Alastair’s Place

Software development, Cocoa, Objective-C, life. Stuff like that.

Why Is Card Fraud Rife on the Internet?

Last week, before going to NSConference, we were notified by American Express that some of the transactions that had gone through our site were being queried by their customer.

Looking at them in more detail, it became apparent that this was almost certainly (another) case of card fraud. In the past, we’ve largely put up with fraud as a cost of doing business; it usually surprises people to know that we actually lose money over it, because they mistakenly think that it will be the banks that lose the money — but that usually isn’t the case where downloadable items are concerned, and we often end up paying an additional “chargeback fee” as well.

Anyway, we recently decided that we’d report all card fraud to the police, and in this particular case for reasons I’m not going to go into here we have reason to believe that this particular fraud wasn’t just a one-off and that this fraudster is probably hurting a lot of other people too.

The British Police, somewhat to my surprise (we’re always hearing bad things about them over here, justified or otherwise), did offer to take a look at it. Unfortunately, the fraudster is in France, and the French Police have apparently refused to deal with it because it’s too small an amount of money.

The annoying part here is that it won’t be a small amount in total. Other people will be being defrauded by this guy, and he’s also obviously got access to stolen credit card details as well. It’s very unlikely, though, that any individual purchase will be large enough to convince the French Police that they need to investigate, and since fraud is individually reported by vendors (and not centrally by card issuers or card processors) it’s very unlikely that they’ll ever bother to look into it on the basis of reports from overseas. Effectively they’ve handed this guy a license to defraud anyone outside France, as long as individually it isn’t for much money.

I don’t suppose that the French are unusual in this kind of behaviour either. My guess is that nobody will investigate foreign reports of crime within their own country unless the amount is “large enough”.

Given that fact, it’s pretty obvious why people are committing card fraud every day on the Internet, and even more obvious why they’re getting away with it.