Facial recognition to be required for large bank app transactions

[2lz2p]

Interesting. I have been told, officially, by my Bank, Lloyd's, that they do not need to know when I am going abroad.

Maybe UK and American banks work differently when it comes to dealing with fraud, but if it were me, I would let them know anyway. Can't hurt and if something does happen, they can't say you didn't inform them.

I primarily use a Credit Union Visa card for my purchases here as they charge only a 1% fee vs 3% charged for my bank issued cards. They recently replaced the card with a new type of card and it has a new account number. I used the old one here without need to advise them I was in Thailand. I have used the new one here twice with no problems, again without having to notify them.

About 3 weeks ago, I thought I might use one of my bank issued cards, so I went online to notify them that I would be traveling in Thailand. They now have a notice that such notification is no longer needed as they would notify me of any suspicious activity. So far, I still have not used that card here, so I don't know if or what kind of activity would encounter a problem.

[Gaybutton]

They now have a notice that such notification is no longer needed as they would notify me of any suspicious activity.

If they take the full financial responsibility for any use of the card that wasn't you, then if that's how they want to do it, that would be fine with me. But what happens if they do suspect fraudulent use? I would imagine now you will have to deal with a locked card. Of course, that would likely happen anyway whether you inform them or not.

What I would inform them of, if they don't want notification, is a mailing address if you can provide it, so if they lock your card they can express send a new card to that address.

It is always best to make sure your card never leaves your sight when paying for anything with it. Even if you're going to use it in a restaurant, your choice is to hand it over to the waiter and wait for him to return to your table with the card or go with him and observe the transaction for yourself. But if the card is in your sight at all times, it would be awfully difficult for a crook to clone it.

[Jun]

My current UK banks and credit card providers no longer have notification for overseas travel. I would prefer it if they reinstated such notifications, as it would reduce the probability of them making incorrect assumptions.

I recently had a credit card cloned. The card company texted me about the second suspicious transaction. They phoned me. I refused to talk, as I don't answer the security questions from anyone who phones me. I phoned the card company. There were two suspicious transactions, which they stopped and my new card arrived next day.
The only thing they fouled up is the new card expiry date, which is Jan 2025. As I hope to be on holiday at that time, the replacement card will need replacing again in barely over a year.

Bank security isn't the smartest. I once had transactions on a credit card blocked. The transactions which aroused their suspicion were a lump sum house insurance payment, 12 months after I made a similar payment to the same company and a small monthly payment to my mobile phone company.

[Gaybutton]

My current UK banks and credit card providers no longer have notification for overseas travel.

Apparently UK banks are stating to do that. I don't know if American or Australian banks are doing that too. The part I don't understand is why. Why would they not want that information?

[Jun]

The part I don't understand is why. Why would they not want that information?

I don't understand either, but perhaps so many customers don't provide notification that the banks have to operate without it.

[Gaybutton]

perhaps so many customers don't provide notification that the banks have to operate without it.

If that is their reason, it makes no sense to me. I would think instead they would want the opposite and encourage people to provide that information. Without that information they have nothing to go on. All they would have is what a computer program or a clerk decides is probably fraudulent and now just lock the card.

Even if that is not their reason, it still makes better sense to me to encourage providing the information. Maybe we're missing something.

It also makes no sense to me, getting back to the main topic, that Thai banks are requiring facial recognition for Thai customers, but to date don't even want it with foreign customers.

[thaiophilus]

If that is their reason, it makes no sense to me. I would think instead they would want the opposite and encourage people to provide that information. Without that information they have nothing to go on. All they would have is what a computer program or a clerk decides is probably fraudulent and now just lock the card.

Even if that is not their reason, it still makes better sense to me to encourage providing the information. Maybe we're missing something.

I think what you're missing is that (at least on my cards), they don't "just lock the card". If they have reason to question a transaction they send an SMS to my phone saying in effect "was this transaction really you?" and I reply "yes" or "no". And the decision is not made by a bored clerk but by some kind of deep-learning algorithm trained to look for anomalies - it isn't just looking at your card but at patterns of behaviour across maybe thousands of other cards.

Of course this isn't a perfect solution, but from the bank's POV the bottom line is the bottom line. You can be sure that they track and correlate every transaction and know all the percentages. If cutting the cost of fraud detection saves more than they would recoup by detecting more frauds, they will take the cheaper option.

[Jun]

I think what you're missing is that (at least on my cards), they don't "just lock the card". If they have reason to question a transaction they send an SMS to my phone saying in effect "was this transaction really you?" and I reply "yes" or "no".

In my view:
Best practice is for the bank to use their app to inform you of all transactions and conduct any transaction approvals, if required, as the app still works even after you change the SIM when abroad. They have the option of requiring a fingerprint before the approval, which is more secure.

Sending a text message is inferior, as at best, my UK SIM will be in my spare Nokia phone & is more likely to be in the hotel safe than my pocket.

The worst method I've seen was from Santander, who sent me a text message asking me to phone them for the security checks.
I've no idea how long that would take & therefore have no idea what it would cost from abroad. Possibly several pounds.
I also fail to see why it would be any more secure than the text message method used by other companies.

[Gaybutton]

If they have reason to question a transaction they send an SMS to my phone saying in effect "was this transaction really you?" and I reply "yes" or "no".

How much time do they give you to respond before they do lock the card? Because of time differences, a good number of hours can go by before you're even aware of the message?

Even if they are now verifying by SMS, I still don't see why they wouldn't want additional information in advance. Also, is there some legal requirement to even have a phone? There are still people who don't carry a smartphone at all or leave their good phone at home and travel with a throwaway or buy a SIM card in the country their visiting - which would have a different telephone number. Kinda hard to receive an SMS if that's what you do.

Seems to me a lot still can go wrong.

[thaiophilus]

I have no idea how much time they give you. Like it or not, they assume you are never without your phone. I solve the SIM problem by using a dual-SIM phone.

BTW I agree with Jun that verification is better via the app (more secure, doesn't rely on home SIM, can use phone biometrics) - and incidentally, that's what Santander now does.

I have encountered the "phone us back" process, but part of that is that the number you have to call is a one-off 0800 (so free in UK) number allocated from a pool just for this transaction, so by calling that number you have already identified yourself and they can skip most of the security questions.

As I said, the bottom line is that for the bank the bottom line is maximising the bottom line.