17 April 2017
Intercontinental smash and grab
A couple of weeks ago, one of my credit card numbers was compromised. This is all too routine these days, and the credit card company detected and removed the suspicious transactions quickly. What I found notable, however, was the fact that multiple charges were attempted in different currencies in rapid succession – an Australian on-line merchant, German Amazon, and so on, alongside fast food vendors in New York, and that at least some of them hit almost simultaneously. As I spoke on an incoming call from the card vendor’s fraud department, I could see successive charge notifications overwriting one another on my cellphone’s display. I’d think that the fact of closely-spaced transaction attempts across numerous countries would be likely to raise risk flags – even though less definitively today than when cards were ordinarily presented across counters by hand – but perhaps fraudsters may still find that a dispersed attack improves the expected value that’s obtainable in the narrowing time window before countermeasures can respond. I don’t know if and where there may be variable delays for transactions to propagate through different payment systems, but maybe this is also a factor.