We’ve had some fraudulent credit card activity this week on two of our credit cards. Fortunately–at least from what we can tell so far–it’s been nipped in the bud. What I don’t get is how the hell they got the numbers (they didn’t get our cards–all purchases have been made with numbers only via phone or internet).
Not only did they get the numbers, they got my hubby’s name, our home address, and our home phone number.
Neither card:
Has ever been used on the Internet.
Has any statements or other information that’s been stolen (we had some bills stolen in October–perhaps some kind of link–but none of the bill payments were for these cards).
Has any statements, etc. that’s been thrown away. We file, shred, or burn them.
Is used much at all.
What I can figure is it could be someone who works where one of the cards was used…after that, I have no idea. It’d be one thing to just have a name, but all our info…hmm.
Meanwhile, it has to be said:
BASTARDS!
[sub]good news is, I don’t think they’re getting much with our stuff. all of the orders have been cancelled prior to delivery from what we can ascertain[/sub]
Were you like one fellow I worked with? He had to correct some info re. his Amex account so he:
Calls up their service line and reads his name, addr, and acct number over the phone (10 people within easy earshout).
Types up this info and leaves it on the common printer for 1/2 hour.
Eventually picks up the paper from the printer and runs it through the fax (which is used by 50 people, and is right be the exit) and then leaves it on the fax machine for another 2 hours.
The sad part: this was a manager of an IS project - at a bank. Dealing with account data and the security issues involved.
The good part: he is no longer there.
Good God no, happyheathen…that’s ridiculously careless.
What I found on the Net showed me that basically we may never know for sure. This is an article from some Christian Science Monitor thingy–now, now, just read, it’s good stuff–and it had some interesting points:
I read about a case at Macy’s where a clerk had a PDA with a swiper/reader attached to it. He just swiped cards through his PDA and on the real machine. He had hundreds of cards on there.
Also do you use the cards at restaurants?
Don’t you just give the very low paid wait staff your card and they dissappear with it for a few minutes? Gee some gangster type might offer them a lot of money to get copies of the number.
No, not either one. In fact, one is used verrrrry sparingly–only for purchases of music items as they related to hubby’s work. (He’s a music teacher–he buys things on the card, shows school, school reimburses.)
Not used for either that I’m aware of.
It does appear that this person only has my hubby’s information. Both cards being used/abused are in his name only; all joint accounts are fine so far.
You don’t have to find out the full number, too. Someone may have done a bit of dumpster diving (at a buisness where you’ve used it, possibly). I believe the first eight numbers (assuming Visa, MC, or Discover) are common to all cards issued by a certain bank and type of card. Since the last four are often printed on reciepts, a potential theif only has to sort through at most 10,000 possible combinations to obtain the missing third set, hardly a daunting task if computers are involved. Also, I’ve seen programs that generate theoretically valid credit card numbers. Whether they correspond to a real account is a seperate matter.
That’s all - no addr, ssn - just the stuff that is embossed on the card (remember the old imprint machines? That’s why the info is embossed - so it would transfer to the charge slip).
Ever use it at a merchant that you have a Preferred Card/Membership card with? That would account for the fraudster knowing personal info.
The other, scarier option… Victim of a fraud ring. You mentioned theft of mail. There are very sophisticated rings out there who can get a hold of just a statement and cause this havoc. Live in a big city? Mailbox by the side of the road?
A guy I worked with once grabbed about a half dozen credit card numbers from women’s purses that had been left sitting out. He was fired after he used those numbers to pay for calls to phone sex lines. From his home phone number. He wasn’t the brightest person alive.
I don’t think you even need the account name. At the store where I used to work, we had several commercial customers that we delivered to that used credit cards. We kept a list of card numbers and expiration dates to bill them with. Some of them bought thousands of dollars a month, with me keying in the card number and date manually.
What is increasingly curious to me is that my husband seems to be the only victim; none of my personal nor our joint accounts have been affected (although we have called them to alert them of the situation).
I need to correct myself–one of the credit cards being used fraudulently was one of the stolen bill payments back in October. We alerted everyone and everything back then, but nothing happened until now. Plus, the charge on that card isn’t that eye-catching to the bank–it’s under $400–so we didn’t get the heads-up phone call from them. The multiple thousands on the other card got their attention right away and we had a phone call from them that same day.
Pleeeeeeease tell me that the Fraud Alert we had placed at all three crediting agencies–Experian, Trans Union, and Equifax–would keep this guy from opening accounts in DeathLlama’s name. (I tried checking online last night, but presumably due to the fraud alert, we couldn’t get any online credit reports and all their phone lines were closed. We’ll be checking on that today.)
Here’s a more bizarre situation…
Yesterday we had a voicemail from Nextel for someone (not us) regarding his order. At first I thought it was a wrong number, but then–just to be sure–I called to check, even though the name was different. When the person from Nextel said this new account had been ordered with American Express, I relaxed–we do not and have never had an account with them. But then, jusssst to be sure, I checked the home address and phone number. Crap. This person was using someone else’s name, but our home address and phone number. Bizarre. The Nextel person said that the order had been cancelled earlier in the day by their fraud department, but WTF? In the “hey, should you be doing this category?” the Nextel assistant gave me the SSN the order was placed with.
I called AMEX and they had no record of account with the SSN Nextel gave me, nor mine. (Now I think I need to call them with my hubby’s SSN.)
So what happened there? Were they mixing and matching?
It will. I review credit reports as part of my duties. The fraud alert sticks out like a sore thumb.
Yes. They were hoping it would slide through the cracks and the mismatches would go unnoticed.
Fraud people don’t realize we have several databases to verify account infomation. As a analyst, I can use the information found there to trip up the fraud person.
in our office we had trouble with someone getting into accounting’s records and using peoples cc#'s and id’s. luckily it was discovered rather quickly and new rules for petty cash and reimbursements were instituted.
if your hubby uses his card for work and gets reimbersed his number, exp. date, and sig. are able to be lifted when he submits his reciepts. if he does give reciepts at work make sure the cc# is blocked out on all of them.
in our office you could get that info inhouse as well as the acct. dept at the client’s when a copy of the reciept was copied as back up for an invoice.
i always look carefully at a reciept, if it has a few digits ie last 4 or middle 5 and no exp date i’ll submit it. if it has anything more than that, i cut the numbers off the reciept then submit. you never know how a copy will float around an office.
I’ve been reading Kevin Mitnick’s The Art of Deception lately and apparently there are many, many ways this could have happened. Too many to even get into.