dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1677
banner
Premium Member
join:2003-11-07
Long Beach, CA

banner

Premium Member

Credit card fraud on my account

A vendor called an old phone number of that still belongs to a relative of mine to confirm an online purchase.. When I called the vendor back they provided the last 4 digits of my credit card and said the transaction was flagged because the shipping address was out of state. I logged into my account and saw separate charges to two other vendors. I then advised the card provider about that the purchases were fraudulent.

My question is how did the fraudster get all the information to do it? I believe the card was reissued a year or so ago, long after the TJX hack. I don't use that card very often, just at some restaurants and convenience stores. I have never used it online. It is still possible that it got skimmed or an employee somewhere captured the card info. The fraudster could have searched out my billing address online. What stumps me is how they got that unlisted phone number that I had not provided to anyone for close to a decade and had that recent card information.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

That's probably a matter of kudos to the vendor/processor.
To explain, consider the online application.
The customer or in this case the ID Thief is responsible for supplying the name, address, phone number etc... along with the CC data.
That's the weakness in the system, the processor relying on the truthfulness of the applicant where the applicant (bad guy) has complete control over the data being supplied.
An ID Thief is going to supply an untraceable number that will ring back them should the vendor/processor have any concerns re the order or true ID of the applicant.
My guess is the vendor/processor didn't take the info supplied at face value & decided to use information in a database not directly connected to the purchase but connected to you for verification.

short story: they used known knowledge of you not supplied by "you" in the application to contact you.
What database they used isn't really important - there's 1000's of them available to merchants while processors will maintain their own.
The Antihero
join:2002-04-09
Enola, PA

The Antihero to banner

Member

to banner
It's hard to say how these things happen. A couple years ago, someone managed to clone an actual, physical card of mine. They screwed up when they tried to use it to make a major purchase at a store I had never been to, in a completely different state. My bank called me at work to check on it, and when I verified that it was a fraudulent transaction, they shut down my card and advised me to call my bank's regular number to get a new card issued.

What I don't get is, if someone had the knowledge and resources to clone a card, you'd think they'd be smart enough to use it in a way that didn't raise a bunch of red flags.
banner
Premium Member
join:2003-11-07
Long Beach, CA

banner to Snowy

Premium Member

to Snowy
I guess I'm lucky that the processor picked my relative's unlisted phone # or I might now have gotten the call, checked my account and caught it! Its weird that they managed to find it.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

Associating "you" with a phone number that you haven't used in 10 yrs isn't that remarkable.
These databases are like the internet, once something is there it's almost always going to be there.
What is remarkable is that the phone number is still associated with someone you know.

I should have posted this in my initial reply but you should get familiar with the defensive resources available to you as an identity theft victim.
»www.consumer.ftc.gov/art ··· t-report
banner
Premium Member
join:2003-11-07
Long Beach, CA

banner

Premium Member

I can see the affadavit being useful if my ss# was compromised, but not so much if its (hopefully) just my credit card #, am I wrong?

I did ask my credit card company if they would file a police report and they said no. Guess there is no harm in due diligence so I probably will, but I am concerned that filing an affidavit would make me considered higher risk to credit providers.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

said by banner:

I can see the affadavit being useful if my ss# was compromised, but not so much if its (hopefully) just my credit card #, am I wrong?

No, you're actually right.
It got by me that CC abuse was the only issue, not sure what I was thinking when I posted the link.