I Experienced A Type Of Credit Card Fraud I Didn’t Know Existed

I’ve been using credit cards forever, though much to my surprise I’ve never actually been a victim of credit card fraud. You’d think I would be a prime target, all things considered:

  • I have dozens of credit cards, so frankly I might not even notice if one of them went missing
  • I use my credit cards all over the world, so there are a lot of opportunities for people to take down my credit card information

The good news is that credit card companies are fantastic about consumer fraud protection. In the event that there are fraudulent charges on your card, you’re almost always covered.

I’m also sort of surprised that I almost never get fraud alerts on my card. Understandably card issuers occasionally proactively tag transactions as fraudulent, because there’s something suspicious about them. It amazes me how good of a job issuers do at tracking what’s “normal” behavior on a person by person basis.

For example, sometimes I make purchases in five countries in a week and that doesn’t set anything off. But that’s the case because they know that’s pretty normal for me, based on my past activity.

Yesterday morning I received an email from Citi, stating that there was some suspicious activity on one of my accounts. I figured it was a false alarm, since sometimes transactions are incorrectly marked as fraudulent.

Credit-Card-Fraud-2

However, when I looked at the statement I saw a bunch of pending charges… in Maryland! I’m in Germany right now, so clearly didn’t make any of those purchases.

Credit-Card-Fraud-1

I’m no expert at credit card fraud, though this really puzzled me:

  • These seem to be in-store purchases, so presumably a physical card is required
  • I didn’t lose my card — I’m in possession of it, and I have no authorized users on it

I phoned up the Citi fraud prevention number and confirmed the purchases weren’t mine. The agent said that nowadays many people create fraudulent cards with “real” information, that they use for in-store purchases. I didn’t know that was a “thing” — I thought most fraud was either with (physically) stolen cards or online with card information which was jotted down. I didn’t realize that people created fake cards with information from real cards.

Bottom line

I’m surprised it took this long for me to experience credit card fraud, given how many credit cards I have and how many places I travel to. And to me it’s especially interesting that it happened with a type of card fraud I’ve never heard of.

I’m also impressed that Citi caught onto this. I haven’t otherwise used my card for any purchases in the past two weeks, so presumably they had no way of knowing I was in Germany. And Nordstrom and liquor stores are about the only two types of non-travel/dining businesses where I make in person transactions anyway, so… 😉

Kudos to Citi, and screw whoever is trying to steal my card!

Have you ever experienced credit card fraud? If so, what happened?

Comments

  1. That’s an interesting one… Would the very slow roll out of cards with chips in the US eventually help prevent purchases like this?

  2. I had almost the same thing happen recently with my debit card: someone had stolen my card info and PIN (!) with an ATM skimmer device, then used it to make a duplicate card. What’s even weirder in my case is that they used it at a local business just a few blocks from my home. 🙁 So creepy. I hope they were able to use ATM cameras to catch them.

  3. @Phil – in theory yes. However, merchants who do not upgrade their terminals by October to accept chip enabled cards will carry the burden of a loss instead of the card issuer. Many small mom and pop merchants (the liquor store in this case) may not upgrade their devices until they start feeling the pinch of these chargebacks. Only then will they make the modest investment to upgrade.

  4. I had a similar case back in Feb. I checked in to my hotel in Hong Kong and maybe a few hours later my card was also swiped somewhere in SFO. Luckily I called Barclays when I got back and they reversed the charges as so did the hotel in SFO pro actively.Not sure how such things happen but good to see card companies do watch out for us.

  5. Yes it is a thing, actually a pretty common thing, actually THE biggest type of cc/debit card fraud, via bought information or skimmed information etc, fake cards are produced and people go about using them, sometimes for huge purchases etc.. did you not watch the movie… there’s a movie about this exact thing….

  6. This exact situation happened to me last November with my Alaska Visa. Had a random $1100 grocery purchase on my card, plus some rejected Home Depot attempts. The BofA agent suggested that my info could have been stolen through one of the popularized data breaches (maybe target?) and a new card was created. I have to hand it to BofA – not my favorite bank but they were on top of this and handled it well.

  7. We used to frequent that Towson liquor store back in college. And I was in that Nordstrom yesterday. Too bad I was a day later, it would have been fun to hear them say “Thanks Mr. Schlappig” to someone who probably didn’t fit the name and point out it wasn’t them. From what I’ve heard going from liquor store to gas station is the easiest way to set off a fraud alert.

  8. I had a similar thing happen to me recently, but Citibank didn’t catch it, which I thought was odd. I was using the card in Napa Valley, and the card started getting additional charges in New Jersey and Los Angeles. I then went to Asia, and continued to use the card and the charges continued in New Jersey sand Los Angeles, until I happened to look at my statement and called Citibank myself to report the problem. I would have thought that this would have obviously triggered an alert.

  9. This type of fraud has been going on for at least a few years. Happened to me about 4 years ago. Charge all over the world, but Chase saw a $300ish transaction at a Walmart in Shreveport, LA. It was so not me that they immediately contacted me and issued a new card.

  10. Yesterday, my AAvaitor card called me to ask if a purchase was fraudulent. It was a $95 purchase that I probably wouldn’t have even noticed when it was time to pay the bill. Since they called me the day the purchase occurred, it was very easy for me to recognize that I hadn’t made the purchase! I was amazed and very, very pleased by their service.

  11. This happened to my girlfriend and I on two separate trips to Brazil. What we think happened was we went to the ATM area in the airport in Rio. Both tried to use our card but kept getting an error please re-enter pin. Neither of us were able to get cash. Later one of us got cash and beginning about two days later (and for about a week) there were fraudulent charges from around Rio (McDonalds, etc) and when my girlfriend talked to here credit card company they said they turned down about 80 attempted charges.

  12. No credit card fraud discussion exists without the mention of Brazil. Glad they caught this. Wonder how they’re able to do that considering you travel so much? Must use statistics programs to come up with fraud alerts.

  13. Just this past week – was notified by USAA that Mastercard notified them my debit card info was part of a breach and that they were sending me a new debit card to be on the safe side. The next day, I got an alert that someone was trying to buy $600 worth of stuff at Dick’s in Princeton, NJ – at the same time that I was using my card at a local merchant in NC. So now the debit card has been deactivated, and I’m still waiting for my new debit card to arrive.

    What I didn’t know is that Mastercard is not obligated to inform the bank which merchant was involved when my card info was stolen.

  14. I found out that somebody had purchased a set of rims for $3000, I discovered it as I was abroad as well at the time and went over my CC limit.
    Contacted the bank and they told me to fill out a report, was reimbursed the money within a week I think.

  15. It’s not surprising you didn’t know since it’s never happened to you but yes, this “real” thing has been around for years. In fact a credit card rep told me this is probably what had happened years ago when I called about a charge. They do use real cards which eliminates the ID problem, and then code your card’s info on the magnetic strip. Amazing what some people will do to avoid trying to get a job. This one has been around for years, or since the technology has been around. Sorry it happened to you. And the thieves didn’t go through a shopping portal for extra points, which is even more infuriating.

  16. Probably a good idea for all cc churners to read up on the Fair Credit Billing Act, in order to familiarize with consumer vs bank liability re: fraudulent charges. There’s also a long thread on FlyerTalk about this in the Chase forum, where the speculation is Chase’s database may have been hacked as many (myself included) cards were hit with in-person charges in Brazil and other locations. In fact, we’ve had a total of 3 compromised Chase cards in recent months. All those cards were sitting in the sock drawer and not used in the last year, so not skimmed at a POS terminal.

  17. I have had my fair share of cc fraud attempts. Chase has really impressed me with both their proactive protection (as in denying the purchase of expensive golf clubs, likely because they probably noticed that I never bought anything related to golf), to having a replacement card overnight end to me on a Saturday!

    Now for a company that sucks at recognizing patterns – Valero gas card. A few years back my wife forgot her purse in a shopping cart and less than 10 minutes later, it was discovered and they went to town almost immediately. I started calling all the card companies and thought that I had covered them all, but I totally forgot about the Valero card because it had a zero balance and likely hadn’t been used in two years or more. A couple of weeks later, the statement from Valero arrives and I see that they allowed the card to be used to the point that it was $200 over the limit. The charges totalled to over $1800 in less than 4 hours!

    I wondered how in the world this didn’t set off alarm bells, so when I called to report the fraudulent charges, I asked. Would you believe that they told me that they did indeed notice the unusual activity. That is why the froze the account and prevented any additional charges! Dumbstruck I replied, that it appeared that it was more likely that they stopped approving charges because it was over limit!

    Once the statement was zeroed out, I cancelled the account.

  18. Just to add to the Brazil fraud list…I have only had my IHG MasterCard a couple of months and only used it enough to get the 70K bonus. A couple of weeks ago my card was used at a gas station in Managa, Brazil. I was in the US at the time.

  19. Skimming is the one of the most common forms of credit card fraud. Being that you’re an expert in credit cards, I’m surprised that you didn’t realize this 😉

    It’s a large operation that’s been in place for years. If your card was skimmed by your waitress this evening, then there will be a duplicate card in the morning, already sold to someone who knows they have a very limited time to use it. The person doing the skimming probably isn’t somebody directly tied in. They received an offer of $100 or something to load the device over the course of a work shift. Tomorrow night it will be someone else at another place of business .

    I don’t mean to pick on the waiters/waitresses of the world. You should never let your card out of sight, but restaurants are the one place where this is the common and accepted practice. The skimming device is small, not much larger than a cell phone and easily hid in an apron pocket.. There are even skimming devices that fit over the card slot of ATMs, scanning cards a split second before the ATM does.

    As someone who works in the industry, I thought the general concept of skimming and fake cards was common knowledge. Obviously, more consumer education is needed.

  20. Sorry to hear but glad they caught it! Small correction Ben….they succeeded in stealing your credit card they didn’t “try to steal”. As everyone else is saying this is quite common and I’ve had it happen to me 3-4 times on different cards in recent years. Sometimes it is part of the mass data breaches sometimes it is old fashion card skimmers at various merchants.

  21. @LindaK-right there with you. I have had the same card used twice in three months with Chase, once with the old account number and then with the new one. That was the Presidents Club card. The other one was my Sapphire card. One got caught exactly like yours, a test run in Brazil but an attempted cash withdraw in New York the same day. I think they sell the numbers multiple times.

  22. Happened to me on a Chase card. Received call from Chase that my card had been used a few states away for a large charge at a type of establishment I never visit.

  23. as someon mentioned, this is one of two types of fraud – ‘skimming’ or ‘carding’. The latter occurs when hackers sell card numbers stolen through a data breach in bulk. CC numbers have dropped in price dramatically over the years – it’s not as profitable as it used to be. Only a chip and pin system will offer complete ‘electronic’ protection (but not from skimming using devices where the card holder enters their pin – overlaid at gas pumps, ATMs, etc. I work in fraud, so guessing the first few purchases were small – to ensure the card was active and has credit.

  24. United States laws protect consumers very well in cases of credit card fraud. The credit card companies arent trying to do anything to protect YOU, they’re trying to protect themselves. Which is fine. But to ever worry about fraudulent charges is pointless. Aside from a bit of a hassle, really not a big deal.

  25. This has been a thing for years, guess you’ve been living under a rock 😮

    The day after I applied for a visa to Russia, someone went on a similar shopping spree with my card in VA

  26. Definitely the cards seem not to have features of receiving SMS alert after the payment, and also it is very important for the website having Verified by Visa or Mastercard SecureCode.

  27. For someone as well traveled and having used so many credit cards for so long, how could you have never heard of this? It’s a very long running method of CC fraud. Most of my fraud instances have been of this variety.

  28. Happened to me on my US Bank cash plus too- transactions made in a different state even though I had my card with me the whole time!

  29. A would-be fraudster had the terrible luck to physically present a fake duplicate of my AMEX card in a major New York City store two hours after I presented the real card at the Sheraton Old San Juan. AMEX, realizing that this I couldn’t be in two such distant places within two hours, sent a fraud alert and the fraudster only got away with that initial purchase.

  30. Click bait strikes again! Here I thought you were going to report something new and informational, instead it’s a technique that has been happening for decades. Waste of time.

  31. UK resident here. My Natwest card was cloned about a month ago. The bank sent me a text message about “unusual” charges, which indeed were not mine. It was a chip and pin card, but really if you say you forgot your pin code most merchants let you sign instead. Still have no idea where it was compromised, but Natwest did well with cancelling bogus charges and issuing a new card.

  32. My parents live in that area of Maryland. My mom had a similat situation. The police found that a local credit card employee was stealing card information and making is own cards. His charges were more interesting strip clubs or porno stores. He also went every morning to 711 to make sure the card still worked which the police said is a normal tactic.

  33. This happened to my husband and I recently. We were in Hawaii and there was fraudulent activity on his Chase Sapphire – charges in Colorado. We don’t live there. Chase contacted him but his card was canceled and a new one issued. Kinda screwed us up for the rental car insurance coverage.

    When we got home, both of our Hyatt cards had fraudulent activity within 2 weeks of each other. Again, Chase notified us but cards canceled and reissued. This time, charges were in Florida and Pennsylvania- again, states we do not live in. So, I think Chase had some kind of security breach and hasn’t said anything to the media.

  34. I had three different cards compromised within three months a few years ago. One genius bought airline tickets with my UA card which showed his name on the charge. Another bought a case of wine which was easily tracked by a quick phone call to the wine vendor. The third tried to charge over 20k in person in a store in Cote d’Ivoire with just the number. (The shop owner refused and alerted Chase immediately.)

    I’ve learned that credit card use is far more protected than debit card. The cc purchases will be refunded, but the bank might not put the cash back in your account from a fraudulent atm withdrawal.

  35. part of my routing at work is to check my cc statements online every day.

    so far, over the years I was able to stop a few fake transactions.

  36. Has happened to me and my husband many times. In fact just last week one of our Chase “cards” was used in Brazil while it was in his wallet and he was in the U.S. We haven’t been in Brazil in ten years. Both Chase and Citi are excellent at catching these episodes for us.

  37. “This exact situation happened to me last November with my Alaska Visa. Had a random $1100 grocery purchase on my card, plus some rejected Home Depot attempts. The BofA agent suggested that my info could have been stolen through one of the popularized data breaches (maybe target?) and a new card was created. I have to hand it to BofA – not my favorite bank but they were on top of this and handled it well.”

    Oh puh-lease. In your case, BofA was saving their own skins and likely passed the financial losses to retailers or to Visa itself. That’s why they were so eager to help. In my case, it was my debit card that was cloned through a crooked grocery cashier and about $1000 was stolen from my BofA checking as a result. NO fraud alert by the bank despite the fact that the thieves hit an ATM in a 7-eleven while I was 20 miles away standing in front of a teller in a BofA branch. Fortunately, the stolen funds were returned to my account after I initiated a claim. However, there are plenty of stories where this bank refused to compensate similar fraud victims. I consider myself lucky as what happened to me occurred in 2008. It’s doubtful that, with the escalation of card fraud and the consequent rise in claims, BofA would comprnsate me if the same situation arose now. Instead, they would probably just claim that I must have been in two places at once.

  38. I’ve had issues many times with CapOne blocking legitimate purchases (once I had to patiently explain that DC and MD are next to each other, and I’m certainly not going to submit a travel notification before I use the cafeteria at work). After these experiences, I was surprised that when my wallet was stolen on a trip to Philly, they let nearly $500 through before I called to report it. Amex declined the very first fraud attempt and overnighted my new platinum to the hotel. That was my only working card for the next week.

  39. Same thing happened to me with my AMEX PLT card. It occurred around 3 AM and I asleep in bed. Someone one using my card to purchase groceries at the store. AMEX actually called me and woke me up to make sure those were my charges.

  40. It is totally possible, especially in U.S. Most of US companies outsource their IT departments to unskilled workers, who unintentionally left backdoors for hackers to steal

  41. It is totally possible, especially in U.S. Most of US companies outsource their IT departments to unskilled workers, who usually left backdoors for hackers to steal credit card information (either accidentally or maliciously ) . Hackers stole credit card information and replicated cards, and spent in countries have poor security standards (USA for example)
    In many countries, especially Western Europe, some Latin America countries and many East Asian countries, cashier will not let you swipe your card if it is a chip card. Instead, they will insert your card to make sure you are the actual card holder. (Hackers can’t duplicate the chip). Many countries even ask you to enter a pin for transaction.
    U.S. is left behind in ensuring the safety of credit card.

  42. i had this happen to me a couple of months ago. I was using my card in Atlanta and someone swiped a clone of my card the same day within 15 minutes in north FL. Chase called me immediately to ask if my wife was with me and if we both had our cards. We did and they shut down the card immediately. Both my wife and I travel extensively all over the world, but they still caught that I have never swiped it at a CVS and flagged it. The technology is getting very good at catching not just out of area, but spending trends. In this case, the thief had a physical card programmed with my number.

  43. Ive worked retail. Ive had a ton of fake credit cards. I can usually spot them pretty quick because I know what certain cards look like. The higher end cards that are suppose to heavier are dead giveaways.

  44. This the very first time I am doing this tweeter/ bookface whatever thing so please excuse the mistakes that I may / will make.
    I am 73 years old, I have NEVER had a credit card in my entire financial life, all I own in my life is paid for, there are no standing orders,direct debits, I travel to the US at least twice a year, always taking cash/folding money with me, it has never been a problem for ME. I am a great believer that if you do not have the cash in your back pocket / bank account then you cannot afford it, simple !!! ( I failed my 11+ so can still think outside of the box ) Also if you are not in a system then in very simple terms – you cannot be got at !!! Remember a few years ago a US high student hacked whatever into the most secure computer in the world – THE PENTAGON -remember ?? OPPS !!! Those of you old enough as myself will remember a certain SGT. BILKO , the very best comedy tv show of all time, he had a wonderful motto/ saying that still holds good today as in the 1950’s I quote ” It is morally wrong to allow suckers to keep their money ” sorry for of you who have fallen foul of credit card fraud, you may only have yourselves to blame !!! P.S. The cherry on the cake- wait for it – So far this year, 2015, I have NOT made a call on my mobile phone,I can hear the heart attacks from here – I have a land line, with an answer phone, I control the machine no the machine controlling me plus I am a founder shareholder in Vodafone, from the 80’s thank you very much PETER TORRE HENDON N. LONDON U.K.

  45. @Callie:
    “The higher end cards that are suppose to heavier are dead giveaways.”

    The higher end card issuers sometimes offer less conspicuous plastic versions of the same cards when the cardholder wishes to be more discreet.

    @Chancer:
    “In your case, BofA was saving their own skins and likely passed the financial losses to retailers or to Visa itself.”

    VISA is just the processing network and only in rare circumstances would be responsible, not for something as mundane as card fraud. The retailer doesn’t have to pay if they can show a signature on the receipt. BofA is on the hook for that one.

  46. Funny, nearly every time this has happened to me, it’s always been Maryland where the fraud goes down. Something in the water there.

  47. Hi Ben, I am flying through FRA from AMS on Tuesday and taking the LH flight back to MCO. Any chance you are on that flight? Email me if so or will see you in the lounge. However, we fly biz…..lowly souls that we are. Pam

  48. I’ve had 4 fraud alerts on my Chase Ink accounts in the past month and a half. Two of them were on authorized user cards that had never been used and never left my desk drawer. Hm, I wonder where the breach was on those, Chase….

  49. I’ve had it happen about a dozen times in about 15 years even though I have never lost card and hold then shred all receipts. I even tracked down two of the scammers because I am a security expert and the defrauded vendors gave me enough info to track down the people. The disappointing thing is that the police had no idea how to handle things and no was was ever prosecuted or even questioned…even when I gave them the name, address, and phone number of one of the scammers that I caught.

  50. It’s called card skimming and is probably the most common form of fraud, kinda surprised you hadn’t heard of it before although glad the card company caught it. It’s the main reason the card companies are moving to chip and PIN, although in the US that looks like it’ll take a long long time! Mind you I found US shops never even bothered to check signature strips!

  51. Had fraud on IHG and another Chase card while in my sock drawer and not used in a while – also charged in Brazil. Chase caught them. But it does seem that Chase has been compromised or there is an inside job on cards that are unused.

  52. Add me to the list of my Chase Ink being used in Brazil last week when the card had not been used by me in several months. Chase did catch it right away.

  53. I had my Citi Thank You card used in Miami several years ago. Citi caught it quickly. My IHG card with Chase used in Brazil like several here. Chase caught that quickly also.

  54. Happened to me in Shanghai in March. I am still sorting it out with AMEX who have handled the whole issue appallingly. At the very beginning I had not notified AMEX I would even be in China, so a $1000+ charge should have rung alarm bells IMO! AMEX make soothing noises on the phone how they “have my back” but so far this is not the least bit true.

  55. This is common, there are underground forums that sell your credit card information to others or that create credit cards from your CC #. There was a documentary on how they caught some hackers who used to do this. They would also make purchases with the credit cards and then they would resell the items on auction sites for cheaper. Look up cuban hacker caught by fbi in south miami.

  56. @ Brian — Seriously? I reported something I didn’t know existed. I don’t think I could have been more factual. You can call me out for not knowing all kinds of credit card frauds, but this is NOT click bait.

  57. @ Eric — I’ve never dealt with credit card fraud before and can’t say it’s something I pay much attention to.

  58. I had something similar happen to me two years ago and I am 99.99% certain of where it started.

    While heading to O’hare, our taxi driver was making small talk. When he asked us where we were from, we told him that we live in Hawai’i, having moved there from Canada at the turn of the millennium. He proceeded to tell us that he had family in Toronto. A couple days later, we get an alert that someone tried to use our card (the same one that we paid our cab fare with) at several high-end shoe stores in Toronto.

  59. You need to immediately check and make sure that no one has applied to the IRS for a tax refund in your name and if necessary ask for a PIN.

  60. Lucky The shoes and ties I got at Nordstrom looked so chic that I just had to celebrate with some Krug and Dom before refueling the rental car. No need to thank me for all those reward points you got. 😉

  61. Columbia, MD is my backyard. Do you need me to hangout at Columbia Mall Nordstrom and rough up some CC hackers?

  62. I had some fraud on my Chase Ink card in Brazil, Chase caught and issued me a new card and number. I received it and activated it, but did not use it, it was in my drawer. Within 2 weeks, there was more fraudulent charges from Brazil on a card that had NEVER been used! No problem with Chase removing it, but have to wonder if there is possibly some insiders at Chase selling card info???

  63. Just some technical fun facts:

    You can actually pretty easily make a fake credit card (or change one) as all cards are completely re-writeable. Ever try getting into your hotel room and find that the key stopped working? You probably went to the front desk and they might have said that it was demagnetized and that’s very possible if the card was somehow exposed to magnets. The magstripe on the back of your card are a series of minuscule bar magnets that can have their poles reversed.

    With that said, you can purchase machines that program cards. As more companies enter the space of credit card readers (like Square, PayPal or Intuit) and card aggregation (like Coin or Plastc) these machines are becoming more common and you can often find them on eBay.

    But to copy someone’s code, you need a very specific type of card reader that reads track 1 and track 2. Most credit card readers designed for phones only read one track, so it’s unlikely this would happen to you at a craft fair or in a taxi. But, if someone has a two track (or three track) reader, they can easily decode your entire card and use a machine to adjust another card to mimic it perfectly. Once they can the card, they’ll have your full account number (including primary or supplementary number, which delineates if this the primary account holder or an additional card), the country the card was issued in, the name of the cardholder, and the expiration date. They can now duplicate all the information onto another card, perhaps a canceled card they already have so merchants won’t be suspicious.

    The new standard for cards (EMV, or chip and signature in the US — chip & pin for the rest of the world) will protect against this in the immediate term. Also, technologies like NFC, Apple Pay and Android Pay use a process of tokenization that will protect even better than EMV does.

    The great news, as you pointed out, is that credit card companies protect consumers against this kind of fraud. Unfortunately, something to keep in mind is that they rarely protect merchants. And while I’m sure Nordstrom can afford it, when a small business receives a chargeback for fraudulent purchases, they’re left in the lurch sometimes losing hundreds or thousands of dollars due to a fake credit card. And a lot of them can’t afford it. Some companies, like Square, now offer chargeback protection for merchants. But they’re still a fairly small platform compared to the big merchant acquirers out there.

  64. This seems to be more and more common nowadays. Hackers usually steal credit card information from big stores’ system and used those to make “new” cards. And they can even write their own name on it, so if they are asked to present an ID, it would not be an issue. My card was copied and had 10 transactions worth over $1200 in Georgia while I was in Oregon, thankfully I got all my money back.

  65. Must be pretty common. The same thing happened to me a few months ago. Strangely all of my fraudulent charges occurred in MD too.

  66. I’m not surprised that Ben hasn’t seen more of this — He’s not in the United States much. The systems we have in place in the US are archaic and insecure. Both in the card terminals AND back-office systems. Unfortunately the new Chip + Signature deal is barely an improvement over the current mag-stripe. They should have just gone with Chip + PIN and been done with it. For some reason the banks are afraid Americans are so lazy that adding a PIN to a CC will make them stop using it. Americans are indeed lazy, but when it comes to immediate gratification (ie: shopping), I don’t see a PIN slowing anyone down. No matter, the online gap still exists — no chip nor PIN needed for online purchases.

    Re: Chase — Yes, they DO have a problem and they’re aware of it. My source from Chase (who works in a different department) was given rather dirty looks and a “You shouldn’t be asking about that.” when s/he started asking around about the increase in Chase CC #’s being stolen. Obviously something’s going on, but they’re not willing to go into details about it, even other departments inside the company.

    Re: Skimmers — yes, they’re out there, but are only responsible for a small % of fraud. The underground marketplaces on the web are much better. Most of these guys are getting their data through breaches rather than skimmers. When I checked a few months back, Visa/MC #s were going for ~$1-$1.50USD each. Amexs were $2 each. Add an extra $1 to each of these if you want the owner’s ZIP code and possibly address. Full info (CC#, DOB, Driver’s license #, address, SSN, etc.) were running about $10-15 each.

    I should point out that stolen iTunes accounts were running $6 each vs. the $1-$2 for CCs Why? The Apple Store, of course, as anything with the fruit logo is easily sold on the black market (or your local flea market/craigslist), but more recently, Apple Pay. All you need is an iPhone and an iTunes account and you’ve got yourself a mostly unlimited and mostly safe way to abuse credit cards. For now, banks assume that anything purchased with Apple Pay or Google Wallet is trusted. After all, you have your phone in your possession, have the passwords in your possession, and are presenting both when paying. Except it’s someone with your iTunes account info and not you. Banks’ fraud algorithms will almost always green-light Apple Pay charges, and it doesn’t matter anyway — Apple is the one who greenlights the charge at the merchant’s terminal, not Visa/MC, and Apple’s very naive. So far not seeing stolen Google Wallet accounts on the black market much — they require an additional password in addition to the Google login to work. While the Apple Pay/Google Wallet thing is cute and sometimes convenient, I’d advise people to not have all of their cards on Apple Pay, if any cards on it. At least until Apple gets their stuff together in the security department.

    As to my own cards, I’ve had them stolen many times over. Never once due to a skimmer. Instead, all were due to merchant or card processor leaks. My Amex was hit by the Target breach. I noticed it before Amex did and gave them a call. Amex was good about it — they actually let me keep my # as long as I monitored the account often for the next few weeks. I had a large # of higher $ purchases that were about to happen (new computers for the office) and they hadn’t billed yet so I really didn’t want to have to go through all the orders and change the billing info. Wells-Fargo actually surprised me with their response when my card # got stolen — they geofenced the old card # to where I was going to be for the next 48 hrs until I received my new one. I liked this approach — I still had use of the card and any potential fraud was denied.

    Of course, I’ve had false positives on almost every card I have. Amex seems to have the itchiest trigger finger and they’ve balked at everything from my doctor’s office to a restaurant in NYC in the middle of a 10-day stint there. I would have thought Amex would have noticed all the other NYC charges and gone with the flow. At least their Android app makes the fraud alerts painless with it’s “We noticed some charges… please verify yes/no” notices. I got a call from my personal banker @ Wells when I purchased a boatload of emergency electronics parts at 3am. Chase triggered on the 3rd day of having my CSP. Purchases of the day were 2x gift cards from Macy’s, then about $14k at Lenovo, so I guess I can see why they’d be concerned. I just wish Chase’s fraud departments responded faster and handled the situation as smooth as Amex does.

  67. This just happened to me TWICE! Last month someone used my Citi card info to make a small purchase at Nordstrom. I cancelled that card, got reissued a new one, and 2 days ago someone used the new card number at the same location to the tune of $6,000. Now I have to cancel that one too. How does this happen so quickly? Is the data more likely to be coming from a store I visit in person or a site where my card number is stored for auto-payment?

  68. Here’s another new one — this morning at 3:14am, I got an email from Amex saying they had declined a $1409.95 charge at the Apple Web Store, and that if this was a valid charge, to click “verify.” At 5:31am, I received another email saying “Thank you for verifying your charge activity.” The item was charged again, and it went through. When I called Amex about the unauthorized charge, I wanted to know how someone had verified my information? They said they would investigate that and let me know, but according to their records, I received a phone call and verified the information that way.

    Obviously, I never received that phone call. I verified the phone numbers on my Amex account hadn’t changed. I have no way of knowing how the scammers verified my personal information, but they must have spent those two hours looking for some personal information about me. Perhaps enough of it is online that they were able to confirm something.

  69. We’ve been cloned now 4 times. Fortunately our bank or credit card companies have caught it before any damage.

    There are simple ways to help find the criminal culprits if only all agencies would work together instead of pointing fingers.

    One time the criminals made two cards and were trying to use them at the same time in two different stores. One for $3,000 + of clothing and the other for almost $4,000 of jewelry. We got a phone call from our bank within 10 minutes of the person being denied at the jewelry store. We spoke to the store manager and confirmed that they had clear multiple video recordings of the poser. They wouldn’t provide them to the police without a case number. The police wouldn’t create a case number to start an investigation unless the bank filed other paperwork which all stalls the entire process so long that by the time you get a case number the store has recorded over the evidence. Really stupid.

    Why isn’t there a database somewhere for people who’ve been ripped off or cloned to enter a list of all places they had recent transactions? This would surely produce correlations with other people and may help find the source of the people cloning our cards.

  70. It happened to me as my Discover card was “swiped” 8 times in distant NJ stores. At the same time my actual card has never left my wallet. Luckily , the Discover fraud department caught the fraud on time and reverse the charges. Interesting thingf is that ll the fraudelent charges were for the same amount ($59.95) – and as per Discover agent suggestions the croos were probably using vending machines buying phone cards or something elese they can re-sell.

  71. My credit card had been hacked and this is credit card fraud on this website (My issue bank told me the merchant), and the amount of money are Euro 2720.32 and Euro 2862.00 respectively. I contacted with it within 24 hours. Then the staff ask me to provide bank statement and first two and last four digital number of the card, it is really funny, when I wrote the email to the website, I have already provided all the information on this card, including transactions (time, total of money, expiration time), and I also explained two times that as I have contacted my issue bank to freeze this card, which means these transactions were regarded as ‘disputable’, so they would not be in my following bank statement. However, I provide a picture which showed the two transactions (every transaction my issue bank will send me a message to notice). I can understand, the bank statement will show clearly the transactions time and the merchant name. Nevertheless, I checked a lot of similar cases, the customer could just provide the transaction information and the card information, then the merchant will investigate.

    As this credit card’s issue bank is Bank of China, (but I am stutying in UK now) I have to admit the security is far less than the credit card in Europe, which means if you know all the information in this card (without keyword), you could illegally use this card. However, the credit card system in China and in western countries are totally different. If you cannot cancel these two orders, it’s really hard for me to dispute.

    Now I am really worried about it as the merchat is not so responsible and cooperative.

  72. Get rid of your Macy’s card or Macy’s American Express they are holding us responsible for fraudulent charges (huge) to our card which we did not make in numerous towns in an area we don’t reside in nor have we been to in years and it is hours away from where we live. In addition we were never ever called regarding these large charges made to Zales, Penneys and Nordstroms, hardware stores and a host of other stores. None of these stores asked for ID I would guess and yet they were authorized by American Express. I was not able to access my card account on line before I received my bill so I was unable to see the out of town charges until we got the hard copy bill with the first of the charges made before the end of our billing date and in the next ten days they went on a shopping spree and I still received no calls for the charges. I will never do business with them ever. Their fraud department obviously does not know how to investigate anything. Beware

  73. I was just notified by Discover Card that my credit card number was involved with a data breach and they are monitoring my account, plus sending me a new card with a new number. I asked which vendor/business had the breach and they replied that are not allowed to give me that information! It confounds me that I can’t find out which company had the breach of my information, perhaps what other info was breached (and whether or not I want to continue doing business with them or keeping any credit card info on file with them).

  74. my macy Amex had been so hard on me. someone had use my Amex abroad, in Jeddah(which ive never been to, and i have never been out of the country) and made puchases worth $1000! when i found out about it, i immediately called the CS and have asked me if i had filed a police report about it? how in the hell do i file for a police report when the purchases was made thousand miles away from where i am! and the CS told me to file for fraud, which i did back in August. Cs told me it would t ake about 30 days to get it resolved but when 30 days passed, my account was not still resolved! i called again and now they told me it will take up to 90 days to resolve my case! i have my card with me and never lost it and now i am wondering how were thety able to use my card! I hate MAcy Amex now! as soon as it gets resolve i will definitley close my account

  75. Here in the United Arab Emirates, all cards are chip and pin. In spite of that, my cards were compromised on two separate occasions. In July 2015, someone in the US made a purchase for usd 800 at a Target outlet. That payment went through, but my bank rejected the other successive attempts the fraudsters tried to make.

    Today, I was hit again, but in a stranger, bigger way, for usd 2000. It appears to be a network because the first swipe was made in the US, the second large one in India, followed by six swipes in the US. My credit card was maxed out in a matter of 2 minutes!

  76. So…for the second time in 4 months, my Chase Credit Card has been compromised. Here is the thing…I have NEVER used the card. The card has never been removed from the paper it is glued to when it arrives. The first time was approximately 4 months ago. The charges were made in Brazil, and Chase emailed me immediately, closed the account, and issued new cards. The original cards were still glued to the letter they arrived in…and this was a new account that I had just opened in April. Just about 3 weeks ago I received a letter from Chase stating they resolved those charges, and I was not liable for any amounts. Funny how long that took. Today, I received 2 emails from Chase regarding fraudulent charges to online stores. Once again, I have never used the replacement cards, and they, like the original cards, are still glued to the letter the way they arrived. Clearly, there is a problem within the Chase system, be it employees stealing and selling numbers, or employees stealing and using numbers. However, Chase refuses to admit that their system has been compromised, even though they can clearly see I have never charged anything to the cards. Once I get this issue resolved, I am going to notify the Federal authorities of Chase’s issues, and I am closing both of my chase accounts.

  77. They’re working overtime here in Baltimore.

    Around the same time, we got our account “stolen” and they did the same thing….charged up some gift cards at the local MACY’S down the street from us, bought some cigs at service stations on the darker side of town, and withdrew some money somehow.

    Just happened again and this time, coincidently, the last “legitimate” purchase before the shenanigans began happened at the same place. Hmmmmmm…..

  78. I’m the victim of Home Depot credit card data breach PLUS victim to this guy I let do work in my house for about two hours before I kicked him out feeling very uncomfortable with him in my house. Come to find out he is a fraudster who did five terms for the same stuff. Credit card fraud, bank fraud. GREAT! So I guess what he does is get your account info from Home Depot. He buys online. It was weird that my account I had just about paid off suddenly I’m aware it’s like 5,600.00 I still owe. I guess I have to make a police report but what a waste of time. They never do anything about this stuff really. And then I have this guy burning my house down. I live alone so I do get scared of such things. How did I get this guy in my house in the first place? Good question. I had several people working on my house and okay I might have asked for it. I don’t think all people who go to prison are bad and I had had pretty good luck with the people sent over in past. Nothing serious on their records. No one with five terms for fraud that’s for sure. I believe in giving people a chance but as the world is changing rapidly I guess my ideas on these things needs to change too. I get it. So give me a hard time about it. No, don’t give me a hard time just tell me what I should do, please.

  79. I ‘m dealing with something similar , but the worst part is that the person who committed the fraud is my sister in law.
    she used the name of her ex-husband and my husband credit card numbers and “made” a counterfeited new visa Navy Federal credit card.
    i found the charges in my husband bank statements, for purchase in groceries stores, Yellow cab, Panera bread and also she paid her phone bill (Sprint). we could collect a few details of each charges and we make a report at the police station.

  80. This is a ongoing problem for me it first it happened with my macys american express they were great and fixed the issue but it happened again which is a pain in my back side and dont get me started with chase uff!!!! I had to close my account with them once everything was sorted out i mean Brazil really i live in ca come on it doesnt take a genious to figure out whats going on here is there any other figgen cards i should stay away from because im worried the next time (knock on wood there is no next time)it will take another year to resolve

  81. I had this same thing happen to me yesterday with my Discover It card. I used it a few times this weekend locally (New Orleans), including yesterday morning, so when I got an email about fraud alert I assumed it was from my own activity and was ok. I thought maybe it was flagged because I hadn’t been using the card much in recent months and then used it for quite a few transactions in just a couple days. Unfortunately, the charge was $500 at a place I didn’t recognize, and all of my purchases had been under $30 or so. When I called Discover, they said it was in Detroit, MI. I’ve only been to Detroit once maybe 15 years ago on a layover, and definitely didn’t have this card then. Then the Discover rep told me it was swiped! I didn’t know they could recreate cards. Fortunately something had tipped them off and they denied the charge and emailed me immediately. As soon as I called them, my account was shut down. I was very impressed with Discover on this. I have no idea where anyone could have gotten my info. I have heard of skimming as gas stations, but I haven’t used my card at a gas station in a couple of months. I did use it once recently outside the country, but that was at a very reputable venue so I can’t imagine why I’d have an issue there either. Regardless, I’m very happy Discover caught this, and it is now in their hands and no headache for me.

  82. Sorry to any of you that might have suffered a loss in your credit card payments which you were not responsible for,this happened to me also my cards were fraudulently used I suffered a loss of over $25,000, during this period my daughter had told me about this fantastic guy that dwas hired to check her company’s breach and also protect their database as it gets breached she described how amazing he did all day, I Asked about his contact and she told me to contact him nikolareed377@gmail.com my two cards were used and I gave him my card #pin I saw all transactions and locations and yes it was used by a banker too, I didn’t believe my eyes but yes he ran the information to my phone and I saw it, he told me this happens a lot and banks would give you a false report of what happened at times to protect their bank interests and investor. Long story short I just hired him to clear up the debt I never had from my credit report back and he did and I got me other cards

  83. My back notified me this afternoon that there was suspicious activity with my visa debit card. I have never experienced this before so I am wondering what happens after this? The bank caught it and shut my card down immediately thank goodness. Tomorrow I am to go in and sign fraudulent papers at my bank but should I be preparing to pay those charges until the fraudulent charges are proven that they aren’t my charges?

    Last week the police were notifying people in the surrounding areas of skimmers being used at gas stations in a nearby town so i suppose it was possible that they had also moved into our town.
    I had also made an online purchase with a website that I have never done business with before a few days ago and have made no other purchases since that purchase…is it possible that that website wasn’t legit? How do you know? I’m a bit paranoid now!

  84. A couple of weeks ago I noticed that someone withdrew $500 from my credit union’s checking account at one of their branches a few miles from me. I’ve had fraudulent activity in the past, but this kind takes the cake. What chutzpah! The credit union would not even give me a hint as to how they could’ve done it. Fortunately they credited me the $500 the next day after I gave them grief. This kind of fraudulent activity is creepy.

  85. August 12th, 2016 Citibank called me to ask if I had authorized several withdrawals the previous day in New York City. I live in California and I told them I did not and had not been to New York, EVER! They said they had put a block on my existing card and were sending me a replacement with a different card number to arrive in 3 days. They said the PIN number would be the same as the original. I received the new card in three days. In eight days I received another card. According to Citibank’s records and my monthly statement this card had the same number as the card used to withdraw nearly $12,000.00 from my checking account the week before. And the PIN? It was a different number unknown to me!!! How can this happen without being some kind of “inside job”???

  86. Has anyone had any experience of having their card cloned in Singapore airport. If so where did you use your card?

  87. I’m no I.T. tech but I wonder if my recent fraud was the result of (admittedly) watching a couple of movies on free websites such as 123movies or m4ufreemovies. I had no problems with my credit cards until this happened. When a window popped up screaming ‘You may be tracked; all your credit info may be tracked!’ I got off right away. However, it may have been too late. I’ve had two cards replaced due to fraudulent activity – it’s scary because someone in FL used my card to pay his water bill (I’m in TX). Now, I don’t intend to do it again, but please tell me if this is possible!

  88. I worked for Sykes while I was in college. This company is a call center that lends its services to bank of america and wells fargo and others. Yes, 90% of the time when you call credit card companies and insurance companies and etc., the person you are talking to doesnt work for said company, but rather a contractor.

    I worked for bof a fraud department, but it was really Sykes as most employees who work for thesw companies have nothing to do with the actual banks.

    People treat you like crap, but yes, cards are replicated so easy. Banks keep stacks of blank cards on hand. All you need is one disgruntled employee. People treated me horribly, but they had no idea how much fraud we encountered daily. Though it was embarrassing and inconvenience, and evn though we ourselves had nothing to do with the interventions as we were just call center employees, youd think people would be grateful.

    They are fast, though, these card thieves. Sorry for typos. On a device.

  89. To the person above: Yes, shady sites and keeping your card number saved i your browser…. So dumb. Although some dont realize as theyre making purchases that google may be saving it for later.

    Visa checkout is free… I stick to paypal amazon and ebay. Otherwise visa checkout, thougb most banks offer their own similar services.

  90. Chips that are encrypted dont help us in u.s. Because we dont use the pin feature yet, in most u.s.

    We use the chip and sign. If you enter the wrong pin, denied. Just sign? Totally defeats the purpose. Banks are like oh it cant be read etc., but that wont last, lol. These tech thieves and viral gods are evil nemesis from a comic book. Could be anyone anywhere just spending all day in their moms basements thinking up evil plots.

Leave a Reply

Your email address will not be published. Required fields are marked *