re: Getting the Customer Involved in Fraud Prevention
This is old news. Card issuers have been doing this for years. I work in the industry and we use dozens of individual patterns to evaluate if a transaction is likely normal or fraud.
The point everyone is missing is that the cardholder has very little ability to protect themselves from most fraud because most of the time it's security breaches into poorly protected merchant systems that create the problem in the first place.
Merchants have a lot of liability protections to avoid chargebacks and losses from fraud. The irony here is the card issuer is usually the one that takes the losses for fraud, yet the card issuer has no control of the cardholder or the merchant's security practices.
Also, the card issuer does not control whether passwords or PINs are used to verify a cardholder. It is up to the merchant or the processing network if those controls are available or even turned on. Additionally, in order for any verification control to work, every card processor must be able to support it.
It's not as easy as it sounds to "just add security," which is why it takes years and years for standards to be created, software updated, and POS devices replaced to support new security standards.