CREDIT CARDS: A License to Steal from Merchants.
by Anonymous
 (subtitled: “A Matter of Conscience.”)

Let me speak off the cuff.  I’m going to drop the formalities, because this subject matter is too, too serious.  I don’t approve of the Credit Card Companies and Banks lack of security and complacent, “not our problem” attitude.   I don’t think they do anything to protect the Merchants, companies who rely upon their service to be paid for merchandise.  And the LAW protects the consumer.  So why not a law to protect Merchants?  Well, there is one, the General Business Law, but the Merchant Banks have an out, a famous word called “the Moto”. Here is a side article about the “Mail Order / Telephone Order” Agreement and it’s flaws and the overall weakness of Credit Cards, from merchants who call the Internet “the Moto on Steroids”. The title of the article: “the Real Victims of Credit Card Fraud”. (click here)    I know, because I, too, have been robbed by my Bank(s).

 

Understand one thing: this article is simply my opinion, based on years of experience with Visa, MasterCard, Discover, IBM, the major Banks, and American Express.  I hold no particular personal beef against any of them, aside from IBM perhaps, because of  IBM’s role in World War II.  

 

Except: I do not believe any business consortium should be allowed to create rules and contracts that are in my opinion, deliberately ‘programmed’ to harm an exclusive segment of Society because the credit card providers are really just too ‘lazy’ to do anything to protect them. 

 

I have come to believe that the Credit Card Companies have been engaging in illegal acts by the million, per day, for about the entirety of the 30 years since their rise to dominance as a commerce method. That illegality in their behavior appears unilateral, it’s called “Credit Card Approval Processing”, and it is a sad commentary on our times: credit card “approval processing” has become little more than a farce, when combined with the rules of the reigning “credit card association club”, it has become little more than a means to “slip one under the radar line” for credit card thieves and improper business practices. 

 

Before I ever became aware of the depth of the problem, I already knew about some of it. A friend who worked for the Federal Reserve, had told me that the vast majority of stolen credit card rings operated right out of the Card Issuing Banks,  involving employees of those Banks, and victimized merchants by tracking the comings and goings of new accounts as they were opened through the marketing companies who placed new merchant accounts in the fields of commerce. 

 

I was at first skeptical. But after experiencing the phenomena of being singled out by such credit card theft rings, who possessed such information about the cards and about us that they just HAD to be obtaining the series of stolen numbers from the banks.  I came to realize that it is an opportunity unscrupulous employees at Banks are dangled like the proverbial carrot: take printouts from their employer and sell them.  Whose to know if a few pages of credit card number and expiration date information disappears from a data center garbage pail, or accounting department?  I discovered the truth went far far further than that.

 

Credit Card Merchant Banking had become a weapon used by major companies with criminal intent, to undermine lesser competitors.  They could actually buy into these credit card rings and target a competitor’s market by besieging them with fraud at every turn.  In fact, the very bank you bank at can facilitate this if you deploy them as your business merchant bank, because employees will talk for money and your account balances are thereafter hardly a secret to your competitors.  What easier way to defeat your competition than track their bank balances and deploy thieves to try and deprive them of same?

 

My discoveries about the nature and lack of security in the Credit Card and Banking Industries have been many and varied.  That does not mean I dislike the Banks or Credit Card Companies, any of them will tell you quite to the contrary.  I’ve worked in my field as a programmer and hardware developer trying to find ways to make processing their transactions more economically sound, profitable and easier to accomplish: for both the Banks and the Merchants.  But over the years, I’ve come to know the side of the Credit Card System that almost no one wants to own up to: one which rips the livelihoods away from small businessmen, which deprives it’s victims of the efforts of their own labor, and which damages our Country because it leads to chaos, bankruptcies, and to theft of money that can be used by Terrorists to inflict violence on innocents.  It has become a form of business terrorism, in my view, and for that reason, I can no longer simply hold my tongue feeling like no matter what I say, it will be ignored. 

Recently, I and a group of 15,000 other companies all signed an agreement to do what we could to cause change in the world of banking by demanding increased security: security at the branches where vicious robberies are taking place every day with little or nothing to stop it, security at the level of privacy as our personal information is being sold for the private gain of bank emp0loyees and security in the borrowing and credit card industries, where employees falsify entries on agreements, affix fake signatures on personal guarantees, and sell out credit card numbers and target merchant information for personal gain.  

 

We shall no longer be ignored by Chase, Citibank, Bank of America, Visa, Mastercard, Novus, or Amex.  Not any longer.  Not while we know that banking fraud lives in the realm of “easy pickens” for fund raiseups by organized crime groups and Terrorist networks.  Lives are being lost because of the selfishness and obstinacy of one group of very wealthy individuals and business: the Credit Card banking system. The picture above typifies the average small business person’s experience: frequently RAPED by credit card fraud, fraud that could very easily have been eliminated had the Banks not been all rapped up in “fat, dumb and happy” cloth.  Each victim’s losses clearly represents suffering the likes of which shames Visa, MasterCard, Amex, Novus, and all other Credit Card Providers with inadequate security and the Banks they rest on.  PLEASE READ ON... 
 
The New World   

We all grow up thinking that life in America is about honesty and fairness.  We believe Banks are beyond reproach.  And we accept that the Government is always working in our best interests.  Sometimes, this is all seems very true.  However, over time, it becomes quite clear that it’s not.  Here is a case where it’s not, something for everyone to consider.  The original reasons for having Banks in the first place, aside from standardizing means of commerce and exchange, was to afford one the security of having a place to deposit money that was sound and reliable.

 

Banks were purportedly backed by the Federal Deposit Insurance Corporation, for example, and you were insured up to $100,000 in losses.  Today, however, if you are a merchant, and someone removes money from your bank account using forged instruments (a forged check, or credit card), that simply is not so.  In the case of a forged check, you lose.  In the case of a stolen credit card, you lose too.  There is no protection.  As a card holder you would be protected by C0nsumer Protection Law.  But what about the Merchant Id holder? No, no protection at all.       

An Honest Merchant has very great difficulty in the USA today accepting credit cards or even checks; there is so much forgery, theft and fraud.  The true victim of all the credit card fraud is not the consumer, who at worse may sustain a $50 maximum of liability (but usually, sustains nothing more than the inconvenience of changing cards and signing a fraud form).  The true victims are the honest Merchants who may be unable to discern a stolen credit card offered them from a legitimate one due to the problems with Fraud. Nearly everyone who has ever purchased by Mail Order or Telephone, knows that delivery of merchandise to a convenient address is the rule of the day.    There is a reason why this happens to Merchants.  It is something that the negligent design of the Credit Card Merchant Banking System of today leaves enormous opportunity for thieves and anti-competitors to exploit.  The truly negligent party is the Card Issuer and their Association, for they provide grossly inadequate security features and are truly incapable of authenticating the actual cardholders in today’s modern electronic commerce society. 

 

The so-called AVS system (Address Verification System) simply is too primitive and, as to international charge cards, simply does not work.  So right away all International Charges have to be made on faith alone.  Secondly, there are more ways to circumvent the charge processing by means of “ship to” addresses, than one possibly imagined.  We noted that nearly 90% of all charges we’d received had a shipping address that was entirely unverifiable.

 

As a result, in this article, I shall attempt to give the Consumer a slightly more than lay person’s perspective on what it’s like being an honest credit card accepter.  It’s not pleasant, it’s fraught with peril, punctuated by the steep charges the Banks issue for the privilege of being, in essence, robbed by any unscrupulous card thief or cardholder wishing to give someone access, who understands the tricks of the trade.  And worse yet, it’s an opportunity for unscrupulous competitors to covertly engage in undermining their competition: by providing motive to an organized criminal credit card theft ring to victimize the competitor.  This practice descends from the ancient art of “selling protection”; where the crime syndicate offers to prevent you from being victimized by, say, labor problems, or vandalism, “for a price”. The price you pay is generally to pay off the syndicate not to engage in the victimizing and vandalism in the first place.  Today, such syndicates know enough to also offer their services to “the big guys” in an industry, e.g.- “pay the price and we’ll see to it that your smaller competitor suffers an unusual amount of labor problems, vandalization, shipment hijacking and credit card / check fraud, pay enough, we’ll make them go under!”  The resulting credit card fraud is what really hurts the Merchant.  And some of the stolen money makes it’s way to Terrorists who use it to buy weapons with.


All because the Card Issuers and their Associations won’t provide adequate and sensible Merchant Protection through implementing pin codes same as they protect themselves on their ATM Cards.  Good enough for them, but something they refuse to provide the Merchants.  It represents “the essence” of illegal Anti-Trust violation, when a monopoly like the Credit Card Associations conspire to enforce a policy that causes a large segment of society or the business community to become damaged as a result.

 


ONLY IN AMERICA!
 

In 1998, when (XXX) obtained its credit card processing system through Fleet Bank Merchant Services, we had no idea what we were going to be in for. We eventually discovered that not only would we be demonized by Fleet Bank due to rising frauds committed by thieves working the Computer Industry, but when we complained that Fleet Bank was awarding charge backs that weren’t even justified, Fleet Bank’s counsel libeled us to the Office of the Comptroller of the Currency, trying to justify what in fact appears to be Banking Industry Wide complicity with stolen credit card rings, a conclusion we’d drawn that was based on the tendency of companies like Fleet to attempt to disguise their routine issuance of charge reversals without justification and their tendency to ignore any complaints by Merchants.  Banks like Fleet appear to hide behind the Merchant Banking Agreement, which today we, at (XXX), call “A License to Steal from Merchants.”

 

Like too many companies, (XXX) had naively assumed that the Banks would look out for its best interests as a merchant client.  (XXX) soon learned that it had another thing coming, that the Bank was only interested in taking the easiest way out to balance it’s accounts, and no matter what the cause, generally charged the Merchant; in most cases even when the Merchant was blameless.  As a result of Fleet’s negligence and that of the associated Bank Card issuers and Associates, (XXX) lost hundreds of thousands of dollars in some of the most frustrating circumstances one might imagine.    


And along the way, it discovered that the Banks themselves are not just negligent.  It appears that this “open door” of virtually non-authenticate-able Credit Cards, has created a window to easy money that not only can be exploited by thieves, but by Bank employees.  In fact, it seems to have become something of an institutionalized form of white-collar crime against Merchants.  Banks appear to prefer to look the other way, only acting responsibly if they fear consumers (cardholders) might rise up and cause the local Attorney General to take legal action.  There is literally no place for victimized Merchants to obtain the same degree of protection to which they should be entitled, and their personal and corporate funds go right down the tubes on the face of Bank negligence.

 

To understand how all this came about, one would have to look at the history of the Credit Card Industry.  From the very first cards such as Handi-Charge, Bamburgers, Macys, Gimbels, to the advent of the Bankcard, credit cards have been difficult to authenticate and merely a convenient means to document an extension of credit, by pre-reserving an account in the identity of the cardholder.  About anyone who could put one over on the Merchant, could use them as a license to steal.  And since their advent, very little has been done to prevent this, since Merchants, individually, not only appear to carry less weight than the consumers, but the Banks refused to do even the simplest things, such as impose confidential pin-code passwords.  And, since many people found that simply running up huge debt and declaring bankruptcy on their Credit cards was an easy way to peel away the debt, Banks already felt they needed a scapegoat or between the bad debt bankruptcies and the credit card frauds, they could not make the system work.  So, the Banks started off believing they were the parties most harmed by having such a system, so they took steps to protect themselves in a way that failed to consider that the Merchant was potentially the party with most at risk.  This led to the construction of a defense to solid, that it led to the “Sleeping Banker” Problem, which I will now try and explain, although frankly, explainable or not, it’s still a reprehensible practice.

 

 

The Origins of the “Sleeping Banker” Problem

 

 

(AUTHOR’S NOTE: Early in 1975, as I was working for Citibank on designs for Credit Instrument Software, I noted in a white paper to management at Citibank and the Federal Reserve, that even though Credit Processing did not have reliable electronic means for verifying individual identity on credit card transactions, that nonetheless, the Banks still needed to take responsibility for their role in allowing charges that would reverse, by depriving the Merchants any means to identify and authenticate the usage of the card.  I at the time labeled the Bank Card as an open invitation to deprive Merchants of their profits, using the Bank Card to defraud them.  Apparently, as a keynote and pioneer in the industry, Citibank took my comments to heart, and the resulting Merchant Agreement instead of requiring the Bank to provide the Authentication I’d warned them that the lack of was a “massive liability cause that could bankrupt the entire Credit Card Industry”, and wrote into the next generations of Merchant Agreement, language which automatically placed liability for any and all charge-back reversals onto the Merchant’s back.        Even though I had argued that a simple telephone number could be set up for the Banks to allow consumers to call in and verify themselves with a numerical password (hence, today’s “ATM Pin Code’) when it came time to finalize implementation, the Bank Card Credit Card Merchant Agreement did NOT require this feature, and it has fallen by the wayside.  Even in 1975, I saw the need for a PIN confidentially gathered and seen only by the Credit Card Issuing Bank, that would verify that the card user was entitled to use the card, thereby eliminating any question of that, and MOST of the associated Credit Card Fraud.           

 

Somewhere along the line… Citibank, Chase and Bank America failed to recognize this huge deficiency.  And yet, at the same time, since I was also writing design work for ATM Cards, Travelers Checks and online Banking, when it came to the ATM Card, Citibank thankfully implemented it’s own Confidential Pin System for Citicard (their first ATM), and was followed quickly in order by the other banks.  But Bank Cards were not credit instruments, and the Banks did not want to set a precedent for authentication of all lending instruments (for reasons that represents one of the biggest Banking mistakes in history.) Banks want to unburden, not burden themselves with administrative responsibilities.  So the Credit Card Pin Code (and the Ship To address) were written out of my design work and I was sent packing to Wall Street to do some more designing and coding magic in another area.  Even then, my contacts with the Federal Reserve resulted in a general agreement from the Fed, that such security would be required.  But it never was.

 

When I complained, I was told “the logistics of offering the pin system to day to day Credit Card Merchants, is too great.         I implored them to reconsider, and having completed design and implementation work, I was reassigned summarily to write and build the first Federal Funds Trading Workstations, and told not to poke my nose into that which I, as a System Developer, didn’t understand.  I understood, they just did not want me going public about the negligence aspect of the lack of Pin Security on Credit Cards.  Or, it might make it’s way to the Treasury Department and ultimately Congress, and result in laws being passed, that forced them in 1975, to do that which we must do today: implement a pincode system for credit cards, exercised at the discretion of the Merchant, or on all transactions over $100 or where the number of transactions for one card exceed that amount in a single day. )    

 

 

Merchants are improperly forced to police Credit Card Charges…
without the proper tools for doing so!

           

 
Banks could always monitor cardholders’ credit worthiness.  But the Merchant couldn’t begin to afford to tell “whose who” from the many credit cards hitting its counter each day. Nor are they allowed to invade the privacy of the Cardholder by insisting the Banks volunteer their private information. It’s like being asked to pull a “rabbit out of your hat!”  But the Banks, apparently, could care less about the Merchant. Today, virtually all losses attributed to improper card usage is paid for by the Merchants, worsened by the ease of abusing the cards due to the shoddy security provided by the Banks.  And here’s why they can so easily victimize Merchants:          


Merchants can’t survive without a credit card system, but they can’t get one, unless they agree to terms to unfair and one-sided, that the Merchant might as well as be swallowing a time bomb, ticking away in the belly of his/her Business.  Every day of the week, Merchants are forced to enter into a contract under duress with the Credit Card “Consortium”, the companies offering various cards and processing services.  There is no two ifs ands or buts about it!  This illegal practice has been going on since 1975, and yet you can’t get a single credit card company to admit it.

 

Many years ago, to avoid responsibility for having authorized credit card charges on accounts not in the possession of the owners, the Credit Card Companies and Issuing Banks conspired to create a single agreement for Merchants to enter into, the so-called “MERCHANT SERVICES” Master Agreement, a huge document of contractual and operational rules and regulations designed to protect the card issuing banks, the associations and to provide the minimums of protection to the Consumer Cardholders as required by Consumer Protection Law.  Among other things, it grants permission to the Bank receiving the funds from the Credit Card Processing System to enter the bank account of the merchant to remove funds to repay charges that were reversed, but the Banks use that same process to go into other unrelated bank accounts and remove funds, often even going into the personal accounts of owners, without any Court process, to remove funds to repay reversed charges.  This entire process has become prone to abuse, with employees in Banks cooperating with outsiders to provide them the ability to pay for merchandise with stolen or conspiracy oriented use of a credit card instrument, causing the merchant to have to pay the bill when the charge-back takes place.  And no protection is afforded under law for the Merchant, because the moment the provenances of any dispute over the removal of funds from a Merchant’s Bank Account becomes rife, the Banks raise the ugly head of the MERCHANT SERVICES Master Agreement, a document so complex that to litigate it’s terms and conditions in Court is left only to the largest class action law firms and biggest law firms in the country.

 

This one-sided agreement and the unaffordable costs of “litigating” over it, leaves the Merchant’s bank accounts wide open for looting, under the right circumstances,  so it seems.  And, it all can take a very ugly turn, when technology companies see a window of opportunity to undermine the competition.

 

In our industry, the widespread use of IBM/Krell and IBM/PC Company technology by banks, appears to have created a “spiritual alliance” between Krell and PC Company, and the Banks, so very little sympathy exists between said Bank’s processing system, and a competitor of IBM, for example, as in (XXX)’s case.  Bounty-like favor banking could result in criminal conduct rings singling out a company like American in favor of benefits available only from IBM, the world’s most powerful corporation.  Accordingly, organized criminal rings of Credit Card Thieves will besiege companies like American rather suddenly.  Some suspect them of being deployed in an anti-competitive manner to undermine the finances of (XXX).  While this appears far-fetched, IBM PC Company and IBM took over Fleet Bank’s and Fleet Bank merchant services’ computer systems from NCR Corporation at precisely the time that American began to experience an assault from a number of organized criminal credit card rings.

 

So, perhaps, the allegation that IBM and Krell might co-opt the processing centers using their equipment, so as to covertly make it easier for credit card thieves to get through the system and cause an (XXX) to be crippled by charge-backs in seemingly legitimate transactions, may not be that far fetched. It’s very difficult to assume otherwise.  


  Opening a Merchant Account is very much like leaping into  the middle of circling Sharks with an open cut on one’s leg.  In no time at all a “feeding frenzy” of Credit Card Frauds might descend upon you, for which you have little defense but to stop taking cards altogether!  And for the privilege, you get to pay huge processing fees?  Talk about a “Den of Thieves”?

 

Like too many other companies, merchants victimized by the lack of security in the credit card system, (XXX) fell victim to the obligatory MERCHANT SERVICES Master Agreement, and became another casualty of it, discovering that the negligence of the Banking Authentication of Credit Cards is a “License to Steal”.  It was forced to abandon the system and find a better way.

 

Consumer Protection Laws protect cardholders, rightfully, from charges charged to their credit cards without their express permission.  This is very fair.

 

But there is no such thing as a Merchant Protection Law that would protect card accepters from charges that bounce for merchandise they sell to consumers.  This was caused by the demonization of the Merchants by the Credit Card system itself.  The Card Companies refuse to segregate the Honest Merchant victimized by the Credit Card thief, from the Dishonest Merchant who simply does the entire deed himself.  There is no real distinction, and that’s the reason why Banks blame the Merchant every time and remove funds from his or her account.  No matter what the constraints of business, it’s considered the Merchant’s fault and he losses the money, when a charge-back takes place.

 

Let’s forget for a moment those merchants who illegally charge things to cardholders deliberately.  They don’t exist for very long and are caught regularly by the Banks.  They are dishonest and the same as the Credit Card Thief.

 

But the VAST MAJORITY of companies who accept credit cards are Honest Merchants (HMs) and deserve protection from theft.  They have virtually none today due to the lack of logical security in the Credit Card Systems.

The Honest Merchant carries the unbearable weight of a massive MERCHANT SERVICES MASTER AGREEMENT on his/her back.


 

The Visa and MasterCard Associations have seen to it that Honest Merchants are demonized by calling the charging of something to a consumer’s card without his or her permission: FRAUD.  They even penalize the most victimized Honest Merchants by taking away their Merchant Accounts, leaving them both penniless and without the ability to accept credit cards.  The FRAUD banner is flag-waved by Visa and MasterCard (and American Express and Novus) in so noisy a way, it assaults Honest Merchants who commit no fraud at all, it neglects to even consider there may be another victim to such crime caused in part by one all consuming fact: this does not accept the fact that when defrauded by a Card Thief, the vast majority of those acts are committed by Card Thieves, not by the Honest Merchant. 

 

When charged back, the losses are automatically diverted onto the Honest Merchant who has no way to defend himself, since to him, the transaction looks as legitimate as any other transaction, in the vast majority of the cases.  The Associations and Issuing Banks simply provide him no means to verify one way or the other, and today, so much identification paperwork can be forged, that many Honest Merchants are now doing away with credit cards altogether, since they can’t be verified.

 

Privacy Laws prohibit Honest Merchants from invading the identity of claimed cardholders.  Therefore, since the Honest Merchant can NEVER verify the user of a Visa or MasterCard or Discover card or Amex card, unless he or she knows the alleged cardholder personally, there is an innate form of FRAUD being committed against every Honest Merchant who accepts credit cards:

 

The Card Issuing Banks and Visa/MasterCard/Novus DEFRAUD every single Honest Merchant in the Credit System, today, whenever the clearing houses, set up by VISA and MASTERCARD to verify credit card holder’s card information, issue an APPROVAL.  Approval is very much like being told you can have sex.  A day later if there were no witnesses, one party could conceivably file a rape complaint against the other for spite.  In other worse, there is no guarantee and no security.

 

The term “approval” is very misleading.  All it means is that the information entered into the Key Terminal or the electronic slide matches the information on file with the Issuing Bank.  And approval can be issued with the cardholder’s address “non-matching”, since the only matches are done on Zip Code and the numbers in the street address.  So a Credit Card Thief who knows the numbers of the street and the zip code of the party whose card number he stole, can easily get even that matched.  But due to the sloppiness built into the entire system of Credit Card commerce, the fact still exists that charges without address or with “no-match” on the address, go through every day of the week.  Merchants who accept those charges are not being very wise.  But, (XXX) discovered that when companies like Fleet Bank charge back just because the consumer threatens or demands it, that many computers of it’s were stolen, and the consumers never paid, and other conditions of the sales, made it impossible for it to obtain payment.

 

(XXX) never expected it’s own Merchant Bank to give away its money without justification, on the strength of obvious lies by cardholders.

 

At the moment an “Approval Code” is issued by a Merchant Bank, the merchandise or service given to the consumer is “IN PLAY” and the Cardholder’s payment for services or merchandise rendered is NOT ASSURED, no matter what the sales literature says...  The Merchant Banking System sets the consumer’s expectations to a) Fear being defrauded by ANY merchant; b) Limit your liability by banking with us!;  c) assume the merchant is out to steal from you, fight for your rights…  when in reality, the Merchant Banking System is, in this context, the organization doing the stealing: from the Honest Merchant.  And smart, unscrupulous Cardholders can get away with murder, too, if they wish! Just con an Honest Merchant into shipping merchandise to a third party location, and charge back the price of purchase.  No ready means short of calling the card-issuing bank exists for the Merchant to easily verify or prove the “drop ship” address was legitimate.  So, he might as well take a razor to his own jugular.  A system intended to ease purchases has now ruined it, it’s become a profit item for Banks and Processors, and a major upset and loss for many, if not most, Merchants.

 

As if the processing fees and penalties weren’t bad enough, then there’s this “little” problem with Credit Card Authentication the Banks have caused… preferring to libel the Merchant victimized by it, than to face up to their obligations !

 

In a vast number of cases, Honest Merchants end up being victimized by unscrupulous card holders who know the system and steal using their cards, end up being victimized by card thieves with good phony identification cards and victimized by the fact that the Honest Merchant isn’t provided the home phone or billing address of the Cardholder, so he or she, if risks warrant it, can call and verify that the Cardholder did authorize use of the Credit Card.

 

Worse, no system at all exists to authenticate “Ship To” addresses.  So consumers who refuse to do business with a company unless they ship to an address that is not registered with their credit card, and very often the Merchant cannot even entirely verify that with the issuing banks that make it very, very difficult, are in fact contributing to the delinquency that has vandalized Merchants throughout the USA.

 

Worse is the fact that employees of the Merchant Banks themselves are conspiring with credit card merchandise theft rings.  In one case, Barclays Bank employees gave out credit card information to a man named “Mark Coles” (a fictitious name he used) and they proceeded to approve and even approve over the phone calls to the Bank to verify the man’s vast charges for memory panels and laptop computers, being shipped to Portland, Oregon.  Even though it’s own employees were involved in the thefts, Barclays Bank simply executed “fraud letters” with it’s cardholders, sent them to (XXX) and others who were victimized, and reversed the charges, causing (XXX) and it’s peers to end up being defrauded by Barclays own Merchant Bank employees and partners of theirs involved in the ring.

 

Plainly, since the Banks won’t own up to the fact that they cause the Fraud by inadequately protecting cardholder identity for the Merchants, and even by looking away from the fact that many card number thefts take place right among their own employees: the Merchant ends up being victimized because he or she is beset by a series of credit card theft rings, who steal from him.  The charges are recharged the Merchant who is simply out the value of that merchandise, and neither the Police nor the FTC nor the US Secret Service will bother to help him recover his damages, particularly if the victim is not deemed “important enough” for the Authorities to bother with.  The Police may try, but thieves have gotten more knowledgeable and use other jurisdictions where they cannot reach.

 

Card verification systems are of dubious value without participation by the Card Processing Issuing Banks (who are the only direct link to the Consumer and the only party who can truthfully verify their identity, since it is their relationship to that Consumer that results in the credit card account), when they do not yet know that the card is stolen.  And, because the Credit Card Companies are prohibited from giving out the billing address of the card holder to the merchant without a Subpoena, at time of sale, there is simply almost no way for the Merchant to verify that the cardholder did intend his or her card to be used.

 

In no time at all, a Merchant’s business can be completely drowned / demolished by the rising tide of Credit Card Fraud, and Fraud can be  used to deliberately undermine the Merchant, too! Some “natural disasters” can be made to happen “synthetically”!

 

So, the Merchants in this country, gradually strangled by the rising tide of Internet sales, the rising tide of Credit Card Theft, and the rising tide of anger over the belligerence of the Banks and failure of the Banks to accept responsibility for their own instruments, which are being used to defraud Merchants in the majority of cases, are crying out for reform.

 

After several hundred thousand dollars of very clever credit card fraud committed mainly by Organized Crime based crime rings slipped in the door at (XXX), it decided it had had enough of trying to argue with the stubborn ignorance of the Office of the Comptroller of the Currency.

 

And so, it took steps to protect itself.  Here’s what (XXX) did to eliminate credit card fraud.

 

a)     Credit Limit.  (XXX) set a $2000 credit limit on all credit card purchases per day, per credit card.           
 

b)     Secured Credit Payment only.  (XXX) hired Western Union Quick Collect / First Data Corporation to collect all credit card payments as CASH ADVANCES ONLY.  Because WU employs a method of registering cardholders, comparing them to records of credit cardholders in the VISA and MASTERCARD databases which (XXX) is prohibited from having access to, and because WU requires callers to call it from home or office, this added a second layer of protection. 
 

c)      Termination of all other Credit Processing.  (XXX) fired Fleet Merchant Services, American Express, Novus, MasterCard/Visa (MAPP), and all other card processors.  We have since tired another Merchant Service, only to discover that for some, even having a single Chargeback is enough to have a call from “Loss Prevention” accusing the Merchant of Fraud and engaging in intimidation.  We fired them (Nova) too.       
 

d)     Elimination of the Card Processing Overhead from it’s pricing.  (XXX) would have been charged, on the average, between 8 and 10 % for Internet based and between 2 and 3% for walk in Credit Card processing by traditional Credit Card Processors.  To accommodate this fact, (XXX) reduced its prices by 5.2% to extract the overhead associated with credit card processing.  Not only did this make American’s prices more attractive, but also it accommodated the fees charged by Western Union for Quick Collect, which turn out to be less than the overhead (XXX) was required to charge all buyers to cover the costs and losses of the Credit Card system.      

 

Through these steps, (XXX) has eliminated ALL Credit Card Fraud (so far).  But it still has to explain the inconvenience.  For some reason, Consumers who balk at all the potential for credit card fraud, give up their numbers anyway when making a purchase, right over the phone, to those they’d never met.  Yet in American’s case, it never sees the charge card, it goes directly to the Credit Card Processor, in it’s case, First Data Corporation (one of the largest processors in the world), thereby preventing the Consumer from losing control over it, since American NEVER sees it.  Even then, the consumers/card holders for some reason have a mental block over why that protects them.  Since American does not see the card number, American can only be paid the precise amount that the cardholder authorizes Western Union to take out, no future charge against their card can take place, because Western Union, First Data, would be in pretty big trouble as the country’s largest credit card processing Merchant Bank provider to Banks, were it to steal the consumer’s card numbers (particularly since it has the entire database of ALL Card Numbers and identities right in it’s own computers.)  By eliminating itself as the middle man on charge purchase, American has naturally eliminated both fraud to itself, and fraud to the consumer.

 

However, if you though that spelled the end of a disaster, you’d have it wrong.  For a year after doing so, (XXX) continued to receive chargebacks, long after the guidelines of the Visa and MasterCard MERCHANT agreement.  Fleet Merchant Services continued to charge back items for no reason other than the cardholder falsely claimed they had never received merchandise, even on the face of signed delivery receipts and copies of technical support calls from the very users of the PCs claimed to never have been received.  All told, (XXX) lost 19 computers that way, for which it was never paid.  And the consumers in question were found to have been in league with the credit card thieves, allowing them to use their cards to engage in the theft in the first place.  The thieves were members of a North New Jersey syndicate, and they and the consumers who allowed their cards to be used, are in the process of being sued by American on a collection basis. 

 

But American was never able to get any assistance from the Secret Service or the FTC.

 

So it has indicated it’s intent to include Fleet Bank Merchant Services in the lawsuit, but since that is expressly forbidden by the Merchant Bank MERCHANT agreement, it is likely they will get away Scot-free.  Which appears to be why organized credit card theft rings conspire with Bank Employees in the first place: they are easy to corrupt, and have access to information that gives them the ammunition they need to engage in a license to steal.

 

Meanwhile, (XXX) discovered after shutting off the Credit Card based thefts, by taking the foregoing steps, that it was not to be granted any reprieve.

 

Since that date, it has received millions of dollars in forged Bank Checks on every conceivable form of transaction, busying it out investigating them.  While none have succeeded in getting American to part with merchandise, the Checks arrive at a rate of about a half million dollars every week, all of them forgeries. 

So, perhaps it was not too far off when it considered that perhaps Organized Criminal Rings, working for its competition, were out there trying to undermine it.  In fact, it’s also become very vogue in the “Hacker” community.  For example, a page at  “theInformationCenter.com” offers for $6.00, information on exactly how to steal:

23. Credit Card Fraud     $6.00           

This publication shows you how the thief visits a busy shopping mall, and within minutes he obtains credit card information, and the store's 1-800 number to credit checks and the store I.D. number. He remains completely undetected. Within minutes he knows his spending balance. This report shows you the super scam, where the thief can even get a "temporary credit number" by phone. after he (the thief) reports the card stolen! Then he can request instant cash!  This publication is to alert the public and merchants of this scam.

FOR INFORMATIONAL PURPOSES ONLY!

 

An entire company organized for the purposes of selling services and providing database lookup for a premium, of fraud cards, “CardCops.com” is in operation, soon to be followed by a large number of same (it is presumed that CardCops is operated by Verified by Visa).  The sad fact is that the Credit Card Companies still purvey the “unscrupulous merchant” as the primary cause of Credit Card Fraud, a matter of impropriety to cover up their own responsibility.  To answer CardCops.com’s question, “who is ripping off all those merchants?” with a single response: “The Credit Card Issuing Banks and Associations, for not providing better security.”  Meanwhile, CardCops.com represents a growing, burgeoning industry of “enhancement”, that includes companies like “AVS” and “Tel Iniac” Corporation who provide techniques that may reduce credit card fraud a bit, but are wholly inadequate at responding to the gravity of the Credit Card Negligence that leads to it at the Banks.    

 



Meanwhile, the head of (XXX) took it upon himself to document every aspect of what had happened to the legal affairs section of the Federal Reserve and the US Department of the Treasury.

 

He asked for one thing and one thing alone: adoption of the 6-Digit Confidential Pin for all Credit Cards as an option any Merchant could require when selling merchandise.  Such a Pin would only be entered electronically by the cardholder and seen only by his card issuing bank’s clearinghouse.  The Merchant would never know it.  It would serve to identify that the cardholder was the actual cardholder, and all of the associated credit card fraud would dematerialize almost overnight.

 

He also asked for a similar capability in the authentication of Checking Accounts, so that someone who received a check could require a check writer to contact a processor and enter the confidential pin for that checking account, which could be verified and the results transmitted to the Merchant, to provide the same Authentication feature.  

He also notified the FED that the elimination of any Merchant contact with the Card’s themselves, would also be a step in the right direction, that is, make the entire Card Processing solely between the consumer and the Merchant Banking System: to buy something, a consumer would slide a card with only his or her name on it, through a mag stripe reader, or would engage an electronic system that identified the consumers account in a manner that bypassed the Merchant altogether. The Merchant would simply provide the buyer’s name, address, circumstances and purchase price/merchandise to the Card Processor, along with his/her merchant number.  Upon success, the Card Processor would debit the cardholder’s account and credit the Merchant’s, and the Merchant Bank would solely do it at the liability of and through direct verification and it’s Card Issuing Bank’s cardholder.  Once paid, only a standard return complaint process, if any, would be available to the consumer DIRECTLY with the Merchant.  Refunds would be directly between the Merchant and the Consumer, with the option of the Merchant crediting it to the Consumer’s Card, Bank or issuance of a credit check, depending upon the Merchant’s posted policies. If over debiting took place, or double charging, that would be the responsibility of the Merchant Bank and consumer to determine, either way, the Merchant would only receive the payment he/she entered onto the invoice, and no chargebacks or fraud could take place. 

 

In this “future vision” of how charges took place, the Merchant Banks would be forced to provide more processing facilities for real time transactions, and would endure more liability, therefore, they would be more careful to provide security on the Credit Card Authentications, and to verify the Merchants better, too, so they didn’t end up with problems from Merchants who somehow seemed never to deliver agreed upon goods or merchandises, they’d loose their credit privileges…  It might very well spell an END to the Credit Card Fraud problem, literally.

 

We concluded at (XXX) that the real Simon LaGrees in this system were the Banks who created Visa and MasterCard, that is, Citibank, Chase and Bank of America, who never once voted to create this degree of Merchant Protection, something so simple it beguiles the sensibilities as to how it is they could have let so egregious a situation go on for so long.

 

  Sometimes even the BANKING BUSINESS must recognize that others rights that are trampled by their services deserve to be protected.

 

(XXX) has considered a future Class Action may issue against the Credit Card Issuing Banks and Associations on behalf of all Merchants seeking to compel them to voluntarily create their own confidential 6-digit Pin system for Credit Cards, such as is used by them for their ATM Cards today.

 

“That’s why they use the 6-Digit Pins on ATM Cards, today – they don’t want to be victims of the deceit potential from plastic credit cards, either!” remarked one (XXX) executive, who punctuated his remarks with a fist on the table.

 

I felt his comments were an understatement, because of the negligence towards Merchants that such represents. It’s time to demonize the right parties: it’s the Banks who issued the cards and the Visa/MasterCard/Novus/Amex system who are at fault here, plain and simple, and the lack of a 6-Digit confidential pin and similar systems that they should have implemented long ago, that would have alleviated the problem.  They messed up “big time”!  And we’ve all paid the price.  On the International Scene, you can’t even get a credit card address verified, the big Euro Banks won’t match the shipping/billing address you were given to the card holder’s account billing address for you and say “Match” or “No Match”, just “not on file”.  So you can’t even accept international cards.  This situation is vastly worsened by one added dimension.          

Because today, Terrorist Organizations are using this wide-open hole in the system, to fund terrorism, they steal merchandise with stolen credit cards, Merchants pay the bill, and they buy explosives and cell phones and then blow up nightclubs in Bali, Oil Tankers off the cost of Yemen, and fly planes into the World Trade Center.  Many get their money from a combination of credit card theft and from extortion.  But the lack of Merchant Protection and Authentication is an open invitation to any Terror Group to jump right in to the credit card theft business, grow rich, and murder civilians in vast numbers.

 

So, if you want to blame someone?  Blame the Credit Card Banks for leaving this miserable opportunity lying around and failing to provide Merchant Protection.  It’s a scandalous situation: the Banks should be punished for forcing it on the Merchants.      

And the cost, in lives, from Terror continues for so long as the Banks exercise unfair power in preventing laws from passing that would force upon them use of 6-digit pin code processing for the protection of the Merchants…  We like THUMBCARD.COM because it is a bold new concept, replacing money and credit cards by putting them into storage behind your Thumbprint and a designated confidential pin code, and rendering payment through a Thumbcard.com OWNED terminal at a store.  That terminal causes Thumbcard.com to pay your bill, directly from Thumbcard.com to the Merchant, while Thumbcard authenticates you are alive and have a pulse, a thumbprint and a confidential pin that no one else may see.  It’s virtually flawless. Presenting a phony Thumbprint does nothing.  Trying to use a fake or deceased Thumb doesn’t work.  Trying to electronically copy a transaction and resubmit it, altered, also is impossible.  Aside from trying to crack double encrypted PGP like encryption, with encrypted tokenization and Rubik’s cubing within it, the system uses multilayer-multiway encryption, and Thumbcard has every piece of their company in a different dominion, deliberately, so no one part of the company can forge or gain improper access to a transaction.  The results: if Thumbcard.com catches on, NO ONE WILL HAVE TO CARRY MONEY OR CREDIT CARDS, Thumbcard.com will be able to pay your credit card to a merchant, and if used by a merchant, receive payment to a bank account.  It works in both directions with FLAWLESS and PERFECT authentication.


IN OTHER WORDS it means an END to FRAUD.  And perhaps even most MUGGINGS, and Bank Robberies, since Thumbcard includes a flawless means for preventing forced payment through threat of violence.  It makes it possible to be anonymous and pay everything safely.  And, last but not least, it makes it impossible to rob a Merchant by falsification of identity.  It’s literally impossible.  Thumbcard.com will actually be soon up and running, and available to protect every Bank and Credit Card Company there is, and consequentially, every merchant and cardholder, from the trials of credit card and checking fraud.  And all without so much as a complaint.

 

Mr. Average Credit Card Merchant: EASY PICKINs for Credit Card Fraud Artists and Thieves, thanks to the Merchant and Card Issuing Banks!  It’s TIME for a CHANGE !!

 

 

© Copyright 2002 (XXX) Scientists Association Inc.  All Rights Reserved.

 

All referenced Trademarks are the property of their respective owners.