Tech Tidbit: Detecting Questionable Credit Card Charges
This morning’s post is tangential to my normal musings about the family help desk. However, since many of the unwanted or fraudulent credit card charges start with activities that either you or your family do on your network, I think it’s apropos.
If you pay the credit card bills for your family, I suspect you’ve noticed the occasional item that just doesn’t seem right. The name of the payee is obscure. The amount is likely small, but not insignificant. Finally, talking with other family members, no one has a clue where it came from. If you decide it’s worth your time to investigate, you probably figure out it’s legit. However, it might have been something else entirely, like a monthly fee for a service you inadvertently signed up for while ordering something else. Couple that with what seems to be a continuous stream of news stories about credit card information getting hacked, including the latest example (thanks to Bob Sullivan of msnbc.com).
So, what to do? The most obvious method is to carefully screen all your bills for questionable transactions. However, it’s you against the world. When you find something, tracking it down will take time and effort. I was happening to be reading Bob Sullivan’s RedTape Chronicles this morning and he posted an article entitled Are these questionable charges on your credit card? A good list to check. In the article, Bob notes that the information comes from a service called BillGuard.com. So, I was intrigued and did a little research.
Billguard.com is a free service that will monitor your credit card transactions and flag any transactions that are questionable or outright fraudulent. They scan daily and when they detect something, they provide the information via email in real-time. Also, they will send a monthly report, where you get a rollup of your activity (source: the company website):
They have been described as “Anti-virus for credit cards”. I have to say I’m intrigued enough to try them out. However, in the spirit of full-disclosure, I’ve not actually used them yet. What follows is my investigation into the service and the company.
To start this process, you need to sign up for the service at BillGuard.com. Before signing up, you’ll need to have ready the login information for the various cards that you want to monitor. Yes, that’s right, your login and password. I have the same angst about that that you likely have right now. More on this below.
When you sign up and provide the card information, BillGuard uses a third party service called Yodlee which is a financial account aggregation service. You might be using their service yourself to access all your credit card transactions in one screen. They encrypt, then pass your credentials for your various accounts to Yodlee to both validate and provide BillGuard read-only access to monitor your credit card transactions. According to BillGuard, this is all they provide, no other identifying information. Also, they only maintain your account information. They don’t ask or have access to other identifying information like SSNs. See the company’s security FAQ for more information.
Beside monitoring your accounts, the thing that’s really interesting is that when you note that a given transaction is OK or not OK, they capture that data point, which they add to existing information to help them determine the legitimacy of a given business’ transactions. They state that the more users they have, the smarter the service. This is their “magic sauce”.
The company has one service at this time, which is BillGuard, which was launched mid-last year. They appear to have significant venture funding and have received significant media exposure.
Though the terms and conditions of their service include a provision for advertising, they are working to get banks to pay the bill. They are aggressively pitching this to banks to provide this service as part of the bank’s suite of consumer tools. This makes sense since (a) banks want to appear to be very consumer friendly and (b) anything that will reduce calls for legitimate charges is desirable. Also, I’d also think that getting access to the database of questionable vendors, has to help the bank be more efficient in finding trouble.
As noted above, I have some concern about giving a third party my login credentials. This is exactly what we’ve been told not to do all these years. To be fair, that caution has largely been aimed at phishing expeditions where you don’t know who really asking or why. In this case, they are a legitimate business providing a service that appears to have significant safeguards in place. Also, they are only asking for the minimum required to provide the service. You’ll need to decide whether the tradeoff between privacy and the benefit seems makes sense.
Let me know if you use this service and what you find.