Credit card fraud is a major problem, which costs billions each year. Banks and credit card issuers have tried a number of ways to reduce the fraud. Recent examples are the rollout of cards with computer chips. Cards with chips are more secure for in-person transactions. Unfortunately, chipped cards are no more secure than older cards without a chip for remote transactions, such as paying for something over the phone or buying something on the Internet.
I received an interesting email from Turkish Airlines, which highlighted another method of combating online credit card fraud. Starting on January 31, 2018 if your credit or debit card was issued by a Turkish bank then the customer must first contact the bank and allow the card to be used for Internet shopping, such as buying airplane tickets. If you don’t authorize the card, the online merchant cannot charge your account.
I did some research and found out the rule applies not just to Turkish Airlines. The Turkish Banking Regulation and Supervision Agency formulated the rule and it appears to cover all people whose credit cards are issued in Turkey. The formal announcement of this rule (in Turkish only) is found here. For people who bank outside of Turkey, the new rules do not apply.
The new rule is a very interesting idea. To combat fraud you have to tell your bank that a particular card is authorized to make online purchases. This reduces fraud because thieves who get hold of a large number of valid credit card numbers will find that a significant fraction will not work for online purchases.
If you have only one credit card this will not impact the ability of criminals to make charges in your name. However, I have a couple of credit cards. A few years ago my account information was stolen and thieves racked up quite a bill buying things in Houston, Texas which is a long way from my home.
While I was not personally liable for the charges, it was a huge hassle and quite time-consuming having my card canceled, the charges reversed and a getting a new card. Plus, the thieves got away with the purchases. Since that experience I try to use only one of my cards to buy things over the Internet. This makes it is easier for me to monitor my accounts for fraud.
I would love to tell my credit card company that only one of my cards can be used to make purchases on the Internet. This would eliminate the chance that my other cards could be used fraudulently for online purchases. Locking out some of my credit cards from online purchases would make me better off for two reasons. First, I would spend less time monitoring accounts. Second, if merchants experience less fraud this means their costs are lower and they can reduce their prices. Lower prices keep more money in my pocket.
I am not sure the Turkish system, which requires everyone to opt-in before a card can be used, is the right way to go in many countries where Internet shopping is wide-spread. However, implementing an opt-out system, where anyone could block a credit card from being used online, is a sensible alternative that all major credit card companies should offer immediately.