Why should this require some sort of 'project'?

Bank uncovers details of 'e-crime'

Bank calls Inspector Knacker.

Inspector Knacker investigates crime, catches criminal(s).

<sorry, wandering into fantasy land on that last point>

Courts convict criminals and punish them to the fullest extent of the law.

<oh dear, done it again>

Or don't banks bother to report 'e-crime' at present, because it's somehow more acceptable than a couple of blokes going into a bank branch, brandishing a sawn-off and scarpering with a substantial quantity of cash.

Or is it that THAT scenario takes cash DIRECTLY from the bank itself (and its shareholders, of course), whilst 'e-crime' targets their CUSTOMERS individually, and has little direct impact on the bank. Nah, surely not.

I'd suggest that the banks should perhaps remember this;

No customers = No profits = NO BANK!

But as the G.B.P. are generally a lazy mob when it comes to taking any sort of direct action, like taking all their business elsewhere, then the banks will continue to treat their customers as cash cows.

Ignoring the history of credit cards for a moment.

What would you say if I came along today, and said, here's a payment system, all you need is a number, you give this number out to merchants over the internet and you will receive goods and service. I trust that the number you tell me the merchant you have authority to use. I trust that you are who you say you are. If it turns out to be wrong, I will simply get the money back from the merchant who shipped you the goods and charge them 50 quid for the investigation.

Would anyone go for that?

That's the situation we have with credit cards used online. The problem is the credit card companies don't want to fix it. It's not in their interests to spend money. They'd rather endless whine about all these people using numbers they don't have right to use and demand more online investigations.

They could stop this problem stone cold dead by issuing a one-time token with the credit card for use in online transactions, but they don't. You won't be part of SEPA either so the fix for credit cards in Europe won't be available to you.

I had fraudulent transactions on my debit cards once, and one of the merchants ID's included the web address. I contacted the company who looked through their records and confirmed my name and address. I said that's me, but I haven't ordered anything from you.. they said "You ordered a citroen steering wheel" (among other things) "and had it delivered to an address in London.

I told them I don't own a citroen, nor do I live anywhere near London, but with the details (and a mobile phone number and email address given in the order) I took all the info to the police, expecting them to go around and possibly find an alladins cave of 'stolen' goods.

They didn't want to know. They said "You'll have to report it to the bank, and they'll report it".

Because it was close to Christmas, it was two weeks before I even had the paperwork back from the bank to file the report, in which time the perps probably emptied the flat and moved on.... Makes you wonder why you bother to pay your council tax.

Shouldn't this be classed as criminal negligence by the Police? You report a crime, give them all the evidence they need, and they refuse to do anything about it.

Have you ever tried going after a bank that has defrauded you (breach of mandate or other creative approaches)?

Your options are:

1. complain to bank. If it's not a direct blatant thing (i.e. they got a bit more creative) they will always refer you to the (bank paid) Ombudsman.

2. (after complaint deadlock) the Financial Ombudsman. This group is paid by the banks, and is only halfway competent. Again, if it requires thinking power they will decline to act.

3. the police. If you can show it to be a real criminal act, you *may* find the police could be bothered to take a look. Hard work. Maybe it improves with the Tories, no idea yet.

4. get a lawyer. This is the option the bank prefers, because even if you're right they will keep you going until you're of out cash, and thus out of justice.

Step 2 is where most this should be caught to get banks to shape up, but that's exactly why there IS the Ombudsman. The last thing the banks want is regulation..

The City of London Police? The ones with those nice Scientologist chums?

There are *so* many things credit card companies could do that would cost very little.

Such as:

Having one or more registered email addresses that have a short email sent to them every time more than some user-specified amount is spent using the card.

Ditto for mobiles/SMSs, maybe with a different limit (maybe you want an email for any online purchase, but only SMSs for larger ones)

Some user specified delay before authorising purchases above a certain amount (unless confirmed by replying to email or SMS sent by the card company)

Registration of multiple delivery addresses (to allow things to be delivered to workplaces, relatives, etc, but not to be delivered to any other address).

Allowing the user to choose to restrict the card use to certain countries, with an easy system for making changes for holidays, etc

nine hours on the board

Four comments.

No-one gives a shit, this is why they get away with it.

I read the title, "City of London pilots national fraud project" and naturally assumed that this was a historical piece about the origins of parliament.

David, none of your suggestions address the actual problem. And most of what you are suggesting is implemented, but alerts after the fact don't really solve the problem, and delivery address restrictions depend on millions of merchants cooperating. Additional authorization in the form of "Verified by Visa", and whatever the MasterCard equivalent is, also exists, but is optional and again depends on everyone cooperating.

The main problem the way I see it is allowing PULL money from your account, instead of PUSHING money to someone's account. Credit cards, as well as the moronic personal checks and ACH transfers here in the merkin land, are based on two conflicting conditions: you have to give out your account number to be able to pay someone, and at the same time the account number has to remain secret for it to be secure. It should be the other way around - by knowing an account number you should only be able to transfer money INTO it, not OUT of it. Think PayPal - while not exactly an example of a fraud-proof bank, they got at least the push/pull part right.

Any real improvement in credit card security would require something radical, like making the "Verified by Visa" mandatory. Not going to happen, as it would cut off many merchants and card holders. Remember, Visa and MasterCard are public companies now, so profits above all.

There's a large case about credit card and bank fraud going on now, been going on for years and the banks keep appealing....is called "Excess Charges" so why would they want to bother about stopping a few billion a year when, if they lose the case on charges, they stand to have to refund several billions for the last 6 years. Notice the police aren't involved. I have first hand knowledge of the old and new reporting systems, it wont make an iota, unless the fraud is big enough for a front page Guardian spread for the head of the city police, they cant be arsed to even write it down, all they do is lip service and publicise Tony Neate and his get safe online rehashed websites.