About a week ago I got a call from my credit card company regarding suspicious activity. Sure enough, somebody was using my card buying crap on line. About 4-5 transactions totaling all of $28 and change. They canceled my account, credited me, and closed the account while I was still on the phone. It wasn’t a phishing call, and I have recieved the replacement card.
My guess was that the crooks were keeping it small time so as to be not worth the trouble of tracking down.
A few days later stuff starts showing up in the mail. Turns out they used my address and name too. Pain in the butt because three of them are subscription type deals…zit cream, vitamins, DVD club. Oh and a DVD from some get-rich scheme.
So what exactly is the point of commiting fraud to order some useless crap for me?
I know sometimes crooks will try a small transaction to test the info, but in this case it was all small transactions for no gain.
Is there a way to determine whether it was the same crooks making each transaction? I wonder whether the old number was ‘harvested’, then sold to several criminals, and they were all testing it…
The credit card company would not know anything about where the goods were shipped, or even if they were shipped. They would only know about the purchase transactions. It’s a pretty good bet that the series of purchases fit a pattern that was a) unusual for the cardholder and/or b) typical of the way stolen cards/numbers are used.
Another one who suspects harassment. Zit cream? Get rich quick schemes (presumably the type of jerks who will sell your mailing address to every other con artist in the world?) Sounds like juvenile revenge. Were any porn or erection dysfunction remedies in the mix?
Apparently all the orders originating from Europe is what twigged the CC company.
I’m pretty sure this had something to do with an order I placed with a vendor (a local photography studio) that used google checkout. I hadn’t used that card for a long time, (somewhere is a thread I started about my disatisfaction with BofA) and wouldn’t have then except that google checkout defaulted to it based on a purchase I made about a year ago. The fraudulent charges showed up a couple of weeks later. Google checkout also defaulted to my home address without offering a chance to change it.
As for screwing with me, it’s possible, but the movie titles (DVD club) were reasonably inocuous…seems like that would be low hanging fruit.
But yeah, since one of the items was “Vital COLON, The All Natural ColonCleanse System” maybe somebody fucking with me.
Placing a small order is a way of testing the account. If a $5 order doesn’t go thru, it is probably not a good number. If it does, all that remains to be known is the maximum amount. The crooks assume a small amount won’t trigger any detection flags, although your company was looking for source location as well, and caught what looked suspicious.
Vitamins and get-rich-quick schemes are often sold through commission-based MLM programs. Ordering stuff and having it delivered to yourself is a good way to get caught, but if you just get credited with the commissions, you can insist that someone else was committing the fraud.
And, as you pointed out, a few $30 transactions might not be noticed by the average person. I had $1800 in fraudulent charges on a card, but it took me a little more than a month to catch it (when they had maxed it out).
My first thought was harassment, but it could be used as a test. People sell credit card numbers all the time. When I was an assistant controller at a hotel, we let two accounting clerks go as they were selling credit card numbers on the side.
Kids also trade credit card numbers online too, just like they trade passwords to accounts.
Once I was walking past a bank in the alley, (a shortcut) and I noticed a box of old microfilm so I looked at it and it was full of credit card numbers.
The thing is with small purchases usually a company has it set that anything under a small amount (From under $5.00 to under $50.00, depending on your agreement) won’t be submitted for approval. Because that company does so much volume the company agrees to accept the loss if there is a dispute, and it works out with breaks on the credit card fees etc.
It still sounds like one of your friends or kids, got a hold of your credit card number and thought it’d be funny to order stuff to it.
This is actually pretty common. The way it works is this: I steal your CC information and order something small to be delivered to your house. That lets me know that the card hasn’t been reported stolen yet. Once I make sure the card is good to go, then I go to town with your money. As for the small item I ordered for you, it’s my way of saying thanks for the new 74" HDTV.
There are third-party fraud detection services that collect information from its member merchants. I used one once. They know all about shipping addresses, and have a number of bits of information that they use to construct fraud profile and score each transaction. We used to get a score from 0-1000 on how likely a transaction was to be fraudulent, and we could pick whatever threshold we wanted for declining a transaction. I do not know if the credit card associations or member banks themselves use such a service, but nothing would rule it out.
Banks will often note unusual purchase patterns but it would surprise me if $28 would trigger it. More common triggers are very high-ticket purchases, suddenly high volume of purchases outside the country, or multiple rapid purchases from widely separated geographic areas.