go through the hassle of repeating personal information a number of times.

And while I'm happy that I'm not out hundreds of dollars from fraudulent charges, I'd gladly sign up for a service that required more thorough authentication. The card verification number really isn't sufficient given that anyone who has physical access for a few seconds, e.g. someone at a store, can use it.

Things like tokens, passwords, and biometrics, (what you have, what you know, who you are) impose higher transaction costs which can be large in the aggregate. They aren't foolproof and aren't a replacement for detective work - even if it's just big data analysis - but even one extra level of security would be a huge improvement.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.