Credit Card Hacked -- how?

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills
TimDex
Posts: 912
Joined: Mon Feb 19, 2007 5:27 pm

Credit Card Hacked -- how?

Post by TimDex » Wed Jan 18, 2012 2:46 pm

I recently had a credit card "hacked" -- in the sense that someone charged two JetBlue airline tickets to my card.

I received a call the next day from Capital One alerting me and I disallowed the charges. Kudos to Cap One, but how did someone get my card in the first place?

I do use it for internet shopping -- so that's my theory.

But one question is -- and I haven't flown in 25 years so wouldn't know -- is how do you charge airline tickets illicitly and get away with it? Don't you have to present some form of ID? Can you buy tickets online without ID for someone else to use, who them presents his ID to board the flight? And if that's the case, you should have some record of who used the tickets and be able to track them down. Which presumes that law enforcement gives a d***.

Anyone who can enlighten me, thanks. Tim
"All man's miseries derive from not being able to sit quietly in a room alone. " -- Pascal

User avatar
MilkMoney
Posts: 23
Joined: Mon Jan 09, 2012 5:17 pm

Re: Credit Card Hacked -- how?

Post by MilkMoney » Wed Jan 18, 2012 3:16 pm

They buy airfare vouchers and then sale them on craigslist. Of course when they go to redeem the vouchers there no good, but in the time it takes you to notify your card company and have the charge cancelled the deal is done. As for how could someone have acquired your card information; the possibilities are endless. Online, restaurant, gas station, you name it and it could have happened. Once the card information is stolen they sell the information for maybe $20 and that is where the fraudsters come in that are now using your card to buy airline vouchers.

User avatar
prudent
Moderator
Posts: 5774
Joined: Fri May 20, 2011 2:50 pm

Re: Credit Card Hacked -- how?

Post by prudent » Wed Jan 18, 2012 3:20 pm

Interesting about the vouchers. That explains why I read so often that people who had their credit card info stolen report that airline tickets were purchased with the info.

I've read that it's quite common for hackers to buy gift cards and sell them on ebay using the same MO, but I can see that airline vouchers would give a bigger payoff.

User avatar
archbish99
Posts: 1638
Joined: Fri Jun 10, 2011 6:02 pm

Re: Credit Card Hacked -- how?

Post by archbish99 » Wed Jan 18, 2012 3:28 pm

prudent wrote:Interesting about the vouchers. That explains why I read so often that people who had their credit card info stolen report that airline tickets were purchased with the info.

I've read that it's quite common for hackers to buy gift cards and sell them on ebay using the same MO, but I can see that airline vouchers would give a bigger payoff.
I also had this happen once, and they purchased a flight that left very soon. The flight was already arrived by the time they caught the fraudulent charge.
I'm not a financial advisor, I just play one on the Internet.

User avatar
MilkMoney
Posts: 23
Joined: Mon Jan 09, 2012 5:17 pm

Re: Credit Card Hacked -- how?

Post by MilkMoney » Wed Jan 18, 2012 3:31 pm

They don't make much of either. There selling both for pennies on the dollar and praying off people that think they can get something for nothing. It adds up with volume and in a lot of cases the perpetrator is in another country.

User avatar
Jay69
Posts: 1801
Joined: Thu Feb 17, 2011 9:42 pm

Re: Credit Card Hacked -- how?

Post by Jay69 » Wed Jan 18, 2012 3:48 pm

As a side note to this, something that I really never thought about to much until now.

I started using Quicken for the first time, for that matter any type of accounting software, have come to really like with one click I can check all my accounts and see if anything fishy is going on.

Just have a handfull of accounts and only 3 credit cards, only use one card for internet in the fear thats the one thats going to get hacked first.
"Out of clutter, find simplicity” Albert Einstein

bungalow10
Posts: 2219
Joined: Sat Apr 09, 2011 6:28 am
Location: Chicago North Shore

Re: Credit Card Hacked -- how?

Post by bungalow10 » Wed Jan 18, 2012 3:56 pm

I thought now it was more likely to have your card info stolen when using it in real life? Like the waiter (or waitress) who takes your car to run it through the machine? Or the store that still takes imprints? Most online merchants encrypt the data and no actual person ever comes in contact with your personal account info.
An elephant for a dime is only a good deal if you need an elephant and have a dime.

User avatar
BruceM
Posts: 1839
Joined: Fri Aug 08, 2008 1:09 pm
Location: Manzanita, Oregon

Re: Credit Card Hacked -- how?

Post by BruceM » Wed Jan 18, 2012 4:04 pm

This last summer we were called by our CC that an online giftcard had been bought, which we promptly cancelled and the CC issued us new cards right away. Got me thinking, why did the CC notify us so soon. I can only assume the CC company knows where the high-risk transactions are, and quickly cross checks these as they occur with the cardholder's history of making such purchases, as we've bought gift cards many times, but always in person.

So in this case, the fraud was caught early. But what if this person went around and used the number for other on-line buys, as we often do these days, and we await our bill next month that is full of charges we didn't make? Yes, we can call in, cancel the card, report it, follow the CC company's requirements so as not be responsible for charges, etc, etc Messy. So to avoid or at least mitigate this, we have one CC we dedicate to online purchases. We put a fairly low ceiling on the card and if we need to make a larger on-line purchase, we call and get a one-time approval.

BruceM

User avatar
roymeo
Posts: 1244
Joined: Sat Apr 28, 2007 7:19 pm
Location: Oakland, CA
Contact:

Re: Credit Card Hacked -- how?

Post by roymeo » Wed Jan 18, 2012 4:07 pm

While computers may make some things easier, (and your lack of knowledge about how it all works may be greater) you really can't go wrong with paying some waiter a little bit of money to give you some info, etc.

I once had 2 credit cards from the same company hijacked in the same week. One of them I used frequently. The other one had never been used. I've probably had 4 other cards hijacked in the past 15-20 years. I've never had a hassle in getting the charges removed. Usually the end-user will try to buy something small (a cheap toy, a single record) and then the next attempted charge will be for something large.

It happens, and it's pretty impossible to find out exactly when your number was taken and when it was sold to the end user. Obviously the internet is involved when the card from the US is used in the UK or New Zealand (assuming it's not my frequent business traveling friend), but that doesn't mean that it wasn't collected at the local bar.
The sewer system is a form of welfare state. | -- "Libra", Don DeLillo

LynnC
Posts: 796
Joined: Thu Mar 01, 2007 7:01 pm
Location: California

Re: Credit Card Hacked -- how?

Post by LynnC » Wed Jan 18, 2012 4:24 pm

I shop online and over the phone with a Virtual Account Number offered by any Citi card. (Go the their site and read up on it) The number can only be used ONE time (except for a return). You can put a cap and an ending date on it.

Yes, Zappos was hacked and I have an account there, I am not worried as I always use a VAN when shopping. BofA offers Shop Safe that does the same thing. It protects you, the consumer.

I never let my CC out of my site, so I use cash when dining out. I also do not sign those magnet pads either and always use a gel pen when signing a check, which I hardly do anymore.

So far, so good.

LynnC

User avatar
daytona084
Posts: 832
Joined: Mon Feb 01, 2010 10:47 pm

Re: Credit Card Hacked -- how?

Post by daytona084 » Wed Jan 18, 2012 5:30 pm

I have a Fidelity account and I check all credit card activity once per day via "Full View" (Which uses Yodlee to retrieve the transactions). I would see a fraudulent charge within 24 hours. In fact I can often see them before they are posted, when they are only "authorizations". I cannot imagine waiting until the bill arrives in the mail to see the activity, some of which would be about a month old.

I once had a fraudulent charge from hotels.com. To my amazement, hotels.com refused to give me any information about the charge (e.g. name of the hotel or the guest.) I said to the representative "It's my card ... are you telling me you refuse to give me information about a charge, that I am expected to pay, on my own card ?" She said yes, that's true. So I disputed the charge with the credit card company and they reversed the charge. The credit card company was able to get the guest name and hotel name. I suspect this charge was made by someone who had physical access to the card (e.g. restaurant or bar). I found out that the hotel was in the same city where my daughter (who was on the account and had a card) was living.

User avatar
grabiner
Advisory Board
Posts: 23132
Joined: Tue Feb 20, 2007 11:58 pm
Location: Columbia, MD

Re: Credit Card Hacked -- how?

Post by grabiner » Wed Jan 18, 2012 7:18 pm

TimDex wrote:But one question is -- and I haven't flown in 25 years so wouldn't know -- is how do you charge airline tickets illicitly and get away with it? Don't you have to present some form of ID? Can you buy tickets online without ID for someone else to use, who them presents his ID to board the flight?
You can buy a ticket online in a name other than the name on the card; as long as the passenger has an ID matching the name on the ticket, it doesn't matter which card was used to buy the ticket.

(And while tickets purchased in someone else's name are suspicious, they aren't automatically fraudulent; parents may buy tickets for their children, and a husband and wife with different last names may buy tickets for each other.)
Wiki David Grabiner

Grasshopper
Posts: 925
Joined: Sat Oct 09, 2010 3:52 pm

Re: Credit Card Hacked -- how?

Post by Grasshopper » Wed Jan 18, 2012 7:31 pm

I use either Discover card virtual or Citi virtual for every purchase online, never have had a problem.

User avatar
SSSS
Posts: 1890
Joined: Fri Jun 18, 2010 11:50 am

Re: Credit Card Hacked -- how?

Post by SSSS » Wed Jan 18, 2012 7:42 pm

TimDex wrote:I do use it for internet shopping -- so that's my theory.
You're about a thousand* times more likely to get your credit card number stolen from in-person transactions than from legitimate online shopping.

*Arbitrarily large number used for emphasis. Not intended to be a factual statement.

nonnie
Posts: 1943
Joined: Thu Mar 13, 2008 8:05 pm
Location: Northern California

Re: Credit Card Hacked -- how?

Post by nonnie » Wed Jan 18, 2012 9:31 pm

The only time I had my credit card used fradulently it was for two purchases-- one for prescription eye glasses and the other to sign up for Comcast cable service. How baffling is that????? Because it was a card I'd allocated for phone purchases only and had only used it once in the previous 6-7 months, I was pretty sure how and where it had happened. My CC company did reverse the charges but was totally uninterested in any information I had to give them about the source of the CC info theft. If the US buying public had ANY idea of the fraud and hacking-- online, bank, etc.--that goes on in this country I think they'd totally freak especially if they knew how many companies allow employees to take laptops home with unencrypted customer information. It was recently discovered in my neck of the woods that the local city college computers had been compromised for a half dozen years despite "consultant" contracts. That said, I continue to particpate taking as many precautions as I can.

Nonnie
This post may be monitored for quality assurance purposes.

User avatar
camper
Posts: 852
Joined: Thu Dec 04, 2008 11:51 pm
Location: My side of the mountain

Re: Credit Card Hacked -- how?

Post by camper » Wed Jan 18, 2012 9:38 pm

Last month we had a card cloned, most likely through a gas pump skimmer. I'm sure glad I wasn't responsible for the nearly $1K that the criminals charged.

investomajic
Posts: 140
Joined: Tue Aug 03, 2010 8:01 pm

Re: Credit Card Hacked -- how?

Post by investomajic » Wed Jan 18, 2012 10:36 pm

In the last month and a half I have had 3 credit cards cloned and used in fraudulent transactions. Two from the same credit card issuer. It has been interesting to review the list of transactions between the 2 events by the same issuer as the sample size is extremely small. I am nearly certain that all the numbers were skimmed from a gas station near my house which is a very popular, well known, local name brand station that is open 24 hours a day and well lit. I had never used any of these numbers to purchase anything online.

bogleviewer
Posts: 343
Joined: Thu Aug 25, 2011 11:01 pm

Re: Credit Card Hacked -- how?

Post by bogleviewer » Wed Jan 18, 2012 10:54 pm

Happend to me recently. HAdn't used the card for about a month either. Weird thing is when I disputed it with AMEX they sent me a copy of the order from walmart.com (because they didn't honor it in my favor). The documentation they received from walmart.com showed my OLD address from like 5 years ago as the billing address where my original billing address for the AMEX was. Some lady bought a baby carseat and shipped it to the middle of no where in Michigan. When you google map the ship to address (the fraudster) it was a barn. Hopefully they catch the person and findout how she got the card number. There were about a dozen charges in a 24 hour period all across the country so obviously there is a market for low-life losers to buy stolen credit card information.

User avatar
PaddyMac
Posts: 1483
Joined: Fri Jul 09, 2010 10:29 pm

Re: Credit Card Hacked -- how?

Post by PaddyMac » Thu Jan 19, 2012 12:32 am

We had a card closed recently. BofA said that a tiny charge, like for $1 was put on it. I think they flag those as it's obviously someone testing to see if a stolen number works.

Mudpuppy
Posts: 5889
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: Credit Card Hacked -- how?

Post by Mudpuppy » Thu Jan 19, 2012 3:25 am

SSSS wrote:
TimDex wrote:I do use it for internet shopping -- so that's my theory.
You're about a thousand* times more likely to get your credit card number stolen from in-person transactions than from legitimate online shopping.

*Arbitrarily large number used for emphasis. Not intended to be a factual statement.
That's my actual experience. The only time my card number has been stolen, it was by someone at a business I had frequented. It was not a restaurant, but it was a local business that either billed my home address or took payments in the office. This was before businesses were mandated to mask the CC number on the merchant copy of the receipt, so anyone who had access to the receipts could just lift the whole number, then pull the home address off the business records, and have a little mail-order shopping spree. I made a payment by credit card a couple months before I noticed the fraudulent mail-order charges.

By the way, the only reason I know where and how my card number was stolen was because the police actually looked into such things back then and the detective assigned to my case tracked it down. And boy, I feel much older than my years relating this story. It's impressive how much has changed and how much has remained exactly the same.

User avatar
Steelersfan
Posts: 3545
Joined: Thu Jun 19, 2008 8:47 pm

Re: Credit Card Hacked -- how?

Post by Steelersfan » Thu Jan 19, 2012 6:40 am

I had my credit card used fraudulently to order two very unusual books, one a book of poems based on bible verses and another on healthy living through yoga and diet. From an online company I'd never heard of. Neither are anything I'd ever purchase. I only found out when the books arrived my my home. There were no other transactions!

I canceled the card and went through hoops with the company to get credit for the books. They couldn't figure out why someone used a card to order books and have them sent to the real card owner. Very odd.

I never did find out how someone got my credit card information.

Muchtolearn
Posts: 1563
Joined: Sun Dec 25, 2011 10:41 am

Re: Credit Card Hacked -- how?

Post by Muchtolearn » Thu Jan 19, 2012 10:10 am

LynnC wrote:I shop online and over the phone with a Virtual Account Number offered by any Citi card. (Go the their site and read up on it) The number can only be used ONE time (except for a return). You can put a cap and an ending date on it.

Yes, Zappos was hacked and I have an account there, I am not worried as I always use a VAN when shopping. BofA offers Shop Safe that does the same thing. It protects you, the consumer.

I never let my CC out of my site, so I use cash when dining out. I also do not sign those magnet pads either and always use a gel pen when signing a check, which I hardly do anymore.

So far, so good.

LynnC
Lynn C,
Good points. Although I like the ease and simplicity of basically using only my credit card and paying once a month, I am thinking of shifting to basically all cash outside the home. Even your method of never letting it out of your sight doesn't prevent somebody stealing your info while it is in your sight, very easy to steal the number, expiration and code off the back. How do you avoid using magnet pads, like in the supermarket. My signature is a squiggle and then i hit ok. Also, what's with the gel pen???

FafnerMorell
Posts: 686
Joined: Mon Sep 15, 2008 10:27 am

Re: Credit Card Hacked -- how?

Post by FafnerMorell » Thu Jan 19, 2012 10:26 am

camper wrote:Last month we had a card cloned, most likely through a gas pump skimmer. I'm sure glad I wasn't responsible for the nearly $1K that the criminals charged.
A few months ago, a new gas station opened up and charged about ten cents less a gallon than anyone else around - was very popular. Used a card at the pump, and within an hour, got a call from Discover saying it had been stolen. Bought gas there a month later, and again, within the hour, got a call from Visa (I used a different card) saying it was stolen. I'm pleased the card companies are doing a great job on detecting this stuff quickly, but it's annoying. I don't use that gas station any more, no matter how low the prices are.

LynnC
Posts: 796
Joined: Thu Mar 01, 2007 7:01 pm
Location: California

Re: Credit Card Hacked -- how?

Post by LynnC » Thu Jan 19, 2012 11:33 am

Muchtolearn wrote:
LynnC wrote:I shop online and over the phone with a Virtual Account Number offered by any Citi card. (Go the their site and read up on it) The number can only be used ONE time (except for a return). You can put a cap and an ending date on it.

Yes, Zappos was hacked and I have an account there, I am not worried as I always use a VAN when shopping. BofA offers Shop Safe that does the same thing. It protects you, the consumer.

I never let my CC out of my site, so I use cash when dining out. I also do not sign those magnet pads either and always use a gel pen when signing a check, which I hardly do anymore.

So far, so good.

LynnC
Lynn C,
Good points. Although I like the ease and simplicity of basically using only my credit card and paying once a month, I am thinking of shifting to basically all cash outside the home. Even your method of never letting it out of your sight doesn't prevent somebody stealing your info while it is in your sight, very easy to steal the number, expiration and code off the back. How do you avoid using magnet pads, like in the supermarket. My signature is a squiggle and then i hit ok. Also, what's with the gel pen???

On the back of my cards, I sign in permanent ink "SEE MY I.D." and sign the pads the same way. I feel that is a bit of protection. The gel pen does not allow your check or signature to "washed".

When I visit an ATM or withdraw money, it is always in the same, but off beat amount. My husband does the same.

I fully realize that most crime and thefts are "inside jobs"and I can only do my best. I use my CC for all needs, including the market, but not for eating out or small things under say $25. I pay it off every month and enjoy the rewards.

I NEVER use a debit card. Just my 2 cents,

LynnC

lws6772
Posts: 463
Joined: Mon Oct 06, 2008 5:14 pm
Location: Texas

Re: Credit Card Hacked -- how?

Post by lws6772 » Thu Jan 19, 2012 12:22 pm

An identity thief can now read your number from across the room from your location without ever touching it. My wife now carries her credit cards in a "shell wallet" made of aluminum. The hard shell case blocks RFID tags now embedded in some credit cards. 8-)

rogermexico
Posts: 161
Joined: Tue Jan 08, 2008 5:58 pm

Re: Credit Card Hacked -- how?

Post by rogermexico » Thu Jan 19, 2012 1:38 pm

We've also had a card cloned recently ... someone started loading up on gas four states over but was shut down pretty quickly. As for the stolen locally vs. hacked online I'm always dismayed that companies want to save and store your credit card info long term. Lots of examples of major vendors who've had CC databases with tens of thousands of card hacked. I imagine this is the source of many of these problems. Most local vendors have switched to having you swipe your own card, limiting the stolen locally problem.

LynnC
Posts: 796
Joined: Thu Mar 01, 2007 7:01 pm
Location: California

Re: Credit Card Hacked -- how?

Post by LynnC » Thu Jan 19, 2012 4:19 pm

lws6772 wrote:An identity thief can now read your number from across the room from your location without ever touching it. My wife now carries her credit cards in a "shell wallet" made of aluminum. The hard shell case blocks RFID tags now embedded in some credit cards. 8-)
<<<<<or, you can demand a card without the RFID chip.

LynnC

socca
Posts: 170
Joined: Fri Nov 21, 2008 11:19 am
Location: Sarasota, FL

Re: Credit Card Hacked -- how?

Post by socca » Thu Jan 19, 2012 6:41 pm

I used my Chase Visa card without problems for 18 years. In January 2010, I noticed that an unauthorized charge had appeared on my account. It was for a video game, so I assume the thief was some stupid kid. Chase closed the account, sent me a new card, and I wasn't charged.

Just two days ago I received a call from Chase that someone tried to purchase $1,000 of electronics online using my CC number but the wrong expiration date. They closed the Visa account and sent me a new card.

The fact that both these frauds occurred just after Christmas makes me wonder whether one of my usual Christmas vendors may be at fault. In any case, it takes me at least an hour to redirect all of my automatic monthly billings to a new CC number. I'm really getting tired of this routine :annoyed

I notice that Visa has a new program called "Verified by Visa". When you try to do a transaction online, you are redirected to a Visa-related website where you have to enter an account name and password. This is a good idea. The "security code on the back of the card" approach simply doesn't work. Anyone you hand your CC to (for example, in a restaurant) can easily flip over your card and write down the security code for future online fraudulent use. My home address is a matter of public record, so practically anyone with access to my Visa card can use my CC number to make unauthorized charges on websites that do not use "Verified by Visa."

I'm going to start being more cautious on where/how I use my Visa card. For example, I'll start paying cash in restaurants so the Visa card doesn't leave my possession.

I was wondering how people who are traveling overseas deal with this problem. Many travelers are highly dependent upon their credit card, and if their CC company spontaneously closes their account due to fraudulent activity while they are traveling overseas it could be a real pain. Well, currently not my problem. 8-)

User avatar
Steelersfan
Posts: 3545
Joined: Thu Jun 19, 2008 8:47 pm

Re: Credit Card Hacked -- how?

Post by Steelersfan » Thu Jan 19, 2012 10:23 pm

socca wrote:
I was wondering how people who are traveling overseas deal with this problem. Many travelers are highly dependent upon their credit card, and if their CC company spontaneously closes their account due to fraudulent activity while they are traveling overseas it could be a real pain. Well, currently not my problem. 8-)
I generally pay for things with cash I get from ATMs (bank one) when I travel overseas, but occasionally I do use my credit card (bank two), mostly for multiple day stays at chain hotels. They're probably safer than most merchants.

If it were hacked and closed, I would use the back-up card I always carry from another bank (bank three). I only use it enough to keep it from being closed for inactivity by the bank. If that would get closed I would rely totally on cash from an ATM (bank one).

That's never happened.

So far.

Mudpuppy
Posts: 5889
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: Credit Card Hacked -- how?

Post by Mudpuppy » Fri Jan 20, 2012 2:26 am

Steelersfan wrote:I had my credit card used fraudulently to order two very unusual books, one a book of poems based on bible verses and another on healthy living through yoga and diet. From an online company I'd never heard of. Neither are anything I'd ever purchase. I only found out when the books arrived my my home. There were no other transactions!

I canceled the card and went through hoops with the company to get credit for the books. They couldn't figure out why someone used a card to order books and have them sent to the real card owner. Very odd.

I never did find out how someone got my credit card information.
Sleep-shopping? :D

Mudpuppy
Posts: 5889
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: Credit Card Hacked -- how?

Post by Mudpuppy » Fri Jan 20, 2012 3:32 am

socca wrote:The fact that both these frauds occurred just after Christmas makes me wonder whether one of my usual Christmas vendors may be at fault. In any case, it takes me at least an hour to redirect all of my automatic monthly billings to a new CC number. I'm really getting tired of this routine :annoyed
It's more likely that the thieves are hoping that a) you won't notice because of all your Christmas shopping and/or b) that the credit card company fraud detection algorithm will be a little more forgiving of one-off large purchases due to holiday shopping behavior.

Wolkenspiel
Posts: 554
Joined: Wed Sep 30, 2009 7:45 am

Re: Credit Card Hacked -- how?

Post by Wolkenspiel » Fri Jan 20, 2012 5:17 am

grabiner wrote: You can buy a ticket online in a name other than the name on the card; as long as the passenger has an ID matching the name on the ticket, it doesn't matter which card was used to buy the ticket.

(And while tickets purchased in someone else's name are suspicious, they aren't automatically fraudulent; parents may buy tickets for their children, and a husband and wife with different last names may buy tickets for each other.)
True, but some airlines now require you to present the credit card used to purchase the tickets at check-in (or prior to check-in at some airline office). Cathay-Pacific has asked me several times. As this can be a big problem for someone in the situation you mentioned (and who missed the fine print), I assume that there is non-neglible fraudulent activity.

Wannaretireearly
Posts: 654
Joined: Wed Mar 31, 2010 4:39 pm

Re: Credit Card Hacked -- how?

Post by Wannaretireearly » Fri Jan 20, 2012 6:49 am

I like this idea:

On the back of my cards, I sign in permanent ink "SEE MY I.D." and sign the pads the same way. I feel that is a bit of protection. The gel pen does not allow your check or signature to "washed".
Buy Low, Sell High

socca
Posts: 170
Joined: Fri Nov 21, 2008 11:19 am
Location: Sarasota, FL

Re: Credit Card Hacked -- how?

Post by socca » Fri Jan 20, 2012 7:56 am

socca wrote:I notice that Visa has a new program called "Verified by Visa". When you try to do a transaction online, you are redirected to a Visa-related website where you have to enter an account name and password. This is a good idea.
Although this may help, it's not perfect. I seem to get about one phishing e-mail per day, and I'm still waiting for the first phish trying to get my "Verified by Visa" account name and password. The funniest phishes have grammatical and/or spelling errors, so I imagine it will look something like this:
Dear Sir:

There is a problem with your Veryfied By Visa (tm) account. Please log into http://www.wewantyourvbvinfo.ru to fix the problem. Tank you.

Veryfied By Visa Account Management
Copyright 2012 Visa All Rights Reserved

User avatar
camper
Posts: 852
Joined: Thu Dec 04, 2008 11:51 pm
Location: My side of the mountain

Re: Credit Card Hacked -- how?

Post by camper » Fri Jan 20, 2012 9:20 am

Wannaretireearly wrote:I like this idea:

On the back of my cards, I sign in permanent ink "SEE MY I.D." and sign the pads the same way. I feel that is a bit of protection. The gel pen does not allow your check or signature to "washed".
I tried doing this. I tried using that card at the post office. They wouldn't take it. Apparently when you do not sign the back of the card, you haven't validated the card agreement. I was pretty upset with the person at the post office. When I got home and checked, he was right. Any merchant can refuse a charge if the back of the card is not signed with you signature.

c.Alvin
Posts: 295
Joined: Thu Aug 16, 2007 4:57 pm

Re: Credit Card Hacked -- how?

Post by c.Alvin » Fri Jan 20, 2012 10:21 am

My credit cards have been used/abused a number of times over the years. In every case the credit card company was aware of the problem before me. As long as the credit card issuer covers the cost, I am not concerned. One of the stranger incidents involved a Discover card. Every month $15 charge for a DVD purchase at a music store in Japan. Discover card did not close the account. The DVD purchases went on for several months. I eventually demanded the issuer close the account. Discover card was willing to eat the cost rather then close the account.

User avatar
archbish99
Posts: 1638
Joined: Fri Jun 10, 2011 6:02 pm

Re: Credit Card Hacked -- how?

Post by archbish99 » Fri Jan 20, 2012 12:21 pm

camper wrote:
Wannaretireearly wrote:I like this idea:

On the back of my cards, I sign in permanent ink "SEE MY I.D." and sign the pads the same way. I feel that is a bit of protection. The gel pen does not allow your check or signature to "washed".
I tried doing this. I tried using that card at the post office. They wouldn't take it. Apparently when you do not sign the back of the card, you haven't validated the card agreement. I was pretty upset with the person at the post office. When I got home and checked, he was right. Any merchant can refuse a charge if the back of the card is not signed with you signature.
I have only ever encountered this at the US Post Office. But yes -- I write in large print with a Sharpie, "***CHECK ID***" and then in small print with a fine-tipped pen, I sign in the corner. It's technically signed, but you can't check the signature without seeing the additional instruction.
I'm not a financial advisor, I just play one on the Internet.

LynnC
Posts: 796
Joined: Thu Mar 01, 2007 7:01 pm
Location: California

Re: Credit Card Hacked -- how?

Post by LynnC » Fri Jan 20, 2012 1:48 pm

My picture is on my CC, so maybe that is the difference. I have NEVER had anyone question it and have written checks at the post office, so go figure.

LynnC

User avatar
specabecca
Posts: 103
Joined: Fri Nov 19, 2010 3:20 pm

Re: Credit Card Hacked -- how?

Post by specabecca » Fri Jan 20, 2012 2:02 pm

socca wrote:I was wondering how people who are traveling overseas deal with this problem. Many travelers are highly dependent upon their credit card, and if their CC company spontaneously closes their account due to fraudulent activity while they are traveling overseas it could be a real pain. Well, currently not my problem. 8-)
When I travel overseas, I call the CC co and tell them what cities I will charge to over which time period (I always make it generous in the case of getting stuck somewhere, or deciding to extend the trip). Haven't had a problem yet.

brianH
Posts: 186
Joined: Wed Aug 12, 2009 12:21 pm

Re: Credit Card Hacked -- how?

Post by brianH » Fri Jan 20, 2012 2:10 pm

archbish99 wrote:I have only ever encountered this at the US Post Office. But yes -- I write in large print with a Sharpie, "***CHECK ID***" and then in small print with a fine-tipped pen, I sign in the corner. It's technically signed, but you can't check the signature without seeing the additional instruction.
The merchant, of course, is under no obligation to actually do it. The Visa and MC merchant agreements prohibit requiring an ID with a purchase (http://www.privacyrights.org/ar/Alert-FS15.htm). The card *is* your ID according to them.

The whole system is horribly broken. I can't wait for the cell phone-based credit authentication to start taking off more. Even websites can use it: enter number on site, site gives you a code, punch that into your phone, transaction verified. Another benefit is having a more detailed record of purchases on the phone ready to upload into accounting software.

User avatar
SSSS
Posts: 1890
Joined: Fri Jun 18, 2010 11:50 am

Re: Credit Card Hacked -- how?

Post by SSSS » Fri Jan 20, 2012 2:38 pm

LynnC wrote:My picture is on my CC, so maybe that is the difference. I have NEVER had anyone question it and have written checks at the post office, so go figure.
Does anybody other than Bank of America do this? Last I knew they had a patent on it (as well as on the keychain mini-cards). I want to cancel my Bank of America card due to annual fees but the keychain card with picture is really useful if I forget my wallet.

socca
Posts: 170
Joined: Fri Nov 21, 2008 11:19 am
Location: Sarasota, FL

Re: Credit Card Hacked -- how?

Post by socca » Fri Jan 20, 2012 6:25 pm

If I were able to set up a list of approved vendors for my CC, then any attempt to charge my card by an unauthorized vendor would be automatically rejected. This security feature, had it been in place, would have prevented the last two fraud attempts against my card (both were charges by merchants that I have never even heard of, much less used). I would need to be able to deactivate this security feature when I travel, since it doesn't work well for spontaneous, unanticipated purchases. However, for everyday living it might work fine. :?:

User avatar
roymeo
Posts: 1244
Joined: Sat Apr 28, 2007 7:19 pm
Location: Oakland, CA
Contact:

Re: Credit Card Hacked -- how?

Post by roymeo » Fri Jan 20, 2012 11:00 pm

Wow LynnC (and some others), you sure are doing a lot of work for the Credit Card company. I'm happy to let them do the footwork and not have to bother with cash, etc. etc. Just like the banks making signature checking not required on checks so they could speed up the processing of them, the CC companies have lobbied a lot of things into place for their own advantage. If they let someone buy $2000 from a game store in New Zealand with my card, that's their problem.

I gave up on the ID ME thing long ago--first I was frustrated that no one (in ATL) almost ever looked at the back to find the huge red letters, then I was annoyed when almost everyone (in Rochester, NY) did ID me.

I've never been given any flack from the CC companies when the number's been nabbed. And certainly no need to be OCD and check it daily. There's plenty of time built into the system to cover that. Besides almost all of the instances have been ones that they've found in about that daily turnaround time.

The only thing that was annoying at first that I've noticed is that the phone call or paperwork with the fraud prevention crew is very 'cold' and business-like, since you are technically a suspect at the time. They're just being professional though, so I just treat them professionally back.

roymeo
The sewer system is a form of welfare state. | -- "Libra", Don DeLillo

User avatar
aja8888
Posts: 484
Joined: Thu Feb 10, 2011 11:28 pm
Location: The Woodlands, Texas

Re: Credit Card Hacked -- how?

Post by aja8888 » Fri Jan 20, 2012 11:39 pm

I checked in to the Hyatt in San Juan, Pureto Rico on business and my AMEX was swiped through the card reader by the check in attendant at the desk. Next afternoon, AMEX tracked me down and asked me if I was in Croatia where my card had made purchases of $18,000 worth of electronics. I was not in Croatia. They said my card was, though!

Scary stuff.

LynnC
Posts: 796
Joined: Thu Mar 01, 2007 7:01 pm
Location: California

Re: Credit Card Hacked -- how?

Post by LynnC » Sun Jan 22, 2012 3:29 pm

SSSS wrote:
LynnC wrote:My picture is on my CC, so maybe that is the difference. I have NEVER had anyone question it and have written checks at the post office, so go figure.
Does anybody other than Bank of America do this? Last I knew they had a patent on it (as well as on the keychain mini-cards). I want to cancel my Bank of America card due to annual fees but the keychain card with picture is really useful if I forget my wallet.
Yep, Citi does and so does AmEx with Costco. Just ask.

LynnC

Default User BR
Posts: 7501
Joined: Mon Dec 17, 2007 7:32 pm

Re: Credit Card Hacked -- how?

Post by Default User BR » Sun Jan 22, 2012 3:32 pm

More and more places don't even ask for signatures for smaller purchases. The local supermarket raised the "no sign" amount recently, it's up to like $40.


Brian

LynnC
Posts: 796
Joined: Thu Mar 01, 2007 7:01 pm
Location: California

Re: Credit Card Hacked -- how?

Post by LynnC » Sun Jan 22, 2012 3:34 pm

roymeo wrote:Wow LynnC (and some others), you sure are doing a lot of work for the Credit Card company. I'm happy to let them do the footwork and not have to bother with cash, etc. etc. Just like the banks making signature checking not required on checks so they could speed up the processing of them, the CC companies have lobbied a lot of things into place for their own advantage. If they let someone buy $2000 from a game store in New Zealand with my card, that's their problem.

I gave up on the ID ME thing long ago--first I was frustrated that no one (in ATL) almost ever looked at the back to find the huge red letters, then I was annoyed when almost everyone (in Rochester, NY) did ID me.

I've never been given any flack from the CC companies when the number's been nabbed. And certainly no need to be OCD and check it daily. There's plenty of time built into the system to cover that. Besides almost all of the instances have been ones that they've found in about that daily turnaround time.

The only thing that was annoying at first that I've noticed is that the phone call or paperwork with the fraud prevention crew is very 'cold' and business-like, since you are technically a suspect at the time. They're just being professional though, so I just treat them professionally back.

roymeo
I view this as my problem because I like my rewards my CC offers me. The more they spend on tracking down thieves, the less I may get in rewards or worse yet, they may go back asking ME to pay to use their card. Remember those days?

I also shred my personal papers, too. Why make things easy for the bad people? Not paranoid, just prudent.

LynnC

User avatar
interplanetjanet
Posts: 2226
Joined: Mon Jan 24, 2011 4:52 pm
Location: the wilds of central California

Re: Credit Card Hacked -- how?

Post by interplanetjanet » Sun Jan 22, 2012 4:36 pm

LynnC wrote:On the back of my cards, I sign in permanent ink "SEE MY I.D." and sign the pads the same way. I feel that is a bit of protection. The gel pen does not allow your check or signature to "washed".
The reason that credit card merchant agreements prohibit asking for ID *is* to help prevent credit card compromise - this is not nearly so crazy as it sounds.

Relatively few credit card compromises involve someone using someone else's physical card at a point of sale. When you present your ID along with a credit card, the clerk checking them now has all the information they need in order to exploit your card number online. The big piece of information that is missing from your credit card that they need is your billing address, and your drivers' license not infrequently has this right out front.

I'm not saying that most clerks have the time or inclination to compromise your account, most do not. To any who wish to, though, you may have just handed them the information they need.

That said, I used to get frustrated or annoyed when clerks would ask me for my ID - now I comply and just make sure they're not trying to write anything down from it or commit it to memory. I've tilted at that windmill enough, if my credit card number is compromised I will deal with it and move on.
I NEVER use a debit card. Just my 2 cents,
I carry an ATM/debit card only for my "debit" account, which sits with a few hundred dollars in it and no overdraft. This is very handy when needing to make a purchase where debit is the only means of card payment allowed (some gas stations, in-person at my state DMV, a nearby thrift store, some smaller restaurants, etc). I "true up" my balance later in the day after returning home. The ATM/debit card for my "main" account is deactivated and sits locked up.

-janet

Imbros
Posts: 192
Joined: Mon Jan 23, 2012 11:41 pm
Location: Wisconsin

Re: Credit Card Hacked -- how?

Post by Imbros » Tue Jan 24, 2012 12:27 am

I work in the Bankcard industry at a large Fortune 500 company that provides Fraud Prevention and Detection services to number of Financial Institutions, including some Boglehead favorites. Being a relatively young Boglehead, who has benefited a lot from this board and who has been a lurker for a long time, I just wanted give you folks some info about Bankcard fraud trends.

I'm sorry to hear that so many of you have had to deal with this issue. Unfortunately we are seeing more and more cases in the U.S while European and Asian institutions report declines thanks to the EMV (chip cards) technology they use. I'm afraid, until we switch to EMV technology too, this will get only worse.

About a couple of other things that has been previously discussed/mentioned:
The reason that credit card merchant agreements prohibit asking for ID *is* to help prevent credit card compromise - this is not nearly so crazy as it sounds.
I don't think this is true. They simply want to see that the name on the card matched with the name on the ID. When fraudsters make a counterfeit card, they use generic cards with no names or someone else's name on them. This is the simplest and most practical way to prevent Card-Present fraud at merchant level. But previously mentioned, merchants don't have to make this check.

Please let your institution know about your future travel plans, especially if you intend to travel to risky regions like Eastern Europe and South America or risky states like FL, CA, NV.

Fraudsters sometimes make a small test authorizations to check if the card number is good, transactions with larger amount follow.

You're about a thousand* times more likely to get your credit card number stolen from in-person transactions than from legitimate online shopping.

*Arbitrarily large number used for emphasis. Not intended to be a factual statement.
I would say it is about 10 times more likely, and it could be almost a factual statement. :) (no data to back it up, just industry experience for over 3 years)

This is being the first message I post on this board, I just want to thank everyone for sharing their knowledge and experience generously in various subjects.
There is no greatness where there is no simplicity, goodness and truth. -L. Tolstoy

LynnC
Posts: 796
Joined: Thu Mar 01, 2007 7:01 pm
Location: California

Re: Credit Card Hacked -- how?

Post by LynnC » Tue Jan 24, 2012 10:51 am

Thank you and welcome to the forum.

It is also a good idea to let your CC know before making an abnormal big purchase, no?

LynnC

Post Reply