So, early this morning I got a phone call from my debit card company’s monitoring company. Even earlier this morning, somebody used my name, address, and my card number (not the security number on the back) to buy ~$800 worth of stuff online from 5 different companies, most notably SierraTradingCompany.com (a Carhartt jacket and a watch), a $220 cell phone from some company whose name does not correspond with anything I can pull up, and $262 worth of unnamed stuff from Walmart.com, who triggered the alert. At all sites, the name and billing address given was my own, but the ship-to address was theirs, and one-day shipping was chosen, both of which are big red flags to all the companies and delayed processing all the orders (also, the lack of the security code). None of the orders were completed because of this, and I’m out no money, the card was canceled, I put fraud alerts on my credit files, filed a police report, etc.
I got the Sierra Trading Company rep to reveal to me whether the ship-to address was local or not (of course they won’t release any specific information) and she said it was a couple of states away from me. This is a fairly new card and I’ve only used it a few times for online purchases, so it shouldn’t be too hard to narrow down where the breach occurred, I’d guess.
What I don’t understand is how someone could have gotten away with receiving the delivery. Their address is now on record. What kind of place could they have used to ship the stuff to where it wouldn’t be traceable to someone?
Any kind of “Mailboxes, Inc”, a PO box, that foreclosed house down the street, somebody who isn’t home during the day (they just snag the package off the porch), etc.
Another way this someone goes down is that someone overseas convinces a US idiot to be a forwarder for them. The goods are shipped to the idiot, the idiot ships them overseas (e.g., Nigeria), the cops show up and start asking the idiot questions. Oh, and the cashiers check the idiot gets for fowarding things is a forgery.
And then, a lot of criminals are just plain stupid. Also, an incredibly high fraction of the time the credit card company doesn’t bother.
This happened to me a few months ago and during the creation of the documentation the CC company accidentally sent me the complete account information of one of the three xbox live accounts that bought time with my CC.