Credit card/Debit card theft.

[Malfeasant]

Just wondering if anyone else fell victim to internet fraud/phishing? I've only used this card three times online. Two were knife purchases. Three different websites. One of them, someone got my info and well.. Treated themselves to dinner quite a few times (online purchases at that!). Don't want to call out any distributors because they're reputable. Thinking my third purchase was the culprit non knife related. Reported the fraud, await investigation. I've done malware,virus scans on my PC. Don't think it's on my PC because I have bank, other cards used on the net. Must be one of the three sites.

Just going to throw this out here... I'm not a fan of debt, use my CC to keep credit built up. Learned my lesson pretty young.

[remnar]

I had this same thing happen early this year. Someone used my Visa debit card to treat themselves to dinner and drinks all the way on the other side of the country. I hadn't used it very much for online purchases for several months but did order a couple of Christmas gifts. I did all of the paperwork and filed a case with my local police so the credit union refunded everything. I have only used my new card online once since then.

[anagarika]

A lot of time malware can go undetected.
The malware can also be present at the site of the merchants.
That's the reason a lot of cards issuers are moving to 3D Secure to add another layer of security.

Most important is guard oneself as best and report unusual activities soonest to the issuer. They'd normally reimburse customer's losses, upon investigation completed.

[SpyderNut]

Sorry to hear about that, Malfeasant. My wife and I have had our Mastercards and Visas hacked on three occasions in the last five years. It is very unpleasant, to say the least. The first time occurred while on a trip out west. Had our card hacked at a Wal-Mart in Arizona. We then received new cards and got them hacked less than a year later. Grrrr. (The criminals racked up some $700 in New Balance gym gear before we got wind of it).

Hope it all pans out quickly for you.

[SpyderEdgeForever]

Wow that is not good, sorry to hear that happened.

A question about this for everyone: If a site has the little lock icon that is supposed to mean it is safe to use your card, is that a guarantee that it will be safe, or not?

[anagarika]

SEF,

It is better than no security but no guarantee.

The soonest it is reported, the sooner issuer & network receive info to try triangulating the compromise vector.

[SpyderEdgeForever]

Thank you.

I also heard that some credit card companies will notify the card holder if any unusual out of state purchases are made, that are not commonly made by the card holder. Example: If you have visited a state that is not your home residence and you purchased a spare part for you car at a local auto parts store there, and that was one of the only times you did this, some card companies will contact you just to verify that the purchase was made by the card holder. That is a good policy.

[Malfeasant]

All three purchases were made with the little security lock symbol (its green for me) at the top of the page.. I did call one of the places multiple transactions were made. They were sorry about it, banned his account and said they'll refund the amounts. Which is really nice.
Those hackers always have ways around stuff. :mad: Glad to hear I'm not alone.. Not happy others had to go through this.
I'm not too worried. Pretty fascinated someone smart enough to pull this off is willing to risk felonies, possibly years in jail for some dinner.
Wouldn't get overly concerned about this if it's never happened to you. This is my first time in over 10 years of online purchasing. The fraud dept. is quite nice, helpful in my experience. They didn't make a big deal about it.

[anagarika]

Mostly issuers will try to prevent or make judgement call against the fraudulent usage. Not very easy to do and with demand from market (customers) that transactions are approved in short time, and the volume it has to be processed, those decisions usually are automatically made, and only the exceptions get referred for further validation.
As with everything, it's not perfect, some genuine transactions got referred (annoying for customers) and some frauds pass through.

Then it's the turn for issuer's fraud team that's tasked to provide best customer experience while protecting the issuer from abuse (i.e. validating the claim).
I saw Deacon said the motto 'customers are always right' isn't true 100% of the time. It's rare but there''re people trying to get benefit from such claim processing.

I'm glad that Malfeasant received a proper treatment. Also, considering after 10 years of online purchases, this is first time, it means 0ercentage wise, it's not that huge. However, these crooks are getting smarter and bolder. Some of them are actually earning a living (including going in & out jail) by doing this. :mad:

[rodloos]

Just because your credit card info was fraudulently used, doesn't necessarily mean it was due to your online purchases (though that is always a possibility). The "Lock" symbol on a site's URL just means that you are connecting via proper https (uses encryption so that other computers between you and the server can't read the data) but it is also possible that you used your card in person at a local merchant, who might have been hacked/infected by a virus themselves. I remember a case a few years ago, where the big store was using an wireless network between their terminals at the front of the store, and the servers at the back, which wasn't properly protected.

One of my credit cards has a very helpful feature called Shop Safe. You use it to create a temporary credit card number, which *only* works with the first merchant you use it at, and you can set an arbitrary max $ limit. So when you want to buy something online, even if someone else gets ahold of the card info, it *only* works at that merchant you set it up for. I'm sure there are other credit card companies that also offer something similar.

[anagarika]

Rodloos,

Thanks for explaining further. :)

When transacting with physical card, the merchant wouldn't have the info of the 3 digit at the back, which is usually needed for online purchase. This info is simply not there on the chip or mag-stripe, unless the cashier purposely takes note & write it down (possible).

'Man in the browser' malware will also defeat the padlock (encryption) because it captures everything before it gets encrypted. There's also malware in the memory of the cash registers, that captures the mag-stripe data as it's read by the machine. Some smartphones also have malware on the OS level, which gives it root privilege (anything is possible).

The Shop Safe features as described is very good. Some other method like Apple pay is to use a one time virtual card number, so the real card number will not get into transmission at all.

As it is, the battle continues, the criminal will try other method, and the technology & processes will adapt & evolve.