Did anyone have their credit/debit card compromised lately?

LorenzoL

LorenzoL

Feedback: +31 / =0 / -0
Joined
Mar 9, 2009
Messages
1,810
Guys, listen to what just happened to me.
I use a debit card with a pre-set spending limit for all my online knife purchases, except when I can use PayPal directly.
I recently used that card to buy knives from two extremely reputable knife dealers from whom I had purchased on several occasions without any issues.
A couple of days after those transactions, my debit card was hit with several small $1 purchases from the Apple Online store, I am guessing either iTunes or App store downloads.
Because I am on vacation abroad I did not catch those immediately by checking my statement online.
Then, a couple of days later I get hit with a 1$ charge by Microsoft online, immediately followed by a $219 and change charge from the same vendor.
Luckily I was online that day (yesterday) and caught that. Unfortunately being abroad I could not immediately call the 1-800 number to block my card, so I spent enough to reach the pre-set spending limit by buying stuff I needed on Amazon. I am glad I did because during the night there was another unauthorized transaction from Newegg that was declined for lack of funds.
Anybody else experienced something similar lately?
I want to stress that I only use that card for online purchases, and it is a recently issued card, so there is no chance it was physically compromised.
And the thieves seem to like electronic stuff -and they are not biased towards either Apple or Microsoft-.
One thing is certain, I will never use a regular card online ever again, I'll either use PayPal directly or a PP-issued single-use secure card.
 
Last edited:
I had a friend that had the same thing happen to him a couple of weeks ago with one exception; he had never used the card online anywhere but Amazon!! Only local purchases and only in machines that he scanned such that the card never left his hands...

Then, his card got used (manually scanned) at a CVS in NY (we are in OK) twice one morning for $400 each use. Within 30 minutes he had been notified and was sitting at the local bank filling out the paperwork for reimbursement. So the notification when it is obvious fraud is really good. The enforcement is not so good because the card was used again a few minutes later and the store in NY should have been notified to call the authorities.

So, if you had used the card previously on Amazon that would be interesting. Otherwise I suspect the issuers may be having security issues; and the numbers / names would be easy to smuggle. Once they have that information they can just swipe the card thru a machine to program it.

I have always resisted having a cart that stored any customer information. I don't want it, don't need it, and don't need in the middle of these exact circumstances. I believe it won't be long that online retailers will get completely away from storing any information on their own server and use one of the secure payment gateways exclusively.

So it sounds like your story may be one of the ever increasing we are going to be hearing in the future....
 
Yeah my Visa card had to be cancelled last week, got a call from the credit card company telling that someone had tried to make a $1 purchase from Apple Online store. They spotted this as an attempt to test if the number works, and contacted me on the spot.

Card cancelled, new one ordered. Highly annoying as there's no telling where and when the card data could have been copied and compromised.
 
Yup, about a year ago I used my card to pay for an E-bay purchase. A few weeks later a few $1 charges started to show up from a Rite Aid in LA. Since I have fraud protection these small charges triggered an alert and my card was "suspended" Good thing because a $297 purchase in London, England was being attempted but luckily it did not fly.

The Loss prevention guys say that the numbers get sold by E-bay sellers (business types, or purported to be business types) often.

I don't know why they need to make so many $1 purchases before going big. If they had gone with the $297 purchase first it "might" have worked...................
 
Many Credit/Debit cards are compromised by over the phone purchases.

All the pertinent info is freely given to a virtual unknown voice on the other end by folks who somehow feel it's safer than using the Internet...
 
I appreciate all the valuable input and information.
The Amazon lead might make sense: although I had not yet bought anything on that site with that newly-issued card, I had updated the card info in my account page on Amazon, so it could have been hacked from there.
Here is a little update on the situation: because I could not call the 1-800 number, I ended filing an online report saying that my card had been compromised. Although I specified which pending transactions were legit and which were not, apparently all pending transactions are going to be declined. I guess that will be a major headache because all the items I purchased have been shipped already. Hopefully, I will be contacted to provide an alternate credit card...
 
If you have used a gas station card reader or an ATM machine, there are organized crime gangs that place a slender 'skimmers' into the slot that will capture cc numbers and PINs.

These gangs originate from South America and Russia and will they can promptly empty your bank account or cc balance before you realize it.
 
That's what I find quite frustrating, not knowing if my card number was stolen using a rigged ATM, in a store someplace, from a shop payments database, domestically or abroad or what. There's a lot of places where a card can be copied or the data stolen later.

Oh well. Must be even more careful in the future, but basically there's only so much I can do. Luckily my card company had a good warning and protection system in place.
 
Just curious,

Can you find out the name of the company that actually processes the credit cards for the shop where you made the purchase?

My number was stolen a few weeks ago. I had not used the card in over two months. Then I made a purchase online from a police supply company in Florida. 6 days later someone starting using the card for $1, $50, $100, $150, etc. Lucklily, Chase caught it in time. My card was used online through "Yahoo Search Compainion". I'm still waiting on an answer back from them (if you can get any kind of answer from Yahoo) to see if they captured the IP address of the computer that was used.

I know that all banks have a fraud limit set and they will not investigate any theft below that limit. Most start at $10,000 so I know Chase is not going to follow up and actually try to find the SOB.

I called the company the Florida and found out that they use a company called Quickbooks/Gateway to process the cards. I was told that the company employees in Fl. can only see the last 4 digits of the number when the order comes in. However, the card processing company can see all 16 digits. I think that is where the problem lies........
 
It's amazing,I just saw a news story about those CC/debit processing terminals that retailers have.It appears that they are magnet for theives because of the hard drives they store tonnes of data worth stealing.A high value target ,low risk,and easy to find.From the neighbourhood 7-11 to your favorite establishment.
 
Some info from being on both sides of a transaction and being an analyst at a company where I looked at billions of transactions a year:

There are so many ways for thieves to steal your cc info that it's pretty hard to stop them unless you flat out just stop using your cards or don't have any in the first place. No matter how good a company's security is, there is a hacker out there that is better. A database with millions, or even hundreds or thousands of legitimate, verified cards is extremely attractive to thieves. Social engineering is a really easy way for them to get login, cc, security, etc. information from a hapless employee. The guys that got the millions of TJ Maxx, Office Max (Office Depot?), and some other huge companies' complete credit card files did it for MONTHS before anyone even noticed.

A lot of companies aren't storing any cc info anymore. I don't keep card info at all. It goes straight to the processor and is not stored on any of my computers, on any of my sites, or in any of my databases, even though I do my best to keep solid security on everything. IIRC, some recent legislation has been passed to restrict e-commerce sites from ever storing or even seeing cc info.

Any half decent bank or card issuer will get the money back in your account within a couple of days and cancel any fraudulent transactions. They go after the thieves hard, with huge raids on tends or hundreds of people at once happening on a regular basis. The problem is that there are always new thieves to replace the old ones.

So, if you get your money back, who is getting screwed in the process? It sure isn't the banks. Us retailers get hosed on fraudulent transactions, since merchandise walks out the door or is shipped out and the cc company will take the money back out of our accounts. I pay extra for heavy duty fraud detection and prevention and check signatures and IDs in person, so I haven't had too much trouble with it (only one from Going Gear that was going to Lithuania). I can't imagine the crap that electronics or jewelry dealers have to deal with. I've heard horror stories about jewelry guys quadruple checking $10K transactions and still getting scammed.

I wouldn't worry about it too much. You will get your money back and there is not much you can do to go after the person that the cc companies will not do themselves.

For what it's worth, I have had six cards canceled because of real or suspected fraud over the years. Four were real, and the culprits were massive companies with databases really attractive to hackers. Each time, I had my funds back quickly and completely. The other two times were when I registered a bunch of domains at once, which is something that thieves love to do to test the cards. After the second time, I had to tell my bank that whenever they see that, it is probably legitimate. :)
 
storl said:
They go after the thieves hard, with huge raids on tends or hundreds of people at once happening on a regular basis.
Click to expand...

I have a hard time accepting that. My impression is that the banks coud really care less. Why? Because they just pass the costs on the the merchants and card holders in fees.

The only time anything happens is when large amounts of customer data are stolen and the press makes a stink. Then the banks are pissed because they dont like their sstems hacked and the negative press scares away card users – untill it blows over.

Over here they hack ATM machines, get your PIN and card info, make a copy of the card and go to town. This happens very often. It happened to me. I receievd the money back but a big investigation? I dont think so. The police basically told me nobody ever gets caught and goes to jail for that type of bank robbery, and it brings the thieves millions.
 
Kevin Wilkins said:
Over here they hack ATM machines, get your PIN and card info, make a copy of the card and go to town. This happens very often. It happened to me. I receievd the money back but a big investigation? I dont think so. The police basically told me nobody ever gets caught and goes to jail for that type of bank robbery, and it brings the thieves millions.
Click to expand...

AFAIK, they don't "hack" the terminals, but add a card's magnetic strip reader in front of the actual slot AND install a small camera to see the keyboard while you are typing in the PIN. Then they create a copy of the card, and use the PIN you unknowingly showed them.

Therefore, it is always good to :
i) check if there isn't some kind of extension (~ the reader) on the slot (typically, it makes taking the card out difficult, leaving only very small part of the card for you to grab)
ii) cover up the keyboard (e.g. with your other hand :)) when typing in the PIN code
 
You must log in or register to reply here.
Back
Top