What Credit Card Fraud Taught Me

Threats & Hacks

 I love online shopping, and I have the shoes to prove it.

In addition to my shopping habit, I also travel abroad frequently and use my credit card for business. So protecting my credentials is crucial. I secure my PC, stick to reputable retailers and monitor my credit card account. And this generally has kept me safe, until just recently…

Just after Easter, I got the alert on my Outlook calendar that reminds me to review my credit card accounts—both for fraud and my own personal overspending. I checked my account and found that my card was used to purchase about €700 worth of goods in the Manchester, England. Here’s the problem: I haven’t been in the United Kingdom for more than a year and a half.

Immediately I called my bank. A representative connected me to a special fraud line. I identified all the suspicious charges and received a letter in which I had to verify under oath that I had not made these charges. In two weeks, all of the fraudulent charges were off my account. Nice.

However, the mystery lingers.  How was my card compromised?

This is where I should mention that in addition to being an avid shoe buyer, I am also a gamer.  I’ve been a member of the Sony PlayStation Network for a while. You probably know that PSN was hacked right before Easter time affecting up to 100 million people. However, I don’t believe I was one of those people as I wasn’t contacted by Sony.

I can’t think of the number of times I’ve handed my card to a waiter or salesperson for them to charge me—in addition to all of online stores and services that have had access to my credentials.

So here’s what I’ve decided to do to make sure I’m not a victim again: I’ve set my Outlook alert to remind me to check my account weekly instead of twice a month. I no longer let online retailers store my account information—and I’m looking into getting an extra online shopping credit card with a very low limit. When I’m abroad, I will be very selective where I use my card and cash will be king – again.

One unexpected consequence of this little drama is that my bank is now closely monitoring my account. Twice they’ve called me about suspicious purchases and both times I’ve had to say, “Yes, Big Brother. I did pay that much for those shoes.”

Have you ever had a similar experience? Do you have any hints that might help me figure out where I went wrong?

Cheers,
Sandra

CC image by Andres Rueda

Tags

Rate this article

1 votes

20 Comments

Less than two weeks ago I had similar situation. But I didn’t notice that myself, I got a SMS-message from my bank. Someone had used my credit card in USA, and I really was not there at that moment. Next morning a lady from my bank called me and we decided to close my card. She told me, that my card was copied physically, it can not be copied when I use it online. She also told me that it was not my fault, I just can’t do a thing if I use credit card in a restaurant and they copy my card’s magnetic stripe.

Today I get a new card, and thats it.

Thanks, Opa! So your story also ended well. Good to hear! However, you also don’t seem to have a clue where the copying happened. I’d really like to know what I did wrong or where my credentials were stolen to simply avoid this in the future. Though I got my money back, it also created some hassle and it took a more than a week till I got a new credit card. And these days you cannot really travel abroad without a credit card…

In 2009 I spent a week in London, and a few weeks after, I discovered some mysterious transactions on my credit card account. About four or five British Internet companies had deducted money several times, although I had never used any of their services. I blocked the credit card, filed the requested complaints and got my money back in the end (which took quite a while). The only time I remembered having used the credit card in London was when I bought tickets at a Westend Theatre. But of course I don’t really know if my data was stolen there.

What was especially scary though: I ordered a new credit card, and the data of this new card was abused too, apparently as soon as the account was opened, and even BEFORE I got the new credit card myself (via snail mail). So I had to get the new one blocked, too, and also claim back that money. I figured there must have been some security hole at the credit card company during the process where new credit cards are issued? I still think this is really strange and I haven’t ordered a new, third credit card since… Twice bitten, thrice shy!

A year and half ago we were with our family on vacation in Thailand. When I am the Far-East, cash is king for me. Except in hotels. This time we stayed in two different five star hotels. I paid our hotel bills there having visual contact on my credit card the whole time. About a month later my credit card company contacted me, telling they had stopped my card and issued a new one, as the old one had been misused in Thailand. I was really baffled, I only used it in the 5-star hotels, nowhere else, but still it had been copied somehow.

This time my credit card company did it nicely, they noticed that I was not anymore there, and stopped my card even before any transactions ended up on my bill. The only hassle for me was to learn the new PIN code when the new card arrived with snail mail.

@Traveller: you can call yourself lucky! I recall that once I’ve been travelling with a friend in Thailand and Singapore my friend’s credit card was locked due to fraud – without him noticing. We’ve had a lovely evening in Singapore with great food and drinks and when my friend wanted to pay the bill the waiter said that the credit card doesn’t work. So in the end it was not only the restaurant bill I had to pay, but also my friend’s hotel, the taxi ride to the airport and few other items as he hadn’t had enough cash anymore. Luckily that was towards the end of our trip. It turned out later that his credentials seemed to have been copied when he got some cash from an ATM in Krabi town…

My credit card companies also offer automatic alerts for any purchases above a certain dollar amount, so I get automatically alerted if my card is charged. This saved me a couple times!

Michael, you might want to change your password for your online banking account (assuming you have one). Scammers could potentially get the new number from that. Also some banks have pass-phrases or pins you need to provide when calling (in additional to the usual mother’s maiden name or SSN), so also change those.

Thanks Kirk. Yes, I did change the online banking logins as well. Haven’t had any problems since then and now I’m thinking about finally getting a new credit card… It’s a bit annoying that there are things that you just cannot do without having one (e.g. renting a car).

The magnetic strip on the back of cards can be copied throgh a few manners. First, remember that the magnetic strip is just data. The data can be stored.

So a waiter could have skimmed your CC to make a copy of it later.

Also, the Thailand guy, it sounds like the hotel processing system had been compromised and the data from your CC was obtained off that system.

I am getting more paranoid these days. When using my card, I will run it as a credit card before I run it was a debit card. I do not want to compromise by PIN number and then the people at the register will not attempt identity verification.

It also helps I signed up for the pennies in cash back I get from the bank for running it as a credit card.

I check my bank account at least once a week, so I hope not to encounter this. I am thinking of possibly purchasing pre-paid Visa or Mastercards.

Credit cards are just fundamentally leaky. There is absolutely nothing that you, as a credit card user, can do to prevent fraud involving your card. Furthermore, credit card fraud is getting more sophisticated all the time.

Instead of trying to prevent fraud, do what you are doing: watch your account like a hawk, and report fraud immediately. Only deal with credit card providers that make it easy to deal with fraud post-fact, because you can rest assured that you will have to deal with it sooner or later. Aim for good fraud recovery, rather than good fraud prevention, because that’s where your main power lies as a credit card user: in the power to select between credit card providers. If you’re not satisfied with the fraud recovery process offered by your current provider, cancel the card and go elsewhere.

I had fraud on my CC which had sat unused for some months (austerity!). Of course, once you’ve handed your CC information to a retailer or site it never goes away, even when it really should. So a recent hack, discovered or otherwise, can expose years-old data and leave you vulnerable.

I have had my CC information used without consent also, it is getting more and more common.

The process and method is unsecure, and you might well email to everyone. What I have done is limit my spending to one card, and if i need other card the balances are transferred. (usally good promos for this). My bank sends me an email on credit card every time there is a charge. I find this method is a bit more email, but i can see my balance change daily. Hopefully more banks will do this and people are more vigilant on the useage.

I have had CC providers block charges and then call me stating I used the CC out of state or country. It is a bit brutal and embarrassing when that happens and you are buying tax free and your card is declined for being outside your home area.

I had my CC done too. Not very high tech though. Accessed my mailbox (snail mail), stole my CC statement, ordered a new card and PIN from bank (stating the original was damaged and PIN forgotten), intercepted mail when card and PIN arrived. Went on spending spree.

Frustrating bit was that I spotted the attempt to order a new card, contacted the bank and had it blocked. The bank sent me a new card to the branch to go and collect. Unfortunately they didn’t send a NEW card, they sent a REPLACEMENT card. Which reactivated the card I had blocked and allowed the dirty crims to go crazy with my money. Bank refunded everything and I gave them a long lecture about internal controls and customer treatment.

I had my card details stolen a few years ago. My bank later informed me that an employee at my favorite grocery store had been using some kind of skimmer to copy data from customers cards. The worst part was that when they closed my account, my sister and I were in Las Vegas visiting family. She had to pay for all the gas to make the 14 hour drive home!

Hello there, just became alert to your blog through Google, and found that it’s truly informative. I am gonna watch out for brussels. I’ll appreciate if you continue
this in future. Numerous people will be benefited from your writing.
Cheers!

Hi Sandra,

Just found this site. A tad late. Two years my CC was hacked by a group operating out of Stockport, England. I contacted the FBI after I contacted my CC company. It took 5 months to get my CC company to replace the money.

Since that experience, I have to using ONLY PRE-paid credit cards and I only load it when I know I am going to be using it online. Though I have not traveled overseas for sometime, when I did, I did not use a credit card EVER. Some merchants hold onto the charges till the exchange rates go up…..hence you pay more. Travelers checks, cash or PRE-paid cards are all I will use.

If you happen to notice charges of $1 or $1.50…..immediately contact your card company. Those are phishing charges. Someone is looking to see if they can access your account and also find out how much they can kite. Additionally, my card company knows my regular sellers and they hold ALL other charges until they contact me.

It is sad we have to go to these extra measures, but they have become a fact of life. I would rather take precautions than have to file claims and wait for to get my money back.

Q: where I went wrong (security compromised)?

A: You gave your card to drive thru cashier at a fast food restaurant. They might have copied it. Many times we can’t see what those cashiers are doing because our cars are not a high as the drive thru window.

I believe that is how mine was compromised as well.

Hi Sandra,

three weeks ago I wanted to check the balance on my debit card however the atm response was that the transaction was not possible (It was Saturday and no credit or debit card dep. in the bank works on Saturday) but I went to a nearest bank and asked the bank officer about my balance and she, after checking it on her computer explained that the only info she has is that the was a suspision on some transations done with my debit card number and that the balance (EUR 830.00) is “reserved and blocked”. She advised me to pay a visit on Monday to my personal banker and that everyting will be ok (she has sent an e-mail to my banker saying that I was in the bank and that I confirmed that those transactions were not done by myself).
I visited my banker on Monday but she informed me that the transactions were completed today?????!!! despite being marked as possible theft and despite my confirmation that I have nothing with the “air india charter” transactons as she was going to find out later. She informed me that my bank was informed by VISA regarding those transactions (total of 4 transactions in total amount of my balance of EUR 830.00). The info from visa was that probably someone got somehow number and 3 digits number of my debit card while I was staying in Brussels last year in september (I used is for a reservation for two hotels in Brussels, the Dome and Hotel Royal).
My bank is the UniCredit, I am from Sarajevo, Bosnia and Herzegovina.

I don’t think I will ever see my money and just for the others who read to know what may happen.

Admir

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You might also like