Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

Control Your Payment Card from Your iPhone

A while back, I checked my Ally Bank checking account balance and was alarmed at how unusually low it was. Looking closer, I noticed several hundred dollars of charges to HostGator, with whom I’ve never done business. Yikes, someone had stolen my debit card number!

Such problems apparently happen so often with HostGator that the company has a special help page just for fraudulent charges. I was able to get my money back quickly.

The bizarre part is that the fraud occurred on an old debit card that should have been deactivated by the bank. That meant I didn’t have to get a new card, but it shouldn’t have happened in the first place.

It certainly won’t happen to my current Ally debit card, thanks to the new Ally Card Controls app. This simple app lets me turn a card on and off with a switch, control how my card is used, view recent purchases, and receive a notification every time my card is used.

Ally Card Controls is a little wonky. When you first open it, it tells you that you have to authorize it from the main Ally Mobile app. It’s not immediately obvious how you do this. What you have to do is go into Settings in the Ally Mobile app and choose Card Controls. That bounces you to the Ally Card Controls app and authorizes it. You may also notice that Ally Card Controls isn’t optimized for larger screens like the iPhone 7 Plus. But these minor irritations are worth putting up with for the app’s benefits.


In the main screen, you see your card, with a switch to turn it on and off. (If you have multiple cards from Ally, you can swipe between them.) Traditionally, if your card disappears, you have to assume it could have been stolen and call the issuer to have it canceled and get a new one sent out. It’s a huge pain. With the Ally Card Controls app, you can simply turn the card off yourself, just in case, and then turn it on again if you later find it jammed between the car seats.


That’s just scratching the surface. Under Control Preferences, you can choose where and how your card can be used.

  • Locations: Here you can set your card to work only when your iPhone is in the vicinity of the merchant, by turning on My Location. You can also restrict usage to My Regions, which are up to three addresses you provide to Ally. These first two settings apply only to in-store purchases. You can also enable Block International to block any transactions outside your country.

  • Merchant Types: These settings let you control the types of stores where your debit card can be used. For instance, you can enable your card at gas stations but disable it at restaurants. I’m not a huge fan of these categories because they can be vague. What the heck does Personal Care mean? (Probably businesses like hair salons, manicurists, and the like, but there’s no indication of that.)

  • Transaction Types: This restriction is more useful than merchant types since it lets you set where your card can be used. For instance, you can make it so your card can be used at an ATM or in a store, but not online.


  • Spend Limits: You can’t set a daily spending limit, but you can configure a per-transaction limit. That way, you could let kids use your card for gas and have confidence that they won’t go buy an expensive TV.

Below Control Preferences are Alert Preferences. You can set alert rules along the same lines as the control rules, but I prefer to get a notification for All Transactions. I don’t use my card enough for the alerts to be obnoxious, and I find the buzz of my iPhone seconds after I swipe my card to be reassuring.

Last comes the Recent Transactions button, which does exactly what you’d expect.

Options from Other Banks -- I don’t want to seem like a shill for Ally Bank. It’s just what I use and thus the bank with which I have the most experience. Other financial institutions offer similar options to disable a card via apps or Web sites, along with providing purchase notifications.

It’s encouraging that some financial institutions let you use an app or Web site to temporarily or permanently deactivate a credit or debit card, control spending, and notify you of purchases, but we’d like to see these features become more widespread.

If you’re aware of other financial institutions who provide interesting features via an iOS app, let us know in the comments!

 

Fujitsu ScanSnap Scanners — Save your business time and money
with our easy-to-use small ScanSnap Scanner line. Eliminate
paper piles by scanning documents, business cards, and receipts.
Visit us at: <http://budurl.me/sstb>
 

Comments about Control Your Payment Card from Your iPhone
(Comments are closed.)

John Baxter  An apple icon for a Friend of TidBITS 2017-05-25 12:01
There are two physical local banks here, and for historic reasons I have checking accounts with both. One of those is low balance and has no other account from which the bank could "helpfully" refill it.

That bank's debit card is the one I use (now and then) for purchases (such as the at-table self-service terminal at Applebee's). And for merchants of unknown security to keep on file, such as the auto renew of my PO box at USPS.

Ally's controls sound really nice.
Josh Centers  An apple icon for a TidBITS Staffer 2017-05-25 14:12
I've been pretty happy with Ally. They dragged their feet on Apple Pay, but since then they've jumped way ahead on their tech. We keep a checking account at a local bank for various things.
A large part of the problem with banking/CC fraud and identity theft in the US is completely self-inflicted thanks to the US' absolutely archaic banking system. Asia and Europe are miles ahead in this department.

• Only now is chip & PIN starting to come to US cards. Welcome to 1996. Whereas you cannot do anything with a debit card or CC in for example Holland w/o a PIN, in the US you can still easily find places where you make several hundred $ purchases with a simple swipe and forged signature. Laughable in this day and age. Must be great for terrorists buying fertilizer with stolen cards though.

• When I call my CC company to make changes to lets say billing address, PIN, etc. the only authentication they require is a ZIP code. So basically they think somebody capable of stealing my CC number cannot obtain my ZIP code, something that's entirely public information? No passcode, no 2-factor, nothing. Just a piece of entirely public information. Outright ridiculous.
(cont.)

• And what is this nonsense with these silly questions like name of my elementary school? As is in this age of social media exhibitionism, information like that is not obtained most easily from anywhere in the world. Obviously, you can just use long strings of strong passwords instead, but who wants to bet how many regular Joes do that? Bottom line, in Asia or Europe nonsense like that would never fly. German banks like to use one-time tokens, Swedish banks will issue little passcode generators you have to plug your card into (with chip & PIN obviously), Japanese banks will use smartphone apps that generate one-time tokens or use 2-factor, etc.

It's only in the US where we think that using 18th century authorization when it comes to banking is a good idea. And then we're surprised that fraud and identity theft are sky high. It's a bit shameful. To the in banking terms civilized world we must look like a bunch of buffoons.
John Baxter  An apple icon for a Friend of TidBITS 2017-05-29 22:22
The US has moved on a bit from the 18th century (yes, I know you were exaggerating for effect).

My first several years of checking accounts were before personalized checks (or cheques). Between the 3PM closing time and the 5PM going home time, the tellers did many tasks...a major one of which was recognizing signatures and filing checks in the proper account.

[I worked later with a guy who was part of the GE/NCR/Bank of America team which was a big part of ending that.]
Norbert E Fuchs  An apple icon for a TidBITS Benefactor 2017-05-26 04:45
Josh, thanks for your article that made me aware that my Swiss Bankers debit card offers similar functionality that I had overlooked so far. Specifically, I can decide in which countries my card can/cannot be used. A couple of years ago my then card was duplicated at a ticket machine in Zurich and subsequently charged with thousands of dollars in New York. This is no longer possible since I completely blocked the USA and a lot of other countries.
Player16  2017-05-30 06:21
Bendigo Bank (Protect+Pay) -here in Australia has all the various controls like blocked if misplaced, report; control ATM, online, in-store, overseas transactions; change PIN, view your account on the go.

But, w/Android you get Android Pay to tap your phone on a shop's contactless card reader to make payments.
Jon Olson  2017-06-13 00:14
Capital One has similar controls and notifications via text or with Wallet app that is reassuring. Including after illegitimate purchases I experienced. They have sent me a few (not too many) notifications via email or text asking if a purchase was really mine that must have seemed out of order and asking for a reply with the card shut down until I responded. Fraud measures seem well organized.
ecc77sd  2017-06-13 01:53
I lived in Paris for 20 years before moving to California, and still can't get over the latest US "safeguard combination" of a chip and a signature, which hardly qualifies as any safeguard at all – as a cashier was quick to point out to me when I was last in Spain.

Consequently I signed up for all sorts of alerts both by text and by email at the Wells Fargo website, where one can also set up travel alerts for trips abroad. In fact, purchases/withdrawals overseas outside the specified travel period are automatically flagged – which I found out the hard way when a legit British Airways purchase was automatically declined, even though I was using BA's US website!

As for the Wells Fargo iOS app, it has an interesting function: instead of getting out your ATM card, you can request a one-time "ATM Access Code" to be used within 30 minutes at any Wells Fargo ATM. It's almost as useful as Apple Pay on an Apple Watch...
David Harvey  2017-06-13 14:02
Navy Federal Credit Union offers temporary freeze on both their credit cards and debit cards with their app. Allows certain transactions to go through during a freeze such as merchant recurring actions.