[MyNameIsFred]

They most certainly do not "handle it just fine". They are highly scammable, they know it, and it's "solved" my moving as much of the burden and repercussions onto the consumer as possible.

I've had my identity stolen, and both my wife and I have been mistaken for somebody else. There ARE way to move past this condition (inline with Google Pay, apparently), but it's just done via trust. Or apathy. Or acceptable risk. Or some combination thereof. It never truly goes away.

[brownbat]

Huh. I've had credit card companies call me proactively when they thought something was wrong, before I caught any stray purchases. They refunded the money before I knew my card was stolen. So that was nice.

But then I've also heard pure horror stories about stolen identities, and I am genuinely sorry you faced any of that.

So what's going on here...

I think this is due to one aspect of their model that is ultimately an improvement, even though it still completely breaks at moments.

+ + Your card number is not your account. + +

Ie, if your CCN is compromised, it's disposable without starting your relationship with the company entirely from scratch.

Your "identity" though is not disposable. Your identity controls your relationship with the company and is not disposable. That causes major problems when hijacked, as it did for you. And that's not fixable (or at least not easy to fix at all).

So while we might not be able to solve the problem with identity, we can create firebreaks -- disposable parts of the infrastructure that attract some thefts because they allow quick wins. Ie, CCNs provide access to money. That funnels a lot of theft towards something that is easy to monitor and patch.

The identity theft remains an issue, but hopefully hits fewer people.

One thing that makes Google struggle is that they combine all of these interactions together. Nothing is revocable without resetting your entire relationship.

Given that they started as an email service, I have no idea if it's even fixable from where they are.

[pishpash]

How is the Google way not even more so "moving as much of the burden and repercussions onto the consumer as possible"? They let fraudsters kill your accounts just so they don't have to take any liability or staff humans.

I've said this and will say it again, Google doesn't know how to deal with humans. They've failed in every endeavor where humans have to be in the loop.

[bryanrasmussen]

I was going to say this but then I realized that what was meant by consumers was of course the people buying the services from the people whose accounts are cancelled. So the argument is that in the credit card world it is harder to cancel the accounts of scammers, and the people who buy from them must suffer more.

Not sure if I agree, and it does seem to me that Google's way is worse because at least there are some legal protections for people (consumers) who are scammed in the credit card way but in Google's way there is no protection of any sort for people whom the system dislikes.

[kiriakasis]

Not to defend google but the problems they are having now to access their own google play are the same problem a scammer would have to go do it.

It does not look like a perfect balance, but they apparently err on the security side.

[hennsen]

A bank solving your issue as “acceptable risk” and trust, and it results in me being able to access my card and bank account, to me it’s “just fine”.

If google takes the path of rather locking everything down then risking to lose a cent, it’s safe for them and bad for customers... not fine.

Sure risk is never just dissolving into light, nuce smelling smoke. Someone has to take and handle it.

I propose it’s the company who makes billions to handle it gracefully for customers ...

[ardy42]

>>>it's an unsolvable fraud/scammer problem.

>> credit card companies and traditional banks and credit unions handle it fine.

> They most certainly do not "handle it just fine". They are highly scammable, they know it, and it's "solved" my moving as much of the burden and repercussions onto the consumer as possible.

That's false. I'm credit card companies are required by law (at least in the US) to shield customers from the repercussions of credit card fraud.

I've had my card number stolen twice, once by someone who used it in the same metro area as I live in, and it both cases it went about as smoothly as you could imagine.

[smsm42]

> it's "solved" my moving as much of the burden and repercussions onto the consumer as possible.

I've had fraudulent charges on my credit card several times, and I've had checks stolen, and in no case I had any repercussions and financial burden shifted on me. I didn't pay a cent, and both credit companies and banks never tried to claim I am responsible for it - they rolled back the charges and reissued account numbers and that was it for me. Maybe I'm just exceptionally lucky, but my impression from other people that this is what happens in most cases like mine. Of course, whole full-blown identity theft is a different matter, probably harder to handle.

[akimball]

Nothing ever truly goes away until relativistic effects dominate.