Smarter credit card fraud

[braumeister]

I check my credit card accounts online about weekly, and found a new wrinkle this morning. I have one card I use only for online purchases, and it showed two phony charges at bricks & mortar stores last week. Both were at Office Depot stores, and both were within 50 miles of where I live.

I haven't been in an Office Depot in at least several years, and we don't even have one near me, so these stuck out in a big way. So now I have to go through the usual cancel card, get new one, etc.

The thing that struck me is that although all the online purchases were quite far away, they managed to get these charges processed at relatively local stores to me. They probably thought they might slip through. The first was for over $40 and the second, two days later, was for over $200. I know the card has never been out of my possession, so it was cloned digitally from one of my online charges. Nasty stuff.

This was a USAA credit card, and they make it very easy to report such fraud online, so not a big deal. The problem was that I also had half a dozen continuing monthly charges on that card, and they all had to be changed. Busy morning!

 

[MichaelB]

I check my credit card accounts online about weekly, and found a new wrinkle this morning. I have one card I use only for online purchases, and it showed two phony charges at bricks & mortar stores last week. Both were at Office Depot stores, and both were within 50 miles of where I live.

I haven't been in an Office Depot in at least several years, and we don't even have one near me, so these stuck out in a big way. So now I have to go through the usual cancel card, get new one, etc.

The thing that struck me is that although all the online purchases were quite far away, they managed to get these charges processed at relatively local stores to me. They probably thought they might slip through. The first was for over $40 and the second, two days later, was for over $200. I know the card has never been out of my possession, so it was cloned digitally from one of my online charges. Nasty stuff.

This was a USAA credit card, and they make it very easy to report such fraud online, so not a big deal. The problem was that I also had half a dozen continuing monthly charges on that card, and they all had to be changed. Busy morning!

Bummer. Changing all those auto-pays is a real PITA. A couple of years ago I decided to follow the advice of some other forum members and dedicate one card only to autopay.

 

[calmloki]

Bummer. Changing all those auto-pays is a real PITA. A couple of years ago I decided to follow the advice of some other forum members and dedicate one card only to autopay.

I also took that suggestion and have one Fidelity card dedicated to the autopays. Sorta amusing, in that Fidelity changed from BofA (I think) to Elan several years ago and I was made very aware of the PITA factor involved when changing all the autopays to the new Elan card. Many of our payments autopull, and you may be surprised months down the road when a every six months car insurance bill or some such notifies you you have a bum payment.

 

[Aerides]

Since you only use this CC online, yet the fraud was local... any chance you should have recently received a renewal/replacement that got intercepted in the mail? Or a statement if you haven't turned those off?

 

[MoneyIsMyHobby]

Since you only use this CC online, yet the fraud was local... any chance you should have recently received a renewal/replacement that got intercepted in the mail? Or a statement if you haven't turned those off?

I found a setting in my Bank of America app recently to send location data to BofA so that they can authenticate it is you using the card (being used in a store you're actually near/in). I'm not sure how this works with online purchases, and I'm not thrilled about sharing my location with BofA at all times, but it is an interesting idea!

MIMH

 

[easysurfer]

Had a fraudulent charge on a credit card few years back. I never was able to figure out how the charge got there. My theory was perhaps by a keylogger on my computer as that much I knew for sure. Along with the cc replacement had to go ahead and change all my login id's (when possible) and passwords assuming the fraud was from the keylogger.

 

[braumeister]

Since you only use this CC online, yet the fraud was local... any chance you should have recently received a renewal/replacement that got intercepted in the mail? Or a statement if you haven't turned those off?

No, it wasn't close to expiring, so no replacement due, and I get (and reconcile) my statements monthly online.

 

[HFWR]

I have two cards, both through CitiBank, and I’ve activated the texting feature, so I’d know when a bogus purchase was made, and could immediately lock the card from the app.

 

[Dtail]

Bummer. Changing all those auto-pays is a real PITA. A couple of years ago I decided to follow the advice of some other forum members and dedicate one card only to autopay.

Interesting post, as just today my CC was hacked and I only use it for auto pay.
It is a BOA card and their Orbitz travel site was hacked into, so I believe this was the source, as this is the only use of the card not automated.

I do have the txt message warning, which alerted me to the charges timely.
Need to now redo the set-ups tomorrow.

 

[Chuckanut]

One old fraud making the rounds again is the 'small charge' fraud.

The criminals make one or two very small charges a month to your credit card, maybe $5-$10 max. These are easy to overlook and they don't raise an alarm. A few thousand of those a month spread over many victims and the criminal has a nice income.

Several CC companies offer single use card numbers for online and regular payments. Capital One has a new system ENO, which creates a unique CC number for each online retailer and can be used ONLY by that retailer. It shows up on the CC statement under the actual card number. Very Nice. Oh, they pay 1.5% cash rebate. Not quite as good as the Fidelity card.

 

[ERD50]

No, it wasn't close to expiring, so no replacement due, and I get (and reconcile) my statements monthly online.

But I've had cards sent to me before the expiration date. From what I could tell, that was their way of getting you to agree to some changes in the contract, (by signing/accepting the new card) so I ignored them and kept using the old card. Never got turned down for anything.

-ERD50

 

[JoeWras]

The thing that struck me is that although all the online purchases were quite far away, they managed to get these charges processed at relatively local stores to me.

Maybe this was from some data breach and the crooks knew your address or city as it was part of the breach.

I know last year I'm 99% certain my card was compromised by the Chipotle breach. This involved putting bad firmware on the cash registers. So, when the register transmitted the data back to the crooks, the location was available.

Same thing: attempted transactions nearby, next city over.

 

[Bamaman]

We have a wayward daughter that keeps getting hold of my wife's ATM card number and linking it to Dominos Pizza and Telmate--to put money on inmates' commissary accounts in jail. We just cancelled the ATM card this a.m. for the umpteenth time. Thankfully some of the charges could be reversed.

But you have more rights to chargebacks on credit cards than ATM cards.

Is it possible to divorce a child?

 

[Another Reader]

We have a wayward daughter that keeps getting hold of my wife's ATM card number and linking it to Dominos Pizza and Telmate--to put money on inmates' commissary accounts in jail. We just cancelled the ATM card this a.m. for the umpteenth time. Thankfully some of the charges could be reversed.

But you have more rights to chargebacks on credit cards than ATM cards.

Is it possible to divorce a child?

No, but it's possible to have her arrested for theft and fraud.

 

[Chuckanut]

We have a wayward daughter that keeps getting hold of my wife's ATM card number\

It may be time to ditch the ATM card or keep it locked up.

Alas, ATM cards do not have the same legal protections as credit cards, whether used by wayward children or others who are not authorized to use them.

 

[donheff]

Since you only use this CC online, yet the fraud was local... any chance you should have recently received a renewal/replacement that got intercepted in the mail? Or a statement if you haven't turned those off?

DW likes paper statements. Years back they stopped including the card number on the statement. They show the last four digits.

 

[Aerides]

DW likes paper statements. Years back they stopped including the card number on the statement. They show the last four digits.

Most did, not all. My chase-amazon statement has the number on still which is nuts.

 

[mtheulen]

I have two cards, both through CitiBank, and I’ve activated the texting feature, so I’d know when a bogus purchase was made, and could immediately lock the card from the app.

Same here
Doesn't stop the the hack, however you can respond right then

 

[jonat]

Several CC companies offer single use card numbers for online and regular payments. Capital One has a new system ENO, which creates a unique CC number for each online retailer and can be used ONLY by that retailer.

If your bank doesn't offer this feature (none of mine do), check out https://privacy.com It's a free service to generate merchant-specific or "burner" card numbers with an optional dollar limit. The drawback compared to the bank-offered options is that the money is debited from a checking or savings account by EFT, so no float and no points. I use this when entering my card on sites I don't regularly do business with.

 

[RunningBum]

I've also had unexpected "checks" sent to me that are essentially advances on my credit card. I hate that, because I would have no idea they've been intercepted unless I noticed bogus charges.

 

[Gotadimple]

Maybe this was from some data breach and the crooks knew your address or city as it was part of the breach.

I know last year I'm 99% certain my card was compromised by the Chipotle breach. This involved putting bad firmware on the cash registers. So, when the register transmitted the data back to the crooks, the location was available.

Same thing: attempted transactions nearby, next city over.

That. Or, a computer is randomly generating numbers for a particular issuer and they got lucky with the first charge, so submitted a second charge. At least that was the way Chase explained it to me when I had a charge on my card several years ago. I was concerned about identity theft, they assured me my identity was secure, this was a random generation of a credit card number by a computer, not a person.

- Rita

 

[googily]

I have two cards, both through CitiBank, and I’ve activated the texting feature, so I’d know when a bogus purchase was made, and could immediately lock the card from the app.

Citi has my double cash card so locked down that I can't use it outside of my home area unless I've told them I'm traveling. So that may be why fraudsters are now trying to use local spots.

My other Citi card, which I use for all travel/entertainment expenses, will automatically note a changed location for a range of dates when they see a charge for plane/train tickets. Which is a bit alarming, I guess, but helpful. They send an e-mail telling me that there's no need for me to alert them to my travel plans.

 

[kcowan]

My other Citi card, which I use for all travel/entertainment expenses, will automatically note a changed location for a range of dates when they see a charge for plane/train tickets. Which is a bit alarming, I guess, but helpful. They send an e-mail telling me that there's no need for me to alert them to my travel plans.

Yes we had that too. And so they called us when a $6000 charge for a used car was put through from Nova Scotia (I was in Mexico for the winter) and I asked them why they had to call! They said it was a customer service!

Several cards will continue to approve pre-auth payments for 6 months when a replacement card has been issued. Still does not catch the yearly insurance payments though. Most yearly payment cos are used to being rejected though.