I got a call today about two suspicious charges on a credit card. I confirmed that I had not authorized either charge, so the bank closed the account and issued me a new one.
Here’s what I can’t figure. The account that was compromised was one that I had “opted out” of back in May. When I opted out, they made it clear that I’d lose my “opt out” rate if even one additional charge was made to the card. So I cut up my card and removed it from the two or three online accounts that had that number as the primary card and there has been no activity on that account since then. I’ve never received paper statements for the card, so the account number couldn’t have been gotten by someone rifling through my trash.
As far as I can determine, one of the charges was to an Australian company.
I have enough brains to not fall for phishing schemes. Other than some e-mailed receipts of purchases that reference the last four numbers of the card, I don’t have any card info on my computer.
I had a similar thing happen. I had a card I had never used. Kept it in reserve, I guess. But I kept an eye on it. One day a charge showed up…in Australia or New Zealand, I can’t remember which. Anyway, the company removed it without question, and I closed it. Wierd…
Merchants can have their information compromised. If you use the card at ABC business, and someone hacks into ABC business’s information, they can get your information. Some hackers wait a while before using that information so it’s harder to trace where, exactly, they got it from.
At the bank I work for, we get updates from Mastercard and Visa if any of our customers’ information was in a compromised merchant database. We automatically shut down the card and issue a new one once we get that information. However, sometimes it takes a little while for that information to get through the channels. We have to know that a card is compromised, find out from where, trace it through, etc.
I had my debit card number compromised once, and it took about 6 months between the number being stolen and unauthorized charges to show up.
I know when it happened, because I had made a purchase at a website. The next day I got a phone call from somebody saying “This is the billing dept at Xyz Company, and your credit card was declined… do you have another card we can try?”
I truthfully didn’t have another card, so I went back to the website, thinking my order had been canceled. I saw it hadn’t, so I emailed the company, who then informed me that they didn’t make phone calls.
So, naturally, alarm bells went off, however I assumed they only got my address and phone number, not credit card info (I was about 19 at the time, and naive as hell), since they’d actually called to get a credit card number.
6 months later, though, I went to go use my card and it was declined. When I got home and checked the bank statement online, I was overdrawn by about $60, and had several charges that weren’t made by me.
Freckafree, did they restore your old rate at least? (if you don’t have a balance on the account, I guess that’s not an issue anyway).
Interesting to hear that the crooks are waiting months to use the stolen info. I’d have assumed they would want to smash ‘n’ grab as soon as they could, but it makes sense that they’d want to keep it harder to trace if they’ve gotten a bunch of cards numbers from the same place.
Make sure that when the credit the bogus charges, they also credit any interest that went along with them.
Voice of experience that is. Have been going round and round with BofA. They failed to take off the interest, and then charged a late fee for not paying that, then charged interest on THAT etc. etc.
Look, the balance was zero when the bogus charges were made. No legitimate charges have been made since then. How effing hard is it to zero the balance now?
Tt’s quite possible that the people that stole the card info aren’t the ones using the cards. The list of card numbers may have been sold to folks all over the world. Makes it harder to catch the person stealing the cards.
I got a credit card once and put it in my desk drawer. I hadn’t even bother to activated it by calling the 1-800 number saying I received my credit card.
About a year later, someone from Azerbaijan ordered electronic equipment and CDs from a mail order house in Britain to be shipped to Armenia. I got a call from my credit card company asking me if this was a legitimate transaction. No, it wasn’t.
Then, they wanted to know if the card was stolen. Nope, I have it here in my hand.
They asked if it was possible that someone could have copied down the number while I was using it. No, it wasn’t even activated. In fact, it still had that “Call this number to activate” sticker on it. The card never left my desk drawer.
Well, they asked, is it possible that someone could have entered my house while I was not there, found the card, and copied down the number? Sure, that’s possible.
I guess what they didn’t want to admit is that someone on their end was stealing credit card accounts.
People have access to your number all the time. Most likely it is low level, low paid clerks selling numbers. I have found two people trying to use my social security number and I’ve traced those back to jobs I appiled for. I no longer put my number on job applications, that should work right? Nope, I got HIRED at a job and the darn H/R clerk was caught selling my SS number.
Clerks at banks have access to these numbers and they make a dollar or more than minimum wage and they make lists of numbers and sell them.
Anyone at a bank has access to your accounts, and this is why I hate it. I used to run a business and I have had charges from clients who used credit cards reversed on me six months after the fact.
I finally had to have one bank account and as soon as the money cleared, I’d physically withdraw it and place it in another account at a different bank. This bank was forbidden to do any electronic actions.
Spouse got one yesterday. Duplicate charges on the credit card statement for the same meal. The restaurant says the got nothing from Visa for either. Visa has tentatively concurred that these were their mistakes.
Just to illustrate how tedious these things can get: the spouse’s duplicate charge has finally been credited to her account, but they did not make a transaction entry showing a credit, someone just changed the balance by the amount that was credited without notification or explaination.
Having worked at the BofA credit card operations on just such issues:
In one corner we have massive computer churning away hour by hour on millions of card transactions and accounts - in the other corner we have low-level clerk (and all that implies) with a stack 10 feet high of corrections to process. Guess who usually wins? It takes a little longer than it should but they get it fixed eventually.
There are a lot of ways. For instance a clerk with access to credit card numbers at a company is harvesting them and selling them.
When I was an asst controller at a hotel, I caught two clerks doing this. They made $8.00 which is nothing really. So they simply copy down credit card numbers and sell them to people.
They have everything they need. The hotels I worked at had history going back ten years.
I had two people in the last three years try to open credit cards in my name. Both times they were traced back to H/R clerks at places I applied for jobs. And get this one of those jobs I GOT. I was actually hired for the asst controller job and the stupid moron in H/R actually used my ss# and info to try to get a credit card.
This is why I no longer give SS# out. I tell them if you need to check my references and are serious about my application THEN I’ll give it to you. But they don’t need your SS# or references till they are serious.
But don’t rule out the credit card company could be trying to pull a scam on you and put through a charge hoping to cancel your rate. There are a LOT of unethical people out there. I’d report it to my states attorney general as a fraud by the credit card company. And then it’s up to the credit card company to prove they are innocent. At least this way if they are cheating you, and there’s no reason to believe they aren’t, (though there’s no reason to believe they are, why not err or the side of mistrust :)), if enough people report them something gets done