Internet Fraud – Why Don’t All Banks Do This?

According to Apacs, UK credit and debit card fraud when the cardholder isn’t present – which includes the internet, mail order and telephone orders – jumped 37% in 2007 to £290.5 million. And there’s no doubt that the fear of fraud discourages people from buying online. For example a recent Post Office survey found that it was the biggest factor stopping people aged over 50 going online all together.

And this of course has an impact on how much you and I earn online.

In the UK, if I purchase something online, I generally enter my card details, name and address and the order gets processed. I can even select a different delivery address to my cardholder address. The only extra level of security is entering the three digits from the back of my card – three digits that once shared potentially compromises this as a security measure anyway.

I recently had an all together different experience while buying a laptop online in Spain using my Spanish credit card.

After proceeding to the checkout, I was prompted to enter my address and card details which I duly did. But rather than the order then being processed I was taken to an additional screen requiring me to enter a ten digit number – a number unique to this transaction.

The screen told me that the ten digit authorisation code would be sent to my mobile phone by my bank. And sure enough within a second or two a text message arrived from my bank with the authorisation code.

I was then able to enter it and complete the purchase.

Now supposing someone else was using my card details to buy something online. Unless they also had my mobile phone they would have been unable to complete the purchase. What’s more I would have received a text message saying someone was using my credit card details fraudulently – in real time – and I could have alerted my bank immediately.

This must surely reduce both instances of online fraud and the fear of online fraud. So why don’t all card issuers do this?