Credit card fraud can be stopped. Here's how

After $4,000 of fraudulent charges from Brazil on my AMEX, I'm chasing down all my auto-payment accounts and frequently used commerce sites. Again.
Written by Jason Perlow, Senior Contributing Writer
Over 130 fraudulent charges, totaling over $4000 appeared on my American Express statement last week originating from a restaurant in Brazil.

Credit cards. You can't live without them.

Of course, some people do try -- but I'm not one of them. My lifestyle has now become virtually cashless in the course of the last ten years.

Generally speaking, it's safer to carry around smaller amounts of cash, and when you buy a lot of things using online purchases, there are really few avenues for payment that aren't based on some kind of charge card, whether it is debit or credit. 

Although my credit is excellent, I have minimized the number of credit card products I own. I have a VISA and a MasterCard issued by my main bank, and I have a personal American Express card. I also have a Discover card but I haven't used it for anything in a long time.

Most of my purchases I do on the AMEX, because it is an airline loyalty card which not only gets me points towards future travel when I use it, but also because by spending a certain amount of money on it per year, it helps with maintaining my medallion status.

I only use the MasterCard/VISA for businesses that flat out do not take AMEX, which are usually small restaurants.

While it is a good idea to minimize your credit cards, simply from a financial management standpoint, minimizing or consolidating the number of credit cards you use does have one drawback, however.

If your card number is stolen and fraudulent charges are made against it, the card along with the number needs to be re-issued.

Back in the day, when we didn't have e-commerce or automatic payments via credit card, this was not a big deal. But as we increasingly rely on making online purchases and e-payments, a re-issued credit card is a hassle if you only use one primary card for everything you buy.

Last week, my AMEX was charged over 130 times by a restaurant in Brazil, to the tune of over $4,000. AMEX backed out the charges, but they had to issue me a new card and of course, a new card number.

I'm not completely sure how my card got lifted, but it is very possible it happened at Home Depot because my wife and I recently did a kitchen remodel using their services and have also made a lot of purchases there in the last few months for various other home improvement projects.

As to whether it is related to the EMV "Replay attack" issue my colleague Larry Seltzer reported on this morning is unclear. AMEX's security technology is similar, if not identical to EMV "Chip and Pin", but the company maintains its own network despite the fact they use the same card terminals as retailers use for MasterCard and VISA. 

I use Amazon for most of my online purchases. So that means changing the card number there. My AT&T Wireless bill goes through autopay, as does my broadband bill. I have a number of other recurring billing accounts that I use for mobile devices as well as online services that also hit that same AMEX card.

What we really need to do is introduce the concept of "virtual" and "burner" credit cards.

That means a service interruption the next time they attempt to charge, if I don't track them all down first.

So, what's the alternative then? Get one AMEX for recurring charges, online vendors and mobile device payments? Get another for restaurants, and yet another for large purchases?

Unfortunately, AMEX will not issue me multiple cards under the same name, using the same AMEX product and account/master billing statement I use as my main card, the Delta Reserve.

I'd have to use completely different AMEX products, and that defeats the entire purpose of consolidating rewards points.

What we really need to do is introduce the concept of "virtual" and "burner" credit cards.

In other words, you open an account under a primary account holder. You then create "burner" cards which are purely physical, such as for day to day purchases in retail and restaurants or even for special situations, such as when you go on vacation.

Kind of like the olden days when you had traveller's cheques, which were created for the sole purpose of protecting you against loss or theft of cash. Without a signature that matched the original on the cheque during the time of purchase, the cheques were useless.

Once you have your "burners" you then create "virtual" credit cards. These you would use for your e-commerce and autopayments, as well as for things like Apple Pay and other e-wallet stuff. 

Should any of these burner or virtual cards get lifted, you simply cancel them. If my restaurant/retail physical burner card or Apple Pay virtual card gets stolen, then my e-commerce or autopay virtual cards are not affected.

In addition to secondary cards, every virtual or burner card should have specific controls that the card owner can apply to them.

You should be able to, for example, force a pre-set spending limit per transaction or per card and also have the ability to automatically disable a card if you have multiple transactions from a single vendor within a certain time limit, or with any other rules you might apply.

And in the case of the Brazil fraud that is in the news this week, you should be able to "geofence" a card, such as limiting it to your state or country of residence, or to whatever states or countries you want. For retail/brick and mortar purchases, perhaps even require multi-factor authentication if desired.

All of these of course will require significant IT changes and re-architecture of the current credit card processing infrastructure. But clearly, what we have now does not work.

Do we need new ways of managing and using our credit cards in order to combat fraud? Talk Back and Let Me Know.

Editorial standards