aurgathor
join:2002-12-01
Bothell, WA
 ·Verizon west (ex G..
| how did they get my credit card number?
Yesterday I got a call from Chase's fraud department to verify some unusual activity. Someone in Spain tried to get a $400+ railroad ticket with it. 
I normally used it to buy gasoline and a do some purchases over the internet from trusted vendors (usually newegg and woot), but since I did a 0% APR balance transfer to it about 3 months ago, I have only used it in a couple of cases where its number was cached by the merchant (i.e. woot)
That leaves some trojan horse on my PC, or a compromised merchant account somewhere.  |
|
opus74
Deep Thought
Premium
join:2002-03-04
Coello, IL
clubs: 
 ·WildBlue
| Keep an eye on Chase.
They called me with a similar story 4 years ago.
They canceled my card and sent me a new one, but still billed me the fraudulent ticket charges.
It took over 2 years to get it and all the interest and late charges refunded.
At that time I canceled my Chase card.
Jerks.
--
Lordy, I have loved some ladies and I have loved Jim Beam and they both tried to kill me in 1973. |
|
Cabal
Premium
join:2007-01-21
02101 | reply to aurgathor
Any Hannafords in your area?  |
|
Barbara Ann
Premium,MVM
join:2000-10-17
| reply to aurgathor
When you buy gas do you pay in person or do you hand over your card to a gas jockey?
My Mastercard was cloned by an attendant while I was waiting in my car for him to return with it.
--
I believe that friends are quiet angels who lift us to our feet when our wings have
trouble remembering how to fly. Google Earth Co-ordinates : 45°31'10.19"N73°40'14.42"W |
|
Hangetsu
join:2007-12-22
West Chester, PA | reply to Cabal
Could have also been someone put a reader in at one of the gas pumps you previously used. |
|
norky
Premium
join:2002-12-02
Lithia, FL | reply to aurgathor
call and ask if the card was physically present at the pos |
|
EGeezer
Summer is passing
Premium
join:2002-08-04
Country!
 ·RoadRunner Cable
 ·AT&T CallVantage
edit:
July 24th, @10:56PM
| reply to aurgathor
Did you give them any CC information or did they ask you to "verify information" like your CC number, SSN, birth date or CVV number etc? They should not have asked you for that stuff.
If they did, call them immediately using the number you have on the back of your card. The caller may have been a scammer.
Come to think of it, call the number anyway to confirm that they made the call to you - just in case.
EDIT - see »[Credit Card Fraud] Chase Credit Card call-back number 1-800-454 for discussion.
--
The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis |
|
RangerTX
Premium
join:2006-05-17
Los Angeles, CA
edit:
July 25th, @02:30AM
| reply to aurgathor
I would guess gas station is likely place for your credit card to have been stolen. During recent time, did you eat at any restaurant in which you used the card?
--
i am not a lawyer but I do play one on the internet |
|
Littlem129
Premium
join:2007-05-13
White Pine, TN
·America Online
| reply to aurgathor
I once worked at a gas station and this guy would come in with his Mom's credit card and use it. One day he came in without the card, but had the account number and the expiration date written down. Since he had used the card there before the person that I was working with went ahead and completed the transaction for him by entering the info manually. The next month this guys Mom came in and asked who had used her credit card there for that transaction without her permission. We told her it was her son, since he had used the actual card there before we thought she had approved it.
You don't have to have the actual card to use it. All you need is the account number, expiration date and if it has one the security code on the back.
If a teller at a store is dishonest he or she can just use the receipt and have all the info they need to make a purchase.
Using a credit card in person isn't as safe as using one online. |
|
aurgathor
join:2002-12-01
Bothell, WA
·Verizon west (ex G..
| reply to RangerTX
In all but one gas station I normally pay with CC I pay outside on the island. There is only one I pay inside, and I should be able to look up which CC I used there last time. (they turned into prepay a few months ago)
BTW, I got my credit card statement a few hours after the phone call, and there were about $5,800 in unauthorized charges on it. Most of it were 2 Aeroflot tickets. I think I'll have some interesting conversation with the Chase rep tomorrow... 
The really interesting thing is that those tickets were purchased on 6/18, posted on 6/19, and my billing cycle was 6/19 .. 7/18. Now, that's some impeccable timing.  |
|
Googlefreak9
join:2008-04-11
Etobicoke, ON | reply to aurgathor
Always ask for the carbon if they use one of those credit forums that has a carbon. Be sure to rip it up real good. You can download a live linux cd, Puppylinux is great for this. No trojans no nothing as long it's booted off the cd. |
|
aurgathor
join:2002-12-01
Bothell, WA
·Verizon west (ex G..
| Based on the dealing with the Chase rep today, I got the feeling that my CC number wasn't obtained from me. I told them that none of the nearly $6k charge is mine -- fine we'll take it off, send you some paper that need to be signed and returned, and that's pretty much it.
In any case, I was planning on setting up a new PC anyhow, this time I'll put an outbound firewall on it. |
|
PrntRhd
join:2004-11-03
Fairfield, CA | reply to aurgathor
More likely to have been a merchant Point of Sale leakage of your card information to an organized crime ring, based on where the erroneous purchases were made. |
|
siliconman01
Premium
join:2005-05-08
Saint Albans, WV
edit:
July 26th, @01:13AM
| reply to aurgathor
Why didn't Chase cancel your current credit card and issue you a new card with a different account number? |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
| reply to aurgathor
said by aurgathor  :Based on the dealing with the Chase rep today, I got the feeling that my CC number wasn't obtained from me. I told them that none of the nearly $6k charge is mine -- fine we'll take it off, send you some paper that need to be signed and returned, and that's pretty much it. In any case, I was planning on setting up a new PC anyhow, this time I'll put an outbound firewall on it. Forget about the PC redo - demand the old CC be closed and a new card issued ASAP !!!!
--
Proud Member of ASAP
DSLR Phishtracker |
|
aurgathor
join:2002-12-01
Bothell, WA
·Verizon west (ex G..
| reply to siliconman01
said by siliconman01 :Why didn't Chase cancel your current credit card and issue you a new card with a different account number? It was already closed before I got my statement; did that after hearing the attempted purchase in Spain. But they didn't mention the airplane tickets then. |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
| said by aurgathor :said by siliconman01 :Why didn't Chase cancel your current credit card and issue you a new card with a different account number? It was already closed before I got my statement; did that after hearing the attempted purchase in Spain. But they didn't mention the airplane tickets then. I would check all other CC accounts for any odd transactions ASAP. Many times an account is 'tested' first using a miniscule amount.
-amy-
--
Proud Member of ASAP
DSLR Phishtracker |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| reply to Barbara Ann
said by Barbara Ann :My Mastercard was cloned by an attendant while I was waiting in my car for him to return with it. I'm curious how you determined that your card was "cloned" by an attendant?
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| reply to aurgathor
said by aurgathor :That leaves some trojan horse on my PC, or a compromised merchant account somewhere. Actually it is likely neither of those. It is all those data breaches that have happened in the last 5 Years and the Cyber Carders have Years worth of CC Data to use. Prior to batch processing a group of C Cards, They look for a small business Merchant Account to hack and they use it over the weekend to systemically hit the entire batch with a ping charge of a dollar or two (the ping is a pre-auth that then falls off a few days later - not permanent just like a temp hold) to make sure that the accounts are good and accepting, not rejecting charges and it is usually the "telltale" your card data is compromised, but since pings are short lived you would likely never notice that unless you check your transactions daily online. That ends up leaving a third unrelated party with a huge pre-auth/ping bill on Monday that they have the hassle of getting resolved with their upstream processor while the crooks then use the results from those ping charges to hit the cards that came back as current and valid. Now the big charges start hitting and that's when you may or may not get a call from your CC Company.
These topics explain it.
»[Credit Card Fraud] fraud: www.prophotosland.com & www.photogey
»Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Regards,
Doctor Olds
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
Blue2
Premium
join:2004-04-14
France
| reply to aurgathor
In this age of terrorism, don't they match all travel tickets to ID of some kind? I realize that one could purchase the ticket without ID, but use it without ID? I would have thought that this would be the first way of determining who is traveing. If I worked for homeland security, unauthorized cc purchases for travel would be concern me. |
|
