So today I have to cut up my credit card…again. And I thought I was paranoid about credit card security. I only use https sites, I burn all my receipts, I watch my card like a hawk at restaurants, and I still get taken for one large.
This time it would seem it was an internet transaction. So, question. Other than the obvious cloning at a restaurant, how else does a fraudster get hold of my credit card details?
Oh, another thing. On the same day I get a notice from the Board That Shall Not Be Named that someone tried to hack my account. Coincidence?
You didn’t get taken for diddly-squat; some unfortunate merchant did, unless you elected not to report the fraud and decided to just pay off the fraudulent charges.
How closely can you watch your card at restaurants? Doesn’t your server at some point disappear from your line of sight?
Other than that, yes, merchants do get hacked from time to time. The bigger hacks (e.g. Target, Home Depot) make the news. There are also skimmers out there, though I’ve never seen one in person.
I ship a lot through FedEx, and a couple of years ago fraudulent charges started showing up on my AmEx card. At first it was a bunch of shipments through FedEx, but then it was other non-FedEx stuff as well. Given that it started with FedEx, my assumption is that FedEx got hacked somehow.
Not really. Everyone on that board had the same thing happen to them, and as far as the admin knows it was just brute force attempts (a bunch of tries to log in) and no one actually got through. And unless you’ve got your cc info stored somewhere on that board in plain text, I’m not sure how even a successful attempt to log in as you could compromise your credit card.
For most local purchases under $100 I use an almost un-hackable technology called ‘cash’. Smaller merchants and wait-staff seem to appreciate it.
I’ve had a bogus charge on my credit card once. I check my bill like a hawk and found it. The money was returned when I reported it. Still don’t know how it happened.
Let’s put it this way. Every website you’ve ever bought from has the potential to be hacked, then or later. Ever retailer or restaurant you’ve ever bought from has the potential to be hacked, then or later.
In the USA tens of millions of CC numbers & names are stolen every year. Usually by en masse online operators from Bulgaria or some such. The crooked waiter copying down numbers from cards he handles is a drop in the bucket.
Your card(s) have almost certainly fallen prey to operators like this. In no sense are they targeting you as such. You just happened to be one of the thousand of cards they snagged when they broke into some company you’ve done business with.
And the only preventative you have is monitoring your charges and reporting fraud charges in accordance with your card contract and local laws.
In the USA, consumers have zero responsibility for fraudulent charges if they notify the card issuer promptly. I have no idea how South Africa’s corresponding laws work. But you ought to become familiar with them.
FYI, the card I use for my primary retail spending has been replaced 6 times in the last 5 years after it was used fraudulently, or after the issuer had reason to suspect it had been compromised but hadn’t yet been used. None of these events had anything to do with me specifically or my personal security practices. They were simply doing *en masse *card replacements after massive thefts of card data from retailers.
Remember that outside the US, nearly every country uses Chip & Pin (EMV) cards. This requires the customer to punch in a Personal Identification PIN number when using the card in person. To facilitate this, restaurants use hand-held units where they plug in the card and ask the customer to enter their PIN. The other alternative is to require the customer to come to the cash register to punch in the PIN.
There is a seemingly excellent protection against credit card fraud when shopping on-line, that some cards offer.
First, find the item on-line that you want to buy. Make a note of the price.
Then, go to your credit card’s web site. There, you have an option by which you are assigned a new unique credit card number. You enter the amount you want to spend (I always allow a few extra dollars in case of unexpected charges, like shipping or sales tax), and a time period you want your new number to remain valid (generally, a small number of months).
You are given a new credit card number, including the CVV number, and an expiration date in the near future. This new number has its own credit limit, in the amount that you asked for.
Then go back to the on-line merchant and use that number to make your purchase. The amount then gets billed to your regular credit card. The merchant never knows that the number you gave him is a virtual one-time number.
Bank of America credit cards offer this service, last time I looked. There may be others.
ETA: The way the BofA thing works, if there is any of the original credit-limit remaining on the new card number, you can use it again to make additional purchases, but only for purchases from the same merchant.
Another possibility is malware on your computer. Sitting there waiting for you to type in your CC number and pass it on. Since it’s at your end, https doesn’t matter.
Note that there is an increasing problem with hacked routers. They can do man-in-the-middle attacks, etc., to fool SSL stuff (which has its own problems). There is an astonishing number of stupid “set by default” things on routers that are being exploited.
Does your card have the new RFID technology? Someone with an RFID reader only needs to get within a couple feet of your wallet, and they’re got your number.
I know you think you’re being funny with the “unhackable” joke, but the thing about cash is, as my dad would say ‘you only get one chance with cash’. If the cashier doesn’t give you the right change, it’s gone. If you use a credit card and get charged too much, you can get it back.
If you lose your credit card or the number gets stolen, you get your money back. Lose your cash and you’ll never see it again. Don’t get me wrong, I use cash too, I’m just saying it’s not fool proof. When it comes to credit cards, the electronic trail is much less vague.
Just for the record, I never use a debit cards. That way if someone does get my number all they can do is run up my credit, not drain my bank account. Yes, you’ll get it back, but in the mean time I can still pay my mortgage and not worry that I’ll have a bunch of late fees or NSF charges while I’m getting it cleared up.
I have one credit card I use only for Internet transactions. I’ve had to replace it twice, but it has no effect on my own regular transactions, and I can easily just cancel it if the credit card company doesn’t catch something (though they’re good about security).
Every merchant in Canada that I have dealt with recently is like that. Virtually all CCs are chip and pin and the merchant never actually handles it. Whether it is the banks or the merchants, somebody in the US doesn’t want the expense of converting.
