I feel your pain, as they say. Last summer I was travelling in the Southwest U.S. and my credit card was locked because the computer had tagged it for suspected fraud. It had been used more often than usual and a goodly distance from my home. Duh! I was travelling.

I had to chat with a nice representative of the credit card company and verify my ID with the cashier before I was allowed to pay.

While I appreciate that that the computer was watching out for me, I could have done without the public humiliation of standing in a gas station and explaining myself publicly. You can hear the whole story on my podcast at http://shortcummingsaudio.libsyn.com/index.php?post_id=106432

Seems odd that your bank wouldn’t give you a new card when you asked them. You could always have suggested that it was possible that someone had stolen your card details, and that you wanted a new card as a precaution (which is always what they advise anyway).

Frankie

Kevin: I’ve had this, too. Same bank, come to that.

Someone once told me to pay for something at the airport before you travel (so the bank can obviously track you). As a result, normally, I do. Has no effect. Even ringing the bank before I leave saying “I’m just about to spend a load of money in New York” doesn’t appear to make any difference.

In this particular case, I’d driven slowly to Italy and back, and they decided that they’d suspend my Maestro card on the second-last day; despite having a VISA card that even showed exactly what motorways I’d been using, and despite using the Maestro card on virtually every day of the journey. Intelligent checks? Pah.

Frankie: I agree, I could have lied. I prefer to tell the truth. In this case, I think I’ve discovered quite a major flaw in how CVV-enabled credit cards work.

—sent to my bank…

Sorry to press the point (in reply to the below), but it’s important to me.

It is now a major part of travel to book some months in advance to achieve the best rates; and a standard VISA card does offer some protection for travel purchases, so banks have encouraged their use in the past for this.

I tried to, on a valid VISA card (expiry 02/07), to book a hotel stay for July. The transaction was declined, because my card would not be valid at the time of travel. Since Expedia are required to validate the CVV2 number, which ‘relates to the individual card’, Expedia are unable to accept this card for any purchases for travel from 03/07 onwards (just six weeks time), through no fault of my own.

Your policy is to only send people a new card in the expiry month; indeed, you initially refused to send me a new card on request, claiming (incorrectly) that the purchase should be accepted by the retailer: even though there is a requirement for them to validate the CVV2 number. I’m grateful for the new card, but disappointed I had to ask again.

Your (or VISA’s) policy will result, every two years, with a credit card which I will not be able to use to book advance travel. I’m sure you understand that this is unacceptable: indeed, this policy requires me to get ANOTHER, non-(my bank), VISA card so that I have a valid usable VISA card at all times for booking travel.

I believe this is a valid and concerning point, and is an unintended consequence of the new(ish) CVV2 number. I don’t believe it’s your fault particularly – probably VISA’s – but I do hope I might be able to get this point to someone that might think about how not to irritate your customers every time a card needs replacing. Could you do that for me?

j

—
From: (my bank), Card Services

The cvv2 number relates to the individual card and confirms when authorisation is requested, that the customer has in their possesion a live and valid card.

Your current credit card does not expire any earlier but would be a security risk if you had more than one live card on the account and also the start from date would no longer be up to date.

Whilst I accept your points about travel, this type of thing has happened to me before when trying to check in for flights -I had the same card number but a new expiry date so at first BA wouldn’t take it at check in. I think however, the idea of TWO cards is overly complicated -many people really cannot be bothered to mess about setting their own limits and making sure they have the right card. Plus if it was for a service, i.e. a flight, when the card must be present at check in, it could cause all sorts of problems. It would also pose a problem when travelling abroad, merhcants would become confused over which cards could and couldn’t be used, and as many international retailers dont process international cards in “real time”, they would be accepting cc transactions that were invalid!!!

i want to view you credit card no and the cvv

Okay, it’s 450 – hang on a minute…

The thing that strikes me is that, when you’re using the Internet to pay, especially, you do actually have a tremendously easy way for the banks, merchants, and customers to collude in a remarkably simple way.

Imagine for a moment that I’m in charge.

So, James, you go off to Expedia, and book a holiday. For payment details, you enter some form of username, let’s say “jamescridland459@gnatwest.co.uk” or something. Expedia then creates an invoice code, tallies up the amount, and does some magical lookups, and redirects you to some webpage with all the required details embedded in the URL. (There’s “stuff” to do this in the shape of NAPTR et al, as it happens, so this bit is absolutely not rocket science).

Now, you’re talking to the bank. You’ve got a shiny TLS certificate to prove it, too. You can authenticate yourself to the bank, just as you do for Internet Banking, and authorize the payment. Then you get passed back to Expedia, along with a shiny proof-of-authorization (signed by the bank), which allows them to claim payment. Or prove that it will arrive later, which is perhaps more useful.

Really, there’s no need for the credit card at all – which itself is only designed as a proof of ID. The magical numbers, supposedly forcing you to have possession of the card, aren’t needed anymore – in fact the card isn’t needed, just the account it represents.

I’ve never thought this kind of impossible option could happen. I use my card regularly, but not too often on postponed payment. Probably the best way is to avoid such situation. I suppose the system in credit card services are so rigid and most likely it will be difficult to tweak by those who are in charge.