Let’s talk about fraud prevention

Debit cards are amazing inventions. Wherever I am in the world, I can get access to the cash in my bank account through an international banking network (for a small fee). The name ‘Visa’, originally applied to credit cards and now increasingly found on debit cards, was adopted as a symbol of this worldwide acceptance.

Well, that’s how it should work, anyway.

Unfortunately, the modern prevalence of identity theft has caused my bank and many others to introduce a cumbersome fraud prevention system on top of this freedom.

I first encountered this in force on a business trip in September – I tried to take money out of a cash machine in Taoyuan Airport, Taiwan without first contacting my bank to say I was going out there. Reasonably enough, it refused the transaction.

OK, so I should be able to call some 24-hour service, like my telephone banking, and get my mistake sorted out, right? That would be the reasonable thing to do at this stage for good customer care.

Well, here’s how Halifax approaches the “suspicious transaction”:

1. Wait until “reasonable hours” in the UK timezone. Never mind what timezone the suspicious transaction occurred in, even if UK time is the middle of the night there.
2. Have an automated message call the customer. My network charges me £1 per minute to answer calls when I’m abroad – so do many other networks.
3. If the customer doesn’t answer, wait a few hours and call them again. Repeat ad infinitum.
4. When the customer finally does answer, reel off a list of transactions really slowly, including legitimate ones, and ask the customer to confirm each one by pressing keys.
5. After the customer has confirmed the activity is not suspicious, hang up and don’t give the customer any option to deactivate the fraud protection.

Thoroughly useful. So, let’s ignore that costly and largely pointless process. (Although couldn’t it be made, like, a billion times simpler, cheaper and less intrusive just by using SMS instead of a call?)

So I called my 24-hour telephone banking to try to get the block lifted, only to find that function is not available to the operators and the department that deals with the block only works regular UK hours, so I had to wait until a hideously impractical time in the afternoon to call again and lift the block, which didn’t actually happen until the following day. Great.

Well, I won’t be doing that again, I thought. So when I had to go to the USA for another business trip this month I was careful to tell my bank all about the trip beforehand. With glee I inserted my card into an ATM on arrival and lo, “transaction denied”!

So I waited again for UK working hours, in the middle of the night of course, and allowed myself to be awakened by the pointless automated call at 4am then immediately called my bank. “Oh, it says on the system that you’re in the USA but for some reason the fraud prevention hasn’t been transferred.” Great. Luckily, this time they were able to sort it out on the spot and I wasn’t cashless the whole week.

There’s my rant. Now, here’s what I think banks should do about this:

1. Be considerate about where the suspicious transaction happened. There are always hours when the UK and place X are both awake, so consider making the call during those hours.
2. Maybe use SMS (or email?) to save the customer money and complications if they are abroad at the time.
3. Make sure there is a way a customer can verify his/her identity over the phone and lift the block at all hours. This should easily be possible with an automated service because you already use one to verify the transactions were legitimate.
4. By all means take fraud prevention seriously, but please also take your customer’s satisfaction with the service you offer just as seriously!

If anyone knows a bank that operates like this, let me know and I’ll switch!