Credit Card Fraud

19,016 Views | 96 Replies | Last: 8 yr ago by InMyOpinion
techno-ag
How long do you want to ignore this user?
AG
UMBK is knocking it out of the park on this thread.
BCStalk
How long do you want to ignore this user?
I was just thinking "what a nerd"...kidding of course
australopithecus robustus
How long do you want to ignore this user?
The liability should remain with the banks/credit card issuers. They are the ones profiting from the consumers AND the merchants. Putting the liability on the merchant is utter BULLCHIP!!
Rockdoc
How long do you want to ignore this user?
AG
Hey, with allllllllll that stuff said above, JUST FIX IT!!!! I'm tired of it. We're all so smart (but the criminals are ahead of us).
Penny83
How long do you want to ignore this user?
Within an hour of purchasing HEB gas this afternoon at Texas and Holleman, I received a fraud alert for a $700 Home Depot purchase in Ohio. May be coincidence, but I immediately recalled this thread. Wish I had remembered before I gave HEB my business. Beware out there!
UmustBKidding
How long do you want to ignore this user?
Now if you could remember where you about 5 months ago when it was skimmed.
dgonzo99
How long do you want to ignore this user?
quote:
Within an hour of purchasing HEB gas this afternoon at Texas and Holleman, I received a fraud alert for a $700 Home Depot purchase in Ohio. May be coincidence, but I immediately recalled this thread. Wish I had remembered before I gave HEB my business. Beware out there!
How true!!!!
marrocco
How long do you want to ignore this user?
quote:
Now if you could remember where you about 5 months ago when it was skimmed.

Probably at a gas station. Or maybe an ATM...
JayMM_02
How long do you want to ignore this user?
AG
quote:
Now if you could remember where you about 5 months ago when it was skimmed.


I've had this happen three times in last TWO months, twice with older version cards, and just today with my less than one-month-old chip card. Whatever process my thieves are using moves a lot faster than five months. All with same financial institution. I actually came on here to ask about it, and found this thread. I am trying to go back through my statements and cannot find a common denominator aside from the fact that this time and the last, my last transaction was at Bryan SuperWM.

Can I set restrictions for my debit transactions to be allowed only in B/CS? I will plan accordingly when going out of town.

Tonight's transactions were in two Krogers: Willis and Hunstville. Previously, charges came from Dallas and Bastrop. While I greatly appreciate the fact that I get the fraudulent charges credited back, they show up as "pending" for several days. This means my available funds are lowered by that pending amount as well until everything is resolved.

I no longer want to use cards. Earlier in thread, somebody suggested checks...is there any information that can be stolen with this form of payment? I've already checked credit report for ID theft, etc., and it looks fine. It seems like only card number has been taken each time, but I'm starting to develop PTSD. Any advice would help!
marrocco
How long do you want to ignore this user?
Your checks contain all the information needed to commit fraud with them - bank routing info and the account number - in plain text on the front of them.

My grandparents' bank account was drained in the early 2000's by somebody who took one of their checks, printed their own version of them with a slightly different address and phone number but the same account and routing numbers, and their own custom drivers license.

I do not write any checks any more to anyone except for county tax payments.
Rockdoc
How long do you want to ignore this user?
AG
Yeah the 5 month timeline someone is referring to is bunk. People are just stealing numbers. Doesn't take a newly printed card with your number.
UmustBKidding
How long do you want to ignore this user?
If you want to believe that I used my card and an hour later it was stolen its fine with me but unfortunately the facts say its not the case. Skimmed cards take longer to hit the market than cards that were appropriated by infected POS systems but many times crooks hold cards on the infected companies servers because exporting them is what typically is what gets them caught. For instance in the Home depot infected POS breach the malware was loaded in April 2014 and the breach was detected when the first batch of cards hit the black market in September of 2014. Target was infected in early November and detected when the first export was made on November 30 and first cards released for sale Dec 11. This is one of the fastest exploit to sale for stolen cards ever.
It's possible that the merchants system is infected but card present transactions are from breaches months old and CNP transactions are from breaches at a minimum of multiple weeks old.
Quick fraud is typically from sites where hygiene is bad. My debit card sends me a text with every authorization attempt and I have given my card to a waiter in NYC and get the Text for the bill and an additional one for the $300 shoes they were trying to buy online.
Card fraud, especially POS fraud are almost always perpetrated by criminal gangs. Credentials are gathered and exported in batches since the export is typically the event that causes detection. Buying the malware, hiring hackers, paying bribes and other overhead costs runs in the hundreds of thousands of dollars. They want to make the first export worth the effort. The collected cards are tested and batched. Many times this is the first sign your account has been compromised. A small transaction is made many times to a nonprofit to make it appear that you donated $1 to ASPCA or some charity. Watch for these, they may be a sign of bigger things to come. The batches are then priced an placed on a dark web market. All this takes time, and its not measured in hours.
Skimming operations only recently have added wireless collection, typically bluetooth based. So they have to balance how often they collect the data which requires them to physically visit the device. If someone shows up daily the risk being noticed, weekly you might loose a bunch of good data because your device was detected. But again this is not measured in hours.
It's very hard to detect what a card was stolen by a card holder, you don't have enough data. Even all but the largest banks don't have a big enough view to pinpoint the source. It's almost always detected by the payment card vendor. They can take thousands of fraud reports and determine the merchant in common.
I personally worry far more about malware like Zeus. Man in the browser exploits typically lead to far larger losses for an individual.


UmustBKidding
How long do you want to ignore this user?
One unfortunate side effect of chip cards is they typically sit in inventory longer that legacy plastic stock. It's very hard to implement instant issue with chip cards. So cards are built by companies like Gemalto and either shipped to the banks fulfillment center or held and posted to customers on request. They can take a side trip while in inventory or during shipment. While fulfillment houses have very high security, USPS is less secure and your mailbox is basically completely open. Activate your card and a few weeks later strange CNP transactions start showing up.
Maybe financial institutions hire companies to screen for fraud patterns. Some do offer area screening but typically the granularity is broad, like state/region locking. Ask your issuing bank what their capabilities are.
BCStalk
How long do you want to ignore this user?
I think something people fail to understand is that criminals and thieves are going to get your money. No question about it. They have been a step ahead of security since day one. Unfortunately it's becoming obvious that these people have the technology and skills to get around any form of security on our cards. If they want it they are going to get it.
dgonzo99
How long do you want to ignore this user?
quote:
I think something people fail to understand is that criminals and thieves are going to get your money. No question about it. They have been a step ahead of security since day one. Unfortunately it's becoming obvious that these people have the technology and skills to get around any form of security on our cards. If they want it they are going to get it.
BCStalk gets it. For anybody to believe that the criminals aren't one step ahead and plan for it, they are being just a little nave.
dgonzo99
How long do you want to ignore this user?
last word should have been naive
Rockdoc
How long do you want to ignore this user?
AG
Hey dude, I don't use big words and loooong drawn out supposedly technical explanations. I'm just repeating what the bank card people told me when I talked to them. I'll go with what they told me. But thanks for the expertise?
BlueMiles
How long do you want to ignore this user?
AG
If someone in town, say your waiter at a restaurant, has a device to scan and copy cards, it won't take five months.
marrocco
How long do you want to ignore this user?
quote:
If someone in town, say your waiter at a restaurant, has a device to scan and copy cards, it won't take five months.
Builder93
How long do you want to ignore this user?
AG
I happened to catch a couple of 2 dollar charges on my account and called the bank. They caught it as a scammer's test run and issued me a new card. I can't believe I caught it so quickly.

Also, is anyone else reading POS the way I am?
UmustBKidding
How long do you want to ignore this user?
True but it an extremely small portion of the fraud. And all the example cases on here are complaining that it happened after they went to HEB (card in hand and swiped) and fraud quickly occurs in Houston, Ohio or some other far flung location. The waiter is going to scan (and write down or copy) and do some Card not present transaction online or duplicate and swipe locally not drive directly to Houston or read it to their friend in Ohio.
aggiepublius
How long do you want to ignore this user?
AG
Wonder if it is connected to the POS skimming that hit Safeway last month in California and Colorado? Grocery stores may have either a common vendor or business practice a group has identified. I know at some grocery chains, some have an threshold does not that require a signature even for swiping the magstrip.

Krebs on Security: Skimmers Found at Some Calif., Colo. Safeways




One cultural difference between the US and Europe that steered the US into implementation of Chip-and-signature as opposed to Europe's Chip-and-pin is the prevalence of debit card usage in the States. IIRC, various merchant groups worried that consumers would be confused on which pin to use and it would slow the transaction down.


And earlier someone asked about if anyone accepts ApplePay locally. I use it several times a month at Walgreens and occasionally on campus with some of the vending machines. Never had any issue with it.
marrocco
How long do you want to ignore this user?
Timely.

Criminals seeking credit-card and other personal data are targeting hotels; what to watch out for
MiMi
How long do you want to ignore this user?
S
Was at the College Station Walmart and found someone's IBC Bank debit chip Visa laying on the floor near the bakery. Fear not Leslie B, I called the bank and had your card deactivated. But I do hope you had another method of payment when you checked out.
redd38
How long do you want to ignore this user?
AG
I just had a fraudulent charge on my card. Someone used it at a Shell station in Austin.
marrocco
How long do you want to ignore this user?
ATM skimmers...
Rapier108
How long do you want to ignore this user?
http://wtaw.com/2016/02/09/bryan-police-looking-for-credit-card-suspects/
InMyOpinion
How long do you want to ignore this user?
I never use a debit card so my bank account is never in jeopardy, only a credit card. I never have to worry about getting reimbursed.

I have text alerts setup on my credit card for anything that is charged for more than $1 - which can be annoying when the wife is shopping but well worth it.

I could care less if some yahoo gets my account and tries to use my card. I can immediately notify my credit card company to cancel my card, if they have not already detected the breach and send me a new one. If I need to use a credit card before my new card arrived I have a back up.

Having had this happen a couple times over the last few years, I can handle the issue typically within 15 minutes of the first fradualent charge.
 
×
subscribe Verify your student status
See Subscription Benefits
Trial only available to users who have never subscribed or participated in a previous trial.