I received a call from my bank on Monday asking about recent purchases I made on my credit card overseas. All of them I verified as being legitimate except the very last item, which she prefaced as being the most suspicious: a $1.89 charge at JC Penney. I’ve never been to JC Penney, and I rarely use my credit card for purchases under $50 so it was easy to flag as an illegitimate transaction.
I go on business trips several times a year, mostly to North America and Europe, and this is the second time in three years that my card was used fraudulently and I’ve had to cancel it. Both occurrences were after a business trip to California, (L.A. and San Francisco). I’m careful not to use my card willy-nilly and try to use it at only major establishments, meaning I don’t shop online, or use my card at “Joe’s General Store”.
I’ve never experienced card fraud outside of the U.S. I have no proof that the card information was stolen in the U.S. but like I said, both times it was after a trip to California and both times it was for small amounts made at U.S. stores. Is this something that Americans deal with regularly, or are international travelers especially targeted? Is there something I can do to prevent this sort of thing, short of not using my card? (My bank says no.) Also, I’m wondering how card numbers are getting lifted. Is it an inside job where someone from the store passes it on, or is there some kind of organized crime ring that can pilfer this kind of electronic data? I suppose it could be both but I’m thinking major American stores would have the latest security measures to prevent this kind of thing, (ignoring what happened at Target last year).
It’s my understanding that thieves will make small, virtually insignificant purchases with a stolen number to verify that the account is good - then they go crazy before the card is canceled. As for where it’s being lifted - I understand people working in reputable businesses have been known to steal card numbers to sell them.
Just recently, I saw a news story about a woman at a McDonald’s who had her own reader - she’d run the card thru for the sale, then run it thru her reader to capture all of the information. Sadly, there’s no guarantee that even the biggest, most honest companies won’t have someone crooked pulling such a stunt. It appears you’ve been more unlucky than most. That sucks.
Yup. Meanwhile, as an American, the only time I’ve had to worry about it is when Target’s computer systems were compromised and I shopped there during the affected time - and even then, I didn’t get any fraudulent charges. You just appear unlucky.
I wouldn’t worry unless the card leaves your sight. Although even if it doesn’t leave your sight, that’s no guarantee: sneaky bastards have been known to put skimmers on fuel dispensers at gas stations.
Bottom line, you’re not legally liable for anything but the first $50 worth of fraud, and good CC companies generally are willing to absorb that as well; if not, and you threaten to cancel the card, they will generally cave and eat that $50. My wife and I have each had a card compromised, and not had to pay anything at all.
That being the case, it’s generally only a slight inconvenience to you if your card gets used fraudulently (you make a phone call, and then use one of your other cards while you wait a few days for a new card to show up in the mail). If you avoid using your card because you’re scared the numbers might get lifted, you are inconveniencing yourself, and the CC company is losing out on transaction fees. They want you to use your card. So go ahead and use it - enjoy the benefits of shopping online, and if “Joe’s General Store” has the item you’re looking for, don’t hesitate to buy with your card.
Card security in the States really bites. Apparently, my card numbers were skimmed and went on vacation on a fake card in Florida, while I and my real card stayed in Ohio. Not at all sure where they were grabbed from, as my card rarely leaves my hand. Jerks got probably 10-20 fifty dollar transactions (at gas stations and the like) in a very brief window before my CC company caught on. No cost to me, but all in all not a great thing for anyone. I felt better about giving my credit card to a merchant in Turkey (a really nice local hand-crafts store, the kind you spend the whole trip looking for) who spoke not a word of English and who borrowed a card reader from another vendor. Turned out to be a pretty good exchange rate
I don’t know about legal liability but I’ve never had to pay for fraudulent purchases. In fact when I asked my bank about who eats the cost, they said it would be the merchant.
The only other inconvenience of cancelling cards and getting new ones issued is when I have to call other companies, like my ISP and newspaper delivery service that charge their monthly fees to my credit card, to let them know about the number change.
With my chip&pin card, the card never leaves my hand. But when I am in the US, it certainly does. When my wife’s wallet was stolen ( a couple of people mobbed her on a crowded subway) they ran up $3000 on two fur coats in the half hour before she reported it. (Go ahead, convince me the clerk was colluding.) Since she did report it in a half hour, they didn’t even ding her the $50.
The one time I’ve been a victim of cc fraud, it was almost certainly an employee - at my doctor’s office (well, in the accounting department at a major medical center).
I got my bill, and saw that “I” had apparently spent 600 bucks at Nordstrom, As I’ve never spent that much there, and had not been near the place in the time in question, I filed a challenge.
Sheer dumb luck that I found out what had probably happened; I was on the phone with someone ELSE at the billing department at the hospital to try to get them to figure out their screwed up bills, and when the fellow said “such and such date. Shows you paid by check”. I said “no, credit card; I happen to have it in front of me because I’m in the middle of disputing a charge” and the guy said “wait - what?” and asked for more info. Turns out someone had been arrested the week before for taking patients’ billing info and making phone-based cc purchases at Nordstrom.
He put me in touch with the county police department, I forwarded the info to them, and that was the last I heard (aside from having the charge reversed). Nordstrom had to eat the charge, I believe, because of no signature. So I never got confirmation that this was what had happened.
OK, back to the OP: Rotten luck. And yes, it was probably an employee, though it might have been a larger-scale scam like what happened at Target. Us 'mericans are too good for pin-and-chip, you see (though I’ve heard that’s not quite as reliable as They would have you believe).
I’ve been a victim of fraud twice with my corporate procurement card (both of which remained in my possession the entire time). I only shopped at Staples or Amazon.com for office supplies, so Zappos.com stuck out like a sore thumb. Once I got the charges and once Citibank caught them. In all the years that we held AMEX cards, the number was never stolen. In one year at Citibank, I had to get a new card twice due to fraudulent purchases. I suspected an employee there.
Once I got my personal credit card stolen and the bank caught it right away. We’d just traveled to Niagara Falls, Canada the week before. Someone in Canada purchased $100 in groceries at one store, then traveled a mile down the street and tried to charge $300 at another grocery store. The card was flagged and shut down before further damage was done.
This type of thing has happened to me three times in the last four years or so.
The good news is - the bank recognized the problem, shut the card down, and it never cost me any actual money.
The bad news was - it was the only card I had, and I used it for business purchases, which could only be done in a timely matter by card.
Although the bank could provide me immediately with a new card number, I had to wait about ten days to get a Security Code for the card. You can’t even order pizza without a Security Code number, so I was inconvenienced for a week and a half.
All three times, the way I found out my card had been closed by the bank, is when I tried to pay for a meal for a friend and myself at a restaurant, and the card was declined.
I finally got a second card on the same account so I could still do business and access my funds by card if the main card number was shut down.
That’s an interesting point about visiting EMV (“Chip-and-PIN”, though there are also chip-and-signature cards; the chip is the distinguishing part) cards. In a magstripe-only environment, are they as vulnerable as magstripe-only cards? If I take my chip-and-PIN card to the US, could a fraudster make a copy of the magstripe and have it work as long as the copy was used at magstripe-only terminals?
Yep. The banks have all the leverage over the merchants. Improving CC security would be a big boon to merchants (and customers) but not worthwhile financially to the banks. They’ve run the numbers, their share of losses is small enough to eat that upgrades don’t make sense.
Merchants pretty much have to go with the banks rules or else they can’t accept CC payments which really hurts business. (Although our local so-called “Farmers Market” doesn’t accept CCs and is crowded all the time.)
I just discovered the other day that last week, while I was trying to locate a plumber for the sewage in the basement and getting ready to go have dental surgery, I apparently spent $29.99 at a strip club a few blocks from my work. Since I don’t go to strip clubs, and my card is still in my possession and hasn’t been used for over a week since I have no money (or so I thought) I have notified the bank and cancelled my card (after taking the balance of my paycheck out before they can try again). I know the bank is investigating, but I’d really, really like to call the Diamond Lounge and ask them to look it up for me. I suppose that isn’t allowed, though.