OMG it happeded to me

[Jeana]

I just got a call from my credit card company. They asked about a ton of charges today on my card. Someone used my number to buy a bunch of singles crap online. I'm so grateful this was caught right away. I only order from secure places, and I have firewall on my computer how can this happen?

Now I am freaked out about ordering online.But seeing how 90% of our business is online, I can't stop. How can we be more safe?

[dandelion garden]

That stinks! So sorry to hear that.

[younggrasshper]

Since the CC company caught it, you won't be responsible for the charges, right? I don't know how it happens, my father in law NEVER used his CC online, but somehow some chick in Detroit ended up getting Direct TV charges on his CC! We still don't know how it happened!

[sudsnwicks]

Oh no, I hope they can get it sorted out with minimal hassle to you. I know people who are afraid to use credit cards for this reason. Even if you don't shop online, think of what could happen if there was a dishonest waiter at the restaurant, or cashier at the department store, or pump attendant at the gas station. Any of these people could copy down your card details and then use it fraudulently.

[Michi]

This happened to me also, I'm thinking someone at a store took down my cc # somehow and then used it a few times (phone calls, take out dinner etc.).

What scares me, is that I know it had to be someone taking my number as I physically used my card somewhere, b/c they used it in the same town that my inlaws live in, and we visit there quite often, and of course I HAVE to shop no matter where I go. LOL

I had to jump through a couple of hoops for my bank (fill out and sign some forms etc.) but they took the charges off for me, sent me a new card and everything's been fine since, but still makes me crazy to think that ANYONE ANYWHERE you use your card can just steal that # and use it over the phone/online etc.

I hope this gets straightened out easily enough for you.

It surely is a violation huh?

[Sarah]

ugh. what a crappy club to be a part of, huh?

it's happened to me too. luckily you know you have a good credit card company that was on the ball with this. mine happened with a debit card, so the only reason i ended up paying very little of it is that i caught the charges right before they went through. they were internet purchases, so there was a time period of a couple days where the charge was there, but not completed. a safety net, i guess.

[Meredith_D]

This has never happened to me, but I received a "credit card scam" email once and it mentioned a store clerk that took a quick picture of a customer's debit card with their cell phone and then used it later. It seems plausible I suppose. Thieves think of all sorts of ways to screw people.

[Guest EMercier]

I'm sorry this happened to you. That is ashamed and even with all the high technology, people still do it! Criminals are so stupid. My BF didn't used to pay online and I convinced him. Not all sites are safe. Your credit card is suspect anywhere you go. This includes going out to eat, where it can happen more often. Also, look at what you throw out in the mail because not all companies block out your entire number. My mom is a computer geek and she was telling me about a program (I will not mention it) that you can sit there and see what goes on on those pay sites to get all different kinds of credit cards. It's not exactly spyware.

Sarah, Whoever your bank was, they ought to be ashamed. They owe you money if you paid anything. I used to work for a bank (PNC) and I've disputed charges before and haven't paid one dime. It wasn't fraud, but that's a better reason for them to give you your money back. Banks don't tell you everything. I let it all out!!

As far as business, I've had a few people reluctant to place a order online, so they call and that's fine as well.

[Gypsyjen]

I'm sorry this happened to you! I heard on a news program that your CC# is much more likely to be stolen in person (via restaurant, store, etc.) than online. I've had my checking account number stolen somehow and had to go through this myself. You just can't prevent the worst from happening all the time. If I were you, I would get a new CC for sure and then just carry on as usual.

[Brooke]

Sorry too

When I order I always go back in and delete all cookies files and than clear all history files.

Not sure if I am right but when you have a spy they are pulling information that you have been looking at.

I have went back in to look myself in Cookies and you can see where I have used a cart to order items.

Who knows I just feel better when I delete all those files.

One time I was online with a live chat to support went in and deleted cookies and history files and lost connection with online support.

Maybe this will help

Brooke

[topofmurrayhill]

I just got a call from my credit card company. They asked about a ton of charges today on my card. Someone used my number to buy a bunch of singles crap online. I'm so grateful this was caught right away. I only order from secure places, and I have firewall on my computer how can this happen?

Now I am freaked out about ordering online.But seeing how 90% of our business is online, I can't stop. How can we be more safe?

Interesting. The exact same thing happened to me. I wonder if our info was stolen from the same candle supplier or something. My charges were all on 1/30 and 1/31, all online singles stuff, most with foreign transaction fees.

[butterfinger]

Beware of this scam....from

www.snopes.com

Security Guard

Claim: Scammers pretend to be fraud investigation agents for Visa and MasterCard in order to obtain credit card security codes.

Status: True.

Example: [Collected on the Internet, 2003]

We all receive emails all the time regarding one scam or another; but last week I REALLY DID get scammed! Both VISA and MasterCard told me that this scam is currently being worked throughout the Midwest, with some variance as to the product or amount, and if you are called, just hang up.

My husband was called on Wednesday from "VISA" and I was called in Thursday from "MasterCard". It worked like this: Person calling says, "This is Carl Patterson (any name) and I'm calling from the Security and Fraud department at VISA. My Badge number is 12460. Your card has been flagged for an unusual purchase pattern, and I'm calling to verify. This would be on your VISA card issued by 5/3 bank. Did you purchase an Anti-Telemarketing Device for $497.99 from a marketing company based in Arizona?"

When you say "No". The caller continues with, "Then we will be issuing a credit to your account. This is a company we have been watching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address), is that correct?"

You say, "Yes". The caller continues . . . "I will be starting a fraud investigation. If you have any questions, you should call the 800 number listed on your card 1-800-VISA and ask for Security. you will need to refer to this Control #". Then gives you a 6 digit number. "Do you need me to read it again?" Caller then says he "needs to verify you are in possession of your card. Turn the card over. There are 7 numbers; first 4 are 1234 (whatever) the next 3 are the security numbers that verify you are in possession of the card. These are the numbers you use to make internet purchases to prove you have the card. Read me the 3 numbers." Then he says "That is correct. I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions? Don't hesitate to call back if you do."

You actually say very little, and they never ask for or tell you the card number. But after we were called on Wednesday, we called back within 20 minutes to ask a question. Are we glad we did! The REAL VISA security dept. told us it was a scam and in the last 15 minutes a new purchase of $497.99 WAS put on our card.

Long story made short . . . we made a real fraud report and closed the VISA card and they are reissuing as a new number. What the scam wants is the 3 digit number and that once the charge goes through, they keep charging every few days. By the time you get your statement, you think the credit is coming, and then its harder to actually file a fraud report. The real VISA reinforced that they will never ask for anything on the card (they already know).

What makes this more remarkable is that on Thursday, I got a call from "Jason Richardson of MasterCard" with a word for word repeat of the VISA Scam. This time I didn't let him finish. I hung up.

We filed a police report (as instructed by VISA), and they said they are taking several of these reports daily and to tell friends, relatives and coworkers.

Origins: There are five points we generally try to apply in evaluating warnings about possible criminal schemes or activities:

1) Is the phenomenon outlined in the warning technically possible as described?

2) Is the phenomenon outlined in the warning plausible? (That is, some criminal schemes are technically possible, but they're too difficult, cumbersome, or expensive to plausibly enact on anything more than a very limited basis.)

3) Are there any verifiable instances of people having been victimized in the manner described by the warning?

4) Is there evidence that the criminal activity described in the warning is widespread?

5) Is the criminal activity described in the warning something the average person might fall victim to?

The scheme outlined in the message quoted above might be categorized as a "social engineering" scam — a technique which preys upon people's unquestioning acceptance of authority and willingness to cooperate in order to extract from them sensitive information (such as computer passwords or credit card numbers). In this case the scammers' target data are the three-digit security codes found on the back of MasterCard and Visa cards.

Just as the Internet and other technologies have greatly expanded the possibilities for making credit card purchases without the need to physically present a card to the seller, so have they created additional opportunities for identity thieves to make profitable use of purloined credit card numbers. After getting their hands on credit card numbers (often through such simple expedients as rummaging through trash to find discarded receipts or statements), crooks can then employ a variety of means (e.g., mail order, phone order, Internet purchases, posing as merchants) in order to obtain money and merchandise by charging against the cardholder's account — even though the credit card itself remains snugly inside the cardholder's wallet. The victim may not even know anything is amiss until he receives his next statement in the mail several weeks later.

Although safeguards have been enacted to catch most of these types of fraud, they're often defeated by a combination of lax security and clever crooks who know how to work around them. One of the more recent safeguards is the addition of three-digit security codes (known as CVC2 or CVV2 codes) to every MasterCard and Visa card, codes which are indent-printed in the signature panels on the backs of the cards but are not encoded in the magnetic stripes and do not print on sales receipts. Many vendors cannot process credit card transactions without obtaining these security codes from their customers, thereby ensuring that persons placing orders have physical possession of the cards being used (and haven't simply scammed the sixteen-digit account numbers imprinted on the front of cards somehow). Thus the scheme described above might be used by identity thieves who have managed to collect credit card numbers but need to obtain the associated security codes in order to process charges against the accounts.

So, back to our five points:

1) Is this possible? — Yes, it's possible that scammers might get ahold of credit card numbers and then use the technique described above to obtain security codes and process phony transactions against the accounts.

2) Is this plausible? — The scam as described above is not extraordinarily difficult or expensive to pull off; all it requires is access to a telephone and the establishment of a merchant account for processing credit card transactions. It also assumes the scammer already has the names, addresses, phone numbers, and credit card numbers (plus expiration dates) of his victims, but that information might be obtained in a variety of ways (such as breaking into and stealing customer data from merchant web sites). Whether the same scammer could process more than a handful of phony charges before complaints caused his merchant account to be shut down is problematic, though.

3) Are there known instances of this occurring? — We talked with a representative of MasterCard, who told us that although she couldn't verify the specific details of the message reproduced above, this type of scam does occur and isn't new; it's been going on ever since MasterCard started putting CVC2 security codes on all its cards back in 1997. (Visa did not put CVV2 codes on all its credit cards until 2001.) She also reiterated that MasterCard would not ask a cardholder to disclose security codes or provide any information verifying physical possession of a card; any such inquiries regarding security matters would come from the financial institution that issued the credit card, not from MasterCard itself.

4) Is this a widespread phenomenon? — Unfortunately, MasterCard was unable to provide us with any statistics regarding the specific scam described here, other than to note that using the telephone to trick cardholders into divulging their security codes is a type of fraud that has been occurring for several years and is ongoing.

5) Is this something that might affect the average person? — Yes, anyone who holds a credit card is a potential victim of this type of fraud.

The best protection against these types of telephone schemes for obtaining sensitive credit card information is to always verify the identities of the people with whom you speak. If you have security questions or concerns about your credit card, call the financial institution who issued your card directly. If someone contacts you by phone about your credit card, ask the caller to provide his name, department, and extension, then hang up and call him back through the phone number listed on your credit card or billing statement.

[Sarah]

yeah, my bank pretty much sucked. i know that now and am no longer with them. i only ended up losing about $20, it could have been way worse, but still it was my money.

most of my charges were for online porn and some to yahoo ~ the genius that got my number was trying to start some small business stuff with yahoo. what's funniest is the company for the porn site gave me all the information they could give me when i told them what happened, including ip address, what information was supplied (they even used an old address of mine), email address. yahoo? they refused to give me any information on the accounts there because i could not verify my birth date. whoever was using my info had given them a fake one and i obviously didn't know it. so yahoo wouldn't tell me anything.

[tlc26]

It sucks that this really does happen. It has heppened to me. Some porn site charges. Had to close the card and get a new one.

With that big post about the CC company calling you. Don't think that it could not be a real call either. My bank will call us if there are large purchases made. I was at my office one day and got a call from the bank stating that there was a $2,000 purchase made at Sam's club. I knew that my boss was shopping so I 3-way called his cell. The call was so fast he had not even left the check out counter yet. I appreciate that they call.

[epheme]

Just a reminder...

It's always a good idea to have

1) an antivirus program

2) a firewall

3) several spyware programs (my faves are Ewido, spybot, spysweeper...

and FOR THE LOVE OF DOG, please stop using Internet Explorer. Firefox is about 46x more secure.

That at least covers a lot of the online security. Best wishes to you getting these charges reversed.

[celicagtca]

Be careful at gas stations also. They have cameras situated behind you while your punching in your card# whether it be credit card or debit. The video camera captures all activity from the time the station opens till closing. There are a lot of scams going on where individuals will go to the gas station at night with the part time students are working, offer them a couple hundred dollars for the tapes or they even have units that they hook into the recorder and card machines. Once it's hooked up, it downloads all credit card and debit information into their hard drive and bingo...they've got all the numbers they need. They usually don't do anything with the #'s for a couple of months, then they start making purchases on accts., with the data they have collected. 9 times out of 10 the kid working at the gas bar doesn't give a hoot and hands over the information to the crooks because he/she is being paid in cash and they're not looking at that job as a life time career. I know this because a very good friend of mine owns a gas station and this has happened on many occasions. She told me...next time your at a gas bar and your punching your #'s into the terminal, slightly turn to the right or left and hold the unit very close your body and cover the top of the display with your other hand. The camera will not catch this plus your fingers are under your hand and the #'s your keying in cannot be caught or fully distinguished on camera. The customer standing beside you might get offended thinking you are assuming he's watching you, but who cares, ya can't trust anybody anymore.

[Jeana]

Interesting. The exact same thing happened to me. I wonder if our info was stolen from the same candle supplier or something. My charges were all on 1/30 and 1/31, all online singles stuff, most with foreign transaction fees.

The charges on my CC were early this morning. I realized after she called that they had used my one CC that I rarely use for candle stuff. The last time I used it at all was about 2 months ago. I made a purchase from Australia. So I don't know if it would have been taken from a candle supplier. Unless somehow they found some really old info on me from somewhere. Can we find out where they got our info from?

The lady woke me up first thing this morning with this news for me. That was a nice "Good morning".

She said all the purchases would be taken off and I would be issued a new card. So it doesn't appear that I will have to pay any thing. Maybe I could tell them that all the charges on that card weren't mine - hehe, just kidding.

After thinking about it, I realized how dumb these people are. Why would you rack up a singles bill or some porn when you could get a plasma TV or a new car. I don't get it. Good for me they are stupid though. The CC lady told me the places they were buying from were red flags for them to investigate.

This is why I never use my debit card online. At least with a CC I can't be charged for bounced checks and all those fees.

I can't believe how many of us this has happened to. I am going to take your advice Brooke and delete all my files and cookies after my purchases now. It has to help some. Or I am going to order by phone. I have spoken with most of these suppliers enough now to believe they would rather have my repeat business than a few porn site thrills for free. At least I hope so.

Thanks for all your empathy everyone.