Early on Tuesday morning I logged in to my internet banking to check a payment had been made. BUT, I found that my credit-card had been ‘hacked’ with two transactions.
I immediately rang the bank to cancel the card and put in a Disputed Transaction thingy, all good, and overnight the money was re-instated to my account. Very impressed with the speed with which it was done.
BUT, how did the bastards do it in the first place? My card couldn’t have been skimmed at an ATM as I NEVER use the card for cash advances, only purchases. I have used the card for online transactions (only reputable ones now like Amazon etc as I got burned a couple of years back with a dodgy vendor LOL). Or have my local retail vendors been hacked?
Interestingly, my last purchase with the card prior to the hacking was at a local pharmacist. Should I warn him that his system might be compromised??
Same happened to me, debit card. Only two months old, never used online. The person I talked to kind of hinted at it being brute forced, and that some transactions don’t need the CVC?, but she didn’t seem much interested in the details.
My Australian credit card, years ago, was used to make an instore purchase at an Apple store in the UK . I have no idea how it happened. Like the OP the amount was credited back - it actually took months before it was really back, it was just recorded as returned so that interest wasn’t charged. The amount wouldn’t have been available if I had wanted it.
Since then I keep all my cards set to only allow $100 in physical transactions. When I need to pay more, say a dentist bill, I bump it up, pay the bill and then reset it.
Anywhere the card has ever been used either in person or online is potentially the source of the stolen data.
If you are in the habit of swiping, stop doing that. That greatly increases the opportunities for compromised equipment to snag the numbers. Although nowadays stealing numbers that way has become rather passé.
At least in the USA the most common scenario is some major national retailer or e-commerce website has been storing transaction data including credit/debit card details with insufficient security and gets hacked. Now some professional IT bad guy has a list of hundreds of thousands, or even millions, of credit card details.
Which they then sell some time later whether as a big block of many thousand numbers to professional theft rings or a la carte in bunches of a few dozen numbers to small time thieves. In any case, those folks then try to buy stuff with the stolen numbers they just bought.
I expect the process is very similar in OZ. The actual hackers are in Russia, Bulgaria, North Korea, etc. The foot soldiers placing fraudulent charges may be local in the USA or OZ or for online purchases they too may be in Pakistan or wherever, just employing local footsoldiers to obtain the physical goods bought online.
Indeed. One of the best ways to monetize a card is to sell a new item on eBay. You advertise, say, a TV; someone places an order with you; you buy it with the stolen card and have it shipped to them. Totally anonymous.
Bumping this, hoping for some further information.
So a week or so ago I got my new credit card sent as the old one was about to expire. Activated it online and good to go. New ccv number but old card number.
Within a couple of days there was a dodgy transaction that appeared to have originated from Ireland? Cancelled the card, notified the bank of the dispute and just waiting for a NEW card to come out.
But overnight there was ANOTHER attempt on the card, for a very similar amount, same vendor (think it’s a car-hire or ride-share company) but paid with euros this time. It didn’t get through thankfully, but weird as.
And funnily enough, the first transaction also took place after I’d paid with my cc at a local pharmacist! Different one to last year, but coincidence or otherwise?
That is odd. The fact your issuer gave you a new card with the same main number is very much not US practice. I’m sure no expert on what’s typical on Oz, but that raised my eyebrows.
But the fact the new card has (had now) the same number as the old meant that the thieves who stole your info last time still had valid info. They may have been banging failed transactions against that card every 12 hours since you first reported the fraud. And as soon as you activated a new card with the old number, their next attempted transaction went through.
After probably the fifth time one of my cards was compromised, with charges at one time up to $5000 to some fake church in Africa, I quit using it. I still have it in case of a problem with the other one, but don’t carry it. Then the bank account at the same bank got skimmed for $16K with a fake check. I’ve become convinced that someone at that bank is selling information and over the past year I’ve been skimming all the cash there off and putting it in a local bank. One more CD to mature and then I’m done with them.
I have sort of an opposite complaint. I had a Visa card through my local credit union (but they contract out the credit cards to a third party), and I kept getting transactions denied in the most innocuous circumstances, and of course they would never say why they denied a transaction. I had to call them and go through all my recent transactions whenever this happened, and there never was any real problem. It got so bad, several times over a very few months, that I stopped using it. I still have it for emergencies only.
I had a weird debit card incident yesterday. I got several calls from a number I didn’t recognize (855-951-1989) and let them go to voicemail. The message, obviously robo-generated, provided my name, the name of my credit union,the last 4 digits of my card and a case number. It said there was an unauthorized charge and I needed to call with the case number to get the details.
Well of course I didn’t call back. First I checked my account online…nothing. So I called the credit union direct and they told me there was a fraud flag on my debit card from a $500 attempted charge at Walmart. I asked what the deal was with the robo call because it sounded so scammy. They didn’t know anything about it and transferred me to cardmember services, where I got stuck in the cue for more than 30 minutes. Screw that.
Luckily there’s a CU branch less than a mile away so I walked over to talk to someone in person. The teller didn’t recognize the 855 number, had no idea where the robo call came from, and didn’t see any unauthorized transactions. But…my debit card had been disabled in their system. Very odd. I opted to get a new debit card and PIN, which seemed like the simplest solution.
The best I can figure is the credit union has outsourced their card fraud detection to a third party and either nobody knows about it or they don’t want customers to find out.
My daughter’s credit card had fraud on it so the credit union blocked it and is sending her a new one. The problem us she’s leaving for Mexico tomorrow at noon and even if it’s in tomorrow’s mail, it’s not likely to be here in time. It’s her only credit card.
Would letting her take one of my cards be an option? Would any place accept it? We have the same last name.
She’s probably not going to be able to rent a car, buy an air ticket at the ticket counter, or rent a hotel room with it. Those folks have a name to compare to and a need to see ID too. And she might have an issue even putting the card on file for incidentals at a hotel reservation that’s already paid for.
But other than that, no retailer or restaurant will care. When was the last time anyone at a place like that asked you to prove the name on your card matched your ID? Most likely never.
I’d send her down there with one of your cards, and a bunch more cash than you think she needs for any emergency like needing to fly home.
Too late for this emergency, but IMO no American should ever have just one credit card. Always have a second account, ideally from a different bank, for exactly this situation. And if you travel farther than one tank of gas from home, take both cards with you. Also leave the price of a tank of gas someplace in your car in cash. Always.
Having spent a career traveling, this policy has saved my ass several times.
I got a call real live person calling from a credit card company a few years ago to verify some charges. But first - they needed me to provide some info to verify I was really the card holder. I told them they were crazy, and if they were really from the card company, they needed to tell their management that someone needed to understand security better. Then I hung up, called the number on the back of my card, and confirmed that the call was real.