Credit Card Fraud Question

[Belinda Barfield]

Checked my checking account this a.m. and much to my surprise I purchased $2209.85 worth of fishing gear at Fish USA through their website. Wow, I must have been sleep shopping again. I really like to fish but . . . hmmm . . . that's a little high for my hobby budget. Called the bank and filed a claim for fraud, then shredded the card. Then I called Fish USA and spoke with customer service. I explained the situation and asked if they could provide any further information on the order. Within five minutes someone called me back with the name of the person who placed the order, and the ship to address. I was able to get the order cancelled. Yay, me! I also shared the info with my bank's fraud department. I would like to have had the items purchased though, 3 Shimano $700 reels.

Here's what I can't figure out . . . how did this person get my account number, etc? The person used my debit card info. I always use that card as a credit card so I don't have to enter the PIN number. The only thing I have changed recently is using the ATM for deposits but I always cover the keypad. Are there people out there with RFID scanners snatching my card info from my purse as they walk by? Since I have information regarding who placed the order can I file a police report? Would anything happen if I did?

[Craig Matheny]

Belinda two possibilities with the info you gave well really three.
1. Bank was hacked and they have not figured out the amount of files taken this has happened to me 3 times with B of A but they say that nothing was taken but they issued a new card each time for safety.
2. the ATM you used had a scanner on it to capture your info.
3. Does your card offer the no scan just wave your card in front of the scanner option? If so then that is the most likely way they got your info as they do have portable readers. I have no credit cards that can be just waved in front of the scanner for that reason. I have heard there are small sleeves you can keep the card in that is suppose to prevent this.

Good Luck

[Matt Meiser]

Ever hand the card to someone at a store or restaurant? That's the most common way. There's a small device that will grab the electronic data off the strip. Or someone might have even just written it down.

[Belinda Barfield]

Belinda two possibilities with the info you gave well really three.
1. Bank was hacked and they have not figured out the amount of files taken this has happened to me 3 times with B of A but they say that nothing was taken but they issued a new card each time for safety.
2. the ATM you used had a scanner on it to capture your info.
3. Does your card offer the no scan just wave your card in front of the scanner option? If so then that is the most likely way they got your info as they do have portable readers. I have no credit cards that can be just waved in front of the scanner for that reason. I have heard there are small sleeves you can keep the card in that is suppose to prevent this.

Good Luck

If the bank has been hacked they don't seem to know it. That happened to our business account at Suntrust a few years ago. I don't have a no scan card. I'll contact the bank about checking their ATM. I have RFID proof sleeves for my card, but I don't always remember to stick it back in the sleeve.

Ever hand the card to someone at a store or restaurant? That's the most common way. There's a small device that will grab the electronic data off the strip. Or someone might have even just written it down.

I haven't used my card in a store or restaurant recently that it wasn't in my sight or hand at all times.

[Dan Friedrichs]

Just a point - this is exactly the reason to have a REAL credit card, NOT a debit card. Credit cards are regulated entirely differently than debit cards, and consumer protections are MUCH stronger with credit accounts.

[Mike Henderson]

Just a point - this is exactly the reason to have a REAL credit card, NOT a debit card. Credit cards are regulated entirely differently than debit cards, and consumer protections are MUCH stronger with credit accounts.

Yep, I agree. The only thing I use my debit card for is the ATM. Even if you use your debit card as a credit card, you're exposing it which can lead to getting it compromised. Much better to have a card that's a credit card only. If a credit card gets compromised, the max you can be charged is $50 and card companies never seem to charge customers that.

Mike

[glenn bradley]

Of all my card use the only one that has ever been hacked was the one that was sent with an RFID chip in it (although I always ask for them without). A new card was sent and I was assured it would not have the RFID in it; it did. They got it right the second time. I actually thought that the use of these had fallen by the wayside as one of the stupidest ideas ever. You can ask for cards with out them and cards with them are supposed to display the little radio wave icon )))) You used to be able to see the chip or the bump but, the technology has them visually undetectable in many cases now. YMMV.

[Belinda Barfield]

I know nothing about RFID, but my card doesn't have the icon or a bump so I guess it doesn't have a chip.

My bank has been great about this. They're covering some auto drafts that I have coming out until everything gets settled. Fish USA has been a tremendous help as well. I called them back and they were able to give me a phone number and e-mail address for the person who placed the order. Phone number is a landline in Naples, FL, ship to address is in New York. I'm going to file a police report after work.

[David Larsen]

Fish USA has been a tremendous help as well. I called them back and they were able to give me a phone number and e-mail address for the person who placed the order. Phone number is a landline in Naples, FL, ship to address is in New York. I'm going to file a police report after work.

If this person is up to fraudulent activity this may not be a legitimate name or phone number in Naples.

[Belinda Barfield]

If this person is up to fraudulent activity this may not be a legitimate name or phone number in Naples.

More than likely it isn't. The police officer seemed to think that the e-mail address would be the most helpful. Some crooks are dumb, hopefully this one is (if the matter is even pursued).

[Mike Henderson]

Of all my card use the only one that has ever been hacked was the one that was sent with an RFID chip in it (although I always ask for them without). A new card was sent and I was assured it would not have the RFID in it; it did. They got it right the second time. I actually thought that the use of these had fallen by the wayside as one of the stupidest ideas ever. You can ask for cards with out them and cards with them are supposed to display the little radio wave icon )))) You used to be able to see the chip or the bump but, the technology has them visually undetectable in many cases now. YMMV.

I remember studying the technology used in the chip cards (although I don't remember a lot about it any more) and there were some pretty sophisticated techniques used to protect the cards. That technology has been in use in Europe for years (maybe 20 years or so) and they're not getting hacked. In fact, the reason for adding the chips is that the magnetic stripe data is sooo easy to copy. The chips actually improve the security of the card.

Just a bit of history: The US always had a very good communications network so it was easy to keep the authorization data in a central location and query the data base when the card was used. In Europe, there were border problems and laws that restricted what data could be kept and the communication of certain data. So they developed the card chips. The chip is self authenticating - you don't need to go back to a central data base.

It's actually a very good, reliable system. Essentially all credit cards in Europe use chips. If you travel to Europe, you may have problems using your card in certain locations if it doesn't have a chip. The problem with implementing it in the US is that most card terminals don't support the chip technology - only the mag card swipe. But the credit card companies are pushing it to reduce their fraud losses.

Mike

[Phil Thien]

So they developed the card chips. The chip is self authenticating - you don't need to go back to a central data base.
Mike

The feature you're referring to is offline transaction processing. In Europe, the same card can do online and offline. In the U.S., we're pretty much all online. There was a time when small transactions (under $20) could be done offline in the U.S.(no authorization required), but I think that stopped about 15 years ago.

Nonetheless, I think for larger transactions, online is pretty much required.

I suppose it doesn't matter as much now, but there was a time when offline was a real advantage. Think of a street meat vendor in NY, or going to a selling trade show (where they sell items off the floor). Terminals didn't need any sort of connection to the processor, they'd just store the data and upload it later.

Now w/ cellular, we can always have a connection to the processor.

[Dave Lehnert]

I wonder if it would be better to file a report with the post office since you have a ship to address???????

Myself, I would just let the card company handle it unless it became a bigger problem.

[Kevin W Johnson]

I wonder if it would be better to file a report with the post office since you have a ship to address???????

Myself, I would just let the card company handle it unless it became a bigger problem.

Unless the postal system was actually used in commision of fraud, I don't think they will get involved.

Also, kudos to Belinda for reacting quickly and putting a stop to that shipment. At least the scumbags won't profit from from this one.

[Dan Hintz]

I remember studying the technology used in the chip cards (although I don't remember a lot about it any more) and there were some pretty sophisticated techniques used to protect the cards. That technology has been in use in Europe for years (maybe 20 years or so) and they're not getting hacked. In fact, the reason for adding the chips is that the magnetic stripe data is sooo easy to copy. The chips actually improve the security of the card.

Sorry, Mike, but the techniques used on the European chips was so weak, they were hacked almost immediately. From what I can tell, the EU community has been up in arms for quite a number of years trying to get them to "fix" the system that's supposedly so secure, but actually makes it easier for hackers to make transactions without leaving a trail. Stay away from anything that uses PIN-on-chip technologies, it's simply not nearly as secure as they'll lead you to believe, and that causes a false sense of security.

I also don't use debit cards at all, even at the ATM... I immediately cut them up if the bank issues me one. Any card that gives someone direct access to my bank account (as a debit card does) is a no-no. I went several rounds with BoA after they charged me a yearly fee for an ATM/debit card. I asked why should I pay for a piece of plastic that significantly lowers the security on my account and therefore will never use? I eventually closed all of my BoA accounts, including my business account.