Unexpected fraud on card

[Alan]

This morning I woke up to see a fraud alert from our US bank. We live in England and the alert was for 2 charges to our bank account using our debit card in a Safeway grocery store in Arizona. The charges were $50 and $4.58. I called the bank to confirm that it was not us and to cancel the card.

This was unexpected because we haven't been in the USA since September 2017 and we have only ever used that debit card to withdraw money from ATMs when visiting the USA. Talking with the agent she said the transactions were made using a contactless card. I also confirmed with her that we have no automated charges associated with the card. The only automated charges on that bank account is a direct debit to a charity, and that has been in place for years.

I have no idea how the fraudsters could possibly have found the numbers on that card to have created a contactless debit card. If I had used an ATM with a scanner or camera in September 2017 then the thieves have taken a long time to duplicate the card.

We also have US credit cards on that bank account and when I first saw the alert this morning it was the credit card account I looked at first, never even thought that it was the debit card.

 

[Bryan Barnfellow]

Alan, I would cancel the automated direct debit to the charity and replace with a credit card. Also, I would alert the charity; they may have one or more other examples and could use your information to try to track it down to a particular person in the gift processing department. That's the only live link that I see in your narrative above. But it is also possible that your debit card info was indeed stolen a few years back, was sold as part of large batch of such card data, and only now is getting used.

-BB

 

[Alan]

Alan, I would cancel the automated direct debit to the charity and replace with a credit card. Also, I would alert the charity; they may have one or more other examples and could use your information to try to track it down to a particular person in the gift processing department. That's the only live link that I see in your narrative above. But it is also possible that your debit card info was indeed stolen a few years back, was sold as part of large batch of such card data, and only now is getting used.

-BB

I did ask about that but the fraud agent said that since the DD to the charity was set up not using the Debit Card then there was no possible link between it and the card. However, I think I will take your advice and see if it can be changed.

 

[audreyh1]

If I had used an ATM with a scanner or camera in September 2017 then the thieves have taken a long time to duplicate the card.

seems like that is possible.

Especially since the charity withdrawal was not set up via the card.

Or it was someone at the bank.

 

[big-papa]

Sorry that happened to you. Sadly that sort of thing is becoming more common but it's really not worth speculating how it actually happened - let the fraud unit at the bank do their job. Get a new card, change your ATM PIN.

Had a fraud alert on my credit card back in September and the charges were removed. I bank at a credit union and we also have our credit cards there. I've had several of these incidents over the years, but this is the first time they were able to print a new credit card on the spot at the local branch!

 

[Alan]

The last time we had a US card cloned was in 2013, 4 months into a European trip and the fraud person then told us it was common to wait several months before using a cloned card. 15 months since we last used this card but still likely to have been that last time we used it as it gas only ever been used at an ATM. Since the only financial institution that has the card details is our bank then it is not beyond the realms of possibility that is an inside job.

 

[splitwdw]

what is a contactless card?

 

[MI-Roger]

what is a contactless card?

I imagine it is a card that can be tapped against the card reader screen to initiate payment. One of our cards, a seldom used retailer card, has that feature.

Mobil initiated this feature ~20 years ago using a short plastic stick which could be easily attached to your vehicle's key ring to make it easier to pay for gasoline at Mobil stations.

 

[mbooth]

what is a contactless card?

Use Google to search for the term [I did originally include a link but it was too long and Australia specific]

 

[bobandsherry]

This morning I woke up to see a fraud alert from our US bank. We live in England and the alert was for 2 charges to our bank account using our debit card in a Safeway grocery store in Arizona. The charges were $50 and $4.58. I called the bank to confirm that it was not us and to cancel the card.

This was unexpected because we haven't been in the USA since September 2017 and we have only ever used that debit card to withdraw money from ATMs when visiting the USA. Talking with the agent she said the transactions were made using a contactless card. I also confirmed with her that we have no automated charges associated with the card. The only automated charges on that bank account is a direct debit to a charity, and that has been in place for years.

I have no idea how the fraudsters could possibly have found the numbers on that card to have created a contactless debit card. If I had used an ATM with a scanner or camera in September 2017 then the thieves have taken a long time to duplicate the card.

We also have US credit cards on that bank account and when I first saw the alert this morning it was the credit card account I looked at first, never even thought that it was the debit card.

Just look up "Dark Web" or "Deep Web", chances are that you credit card information was stolen and is now being packaged with millions of other cards for sale. And since it was used in the US that doesn't mean the card data was stolen in the US.

https://deep-weblinks.com/deep-web/

 

[Red Badger]

I just found a +$40 charge at Little Caesar's. DS uses my debit card there occasionally, but 2 problems.

Never ~$40 - we get one pizza and wings - more like ~$15. Also, it listed on the statement as a recurring charge. I've disputed it just moments ago. We shall see what unfolds...

I also got hit with ~$1000 in fraud on my Chase CC recently. They nipped that in the bud ASAP.

God luck Alan.

FWIW - I've been caught up in just about every large credit hack in recent memory (Equifax, DOD, Target, OMP, others). It just SUCKS.

 

[Alan]

what is a contactless card?

It is card that does not make contact with a card reader either by being swiped or inserted (chip). You just place it close to the reader and is good for purchases up to £30 in England or $50 in the USA.

 

[Alan]

Just look up "Dark Web" or "Deep Web", chances are that you credit card information was stolen and is now being packaged with millions of other cards for sale. And since it was used in the US that doesn't mean the card data was stolen in the US.

https://deep-weblinks.com/deep-web/

In our case the card has never been used online and only ever been used in USA ATMs, and never for any purchase, but I take your point.

 

[bobandsherry]

In our case the card has never been used online and only ever been used in USA ATMs, and never for any purchase, but I take your point.

If only use of your card was at ATM in US then still very probable that your card information could have been compromised. See this article.

https://krebsonsecurity.com/tag/atm-skimmers/

 

[Nick12]

This morning I woke up to see a fraud alert from our US bank. We live in England and the alert was for 2 charges to our bank account using our debit card in a Safeway grocery store in Arizona. The charges were $50 and $4.58. I called the bank to confirm that it was not us and to cancel the card.

This was unexpected because we haven't been in the USA since September 2017 and we have only ever used that debit card to withdraw money from ATMs when visiting the USA. Talking with the agent she said the transactions were made using a contactless card. I also confirmed with her that we have no automated charges associated with the card. The only automated charges on that bank account is a direct debit to a charity, and that has been in place for years.

I have no idea how the fraudsters could possibly have found the numbers on that card to have created a contactless debit card. If I had used an ATM with a scanner or camera in September 2017 then the thieves have taken a long time to duplicate the card.

We also have US credit cards on that bank account and when I first saw the alert this morning it was the credit card account I looked at first, never even thought that it was the debit card.

Debit cards are a thing of the past. Many people ( including myself have been fraud victims). I cancelled the debit card last year. With a credit card you can always contest the charge while the fraud dept looks into your matter. The bad guys once they get hold of your debit card can drain you of your savings quicker than a pickpocket in Times Square, NYC.

 

[OldShooter]

Debit cards are a thing of the past. Many people ( including myself have been fraud victims). I cancelled the debit card last year. With a credit card you can always contest the charge while the fraud dept looks into your matter. The bad guys once they get hold of your debit card can drain you of your savings quicker than a pickpocket in Times Square, NYC.

IMO this kind of paranoia about debit cards is usually unfounded. We have debit cards from Schwab and from a megabank. In both cases the issuers have guaranteed to indemnify us 100% against fraud.

Schwab: " ... we offer you this simple guarantee: Schwab will cover 100% of any losses in any of your Schwab accounts due to unauthorized activity."

For us the debit cards are necessary because we travel internationally a couple of times a year and use ATMs to get cash. AFIK all credit cards consider an ATM withdrawal to be a cash advance and begin charging their rapacious interest rate immediately.

YMMV, of course. Check with your issuer. In this competitive world I'd be surprised if the vast majority of issuers didn't offer guarantees.

 

[Mr._Graybeard]

Our Discover card got hit last fall. Weirdly enough, someone used our card number to buy tickets to a Packers-Vikings game at Lambeau Field using a smartphone. The transaction was obviously fraudulent (we got an almost immediate email alert from Discover), it took place within 125 miles of our home and, I assume, it would be easily traceable through the phone.
The transaction never appeared in our account that I know of -- if it did it was there only briefly. Discover overnighted us a new card. Whether they went after the person who made the $500 transaction, I don't know.

 

[John Galt III]

Just having a credit or debit card number on a server somewhere is all it takes. If the server is hacked, your number is in the bad guys' hands. You don't even have to use it ever.

 

[Rianne]

Years back we had a Discover card. There were a few small charges that were not ours, then very quickly international airline tickets charged. Discover immediately canceled and all worked out, got a new card.

I investigated this since the charges were international. An IT person at Discover said the hackers run numbers, thousands at a time in various sequences. Again this was years ago, so the 3-4 digit code on the back was not on CC. I don't know how they can charge without that code and the expiration date as those vary with every card. I guess grocery stores and retail stores barely look at your card, I have no idea what benefit the chip is, because the card has to be physically stolen to use it that way. When you charge online, that code and expiration and your zip code, sometimes your address must all match.

 

[candrew]

I just found a +$40 charge at Little Caesar's. Never ~$40 - we get one pizza and wings - more like ~$15. (

Damn. Prices have really gone up since we last bought pizza at Little Caesar's!

 

[Chuckanut]

I imagine it is a card that can be tapped against the card reader screen to initiate payment. One of our cards, a seldom used retailer card, has that feature.

Mobil initiated this feature ~20 years ago using a short plastic stick which could be easily attached to your vehicle's key ring to make it easier to pay for gasoline at Mobil stations.

I just tap my Costco Visa against the pin pad when I check out at Costco. It works like a charm.

Given the number of data breaches by companies that we have given our personal and financial information to, it is not hard to imagine that these attacks will continue. The bad guys have a wealth of personal information at their disposal.

FWIW, I have read articles that Congress may look deeper into the Equifax fiasco and pass some laws that may hold these companies accountable if they do not take reasonable steps to safeguard our information. IMHO, being 6 months behind on known security updates is not reasonable.

 

[Niuatoputapu]

IMO this kind of paranoia about debit cards is usually unfounded. We have debit cards from Schwab and from a megabank. In both cases the issuers have guaranteed to indemnify us 100% against fraud.

........

For us the debit cards are necessary because we travel internationally a couple of times a year and use ATMs to get cash. AFIK all credit cards consider an ATM withdrawal to be a cash advance and begin charging their rapacious interest rate immediately.

Guilty to the both Paranoia and the use of Schwab Debit Cards for ATMs in Europe.

Our solution - we set the Debit card limit to $0.01 and use only the ATMs.

Agree that Schwab would reimburse us for any fraudulent transactions, but since we prefer the credit card fraud handling, we converted the Schwab card to ATM only.

 

[bobandsherry]

Years back we had a Discover card. There were a few small charges that were not ours, then very quickly international airline tickets charged. Discover immediately canceled and all worked out, got a new card.

I investigated this since the charges were international. An IT person at Discover said the hackers run numbers, thousands at a time in various sequences. Again this was years ago, so the 3-4 digit code on the back was not on CC. I don't know how they can charge without that code and the expiration date as those vary with every card. I guess grocery stores and retail stores barely look at your card, I have no idea what benefit the chip is, because the card has to be physically stolen to use it that way. When you charge online, that code and expiration and your zip code, sometimes your address must all match.

Having worked in creidt card fraud group for a major card issuer, and who worked on cost benefit analysis for Execs on cost/benefit of issuing millions of credit cards, I'll tell ya the benefit of chip.... Significantly reducing credit card losses that banks were booking year after year, and growing. Losses still exist, largely moved from credit card fraud to online and virtual cards. As I joked with the execs, fraudsters aren't going to suddenly go out of business, they will just find another way to continue to make a living.

As FYI, the company responsible for credit card loss is the party that has the weakest security measures.

So, cards processed as chip tranasaction the bank is responsible. As you would guess that level of fraud is basically nothing. Even after figuring in the cost of card reissuance, banks still come out way ahead as they no longer responsible for credit card losses. With exception of stolen identify and cards lost in mail (relatively trivial losses) the bank is now able to pass losses onto the merchant.

Merchants that decided to not upgrade equipment to accept chip cards and instead still accept swipe transaction are responsible for losses. Same for online transactions. Reason being is they are the weak link in the credit authorization process. Only exception is pay at the pump, they were given extension to convert their equipment, but they too will soon be responsible for losses if they continue to accept swipe tranasaction at the pump.

 

[Nick12]

IMO this kind of paranoia about debit cards is usually unfounded. We have debit cards from Schwab and from a megabank. In both cases the issuers have guaranteed to indemnify us 100% against fraud.

Schwab: " ... we offer you this simple guarantee: Schwab will cover 100% of any losses in any of your Schwab accounts due to unauthorized activity."

For us the debit cards are necessary because we travel internationally a couple of times a year and use ATMs to get cash. AFIK all credit cards consider an ATM withdrawal to be a cash advance and begin charging their rapacious interest rate immediately.

YMMV, of course. Check with your issuer. In this competitive world I'd be surprised if the vast majority of issuers didn't offer guarantees.

No Paranoia here. The fraud dept in my former employer advised our team members in team meetings that the debit card is one of the easiest ways the crooks can obtain your info and use it free willing. I agree that debit cards make it easier to obtain money from ATMs but if I can minimize the chances of me being a victim of fraud again then adios to my debit cards and I am still keeping my credit cards for necessary purchases.

 

[bommerkid]

been there

It is likely that the safeway was hacked and your data was used that had been collected long ago. The small transaction was used to see if it would go through and the $50 was largest amount available with this technology.
One thing that I do is use only one card for everything possible and monitor with an app tracker. My other cards get renewed every 12 months by saying to the bank that the cards are no longer usable. New cards new data.
Unfortunately at $50 the crime is almost never really investigated and the far away criminals know this.