Check your bank statements!

Apparently, yesterday afternoon about 3pm while I was at work, I purchased $300 worth of clothes at an online store in Great Britian. Fortunately Suntrust flagged the charge and did not let it go through.

The freaky thing is…I have my card in my wallet! Somehow someone got my card number.

Kudoes to Suntrust for their quick response, and keep a vigiliant eye on your account! I will be getting a new card in a few days.

I’m trying to figure out how this happened…should I be looking at my most recent transaction? What is the turnaround time for thieves in cases like this?

I hope you’re not looking forward to some prosecution here, because it’s not going to happen. For whatever reason, IME, the cops don’t care enough to do anything about this.

Every time you use your card you’re giving more people access to your number. In most cases, these are trusted people using secure software and procedures. But not always.

130 million credit and debit card numbers stolen

I would look back through the past few weeks of transactions. It could have been that a purchase you made with that card at what you might now consider a less than reputable establishment might have had an employee that installed a skimmer on the card reader to record cards as they’re swiped. Has there been any time an employee has swiped your card for you out of your line of sight? (Below the counter or behind something)

The turnaround can be highly variable. Thieves who collect numbers en masse typically sell them either themselves online, or collectively to a larger criminal enterprise who then sell them off to others, so there’s no real way to pinpoint when and where your number might have been skimmed, but I would look at smaller stores – variety stores/bodegas, mom 'n pop food joints or clothing stores, that sort of thing. I’d go back at least two weeks, possibly more.

I’m not out any money, the bank stopped the charge from going through, and I know the thieves are long gone, so since no harm no foul, all I feel is a bit vulnerable and exposed.

Ivylad and I ate a mom and pop restaurant in town that we’d never eaten at before about four weeks ago. Could that be it? Would it do any good to call the manager and let them know my suspicions?

It’s probably not even worth by now. There isn’t even a guarantee it was a skimmer; as Fear Itself posted, it could have been stolen from an online security breach at a card handling company, or some department store’s intranet or something. Physical skimmers are probably more likely, but even then, nailing down where and when would be impossible. All you can really do if you hope to have any degree of protection is:

  • Whenever possible, always swipe the card yourself. If you can’t (say it’s one of those readers built-in to their POS keyboard or something), never let your card out of your sight.
  • Always conceal your fingers when entering your PIN. I usually cover up, and then position my fingers over the numbers in such a way that I can press them with minimal movement so the number can’t be guessed by the way I move my hand.
  • Never use it in an ATM that may look like it has been tampered with. (Boxy protrusion with a hole in it above looking down on the PIN pad, false front over the card slot, that sort of thing.)

Those still are no guarantees your number will never get stole, but it minimizes the risks that it will be stolen by the employee of an establishment you patronize.

We got a charge on our bank account, and only spotted it because Mr. brown looks at our online account multiple times per day. It came through my charge card, apparently, but I had not done the transaction. It was for a site called “”, which some research showed was at the heart of many fraudulent charges. We promptly canceled that card and I was issued a new one. I usually order only from big, reputable online companies like Land’s End or L. L. Bean, but I had ordered some special German-made lip balm from a smallish website a couple of months earlier. Now I’m out of that lip balm and want some more, but damned if I’m going to risk that again.

Seems like ordering from suspicious places across the pond would be the perfect time for a virtual account number.

A lot of times those virtual accounts don’t work with all online merchants. I had one and before I could charge the company had to make two small (less than a dollar) charges and I had to confirm it, then they credited the small payments.

It was a pain.

Chase is also a pain, everytime I charge more than $100, the transaction gets declines and they have to call it in or I have to “pre-register” a “large transaction” with Chase.

I wouldn’t be so quick to blame the little guy these days. There have been many instances of high profile companies being breached, meaning that whole batches of cards are compromised.