Friday, July 01, 2005

Credit Card Intrusion Detection

I just received a call from a computer at Citicards, the company that issued one of my credit cards. Twice in the past few years that card was stolen by credit card number thieves. I found the exchange with the computer interesting.

First it announced that it was calling from the Citicards fraud department. Next it asked if I was "Richard Bejtlich," using the best pronounciation of my last name a computer could muster. (It's "bate-lik", by the way.) Then it asked me to verify the zip code of the billing address for the credit card. At this point I figured providing a zip code was a low-risk activity, in the event this was a sophisticated social engineering attempt.

Once I "authenticated" via zip code, the computer asked if I had made a purchase of $6.37 yesterday at "fast food" something-or-other. I recognized this as the dinner I bought at the incredibly high-brow Chick-fil-A drive-thru window at 9 pm last night. I pressed "one" to validate the transaction. Next the computer asked if I had spent money at an automated data which I recognized as the gas I bought prior to driving to Columbia, MD. I validated that transaction. At that point the computer was satisfied. It told me to call 1-800-950-5114 if I had any concerns.

I believe Citicards alerted to my two recent transactions because I hardly use that card. It's also possible they are edgy after the recent CardSystems Solutions heist. It's even possible my card is on a watch list of some sort. Thanks to John Ward for pointing out I was probably working with the Citicards Fraud Early Warning program.

2 comments:

mcs1042 said...

My name is ian, and I actually work as a specialist in citibank's fraud early warning department in Hagerstown, MD. I can provide you with a reason as to why we were calling you using our "par3" (which is the name for our automated system). Very often, low dollar amount transactions will be placed in to fraud review because they have been recognized as testpoints for possible skimming activity; which means if someone made a counterfeit card of yours, they would test it at someplace inexpensive to see if it works. Also, sometimes a store does not always bill out of where the store is located. For instance, if you go to a rite-aid anywhere in the country, the computer will always recognize the charge as one coming from Harrisburg, PA. Also, Gap and Banana Republic always shows up in the system as coming from San Bruno, CA, regardless of the Gap that you are shopping at. It is possible that Chick-Fil-A has a billing location far away from where you live. In any case, if you got a call from our par3, it was almost certainly a low-risk transaction. Par3 exists only to verify low-risk transactions occurring in the last 24 hours. To my knowledge, though, I do not believe we have any watch lists of any kind. Our department works by comparing old activity to new activity to see if it matches. If it doesn't, we try to call you to make sure everything is okay.

Anonymous said...
This comment has been removed by a blog administrator.