credit card fraud

[denverpilot]

Like an airplane? And pilot?

I'll probably get in trouble for this but to me, it has always been interesting how people view different kinds of risk; physical vs. financial, for example.

Heh. If cards were as hard to use as they should be (at least a PIN for every transaction, no swipe only transactions, and preferably biometrics), people would naturally migrate back to cash.

That would cause small blood vessels to pop in the heads of bankers and various law enforcement and spy agencies' heads.

 

[Everskyward]

Heh. If cards were as hard to use as they should be (at least a PIN for every transaction, no swipe only transactions, and preferably biometrics), people would naturally migrate back to cash.

That would cause small blood vessels to pop in the heads of bankers and various law enforcement and spy agencies' heads.

Personally, I like the convenience and I can accept the risk of using credit cards for most things.

Cash has it's drawbacks too. About six or seven years ago I had my wallet stolen with credit cards, cash, drivers license, pilot documents, etc. Other than being a PITA to recreate myself the only significant money it cost was what I lost in cash. I don't keep close track of what is in my wallet but I guessed it to the police as $100-200.

 

[bluee]

Heh. If cards were as hard to use as they should be (at least a PIN for every transaction, no swipe only transactions, and preferably biometrics), people would naturally migrate back to cash.

That would cause small blood vessels to pop in the heads of bankers and various law enforcement and spy agencies' heads.

PINs are required in Europe.
Yesterday I bought groceries and that store is swipe only for less than $50. I don't like that either. I think it used to be less than $25, now it's less than $50. At least when I buy gas, the gas station requires the zip code. That's more than stores require.

 

[jesse]

Personally, I like the convenience and I can accept the risk of using credit cards for most things.

Cash has it's drawbacks too. About six or seven years ago I had my wallet stolen with credit cards, cash, drivers license, pilot documents, etc. Other than being a PITA to recreate myself the only significant money it cost was what I lost in cash. I don't keep close track of what is in my wallet but I guessed it to the police as $100-200.

Well you're not really accepting any risk - the merchants, banks, and issuers are. As a result of that risk, and the losses it creates, the items you purchase cost you more money.

 

[Everskyward]

Well you're not really accepting any risk - the merchants, banks, and issuers are. As a result of that risk, and the losses it creates, the items you purchase cost you more money.

While I agree with that, it was my impression was that others were more concerned about losing real money through things like identity theft.

 

[us AAirways]

PINs are required in Europe.
Yesterday I bought groceries and that store is swipe only for less than $50. I don't like that either. I think it used to be less than $25, now it's less than $50. At least when I buy gas, the gas station requires the zip code. That's more than stores require.

Do the cards in Europe use RFID and not a magnetic strip?

 

[denverpilot]

While I agree with that, it was my impression was that others were more concerned about losing real money through things like identity theft.

Ahh. Other than check cards, and even those are protected you'll just have to wait a long time to get your money back, the card companies make too much money on their completely insecure product to not simply refund your bucks when they can't prove it was you using the card.

I have no worries about losing anything with their silly system. Just file a protest and they'll stumble over themselves to give money back. They have to. Otherwise they'd have to fix the cards and the overall system to be a real identification system.

 

[bluee]

Ahh. Other than check cards, and even those are protected you'll just have to wait a long time to get your money back, the card companies make too much money on their completely insecure product to not simply refund your bucks when they can't prove it was you using the card.

I have no worries about losing anything with their silly system. Just file a protest and they'll stumble over themselves to give money back. They have to. Otherwise they'd have to fix the cards and the overall system to be a real identification system.

File a protest? To whom?

Do the cards in Europe use RFID and not a magnetic strip?

I'm not really sure, now that you ask.

 

[denverpilot]

File a protest? To whom?

The card vendor. When you signed up you received instructions showing how to contest any charge you feel isn't yours. It's a formal process all card vendors have. Also usually printed on every statement if you still do paper. Can do it over the phone to start the process but they'll usually require an Affadavit signed by you at some point.

(Always found that entertaining too. They don't have a copy of my signature so you could protest for someone else and create all sorts of havoc that'd take forever for the victim to figure out what was going on. You'd need to know some information like exact charged amounts to pull it off.)

 

[X3 Skier]

Do the cards in Europe use RFID and not a magnetic strip?

European cards use a Chip with either a PIN or Signature. Unattended machines use just Chip plus PIN so unless you have one, you have to find a human. They also sometimes accept a swipe / mag stripe in the major cities to handle the US Tourist but it's being phased out.

Cheers

 

[EdFred]

I got hit on my Discover card in June. I got a text and an email alert. I called the number on the back of the card and they wiped everything off within 10 minutes. There were PayPal transfers, iTunes purchases, a 300 dollar Walmart purchase and for some odd reason a bunch of donations to a non profit organization.


I haven't bought anything at Walmart since 2001, don't have an iTunes account, and only do direct transfers to/from PayPal. I probably got hit when I bought something from williams-sonoma online. Discover card actually has one time use virtual numbers for online purchases so I will probably sign up for those next time I make any online purchases from now on.

 

[N801BH]

,.....I probably got hit when I bought something from williams-sonoma online. ....

I rest my case.....

 

[Matthew]

European cards use a Chip with either a PIN or Signature. Unattended machines use just Chip plus PIN so unless you have one, you have to find a human. They also sometimes accept a swipe / mag stripe in the major cities to handle the US Tourist but it's being phased out.

Cheers

My daughter just got back from a trip to England. She called her bank (USAA I think) and a couple days later had a chip and PIN debit card in the mail.

 

[bluee]

I got hit on my Discover card in June. I got a text and an email alert. I called the number on the back of the card and they wiped everything off within 10 minutes. There were PayPal transfers, iTunes purchases, a 300 dollar Walmart purchase and for some odd reason a bunch of donations to a non profit organization.


I haven't bought anything at Walmart since 2001, don't have an iTunes account, and only do direct transfers to/from PayPal. I probably got hit when I bought something from williams-sonoma online. Discover card actually has one time use virtual numbers for online purchases so I will probably sign up for those next time I make any online purchases from now on.

Reminds me of this:
http://deadspin.com/5959212/the-haters-guide-to-the-williams+sonoma-catalog

 

[EdFred]

Reminds me of this:
http://deadspin.com/5959212/the-haters-guide-to-the-williams+sonoma-catalog

Yep, but I was looking for a coffee/spice/nut grinder and couldn't find one I liked.

 

[BillTIZ]

European cards use a Chip with either a PIN or Signature. Unattended machines use just Chip plus PIN so unless you have one, you have to find a human. They also sometimes accept a swipe / mag stripe in the major cities to handle the US Tourist but it's being phased out.

Cheers

Local Wells Fargo cards tried the RFID, did not really take on. It required a lot of stores to upgrade their swipe units. Next card renewal did not have the RFID.

I used Exxon/Mobil RFID key tag for years. Then the Mobil stations where I live closed. I think they even canceled my card from years of disuse. I don't travel as much as I used to.

 

[JimG.]

I got hit on my Discover card in June. I got a text and an email alert. I called the number on the back of the card and they wiped everything off within 10 minutes. There were PayPal transfers, iTunes purchases, a 300 dollar Walmart purchase and for some odd reason a bunch of donations to a non profit organization.


I haven't bought anything at Walmart since 2001, don't have an iTunes account, and only do direct transfers to/from PayPal. I probably got hit when I bought something from williams-sonoma online. Discover card actually has one time use virtual numbers for online purchases so I will probably sign up for those next time I make any online purchases from now on.

My wife has had her credit cards and PayPal hit 3 times in the last year.

the last one was a fraud at Walmart that she caught

We were in Hawaii last month and got the call that her American Express number had been stolen.

They canceled the card immediately, except when we needed to check out at the hotel, where they reactivated it somehow to accept the charges.

The funniest one was her Visa card number was stolen last winter, and as they were going through the fraudulent charges, there was a $20 charge from a massage parlor in Ireland… that must've been one ugly “masseuse ”
.

 

[X3 Skier]

Forgot my Wells Fargo PIN. Rather than sending me a new one, I was given two choices, go to a branch (nearest one is about 400 miles away) or a new card and PIN would be sent in two different mailings to me. When I asked why they couldn't just mail a new PIN for my current card, the answer was "We can't do that". I asked why not and the answer was "I don't know".

Cheers

 

[BillTIZ]

Forgot my Wells Fargo PIN. Rather than sending me a new one, I was given two choices, go to a branch (nearest one is about 400 miles away) or a new card and PIN would be sent in two different mailings to me. When I asked why they couldn't just mail a new PIN for my current card, the answer was "We can't do that". I asked why not and the answer was "I don't know".

Cheers

I think but cannot be sure, the PIN is encoded in the magnetic stripe, or a sum code that checks that you have used the correct PIN. If yo change PINs, then they need to imprint that to your card.

 

[denverpilot]

Yep, but I was looking for a coffee/spice/nut grinder and couldn't find one I liked.

Nuts were already ground, if you were shopping at Williams-Sonoma... Heh Heh... Didn't need a grinder...

 

[EdFred]

Nuts were already ground, if you were shopping at Williams-Sonoma... Heh Heh... Didn't need a grinder...

I'm not going to buy any food from there. Prices are ridiculous. $12 for peppercorns? Ha, right. Sell 'em to some other sucker.

 

[woodstock]

I went over 20 years (twenty years) with the same nfcu credit card number. Not one single hack or illicit charge. In the past three years, I've had to change numbers 2-3 times because of some compromise r another. They tell you to watch out for tiny ones bc thse are testers.

 

[woodstock]

What I hate about the new numbers is that you ave to remember all the places that get auto charged monthly like Netflix etc.

 

[dukeblue219]

+1. I can't imagine any bank uses email for that.

Chase sends me text messages occasionally to approve suspicious charges. What's insecure about that, or an email? Now if I got an email that asked for my acct number that's another matter. But a simple query of "Did you spend $143.87 at SHELLAVIATIONKGAI" isn't a problem.


I use my card for the vast majority of my purchasing, and buy a lot online. I get a bogus charge maybe every three years, but the bank has always caught it and cancelled the card and any bogus charges immediately without me lifting a finger. They even overnighted my new card last time. So, its not something I worry about any more. Just carry more than one card and some cash just in case.

 

[douglas393]

+1. I can't imagine any bank uses email for that.

Capitol One does, but they back it up almost immediately with a phone call.

 

[denverpilot]

I have all cards set for a text message upon any dollar amount above $0. Works great.

 

[us AAirways]

My wife has had her credit cards and PayPal hit 3 times in the last year.

the last one was a fraud at Walmart that she caught

We were in Hawaii last month and got the call that her American Express number had been stolen.

They canceled the card immediately, except when we needed to check out at the hotel, where they reactivated it somehow to accept the charges.

The funniest one was her Visa card number was stolen last winter, and as they were going through the fraudulent charges, there was a $20 charge from a massage parlor in Ireland… that must've been one ugly “masseuse ”
.

Were you able to get the paypal money back?

 

[weilke]

The one time I was amazed because it was about a $10 charge from a bar in Texas. I don't know why they would flag that since, at the time, I was going to Texas quite frequently.

It may not have been your transaction that flagged the batch. There may have been other fraudulent charges on that merchant account and you were contacted although there was nothing unusual about your transaction.

 

[weilke]

Do the cards in Europe use RFID and not a magnetic strip?

They have a little cold colored oval with 6 contacts and a chip in the center. It is a rather ancient system that goes back to the EC cards of the 1980s.

 

[Ghery]

Got home today from a picnic at church and had a voice message and an e-mail from Capital One. Did you make a purchase at the following locations today? No. Well, the card was swiped at such and such. Nope, not out of my wallet. Had my wife check. Her wallet was missing from her car. Oh. This started an interesting two hours as other cards were now sending me e-mails. 3 compromised. I wound up with 4 credit cards and our ATM card all canceled by the time I was finished. Plus I got on-line with the DoL in the state and ordered her a new driver license. They gave me a form to print out that serves as her temporary driver license until the one with her picture (from their files the last time she renewed) shows up. Oh, and her cell phone was in that wallet. Got on-line with Verizon and killed that phone. We'll have to go to the mall tomorrow to get a new one. And, no, I did not have insurance on that phone.

Our son called and reminded me of the various apps on the phone that likely had passwords programmed in. So, my wife got on-line and changed all those passwords. Except one. I can't find a way to change the password on the app that gives access to the security system on the house. You can't change the status without a code that isn't programmed in, but you sure can find out if the system is armed. And those turkeys know where they stole it (assuming they kept it).

What a pain in the neck. Now I'll have to contact all the folks who automatically charge one of the cards (like the security company) and give them the new account number when I get it. In the meantime, I have one credit card that she didn't have, so we live on that for a few days.

I have a proper punishment in mind for these thieves, but the ACLU wouldn't like it. Target practice anyone?

 

[weilke]

Bummer.

Call the security company and see if they can disable the link with the app until you can get things reset.

 

[Everskyward]

It may not have been your transaction that flagged the batch. There may have been other fraudulent charges on that merchant account and you were contacted although there was nothing unusual about your transaction.

That $10 charge was the fraudulent one. I couldn't understand why they suspected it.

 

[X3 Skier]

I think but cannot be sure, the PIN is encoded in the magnetic stripe, or a sum code that checks that you have used the correct PIN. If yo change PINs, then they need to imprint that to your card.

That seems reasonable except I was told that after I get the new card and PIN, I can then change the PIN via the web site. When I asked why can't I do that with the old card and a new PIN they would send me, again I got the "We can't do that, I don't know" litany.

Cheers

 

[wsuffa]

PINs are required in Europe.
Yesterday I bought groceries and that store is swipe only for less than $50. I don't like that either. I think it used to be less than $25, now it's less than $50. At least when I buy gas, the gas station requires the zip code. That's more than stores require.

Not required, as Chip-and-Signature is an alternative.

Do the cards in Europe use RFID and not a magnetic strip?

No, they have an embedded chip. Most European machines also accept mag-stripe (though the employees may not know how to use it).

AmEx, Chase (some "rewards" cards), USAA, and several credit unions are now issuing "chipped" cards to US account holders that travel (I've got 2 chip-and-signature cards). Some are chip-and-pin, some are chip-and-signature. The PIN is not mandatory in Europe (except for some unattended terminals) as a chip-and-signature card will generate a signature slip in "manned" locations.

Interesting that some of the PoS terminals here in the US have a slot for chipped cards, but the software doesn't implement it (I've tried...).

That seems reasonable except I was told that after I get the new card and PIN, I can then change the PIN via the web site. When I asked why can't I do that with the old card and a new PIN they would send me, again I got the "We can't do that, I don't know" litany.

Cheers

IIRC, you can change the PIN for mag-stripe cards that verify online. The chipped cards imbed the PIN in the chip, which makes them suitable for offline terminals (true in Europe). There are also accomodations in Europe for disabled/handicapped folks who can't type a PIN. Almost all ATM cards in the US will allow you to change PIN upon request - my bank mandated that I do so after receiving the card.

 

[weilke]

That $10 charge was the fraudulent one. I couldn't understand why they suspected it.

Probably because someone else who received fraudulent charges from the same merchant account complained. When they looked at the batch with that persons charge, they found a number of other 'card not present' transactions that didn't make sense in the setting of that particular merchant (e.g. from a bar, you would expect that 98% of transactions are 'swiped', and the great majority are in-state within the closest 3 zip codes. When there is suddenly a batch with all 'card not present' and cards from the world over, it probably means the merchant account was compromised or the evening shift manager decided to start a little side business with stolen CC numbers).

 

[N801BH]

Got home today from a picnic at church and had a voice message and an e-mail from Capital One. Did you make a purchase at the following locations today? No. Well, the card was swiped at such and such. Nope, not out of my wallet. Had my wife check. Her wallet was missing from her car. ?

Did the wallet get swiped at the church picnic ?

What did the thieves charge on the card?

 

[X3 Skier]

Almost all ATM cards in the US will allow you to change PIN upon request.

All my other ones will allow that by mail or web site except Wells Fargo. Had to get a new card to get a new PIN since I had forgotten the old PIN.

Cheers

 

[JimG.]

Were you able to get the paypal money back?

Yes

PayPal goes overboard in that area actually.

My wife has an online retail business (And uses PayPal as her processor), and it's quite easy to defraud businesses using PayPal. They almost never take a retailer's side in a dispute.

A consumer can claim they never received the merchandise, the retailer can provide documentation that the item was delivered, yet PayPal will almost always side with the consumer.

 

[Ghery]

Did the wallet get swiped at the church picnic ?

What did the thieves charge on the card?

No, overnight while the car was parked in our driveway.

Not sure about the items, but they charged stuff at Target, a grocery store, a video game business, Famous Footwear and Western Union. At least, those are the ones I remember. Her phone is either turned off or has a dead battery. Given her propensity to not bring it in to charge, the second would be my bet. I've bricked it through Verizon, so all it can call is 911 (wouldn't that be sweet), but all her contacts are on it, along with apps that will work with a WiFi connection. The perps don't want me to catch them, that's all I have to say about them.

 

[N801BH]

..... The perps don't want me to catch them, that's all I have to say about them.

I hate thieves too.... We have VERY hungry bears that will eat just about anything....

Be interesting to see who the cops catch...

Going on the Western Union angle I am betting they don't speak good English..