Credit card or bank card breach victims

[ERObjd]

Anyone else ever had their bank or credit card data stolen or breached ?

A few years back about 2012,USAA called me to ask if I had purchased 3 Apple I Pads from a Target store in Oakland CA.

Anyway the thieves had somehow gotten my debit card # and had been able to purchase 1 I pad which was about $800 . The dirtbgas tried to buy 2 more a few hours later and USAA called me because it was suspicious activity.
It took about a week but USAA put the $800 back into my account and sent me new ATM bank card via overnight mail.

USAA would only tell me that Target in Oakland and Oakland PD had some suspects that were identified on store camera footage. I never heard if they were actually arrested and charged.

We never knew for sure how our data had been stolen, but I suspected that it may have been from some "skimmers" placed on Casey gas station pumps. About that same time several Casey's stores here in Lincoln had found "card skimmers" on some of the gas pumps

Lincoln PD busted a ring of people from Romania who were putting card skimmers on pumps and hacking public wifi sites like libraries, and restaurants like McD and BK. The ones who were suspected of putting skimmers on gas pumps were 16-17 year old kid Theywere minors so no real punishment for them . They were part of a ring going around the nation skimming card numbers and hacking public wifi. Anyway since then we have never "paid at pump" we go inside gas stations to pay. Not that theives cant put skimmers on inside atm card readers ,but it is probably less likely. Unless the employee is doing it.

 

[jazz4cash]

I figured by now everyone that uses credit cards has been a victim of this. I was hit twice. The first time it was a brand new card that was stolen from the mail. I can't recall if they used the phone call activation procedure back then. The 2nd time was a debit card that I handed over at a skanky restaurant while traveling. It was detected by BofA being used at a grocery store in TX and I never lost any funds.

I quit using debit cards but I don't worry much about using my Penfed Visa at gas stations. Most stations around here require a PIN or usually just the billing zip code to proceed.

I do wonder if that would inhibit a skimmer. Also does a skimmer actually process the transaction or does it just capture your data without completing the purchase?

 

[ERObjd]

I figured by now everyone that uses credit cards has been a victim of this. I was hit twice. The first time it was a brand new card that was stolen from the mail. I can't recall if they used the phone call activation procedure back then. The 2nd time was a debit card that I handed over at a skanky restaurant while traveling. It was detected by BofA being used at a grocery store in TX and I never lost any funds.

I quit using debit cards but I don't worry much about using my Penfed Visa at gas stations. Most stations around here require a PIN or usually just the billing zip code to proceed.

I do wonder if that would inhibit a skimmer. Also does a skimmer actually process the transaction or does it just capture your data without completing the purchase?

I have often wondered that as well. How do they get the pin # unless they have some sort of hacking software that tracks pin # input at purchase.

Wife and I rarely use ATM anyway, when we want a little cash we just select "cash Back" option at grocery store and get cash that way. bypassing or maybe reducing the risk of ATM skimmers. I think the skimming dirtbag criminals prefer to use outside gas pumps rather than inside point of sale terminals. But crooks are sly and probably have done it before.

 

[JoeWras]

Who knows where your info is stolen. Skimmers, hacked terminal microcode, shoulder surfing, hacked databases, etc.: the list is vast.

Your best defense is to watch your account, sign up for notifications, and call them if you see anything suspicious. They will do their best too, so respond to their calls but you might want to call the number on the card, and not believe the person who calls you. I got a call recently from my CC company due to suspicious activity (which was actually normal), and I called them, but wouldn't answer their questions. I explained why and she was gracious and understood, made a note on my file, and told me to use the number on my card. They had no problem with that.

I had three incidents from 2011 through 2017. It has been clean since. They would never tell me where the breach came from. In my last one, I'm 99% sure it came from the Chipotle card-terminal hack. This was just as I chip cards were rolling out, and Chipotle didn't like how slow they were on initial roll out, so they kept using the card-slide option.

The good news is that the chips have definitely made an impact. The problem is the fraudsters are now moving to other techniques such as title deed fraud, etc. And of course, with your SS# and other info out there on the dark web, the fraudsters are still opening up new cards in our names.

One more thing: yesterday I got a new card from my CC company. It is touchless. The front of the card doesn't have numbers. This helps with shoulder surfing. Don't laugh, with all the sophisticated cameras out there, you should assume anyone near you can grab that info if you expose it.

 

[braumeister]

I have often wondered that as well. How do they get the pin # unless they have some sort of hacking software that tracks pin # input at purchase.

AFAIK, a tiny hidden camera that watches you type your PIN is the most common method.

 

[audreyh1]

We never knew for sure how our data had been stolen, but I suspected that it may have been from some "skimmers" placed on Casey gas station pumps. About that same time several Casey's stores here in Lincoln had found "card skimmers" on some of the gas pumps

Lincoln PD busted a ring of people from Romania who were putting card skimmers on pumps and hacking public wifi sites like libraries, and restaurants like McD and BK. The ones who were suspected of putting skimmers on gas pumps were 16-17 year old kid Theywere minors so no real punishment for them . They were part of a ring going around the nation skimming card numbers and hacking public wifi. Anyway since then we have never "paid at pump" we go inside gas stations to pay. Not that theives cant put skimmers on inside atm card readers ,but it is probably less likely. Unless the employee is doing it.

A good reason why many never use debit cards except at a bank. And still cover the keypad.

Credit card fraud - not as messy to deal with. Happens to us rarely. We have backups.

 

[JoeWras]

I have often wondered that as well. How do they get the pin # unless they have some sort of hacking software that tracks pin # input at purchase.

Wife and I rarely use ATM anyway, when we want a little cash we just select "cash Back" option at grocery store and get cash that way. bypassing or maybe reducing the risk of ATM skimmers. I think the skimming dirtbag criminals prefer to use outside gas pumps rather than inside point of sale terminals. But crooks are sly and probably have done it before.

PINs are obtained multiple ways. Sometimes a stick up camera is put up on the ATM. Other times, someone a long way off has a camera trained on the keypad through a high power scope.

This all sounds crazy, but it isn't. It happens.

 

[sengsational]

Skimmers are less effective now that pretty much all cards have a chip. I'd wager most of these stories come from the previous technology, where it was trivial to duplicate a card.

I resisted for a long time, not wanting to be bothered when all fraudulent transactions were covered anyway, but I've turned-on alerts for "card not present" transactions. This, after I used my card online on a WordPress site with a compromised plug-in for taking CC's. The crooks went to town buying services from online shell companies they'd set-up. Dozens of transactions, each just under $50. I happened to catch it the next day by logging on to my account, but if I had the SMS alerts on, my phone would have gone bonkers and I could have intervened earlier.

 

[ERObjd]

Even before covid I disliked shoulder surfers near checkout lanes and every now and then i would have to get direct and tell them to back off, now since covid rules shoulder surfing does not tend to happen much since the 6 ft distance is pretty much universal know. I think the 6ft distance waiting in checkout lanes will probably be here to stay and thats not all bad IMO.

 

[aja8888]

Anyone else ever had their bank or credit card data stolen or breached ?

Probably 10 times or more when I traveled on business. largest amount taken was $18,000 in Croatia off my AMEX card. I was on Puerto Rico at the time.

Personal cards - maybe 5 or 6 times that I can remember. I never use a debit card, but DW does and it has never been hacked (yet).

Folks...all your credit card info is "out there" due to previous store hacks, Equifax hack (the big one), untold bank hacks, etc. It just hasn't been sold yet.

 

[harllee]

I do not own a debit card and I will not accept one. I have an ATM card but it is not a debit card. Every once in a while my credit card gets compromised. I just contact the cc issuer, get the charge credited back and get a new card. No big deal except then I have to notify my monthly charge places of the new credit card number but that just takes a few minutes.

 

[easysurfer]

Several years back got a mysterious charge went on my Discover cc. Discover called me and asked if I made a purchase of $1. Definitely not me as I was sound asleep when the transaction took place.

I don't know for sure how my cc was compromised but I think either a skimmer (I just filled the car with gas a day or two earlier) or through a keylogger that was on my laptop.

 

[gauss]

Yep - CC frauds happen once every couple of years to me.

The CC company generally flags it first and follows up with an automated phone call. Once I confirm that the charges are not mine they have always been removed.

A new CC issued. I generally request them to overnight the new card and waive the fee which they have always done.

-gauss

 

[rk911]

we have knowingly been hit just once and that was years ago. but...Discover has pro-actively canceled and re-issued our card 4 or 5 times when they suspected we had been compromised.

 

[Sunset]

Just over a year ago, I had my Menard's card duplicated from either Menard's database or the Capital One database. The crooks didn't need my card.
I had to jump through some hoops to prove it wasn't me that spent $1,100 at 2 gas stations in Detroit

The fact I was on a plane flight during the purchases was a really strong argument

I cancelled the card after it was all resolved.

Just a couple of weeks ago, someone put a pending $0.01 charge on my CC for Farmbox Direct, while I was sleeping.
About 3 hours later, I saw it and phoned the CC company to report the fraud.
Bank Of America, issued me a new card, and expedited it (thanks to folks here for telling me this in another thread) so I had it the next day.

 

[Zathras]

We have been hit a few times by CC fraud. Easily and quickly handled.
I never use a Debit card, and don't shop at gas stations. Although we did have group of people putting card skimmers at gas pumps around our old neighborhood a few years ago.

 

[ERObjd]

We have been hit a few times by CC fraud. Easily and quickly handled.
I never use a Debit card, and don't shop at gas stations. Although we did have group of people putting card skimmers at gas pumps around our old neighborhood a few years ago.

A few years back we were informed by VA that they had a big breach and they gave us free Lifelock ID protect or something similar for a year.
Also USAA gave sent us new debit cards a few years back when target had a data breach. I never shop at Target and my wife maybe shops at Target once a year at best. Apparently the time she did shop there was part of the breach. A week went by and we never got our replacement cards. We suspect that they went to wrong adress or got lost in mail. I called USAA and they overnighted our next cards FEDEX. Lots of data breaches USAA also had to give us a new cards when Equifax had their big spill and that was just a couple years ago. The Equifax spill impacted almost every adult in the nation.

 

[Poopycat]

I received a letter welcoming me to Sam’s Club. I thought that was very odd since I have never stepped into a Sam’s Club in my life.

A day later, I got a credit card statement with $2,400 in charges. All the charges were from various Sam’s Clubs in Texas. I was living in Texas at the time but I hadn’t visited any of the cities where the card was used. The charges were for a three iPads, Flaming Hot Cheetos, cigarettes, and diapers. I don’t like Flaming Hot anything, I don’t have a baby or grandkid, I don’t smoke and I had an ancient iPad so obviously the charges weren’t mine. So somebody had not only charged on my credit card, but that person also ordered the card to begin with!

I contacted the credit card company immediately and explained the situation. The bank told me what to do, the card was canceled and I wasn’t on the hook for the charges. But it’s still very eerie to know that someone did that. A friend of mine thinks someone got a hold of one of those credit card offers that come in the mail. I always rip those up, but the mailman could have taken it or it could have been delivered to the wrong box. I wish it was illegal for companies to send those offers.

 

[audreyh1]

Someone nabbing your credit card offer - Good reason to freeze your credit.

 

[Chuckanut]

Someone nabbing your credit card offer - Good reason to freeze your credit.

+1

Freezing is the best defense we have. And it's free!

 

[jollystomper]

As long as the credit company is efficient in discovering and resolving the issue and getting out replacement cards, I can deal with the CC breaches that have happened to me.

The one I consider the best service was when we were attending a graduation in Texas and Chase notified us that our card had been compromised, with charges popping up in Ohio and Michigan. We did have another card, but they said they could reject all charges except the ones made in Texas for the duration of our trip. For those I could go online and validate that they were our charges. It made things more convenient for us.

The most obvious "Ah, we know where the breach occurred" situation was when I attended a conference in Las Vegas. One evening I had dinner with 3 other Megacorp employees at an Outback Steak House on the Vegas strip. We split the bill and we each used our corporate charge cards. About a month later the CC company contacted me about charges on my card from several European countries which I had not visited. That day I heard from one of the folks I ate with and the same thing had happened to her. Out of curiosity we got it touch with the other two. All our of cards had been compromised. We told the CC company "We think we know where the numbers were stolen"... not that they might do anything with the info, since they build in these losses.

 

[kaudrey]

I think we've gotten 3 new cards in the last year because of this; also, just last month someone got our business bank info and charged thousands of dollars against us - basically wiping out the account (until the bank credited the account). We froze the account and are going to close it as soon as they are done investigating.

 

[ExFlyBoy5]

We all have had (or have heard) of CC or debit cards being scammed. I am curious if anyone has had a financial account HACKED and money stolen? I have not and am more concerned about this than a CC being stolen.

I wish more financial institutions would go with a PHYSICAL KEY (like a Yubi key or similar) for the 2FA. It's been shown that text messages are pretty useless as your phone number can be hacked/ported without too much hassle.

Another solution is "delayed" password reset. I encountered this recently with an account I use for crypto [-]trading[/-] gambling. For whatever reason, my password didn't load correctly and I was locked out. I requested a reset and was put in a 24 hour penalty box. I could do NOTHING for this period of time...no if, ands, or buts. Seems like that would be pretty effective with the scammers who wouldn't bother to keep up with the reset clock; I think they would just move on.

 

[harllee]

I have had a family member who had their personal bank account hacked --the account balance which was about $20,000 was depleted down to $0 and all their checks and other payments bounced. They never found out how it happened--the bank made their account whole and paid them back for all late fees, etc. They figured it was an inside job and shortly thereafter moved to another bank.

I had my Social Security account stolen. I stopped getting my SS deposits and when I checked I found out someone had impersonated me on the phone with SS and had my payments sent to a debit card. I had an online account with SS and they somehow went around it. The person at SS that I worked with said this should have never happened--that I should have been contacted by someone at SS before my payment info was changed but I was never contacted by SS. It took about 3 months to get my SS payments started again. The worst thing was that for some reason in straightening all this out my Medicare got cancelled and for a while I had no Medicare and my medical bills were not paid. I worked for months to get that straightened out with no luck. I finally had to get my Congressman involved and he got it straightened out in 1 day.

 

[rk911]

+1

Freezing is the best defense we have. And it's free!

agreed but even that is not a 100% ironclad guarantee. credit providers do not have to pull a credit report in order to issue credit...or so i'm told. this is why we have near-instantaneous alerts on all of our bank accounts and credit cards for any transaction...in or out...that is >=$1.