Another Credit Card Fraud Detection Fail

I recently wrote about challenges with using my Citi Costco Anywhere Visa card while in Japan. Shortly thereafter, we visited Singapore, Indonesia, and Thailand, and given my previous experience in Japan, I was ready to use my data-only eSIM to login to my Citi account to approve purchases if they had tripped the credit card fraud detection.

Moments after landing in Singapore and retrieving luggage, I was ready to use the Grab app to request a ride to our hotel. I was feeling confident about using Grab, as I had set up my account while in the United States, and it had even placed a $1 charge on my Citi Costco Anywhere Visa card to verify my credit card during the account setup process. After selecting my destination and choosing the kind of car I wanted to ride, I expected the payment process to occur smoothly (foreshadowing). However, I was taken to a Visa verification screen and was given the option to verify my identity via phone or SMS text, neither of which I had access to with my data-only eSIM card. Even though I was unable to verify my identity, I was still allowed to request the ride and pay the driver with cash.

Interestingly, after being forced to pay with cash for our first Grab ride in Singapore, I was able to pay with my Visa card on a subsequent ride without the additional verification step. After landing in Indonesia, I was also successful with paying for a ride on Grab with my Visa card, but in Thailand my first Grab ride was intercepted again by Visa, so we took a taxi instead (we had not yet exchanged currency so were unable to pay in cash). Because the identity verification was not initiated by my Citi Costco Anywhere Visa card but rather by Visa itself, I was unable to approve the usage of the card by logging in to my Citi account. As prepared as I thought I was, it turns out that I did not anticipate this particular hurdle.

After returning home and doing some research, it appears that the additional verification was likely due to the Verified by Visa program which was later rebranded as Visa Secure or EMV 3-D Secure. EMV stands for Europay, Mastercard, and Visa — the three companies that originally created the global standard for secure chip-based payment cards. They claim that their fraud detection is user friendly.

In my personal experience, the Visa fraud detection algorithm has the greatest chance of triggering a verification event when users are purchasing things online or when traveling internationally. For international travelers, I think they really need to provide an email verification option in addition to phone and SMS text. The lack of this option makes this feature very user un-friendly in my opinion. I fully understand a credit card company’s need to minimize fraud, but the experience for law-abiding customers has room for improvement.

Meanwhile, although I have not fully validated this approach, a possible way to avoid these problems when traveling abroad while using a data-only eSIM plan is to use a Google Voice number as your main contact number for your credit cards. Google Voice will route voice and SMS text to your Google Voice app using data, so in theory you should be able to authenticate through this method.

3D Modeling Streets and Terrain

I previously wrote about a couple of websites that allow you to create STL models of Earth’s surface: Terrain2STL and TouchTerrain. I recently discovered another website that allows you to create 3D models of both terrain and streets: Map2Model.

While Terrain2STL and TouchTerrain focus on generating 3D models of terrain, Map2Model is focused on generating 3D models of “typical” map features such as roads, buildings, water, and other features.

Start by searching for an address or a named location, then zoom in/out and center the map where you’d like to generate your 3D model. Choose a shape for your model: rectangle, square, circle, etc. Then position and size your shape on the map and press the “3D Preview” button to view, zoom, and rotate your 3D model. If happy with your model, export it in either 3MF or STL format.

For roads, water, grass, buildings, sand, and piers, there are settings that allow you to modify colors, model height, and other options which are useful if exporting in 3MF (but will not be represented in STL files because those file represent only geometry data). There are experimental features such as adding topography (similar to the terrain-focused 3D modeling websites) which in my experience with a few locations works pretty well.

Resultant models can be used for personal use, but for commercial use you’ll need to obtain a commercial license. Many thanks to Smoggy3D for developing such a nifty application!

Android Battery Percentage Fail

I inherited a Samsung Galaxy A32 5G phone. According to Wikipedia, it was released in January 2021, which makes it about 4.5 years old. It was dormant for an unknown period of time, and the battery was completely dead when I first took possession of it. After plugging in a USB-C cable to charge the phone, I noticed that the battery did not charge past 9%, even after paying close attention to the battery indicator for more than an hour.

My intent was to sell the phone, and if the battery was near the end of its life, I would have reduced the asking price. That’s when I asked ChatGPT for advice. It responded by saying that while the battery could be degraded, there were other reasons why the phone would not charge past 9%, including:

• Faulty or dirty charging port
• Defective charging cable or adapter
• Software-related issue causing the system to report incorrect battery percentage
• Hardware issue on the motherboard or charging circuitry

It recommended the following steps to troubleshoot:

1. Try another cable and charger
2. Clean the charing port carefully
3. Force restart the phone
4. Check battery usage and health
5. Try charging in safe mode

I tried #1-3 but to no avail—the phone was still stuck on 9%. I could not perform #4 because I could not download a battery checking app without signing in, and I could not run existing T-Mobile diagnostic apps without signing in either. So I skipped to #5 and booted into Safe Mode by (1) holding the power button, (2) long-pressing the “Power off” option, and (3) tapping the “Safe mode” icon. After booting into Safe Mode, the phone indicated that the battery was at 85%, and with further charging it eventually reached 100%. I then proceeded to install a flurry of operating system updates, with each update displaying what appeared to be the correct battery percentage.

Safe Mode saved the day for 2 reasons. First, it allowed me to display the correct battery level. Second, I was unable to update the operating system because the phone required me to charge the phone to at least 30% before installing a software update. Safe Mode allowed me to break out of the infinite loop and get the phone in working order. Perhaps it will help you too.

Credit Card Fraud Detection Fail

Like many Costco members, my wife and I have Citi Costco Anywhere Visa cards. Before our recent trip to Japan, I logged in to my account to set travel notifications for both of our credit cards, specifying our departure and return dates. I received a confirmation email that acknowledged our travel itinerary, and it contained two travel notification reference numbers, one for each card.

We had planned to heavily rely on Suica, a prepaid rechargeable contactless smart card and electronic money system, while in Japan. Suica can be used to pay for public transportation systems (e.g., subways, buses, taxis) and general purchases (e.g., restaurants, gift shops, convenience stores). In addition to physical cards, one can simply add Suica to Apple Wallet and add funds electronically at any time.

The day before we departed for Japan, I successfully added Suica to my Apple Wallet and deposited 3,000 yen using my Citi Costco Anywhere Visa card via Apple Pay. The balance was updated within 10 seconds of adding funds, so I was fairly confident that I could recharge my Suica card on demand if I ever wanted to spend more than the remaining balance on my Suica card (foreshadowing).

During my first day in Japan, the Suica card worked flawlessly on a shuttle bus and the Tokyo subway system. For public transportation, it is not even necessary to open the Suica card or turn on one’s iPhone. Simply placing the iPhone in proximity of the scanner is sufficient, and the Suica card in Apple Wallet acknowledges the payment amount on the phone screen. So convenient!

On day 2, I successfully recharged my Suica card with a few thousand yen, again using my Citi Costco Anywhere Visa card. After several unanticipated purchases, I needed to recharge again later that same day, and this time I received payment failure notifications when attempting to use my Citi Costco Anywhere Visa card. After repeated failed attempts, I resorted to using my Apple Card via Apple Pay which worked flawlessly, so I assumed that my multiple purchases had triggered Citi’s fraud detection algorithm, despite me issuing a travel notification to prevent this sort of thing from happening. I then started to worry about completely losing access to my Citi Costco Anywhere Visa card, as that would have made things much more difficult while traveling abroad. Fortunately I had other credit cards that I could fall back on.

I had not received any email notifications (yes, I looked in my spam folder), text messages, or phone calls about fraud alerts. In retrospect, I did receive a text message and voice message from Citi alerting me to potential fraud, but I was unable to retrieve them until after I returned to the United States because I had purchased data-only eSIM plans while in Japan—this precluded me from using voice or SMS text. The voice message stated:

“This is the City Costco card fraud department with an important message for Victor Lee. We need to verify some recent activity on our Costco Anywhere Visa card by Citi ending in ####. Please call us back toll free at 844-612-6834 or TTY 711. Activity may be limited until we hear from you. If you wish to remove this phone number from further notifications, you may contact us at the number we left in this message. Goodbye.”

The text message included a link to login to my Citi account, and upon doing so it provided me with a list of charges that were flagged as unusual activity.

Fortunately I was able to recharge my Suica card with my Citi Costco Anywhere Visa card on day 3, and my physical credit card was also working. My wife also received payment failure notifications when recharging her Suica card more than once in the same day with her Citi Costco Anywhere Visa card, and she too was able to use her credit card with other merchants.

As a side note, I attempted to issue travel notifications for my Chase Visa card, but Chase no longer accepts travel notices, stating that “advanced technology like EMV chips and contactless credit cards help protect your credit card information during both everyday life and international travels.” The same is true for Apple Card Mastercard and American Express.

In summary, despite me issuing a travel notification to Citi, I was unable to avoid payment failures. A lesson learned is that it is a good idea to carry multiple credit cards to be prepared for situations like this when traveling internationally. Also, it would have been nice if Citi had sent me an email notification because data-only eSIM plans are commonly used by international travelers, and I would have been able to view the fraud notifications and confirm the flagged purchases sooner.

SpaceX Starlink at 36,000 Feet

While on board an international flight, Hawaiian Airlines offered free internet with Starlink, a subsidiary of SpaceX. Starlink provides satellite internet for hard-to-reach areas, and I think the Pacific Ocean falls within that category. Download and upload speeds surpass my expectations. I’m flying and surfing at the same time!

Safari Distraction Control

One of my favorite new features of Safari is Distraction Control. Although I usually don’t mind the presence of ads on web pages while browsing, I sometimes want to hide ads or other web page elements when saving a web page to PDF. To do this, click the Page Menu button and then click the “Hide Distracting Items” option as pictured above.

Equally important to know is that Safari remembers the items you’ve asked it to hide, so the next time you visit the same page, those distracting items will remain hidden. Additionally, if other pages on the same web site display the same items in the same way, those items will be hidden too. I learned this the hard way because after hiding distracting items on a certain page, they were hidden site-wide, and I thought that Safari had some kind of browser incompatibility with the web site.

To show hidden items, click the Page Menu button and then click the “Show Hidden Items” option. You can also un-hide distracting items across all web pages. On a Mac, go to Safari > Clear History… and then select the timeframe that you’d like to clear. On an iPhone or iPad, go to Settings > Apps > Safari > Clear History and Website Data and then select the timeframe you’d like to clear.

Hard Drive Euthanasia

I euthanized a Western Digital My Passport 1 TB external hard drive (Model WD10JMVW-11S5XS1). It belonged to a relative who passed away, and I was hoping to retrieve important information from it (namely bank account information, a will, and/or an estate plan). The drive failed to mount, but I was able to extract files from it using Disk Drill.

Following data recovery, I attempted to format the drive, but attempts to do so using Disk Utility and Terminal commands were unsuccessful. Therefore, I decided to destroy the hard drive to ensure that data could not be recovered.

Curious to see the inside of the hard drive, I disassembled it by popping off the plastic casing and removing the Torx screws. When I finally uncovered the platter, I bent the read/write head and arm so it could no longer function. I then grabbed the platter with pliers, and to my surprise, it shattered to pieces. I had assumed that the platters were magnetic media similar to floppy disks but apparently modern hard drives have platters that are made of glass or glass-ceramic base materials which are then coated with a thin layer of magnetic material where the data are stored.

I was not wearing protective eyewear, and fortunately I did not sustain any injuries other than a small superficial scratch on my finger. If you ever decide to disassemble a hard drive, be careful! Next time I euthanize a hard drive, rather than taking it apart I might smash it with a hammer instead.