Card Fraud :(

[SMurf]

So on Tuesday morning last week while I was in work I could hear my mobile rrrRRRINGing in my jacket pocket so I popped outside the office for a second and answered it. It was my bank asking me if I made about £300 worth of online shopping purchases, which I hadn't.

They cancelled my card and sent me a new one, plus the purchases never made it past the bank so I didn't lose any money. But someone still has enough details about me to get an online purchase authorised (I'm pretty certain they need my address and I'm not in the phone book), plus how did they get their mits on my card details (both sides) in the first place? I use Firefox, don't run anything silly and generally take good care of my card details, yet somehow I still got done over. The police aren't interested (I phone them right after the bank called, they said they'd send someone and no one came this week, except in the middle of the night apparently ), I've no evidence (though my bank supposedly does), what do I do?

[cboard_member]

Wow that sucks. Sorry man.

[twomers]

Sucks to be you! Least you didn't loose anything!

I was using my sister's Credit Card yesterday to book a flight, and there was the whole list of Name, Address etc, and after she filled in the first two or three parts of it, something popped up to ask if she wanted the computer to write it all in. I was kinda impressed with the computer, but then I thought about the security of it all ... and wasn't all that impressed.

SMurf - do you do much Internet shopping? Bought anything from any 'dodgy' sites recently?


EDIT - the same thing happened to the same sister as above. I just remembered that. The bank phoned her up, and said that there were some irregular transactions on her card, were they hers. Turns out they weren't. I don't think she persued the matter further, but still, that's not really the point.

[Xterria]

I bet you ten to one you've got a trojan of somesort keylogging all of your financial data. Your card info was probably logged along with other victim's running the same trojan, then sold in bundles to people who deal with card theft. Sorry, but using firefox isn't going to fix that--just reformat to a new windows installation, from then on make sure you keep on top of Windows updates and run an actually decent antivirus like NOD32 or Kaspersky.

[SMurf]

Unlikely, Xterria. That's a fresh installation on that computer, hardly used. I haven't downloaded anything on there and haven't gone to anywhere beyond this site, MSDN, Yahoo!, Google, eBay, Amazon and MSN Spaces. Plus I use Kaspersky for AV so that's covered.

I'm of the opinion that someone who handled my card details (a business) leaked my info.

The only things I've done recently with my card is buy a cake of DVD+Rs from a site I've never been to before (providing my details over the telephone) and (physically) get a mobile phone contract, allowing the salesperson to handle my card.

[twomers]

>> I'm of the opinion that someone who handled my card details (a business) leaked my info

Hmmm, that would be bad! That may mean they have your pin, but the card's gone now ... right? I'm telling ye lads, the best things are those disposable ones! Actually, have any of ye used them?



>> buy a cake of DVD+Rs from a site I've never been to before

Could be dodgy!

[siavoshkc]

Are you sure that the telephone was really from your bank? [edit] It can be a fake.

[nvoigt]

Actually, it's so damn easy to get CC details, it's scary. Ever been to a pertol/gas or service station ? What did you do with the bill/receipt ? At least in Germany, never just dump it into the next waste basket. If you paid with your credit card, it has enough information on it, to fake your next online shopping tour. Yes, the CC# AND the validation date are both printed on it. Why ? Nobody knows. But if you get one, you better shred and burn it.

[SMurf]

Never heard that one nvoigt, they do print the number in the UK too but with all but the last 4 digits *ed out, hence useless.

twomers: Yes the card's gone now, but my PIN hasn't changed because it was never compromised. AFAIK you don't need a PIN in Visa online transactions, this is part of the problem.

siavoshkc: Well a replacement card turned up in the post, that can only happen if the old one was cancelled which is what the person on the phone from the bank said they'd do.

I guess all I can do is (somehow) be more careful in future.

[Cactus_Hugger]

Actually, it's so damn easy to get CC details, it's scary. Ever been to a pertol/gas or service station ? What did you do with the bill/receipt ? At least in Germany, never just dump it into the next waste basket. If you paid with your credit card, it has enough information on it, to fake your next online shopping tour. Yes, the CC# AND the validation date are both printed on it. Why ? Nobody knows. But if you get one, you better shred and burn it.

More and more are only doing the last four. Reprints, if say the machine jams/runs out of paper, sometimes have more info, so be careful there. But I have seen receipts with all the digits, as well as your name, printed and signed. It's a might scary.

It might also help to have signatures that aren't a mere circle or X. (Both of which I've seen.) Sign your name. How often someone checks these, I don't know, but if they're kept on record by the company it might help prove your case.

As for trojans, it seems unlikely. But as for not installing anything, if you're not running a well patched version of XP, it won't need you to get infected. I've seen XP comps get infected in under three seconds with an internet connection. That's also scary.

[Decrypt]

Any time you use the card there's a (very small) risk. Quite a while ago I remember there was a waiter in New York (I think) that had a small magnetic reader hidden in his uniform. He just swiped the card as he walked away from the table to pay the bill to get the magnetic readout, and wrote down the rest in the back. After a lot of people reported fraud, they found the restaurant to be a common vendor between them. If I remember correctly, the restaurant owner let the police search the employee area and found the reader in an open locker.

After I bought my car last year, I found a reciept in it from the previous owner; it had fallen behind the glove compartment. Name, address, full credit card number, everything. It's downright irresponsible of any company to print that kind of information on a reciept. The customer knows all of that, they don't need it printed out for them.

[Richie T]

Speaking of illegal activities, I'm in a position to commit massive credit card
fraud! I work in a cinema, and people often like to book their tickets via C/C
over the phone - I take their details and punch it in to the system and their
tickets are reserved. Now, as easy as that'd be to rip someone off, it gets
better: All those customer details (name, phone number, card details) are
stored in the computer, and I have the ability to access that data - this is in case
our card swipe to collect tickets can't read the card. Jackpot!!! There are
hundreds, maybe thousands of valid details at my disposal - some of those
details would be quite old, and there goes most of the traceability - if you
booked a ticket at a cinema over a year ago and suddenly started seeing
irregularities in your billing, the cinema wouldn't be your first suspect.

Now obviously I've never done such things, otherwise I wouldn't be seen to be
"bragging" about it here, but it goes to show that plastic money can be a lot
less safe than you might realise! Credit cards with very large limits are a bad
idea anyway, but consider how many honest people like myself are in a position
to rip you off every day!!!

[Frobozz]

Most people don't do it for a number of reasons. The biggest being the chance of getting caught. You could try to steal something with the info you have, but the chances of getting caught are pretty high.

[siavoshkc]

Most people don't do it for a number of reasons. The biggest being the chance of getting caught. You could try to steal something with the info you have, but the chances of getting caught are pretty high.

There are many ways to escape from the law and in the OP's case nobody has been caught YET. I don't know why UK police didn't help OP.

[SMurf]

Because the UK police are too busy dealing with "emergencies" to keep an appointment.

Really though, given that the bank never approved the transactions, these people have actually stolen from the sites they ordered things from, not from me. They're big sites if the bank was right, so they're likely to have their own mechanism for dealing with people who rip their goods off.

What I found quite bizarre was that rather than spend my money on porn or whatever, they bought quite a lot of beauty/skincare and sports clothing(?).

Not surprised that the bank was suspicious...