Credit Card Stolen Number, how did it happen?

[binki]

Scratching my head over this one. I had 1 credit card come up with fraud alerts yesterday. Four charges, 2 declined and the other 2 I had to call on.

This care is on file electronically with 2 places. I also used it to purchase some materials for the business and the charge was large enough I used 3 cards.

So now, how does only this one get violated? I only use this card for my water bill and my pharmacy which are both stored so nobody in the physical location has access or should I say they should not have access. I have working in IT for many years and I know some places will store personal information in the clear without any masking or security. However, these 2 places us payment gateways so they should be secure.

The charges were made in the Los Angeles area, about 30 miles west of me. The one big purchase where I had to give the CC over the phone is in, you guessed it, Los Angeles. But why only one card? I used 3 for the order. I thought about calling the vendor on Monday to let them know what happened but then again, would that do any good?

Thoughts on reaching out to the vendor?

 

[gnubler]

Who knows. I've been hit three times, twice was within a month of one another (debit card & credit card). One of them attempted a bunch of charges in NYC, the other in Kahzakstan. My credit union is really good with the fraud detection, as soon as I get that automated call asking about recent charges I know it's happened again.

I use my Mastercards for all purchases, no debit anymore. Debit is only to used to pull $ out of the ATM.

 

[netsol]

you never know, do you have one of those shielded wallets that protects the cards from scans?

probably 12 years ago, a good friend got his amex black card hacked repeatedly (probably 7 times.)
at the time, we hosted his email and amex blamed us. they said the thieves were getting to his statements through our "insecure servers"

then tom ended up in the hospital, for a 2 week stay, and when he got home & checked his mail the unopened
and unactivated replacement card had $6000 in fraudulent charges on it

they admittted to internal problems, finally

 

[victor bogdanov]

My main credit card seems to get fraudulent charges on it once per year but it's a very easy fix with capital one, couple of clicks online and a new card arrives in a couple days.

Last fraud activity happened about a month a go, I got gas at a shady gas station and a few hours later got an alert for a $700 macy.com purchase.

 

[Texas_Signmaker]

Municipal websites have very poor security and are hit by hackers all the time. You said you paid your water bill, I'd bet that is where it got taken.

 

[The Big Squeegee]

I just got a 2k bill from UPS for 21 packages sent all to one address. It is pretty easy to charge shipping to a 3rd party with UPS because the shipping number contains the account number.
In this case, they shipped it using my address as the return address. I don't know what would happen if I had the packages returned. With my luck I would have someone show up to get them if I had. That could have been a dangerous situation.
I now try to avoid shipping with UPS as much as possible. I have also had my CC stolen but I think those were computer hackers. They tested the cards with low amounts first. My bank made good on them but I did get new cards both times.

 

[DL Signs]

Skimmers, security breaches at businesses you deal with on-line. The worst is when large retailers, corporations, credit card companies and banks get compromised, hundreds of account numbers can be affected in a split second, pretty much all they have on file if it's not caught immediately. It's an endless battle keeping things secure, and it'll probably get a lot worse before it gets better.

 

[garyroy]

Only one card may have been hit so far, put alerts on the other two for sure.

 

[Krissy Louderback]

I few years ago I got my card hacked some how a few times within a short period. With all the scumbags in the world and the likelyhood of it happening more, I decided to get Lifelock. These MFers can reek havok on your life if your identity gets stolen. You can set it up to give you alerts on all of your accounts even your checking account. It won't stop it from happening, but it makes me feel more secure knowing I have it.

 

[Solventinkjet]

This is why we stopped taking payment over the phone. The weakest link in any system is a human.

 

[DL Signs]

Had one of mine attempted to be used in Azerbaijan a few years ago... Never knew this little country existed until then. CC company denied it and locked down my account immediately because it was in another country. Someone in Ohio attempted to use my wife's debit card in Ohio not long after that. Now she gets notifications for every transaction from everything, and if she knows it wasn't us she locks them, bad part is I can't even buy her anything and surprise her anymore unless I use cash

 

[Billct2]

Might not be you but got stolen on the other end

 

[binki]

This is why we stopped taking payment over the phone. The weakest link in any system is a human.

We don't either. Our processor lets us send a secure link for payment.

 

[binki]

Only one card may have been hit so far, put alerts on the other two for sure.

Yes, I am thinking that as well. I am monitoring them right now.

 

[BigNate]

... this info may be slightly dated, but I have no reason to believe things have changed. A few years ago, close to a decade, my brother was creating some custom code for a POS drawer system for a chain of liquor stores. At least at that time, there was no encryption of any kind between the POS and the card reader company - anyone could catch the data stream and read the numbers (even crazier when you realize that a lot of ,merchants have open WiFi connecting registers to the outside world!) This was well into the teens, and like I said, I have no real reason to believe things have changed (I mean, come on has anyone ever heard of ALL vendors having to change out their CC equipment so it can read the new format? - then they must still be communicating with the lowest common denominator..... some of us remember when the finally did away with the old knuckle-busters, but I think you can actually use these too still.)

 

[Solventinkjet]

... this info may be slightly dated, but I have no reason to believe things have changed. A few years ago, close to a decade, my brother was creating some custom code for a POS drawer system for a chain of liquor stores. At least at that time, there was no encryption of any kind between the POS and the card reader company - anyone could catch the data stream and read the numbers (even crazier when you realize that a lot of ,merchants have open WiFi connecting registers to the outside world!) This was well into the teens, and like I said, I have no real reason to believe things have changed (I mean, come on has anyone ever heard of ALL vendors having to change out their CC equipment so it can read the new format? - then they must still be communicating with the lowest common denominator..... some of us remember when the finally did away with the old knuckle-busters, but I think you can actually use these too still.)

These days you have to use up to date encryption to be PCI compliant. The problem is that PCI compliance is a self reporting standard so any merchant can just say they are compliant and it get's filed away somewhere.

 

[RabidOne]

My wife had a citibank card she only used for one online payment once a year.
That card was hacked pretty much 4 times a year, so either citibank or the vendor had a leaky setup.

 

[binki]

... this info may be slightly dated, but I have no reason to believe things have changed. A few years ago, close to a decade, my brother was creating some custom code for a POS drawer system for a chain of liquor stores. At least at that time, there was no encryption of any kind between the POS and the card reader company - anyone could catch the data stream and read the numbers (even crazier when you realize that a lot of ,merchants have open WiFi connecting registers to the outside world!) This was well into the teens, and like I said, I have no real reason to believe things have changed (I mean, come on has anyone ever heard of ALL vendors having to change out their CC equipment so it can read the new format? - then they must still be communicating with the lowest common denominator..... some of us remember when the finally did away with the old knuckle-busters, but I think you can actually use these too still.)

In my software development years we did medical transactions to the insurance companies using the Visa-2 protocol. Everything was transmitted in the clear including SSN's.

 

[CanuckSigns]

I just had my company visa compromised, someone used to to buy almost $40,000 worth of Google ads, not sure how they turn that into cash, but the bank just cancelled the card and sent me a new one no skin off my nose.

 

[Vortex37]

Our card number kept getting stolen and we do business with all kinds of promo products vendors so it was impossible to track down. Now we issue a different virtual card with a unique number for each vendor so if it gets stolen we can tell where the leak is and the actual card doesn’t have to be canceled.