My Fidelity VISA CC hack attempt

ERD50

Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Joined
Sep 13, 2005
Messages
27,369
Location
Northern IL
Yesterday AM, I go online and read my emails, and I see a charge notification on my Fidelity VISA (I have alerts set for any/all transactions on all my accounts/cards). It was a $10.xx charge, placed at 3AM to a place we have never done business with (skin care/beauty products). Email looks legit, everything about it, including the links, look identical to the other email alerts I get from Fidelity, but I'm still not going to click on the link. We use this Fidelity VISA a lot, everything when we are out, except gas and restaurant, as those are on the 3% & 4% Coscto card.

So I sign in directly to my account, and there is no such charge showing, not even 'pending'. I try their 'chat', they first think the email is a phishing attempt, but manage to verify the email, but say they can't look at my transactions, I need to call in for that(?!). OK, so when I have time, I call in, and they explain that an attempt to make that charge was made, but the CCV was invalid, so it was declined. They cancel the card, and send me a new one.

That's only a very minor pain, I use a different card for all recurring payments, and that card never leaves the house, so it isn't open to someone copying the info. And we have a Costco VISA we can use for a couple days until the new card arrives.

The question that I didn't think fast enough to ask the phone rep was: Why did I see a charge notification, if the charge was declined?

And I'm also wondering, how would someone get my CC#, but not my CCV? Did they figure they had a 1/1000 chance of guessing my CCV?
 
...
The question that I didn't think fast enough to ask the phone rep was: Why did I see a charge notification, if the charge was declined?
...
I get charge notification SMS txt msgs on my phone before the cashier hands me the receipt.
You just caught a window in time when you looked that it was already declined vs. still showing as pending.
 
The other question I meant to ask the rep was - Since you think this is serious enough to cancel that card, why didn't YOU alert me to fraud attempt? Why did I have to call you?
 
The other question I meant to ask the rep was - Since you think this is serious enough to cancel that card, why didn't YOU alert me to fraud attempt? Why did I have to call you?
Perhaps because, as Spock infers, you just happened to catch this as it occurred/unfolded. Perhaps they would have done so in just a few hours?
 
Perhaps because, as Spock infers, you just happened to catch this as it occurred/unfolded. Perhaps they would have done so in just a few hours?
Maybe - still seems odd to me that I'm catching it before they do. Don't they have computers working 24/7 on this? Four or five hours passed from the email alert I got and me calling them.

Or perhaps they would not have done anything, but since I called, the protocol is to cancel the card regardless?
 
The question that I didn't think fast enough to ask the phone rep was: Why did I see a charge notification, if the charge was declined?

It depends on how and where the card was presented. Typically, with online sales the card information is captured and the transaction is tentatively approved, but the transaction isn't settled until a fixed time of day that the merchant sets. During this time the credit card processing company is supposed to have security protocols in place that would catch the fraud. Maybe the do, but they wouldn't have caught it for several hours.

It appears that your card was used by someone that was not in person, not in a physical store. The fact that the charges were incurred at 3am could be deliberate. The thief bought something online in the early morning hours figuring the transaction wouldn't settle until later that day. The thief was hoping the merchant would go ahead and ship the product before the transaction settled later in the day.

And I'm also wondering, how would someone get my CC#, but not my CCV? Did they figure they had a 1/1000 chance of guessing my CCV?

Probably got it from some online seller that has lax security with customer's credit card information. Either hacked it or has access to the records. Or could be someone got your credit card info in this manner and sold it to someone else.

Online sales do not need your CCV to process sales. It's an added security feature but it can be turned off.
 
The question that I didn't think fast enough to ask the phone rep was: Why did I see a charge notification, if the charge was declined?
I’ve gotten charge notifications and even text to confirm it was me. I suppose there are different layers.

I think I still have the number for the Elan Financial fraud department and I try to call them directly.
 
I use the Fidelity Visa for everything except for gas. One minor gripe I have is that most of my email notifications do not identify the seller. The email sender is identified as either ‘Credit Card Account Services’ or ‘Fidelity Investments Credit Card Alerts’. The latter one does identify the seller and states ‘credit card not present’. I need to dig into the nuance of the two senders.

For your card used for online purchases only, is it also Fidelity/Elan Visa, or something else? I need to consider doing that.
 
It was an online/phone charge - I get a separate email on those titled: "Fidelity Investments Credit Card Not Present"

I use the Fidelity Visa for everything except for gas. One minor gripe I have is that most of my email notifications do not identify the seller. The email sender is identified as either ‘Credit Card Account Services’ or ‘Fidelity Investments Credit Card Alerts’. The latter one does identify the seller and states ‘credit card not present’. I need to dig into the nuance of the two senders.
My emails always identify the seller. Not trusting my memory, I did a filter on my email and scanned the first 30 or so. The sender emails for me are both the same (in person vs not in-person). I set up all these alerts at the Fidelity VISA site, maybe there are different ways to do a similar thing on their site, which might generate a different email? Or maybe it changed over time - maybe undo them and set them all fresh?

For your card used for online purchases only, is it also Fidelity/Elan Visa, or something else? I need to consider doing that.

I don't have a separate card for online purchases (probably not a bad idea though). What I was saying is that I use my Amazon Visa for all recurring charges (regular bills with established companies like internet, utilities, etc, plus Amazon of course). Since I never use it "in the wild" it seems to be pretty immune to hacking (knock on wood!). And if one of my other cards gets hacked, I don't have to update umpteen billing sites.

Since we are so often asked for our CCV code, I fail to see how that adds much security, and it's in plain site for restaurants that take your card (why do we still have that, most other countries bring the reader to you?).
 
This last time when dining while traveling in the US we asked to pay with ApplePay and the server basically had us come to the register with them. We like that better than handing over a card.
 
I got a notification from Fido for a charge from Bestbuy that I did not recognize for an annual membership. I called BESTBUY but they had no record of the charge so I called Fidelity to dispute it. Fido immediately went to close and replace the card due to “fraud”. I thought it could be a billing error rather than fraud. If someone is hacking my account I doubt they would order an annual membership. I double checked the history and have no suspicious
charges going back many months. I expected they could investigate using the reference # and figure it out. I was very surprised to learn that could not or would not.
Turns out the charge was on DW’s account from when we bought a major appliance and Bestbuy reversed the charge without hesitation. They had actually suggested what the issue was the first time I called but I insisted we only had one account!
 
The other question I meant to ask the rep was - Since you think this is serious enough to cancel that card, why didn't YOU alert me to fraud attempt? Why did I have to call you?

I have sometimes entered a wrong CCV when making a purchase online. So maybe CC companies don't call want to cancel the CC on the first "error" but flag the account for further "checks" in case the CC is used suspiciously later.
Imagine all the mad customers who get their CC cancelled because they made a typo entering for a purchase.
Your phone call of course pushes it to the cancel decision.
 
I got a notification from Fido for a charge from Bestbuy that I did not recognize for an annual membership. I called BESTBUY but they had no record of the charge so I called Fidelity to dispute it. Fido immediately went to close and replace the card due to “fraud”. I thought it could be a billing error rather than fraud. If someone is hacking my account I doubt they would order an annual membership. I double checked the history and have no suspicious
charges going back many months. I expected they could investigate using the reference # and figure it out. I was very surprised to learn that could not or would not.
Turns out the charge was on DW’s account from when we bought a major appliance and Bestbuy reversed the charge without hesitation. They had actually suggested what the issue was the first time I called but I insisted we only had one accoI

I also had a weird issue with a subscription last year. I had my daughter buy me a Black Friday TV on her Walmart+ account and gave her my Discover card number since she got early access to the deal. A couple of months later I had a small Walmart charge on my Discover billing statement that I couldn't account for and it didn't show in my Walmart account purchases. I figured out I had being billed for her monthly Walmart+ subscription, Walmart must have saved my card and made it the primary but only for the subscription. Her own card was still being billed for all her grocery purchases or we would have noticed it a lot sooner. Anyway she was able to delete the card but ti was a strange thing to happen and we both agreed in future she'll use her card if I ever need anything else and I'll just Zelle her the money to save any further hassles.
 
I got a notification from Fido for a charge from Bestbuy that I did not recognize for an annual membership. I called BESTBUY but they had no record of the charge so I called Fidelity to dispute it. Fido immediately went to close and replace the card due to “fraud”. I thought it could be a billing error rather than fraud. If someone is hacking my account I doubt they would order an annual membership. I double checked the history and have no suspicious
charges going back many months. I expected they could investigate using the reference # and figure it out. I was very surprised to learn that could not or would not.
Turns out the charge was on DW’s account from when we bought a major appliance and Bestbuy reversed the charge without hesitation. They had actually suggested what the issue was the first time I called but I insisted we only had one account!
LOL... I had a charge from Best Buy and also called... and also was told they did not do the charge...

The CC company was doing the same thing... let's close those cards and send you new ones... WAIT... I am still trying to find out what happened and see if I can get it reversed...

Well, come to find out that DW was visiting a friend in NJ and bought alcohol from a store called... Best Buy Liquor!! The liquor part was not the the stmt...
 
LOL... I had a charge from Best Buy and also called... and also was told they did not do the charge...

The CC company was doing the same thing... let's close those cards and send you new ones... WAIT... I am still trying to find out what happened and see if I can get it reversed...

Well, come to find out that DW was visiting a friend in NJ and bought alcohol from a store called... Best Buy Liquor!! The liquor part was not the the stmt...
Why was she using your CC :confused:
DW and I have our own separate CC's as it has more benefits and avoids these issues.
Was your DW surprised the next time she used the CC and it was denied :hide:
 
Why was she using your CC :confused:
DW and I have our own separate CC's as it has more benefits and avoids these issues.
Was your DW surprised the next time she used the CC and it was denied :hide:
I also have my spouse as an authorized user on my account, or mine on hers, because it meant fewer applications, and is simpler to track. I'm sure Texas Proud and I aren't the only ones.
 
FWIW, this card is provided/managed by Elan. "Fidelity" is just branding.
 
With multiple cards and authorized users is there any way to determine which card was used?
 
Why was she using your CC :confused:
DW and I have our own separate CC's as it has more benefits and avoids these issues.
Was your DW surprised the next time she used the CC and it was denied :hide:
As others have said... she is an authorized user...

Her card with her name has the exact number that my card with my name has....

The only account where we share that has separate numbers is Capital One... so I can track what she buys... but we stopped using them when they did not reverse interest when a payment was a day or two late.. I had looked at their website and saw a date and paid by that date... but then it shows I am late and I look again and the date is not what I saw earlier... 20 years of paying every month and they would rather lose a customer over a few hundred $$$s... (it was a BIG bill as it had my vacation on it)...
 
I also have my spouse as an authorized user on my account, or mine on hers, because it meant fewer applications, and is simpler to track. I'm sure Texas Proud and I aren't the only ones.

I'm sure a lot of folks do it.
We each have our own CC for the following reasons:

  • We do each have to track our own CC use, but it's a good practice.
  • It means we each have our own (great) credit record/history and we each get the signup benefits of a CC.
  • Additionally, if a card is stolen, the other person's card is not affected and can be used.
  • Lastly, when one of us dies, the other person still has all their CC's available and are not in the situation where the Wife cannot get a credit card as she was just an additional to Husbands credit cards. Maybe this has changed from the past, but it used to be a big problem for Widows.
While we have separate CC's , we do share expenses and talk before buying big things costing lots of money.
 

Latest posts

Back
Top Bottom