Distance Debugging Logo

Debugging on Vacation

December 28th, 2006 ::

Sorry about the week-long absence. I took a family vacation and was out of the clutches of the internet for a few days. While it was a nice change of pace, even when I am ostensibly on vacation, I tend to stumble across interesting problems, or in this case, solutions to problems.

I always wonder about credit card fraud prevention when I am on vacation. Basically, I normally have a bunch of charges from one physical location, and then I suddenly have a bunch of charges in a new physical location. On it's face, it seems like it would be very difficult to separate out the vacation credit card usage pattern from the stolen CC# pattern. However, using my credit card in another state rarely seems to trigger a fraud alert from my credit card company, while buying a computer that is shipped to the billling address does, for whatever reason. I guess this is what the bayesian or whatever predictive model they use tells them. This always concerns me though.

This trip, I stumbled upon what I think is a new wrinkle in the out-of-state credit card fraud prevention system. When I went to fill up my rental car's gas tank, I used my card as normal, only this time it asked me for my zip code. At first, this prompt had me totally befuddled since I was expecting it to simply ask me to "lift nozzle" as usual. Then it occurred to me: what an ingenious way to prevent out-of-state usage of a stolen credit card number! If my credit card is stolen and used by some unknown third party, the likelihood that they will have any idea of the billing zip code for that card is almost zero, while a legitimate card user will have a close to 100% chance of knowing it (barring odd edge cases like borrowing a friends' card). It's a great example of getting something right that supposed security systems screw up all the time: a security policy that is at most a small nuisance to legitimate users, but a significant hurdle to illegitimate users. I might be reading too much into this simple prompt, but I'd be curious to hear if any readers have had this experience in their day-to-day credit card usage, and if it is a relatively new enhancment.