How Was My Credit Card Compromised?

About two months ago, a travel agent sent me an email to confirm a credit card number. They stupidly included the credit card information in the email. I read that email is not secure and sending credit card information in this way is a bad idea. However, I figured several hundred million emails are sent each day. The probability of someone intercepting this one message seems miniscule.

After scolding the travel agent, I stopped using the card and checked the account every week or two for activity. Well, sure enough in the last two weeks there were charges from Cambodia and Poland totaling about $400. I called the credit card company and informed them the card has been compromised. They put a hold on the card and will investigate. I am not responsible for any fradulant charges.

I am interested in figuring out who could get the card information and how they did it. I find it hard to believe someone could intercept that one email. I did use the card often, even online. I make it a point of dealing with merchants who seem honest. I have never entered the card information in any site linked from an email message. This card was registered with PayPal, but there is no fraudulant PayPal activity.

I do travel on business frequently and visit some out of the way places. I was in Poland last summer and did use the card to charge hotel rooms. I’ve never been to Combodia.

So I ask the Teeming Millions: Is it likely someone was able to intercept the email message and get my card information? If not, what is the most likely way the card was compromised?

In that case, it’s much more likely that someone who handled your card in Poland simply recorded your card #, expiration date, and validation code.

Could be someone randomly generated your number. I have not been living in the US for nearly two years, but about 3 months ago someone used my card to buy gas and home improvement supplies in Illinois and pay a parking fee in Florida the same day.

I was in the middle of the Indian Ocean at the time. I had had my card replaced for a similar event two months before and my ban mentioned it could be an inside job.

It is surprising that it was used in Cambodia - when I was there not all that many places took credit cards. 'course I can’t figure out how someone in Illinois could have gotten my card…


There is an underground network of credit card number traders. What happens is that a waiter in Cambodia steals your credit card number. Rather than use it himself and risk being easily connected to illegal use of your card (you did, after all, hand it to him once), he gives your card number to a guy in Poland. The guy in Poland returns the favor by giving him a number he has stolen. It’s much harder to track them down this way.