I got a call from my bank today about a CC transaction they had just declined for $20 at the Post Office.
The only problem was I did not attempt to use my CC at the post office today, and I was at least 20 miles from that post office.
The bank said that the card was swiped, not punched in manually. They asked if my wife and I both had our cards in our possession. We do. So somehow someone made a duplicate of my card.
So the first question is, where did they get the info to do this? (I know that you probably don’t know for sure for this case, but in general)
Second question: How the hell did the bank determine that a $20 transaction was bogus? I am no where near my limit, The area where it was used is some place where I have been known to shop. How do they know? 
Bottom line is they shut down the card, and I will have new ones on Wednesday.
Are you sure it was the bank? That is the real scam often enough.
For a few hundred dollars you can buy a machine that will put whatever information you want onto a magnetic stripe. For a fraudster to duplicate your information, they could have got hold of your card somehow - maybe at a restaurant where you hand over your card - and then read the stripe in a process called skimming.
However, that leads us to why the transaction was rejected. They got something wrong. Maybe they never actually got your card but they attempted to make one using your credit card number, but they got something else wrong that was supposed to go on the mag stripe.
Or maybe the post office does CVV/CVV2 entry (the 3 digits on the back of a Visa or MasterCard, or 4 on the front of AmEx) and the crooks did not have your CVV.
Or maybe the post office does partial address validation based off a zip code entry and the fraudsters did not know your zip code and gave the wrong one.
Since they asked for for the validity of each of my CC transactions for the last month (We show you bought $30.05 at Amazon.com on 5/1 is this charge yours?) then the answer is yes, it was the bank. Also before I called them back, I checked on line and my CC was flagged when I logged into my account.
I have no doubt I was talking to the bank.
The CVV is only used when the number is keyed in. It proves that you are holding the card in your hand (or that the person giving you the number is holding the card in their hand). It makes it a sort of pseudo card present transaction. But usually, you have to key in the last four digits of the card when you swipe it. This is to make sure the card number and number on the mag strip match. I’m guessing someone skimmed your card and wrote the info onto another real CC. When the P.O. swiped the card and keyed in the last four digits, they didn’t match and your number was flagged.
Not true. That may once of been the case, but not any more. It is being used as an extra security measure. My company develops credit/debit software and we have developed CVV entry for swiped cards because our customers (the retailers) wanted it. Wanted it enough to pay us to do it.
Oh, I’m just basing it on my expierence (Telecheck, Paymentech, Eclipse Machine) when I key in a number I get asked for Zip code and CVV (sometimes, sometimes not), but when I swipe, I ONLY get asked for last four.
If merchants are going to be asked to enter CVV for swiped as well, I sure as hell hope that the people who make the cards find a better way to print it on. I’d say 1 out of 10 people can’t read it because it’s worn off, it blurry (from being rubbed) or they signed over it. In fact, on my machine if I skip entering it, it asks for the reason and one of the reasons is “Can’t Read” and then I have to pay more for the transaction. I think Discover charges 50¢ for not entering it.
I am going to tell you that if someone went to the problem of making a copy of your CC, then he wouldn’t make just a single charge for a measly $20 at the USPS. I suspect, since it was only 20 miles from our house, that one of your forgot? The day might be wrong, mind you- sometimes a week off.
No, this is similar to what happened when my card got stolen. The first illegitimate charge was a low-dollar gift card at a Sears. When that one went through okay, they moved across the street to an auto parts store and got several $200 gift cards and then down the street to Best Buy where they stocked up on $200 gift cards as well.
It seems stupid for them to use the Post Office as a testing ground, though; wouldn’t this compound their crime of CC fraud into, say, mail fraud, wire fraud, or some sort of federal bit?
Rick said they both have their cards in their possession.
Rick, when they asked, I assume you and your wife both went and actually checked right?
Don’t mean to hijack, but you raise a question. If they bought gift cards, couldn’t these be tied to the fraudulent transaction and voided?
Well let me spell it out for you.
At the approximate time the charge went through, I was standing in a branch of the same bank in my home community. About 20 miles away.
At this exact moment I have both credit cards laying on my computer monitor base with a post it note with the bank fraud department info. ::: Looks::: yup still there.
I have not used that card in Santa Clarita in probably 6 months.
I seriously doubt my wife has ever used her card in SC.
The last time I visited a Post Office in SC was over 15 years ago, when I worked there.
The last time I used a credit card at any post office was for my home post office, 2 weeks ago, and I used a different card. I still have the receipt and it shows a different last 4 digits.
The bank said the card was swipped, not typed in.
The bank DECLINED the charge. I have not had any transactions declined on this card ever.
So unless you think I shit for brains, I think you would have to agree that I did not make that charge.
But are you certain? 
Perhaps Ms. Rick has a secrect stamp collecting addiction she isn’t telling you about. Sneeking off to SC to get a stamp fix?
<Ducks and runs>
All right get over here and clean this coffee out of my keyboard.
I’m sure the capability exists; a friend had his credit card stolen on the subway and the D.C. Metro’s system was fast enough to find all farecards in the system that carried any money that came from that credit card. They voided the farecards and trapped the thief behind the turnstiles, where they recovered the credit card, wallet, and cash. Had the thief left the Metro as soon as he stole the card and taken a cab, though, he would have gotten away.
Some stores’ gift cards might not be linked to the purchasing credit card, as dumb as that sounds. And even if the store can invalidate them once the fraud is discovered, the cards could be used by a partner ten minutes after they’re purchased, or sold for cash on Craigslist, perhaps even below face value.
And, even if the fraudster somehow knew that the gift cards had been invalidated, that doesn’t stop them from trying to find a sucker on craigslist.
Like I said- it makes no difference where you were at that time. Sometimes, the date & time for the transaction is way off. Having worked as a fraud investigator, I can tell you certainly that no one is ever going to make a copy of your card and make one puny charge for just $20 at the PO.
So either you guys made the charge or the bank screwed up. I am willing to accept the bank screwed up. But I am not willing to beleive that some dudes made a copy of your card for $20 worth of stamps. (They want several thousand $$ per card)
And you have no idea of why the bank declined the transaction? Becuase also Banks are not normally suspicious of a $20 USPS transaction close to your home. (by “close” here, I include 20 and even 50 miles).
I have no doubt that they do. What does that have to do with it?
So you are telling me that either I have shit for brains or the Bank of America with its state of the fucking art computer system got the date, time, and location of when the card was swiped wrong. :rolleyes: Riiiiight. :dubious:
Mind you we are not talking about when the charge was posted, but rather when the card was swiped at point of sale. Furthermore when the bank read back to me all of the rest of my charges to verify if they were correct, all the dates, times and locations were correct.
No I don’t have any clue how they picked up the transaction was bogus*, apparently neither do you. :rolleyes:
*If you read the OP closely that is one of the two questions I am asking. I don’t ask questions I know the answer to.
In your professional capacity as a fraud investigator, have you ever seen the pattern I described? That is: tiny charge to verify the card, followed by several large charges to get maximum value off the card?
I don’t think that your approach of rejecting the OP’s premise is terribly helpful here. I know we had an OP last week whose story didn’t add up, but shouldn’t we assume his story is legit?