My debit card's "fraud protection":
1. Regularly flags payments to subscription services as potential fraud even though I've used them for years, paying with the same debit card, and in spite of the fact that I've indicated many times that I trust these services; and
2. Has never identified a real instance of fraud
Whatever they're doing to detect potential fraud, it has a large false positive rate and does not seem adaptive (at least in my case). It's especially odd to me that this bank asks if I've authorized transactions it flagged as potentially fraudulent, I indicate no, this is not fraud, and yet the system continues to flag transactions with the same vendor as potentially fraudulent. I'm giving it a reinforcement signal that couldn't be more clear!
Edit: this post is not a request for banking or financial advice, nor an invitation to critique my choices. I'm venting about what seems to be a poor algorithm and if you have any comments or insights into that particular topic I'm happy to hear them.
#DebitCard #banking #fraud #FraudProtection #FraudDetection #cybersecurity #InfoSec
wetbeardhairs
in reply to Anthony • • •Stop using your debit card for purchases. Debit is for bank drafts only. If a fraudulent charge is issued, it might take your bank the full two-weeks grace period to restore your funds and you might miss an important payment.
Use credit cards for all payments always. If a fraudulent charge is issued on your credit card, it is the bank's money, not yours, that is stolen. They've got a fraud department to protect their assets and aid in prosecuting fraud. During that time your credited money for that fraudulent charge is restored.
I only ever use my debit card at the bank for cash withdrawals.
Edit: I have several cards that I pick through based on the purchase. Costco for fuel, a travel card for all restaurants and travel, and a cash back card for online shit. And I use cash for local businesses now because their cc fees are high and I appreciate having a local economy that isn't just national chains.
Anthony
in reply to wetbeardhairs • • •Mathaetaes
in reply to Anthony • • •I don't know where you live, but in the US the relevant consumer protection laws for credit vs debit vary pretty dramatically. You're far more protected using a credit card than a debit card for purchases. With debit card fraud, they can drain your account of money you actually have; with credit, they're just borrowing money in your name - you haven't lost anything until you actually make a credit card payment. Furthermore, the maximum liability for credit fraud is $50; the maximum for debit fraud can be the total amount stolen, depending on when you report it.
I suspect your bank has their fraud settings tuned so high because debit card fraud can be catastrophic. If someone fraudulently uses your debit card fraudulently and drains your account, you may start bouncing checks, lose your ability to buy food or pay rent/mortgage, etc. Those things carry fees, fines, and long-lasting consequences that, even after the fraudulent money is returned (which can take a long time), you'll still have to deal with. It's especially risky for people who have limited funds - a few bounced check or late fees can be the difference between staying afloat and sinking into an inescapable debt cycle.
Additionally, if you fail to notice a fraudulent transaction for more than 60 days on a debit card, you lose any legal protection; that money is gone unless your bank decides out of the goodness of its heart to reimburse you. I don't know any banks that would do that.
I highly doubt they have per-customer tuning of their system-wide fraud monitoring software. Furthermore, the new hotness (as of a few years ago anyway) in scams is subscription services, where you make a purchase but the vendor signs you up for recurring subscription, and makes impossible to cancel. I don't pretend to know the inner workings of fraud detection algorithms, but it seems reasonable that recurring subscriptions to niche things could trigger this. Without knowing your details, it's hard to guess why they're flagging, and it'd all be speculation anyway, but it's possible that the vendor you're subscribing to has been flagged as fraudulent by other customers - maybe they used dark patterns and tricked people into subscriptions, like many US Republican organizations were doing in the run-up to the 2024 elections. Maybe they make it difficult to unsubscribe, so customers report it as fraud to get the charges to stop. Maybe the payment processor has actually been fraudulently charging customers (it's not uncommon for small businesses to get compromised and have their systems used for fraud-adjacent activities like validating stolen card numbers).
At the end of the day it seems like being moderately annoyed by false positives is a better outcome than being financially ruined by a false negative; your bank is probably tuning their software with that in mind. Even if you're in a financial situation where fraud won't affect you, they likely have customers who aren't so lucky.
If it's a source of that much frustration for you, you always have the option of switching banks, or switching your subscriptions to a different payment method. I highly doubt you'll have much luck getting them to re-tune their entire system just to avoid the inconvenience of a fraud alert, especially in the context of debit card transactions.
Anthony
in reply to Mathaetaes • • •You are now the second person who has 'splained at me how banking and credit works, without knowing a single thing about my circumstances or the nature of the account I'm using. You didn't ask any clarifying questions, nor inquire into whether I was seeking advice (which I'm not), before writing all that--including a suggestion to switch banks, which is absurd. What is going on out there that people think this is a good thing to do at someone on the internet?
I was commenting on the lousy nature of their fraud detection algorithm and how it fails to respond appropriately to clear feedback. Regardless of the level of risk involved, a vendor that the customer has stated is safe over a dozen times should not be flagged as potentially fraudulent. Doing so is wasting everyone's time, attention, and resources, and detracts from the purpose of a fraud alert. Alerts don't tend to function when there are too many false positives. If you work at a bank and have insights into why this algorithm might exhibit such poor behavior, I'm all ears. If you want to vent along with me, great. Otherwise what are you doing?