How are credit card scammers getting a hold of my card information...

… and able to use it?

For the 3rd time in 3 years, my card issuer informed me of unusual activity. They say that I’m not responsible for the fraudulent transactions, but are never descriptive when I ask exactly what happened and how.

2 years ago, someone a few states away ordered up some Domino’s pizza. This I can understand, since the card number can be quoted over the phone.

Last year, 2 large transactions occurred at 2 Walmarts over 1,000 miles away from me. Wouldn’t the person need to have my physical card with them at Walmart?

Last week, someone charged up over $200 at a Wawa near me, but it wasn’t one that I ever go to. This last one is particularly troublesome, since I now have the chip card. The transaction was initially rejected at 1 Wawa, but then allowed at another.

I’ve always maintained possession of all of my cards, and never lost them or left tham anywhere. The good thing is that I’m not responsible for any of these, but I am wondering how they are able to use my card without having the physical card.

The person at Walmart only needs the data on your magnetic stripe. They can burn that data onto another card. The data can be obtained by skimming your card, by hacking the merchant terminal or payment processing system, from the merchant’s processor, from the issuing bank, or somewhere in between. Who knows?

The Wawa incident depends on whether Wawa requires the chip yet. It may be that some stores have been upgraded but others haven’t.

It’s no use asking what happened. You will never be allowed to speak to a person who might have access to that information. If the bank called you, it was some call center worker who simply read the information off their screen. If you called them, it was somebody who just pulled up your account and noticed a problem. People who investigate and deal with fraud do not talk to customers.

Did you ever place it in that little leather folder your waitress brings the bill in, so she can take it away and scan it and bring it back for you to add a tip and sign?

Yes. :o

The waitress at the restaurant is a drop in the bucket. That’s not how the vast bulk of modern CC fraud is done.

A better Q for the OP is: Did you ever shop at Target or Home Depot or any of the Ross’es family of companies? If so your card number was stolen a couple years ago.

And just now somebody happened to pick your number out of the dozens of millions of stolen card numbers, and burn it onto a piece of plastic using readily available tools.

Then he/she drove to a nearby Walmart & tried to buy stuff with it. They probably had 20 such faked-up cards in their wallet and were making the rounds of the local stores trying each. Some worked; some didn’t. Yours did, but just the once.

The whole point of chip cards is to render this big business of stealing masses of numbers from merchant databases or merchant POS systems more obsolete. That’ll still work for making fraudulent charges at internet merchants, but it will be much more difficult to use that stolen info to create counterfeit cards usable at B&M retailers.

Yep, pretty much this. And even if the card wasn’t snagged from Target, et al., it could have been snagged from any of hundreds of other retailers, large and small, who have had their systems compromised. Or it could have been snagged by a fake card reader installed over an ATM or a gas pump. The cost of convenience I guess.

Wouldn’t someone have top buy one of everything in the store to hit $200 at a WaWa?

They probably bought a Wawa gift card.

Heh, show your loved one you care enough to give . . . something.

I now only pay cash for gas. My card was compromised three times in one year. It was always pretty obvious gas station had stolen it. I still use it in restaurants, though, and have never had a problem. My theory is that folks who do this get caught and fired pretty quickly (the credit card company calls the business and says “We have had 10 compromised cards that were used in your establishment just prior to being compromised. Who processed these transactions?”). The guy who pumps gas at the thruway rest stop doesn’t care as much as the wait person.

I wondered this myself, how they use someone’s card number without the physical card in their possession. There was a case not long ago, a video that went viral of a woman confronting a Starbucks cashier who stole her card number. The girl wrote the card number down when the woman paid for her drink. Very shortly thereafter, the girl purchased $212 worth of groceries from Rayleys… HOW was she able to do this?

She made herself a duplicate card, or had somebody do it for her. The machinery to do so is only a few hundred bucks, if that, and whoever owns it has it can make hundreds of counterfeited cards and charge many thousands of dollars very quickly at very little risk to themselves.

Oh, L no! Half a cart at the meat counter, and half a cart on the coffee aisle, and you don’t even have to hit the booze aisle.

OTOH …

I have a card I use only for gas. Actually I have two since my wife has the same card for her gas too. They’ve never been compromised in 5 years (10 card-years) of use exclusively at convenience markets & gas stations. I have another card I use when traveling my 10-20 days per month every month. It gets used at restaurants and Starbucks and airport stores and tourist attractions and grocery stores all over the US. It hasn’t been compromised in 5 years either.

I have another card I/we use for routine retail purchases mostly at home; grocery, restaurants, Home Depot, Target, the mall, car repairs, Amazon, etc. Plus on our rare vacations. It gets compromised about once a year. And has been regardless of where in the country I live or use it.

These people I Googled up in a few seconds will sell you all the equipment you need to do this just like a pro: https://mag-stripe.com/ Here’s another one that specializes in selling the blank card stock. Magnetic Stripe Cards | Blank Plastic PVC Mag Stripe Cards - IdentiSys

Both of these are 100% legit businesses. There are certainly black marketers that resell this stuff to noob criminals at high markups.

The only info that’s on the mag stripe is the same 16 digits plus name that’s embossed on the plastic. So that’s all you need to know to duplicate a card.

So once you have a plain piece of plastic with “John Smith 4123 4567 8901 1234” on the magstripe, take that to Wal*Mart & use it at the self-service line. Instant profit.

It’s harder to take candy from babies because at least they make a lot of noise when you commit the crime. Self-serve retail points don’t complain at all.

Just by writing down the card number, she can’t make a new working card.

There is also a number on the magnetic strip called the “CVV” which is not printed on the card. To created a working magnetic strip, you would also need that number.

(The 3-digit number printed on the back of your card which is frequently called the “CVV” is actually the “CVV2” and is different from the CVV.)

The cashier would either need some way to read the CVV number from the strip or an accomplice at Raley’s who would enter the card number manually.

OK. My last experience with the goose store was in the late 80s in philly. No booze, and the place was a small convenience store.

I would imagine most people were forced into getting a new card by their banks - that’s what happened to us when the Home Depot breach occurred. Different number and everything, as I recall. Then less than a year later they sent ANOTHER new card (same number, different expiration date) because of the rollout of chipped cards.

So, if the OP was affected by one of the big breaches, s/he probably already had a new card number, and the old one was no longer useful.

Restaurant waitstaff may well have been involved in at least one of the OP’s breaches, though I don’t know how prevalent that is.

Have you checked your home computer to make sure you aren’t hosting any card-stealing trojans?

If the OP was affected by one of the known breaches, their bank will give them a new card. If you read news focused on this sector (krebsonsecurity.com is a good place to start for anyone interested), credit card breaches are becoming quite common, and are revealed with increasing regularly. Some large, some small. Most of them are eventually discovered by statistical analysis. That is, after enough fraudulent purchases, the banks figure out that there’s a retailer in common between the cards that have been exposed, the banks discretely investigate along with the source. A few months of forensic IT uncovers the actual cause of the breach and then they go public.

So there can be a significant amount of time between a card being breached and the bank realizing that and issuing new cards en masse.

There is a man going into various Wawa’s in Virginia with Wawa gift cards that have been altered with illegally obtained credit card numbers. The individual is buying or trying to buy over $200 worth of cigarettes (5 cartons). The individual has been at the following Wawa stores:

  1. 4/4/2017 Store 667 $280.95 approved (City of Fredericksburg, Va 7:31 pm EST.) *** UPDATE 4/7/2017: Police report filed.

  2. 4/4/2017 Store 653 $275.14 Approved ( Fredericksburg area - Spotsylvania County, Va. 8:15 pm EST… ) *** UPDATE 4/7/2017: Police Report Filed,

  3. 4/4/2017 Store 8607 $245.98 Approved ( Ashland - Hanover County Va area 9:09 pm EST ) Hanover Sherriff department has photos and a police report has been filed. Report/Case number created

  4. 4/4/2017 Store 682 $251.24 ( Henrico County, Va Staples Mill Road area near Parham Road at 9:38 pm EST ) Card Declined due to suspicious activity. The cashier checked I’d. Henrico police saw video and a police report has been filed. First card was decline, went to second card which was declined. Ended up buying trash bags with cash.

  5. 4/5 Store 672 $249.24. This store is near the State Police office on Midlothian, Va and occurred yesterday afternoon at 3:03 pm EST) Multiple cards were used including the one that had my stolen credit card number… He had several cards that were Wawa altered (?) gift cards that he tried.Cards declined. Left the store and came back ten minutes later with more cards and kept trying until one worked. Chesterfield police saw video and a police has report has been filed.

Regards,

Joseph (Chip) Monroe

Image removed by sender.

…On April 6, 2017 at 1:29 PM Hearn, Heather L. wrote: Thank you for the clarification. Do you have a name, contact number, police department name and report number so I may follow up with the officer to review? Are you able to provide the last 4 digits your compromised credit card? Were the dates and…

Hide Ad

Ad Feedback

Ad Info