Tags:




Advertise here: Contact FM.


Now I'm in here every evening serving chowder and ice tea
December 8, 2008 10:23 AM   RSS feed for this thread Subscribe

How might this credit card fraud have happened?

Someone used our Visa credit card number when attempting to spend $300.00 at Abercrombie.com. Maybe they intended to buy and sell a gift voucher at a profit. The bank noticed the suspicious behavior and cancelled the card.

What's interesting is that we have never used this card anywhere. We put a balance transfer on it early this year, and then paid it off via the bank's website. It seems like the only people who would have access to the card number, let alone the expiration date, would be bank employees.

We do use internet banking, but I don't see how the culprit would have obtained the full card number even if our computer had been compromised. Only the last 4 digits are displayed on the bank's website.

Can anyone suggest how this might have happened?

This is in the USA.
posted by East Manitoba Regional Junior Kabaddi Champion '94 to work & money (13 comments total)
It's possible that the bank's security was compromised. It happens on occasion. Call your bank and ask them?
posted by Lemurrhea at 10:43 AM on December 8, 2008


Banks are hacked more than you'd think. It's not in their interest to publicise it - generally they'll just quietly reissue a bunch of cards, pay for any losses and carry on like nothing ever happened. The alternative is massive loss of consumer confidence.

I can't find it right now, but I listened to a podcast once where they interviewed a guy who stole credit card data to order for Russian spammers. Seedy stuff.
posted by Happy Dave at 10:53 AM on December 8, 2008


Is the bank obliged to report data breaches? If so is there a good list somewhere?
posted by East Manitoba Regional Junior Kabaddi Champion '94 at 11:03 AM on December 8, 2008


Someone used our Visa credit card number when attempting to spend $300.00 at Abercrombie.com. The bank noticed the suspicious behavior and cancelled the card.

The bank automatically flagged and canceled your card for a single $300 purchase? Immediately?

That smells really strange to me. If they really reacted that strongly and quickly, maybe they were actually reacting to a compromise they already knew about. As Happy Dave says, banks are hacked all the time, it's just not publicized much.
posted by rokusan at 11:08 AM on December 8, 2008


If a merchant can run a number and verify that it's yours, then presumably there's a way for a motivated thief to generate numbers and test whether they are valid. Either that, or possibly a thief figured out enough info about you to call the CC company and ask for a duplicate card, or intercepted your physical mail, or sent in a change of address notice to the company and diverted your mail.

There are lots of ways a credit card can be compromised. The credit card companies treat it as the cost of doing business, and write off the charges. I believe they only try to track down credit card fraud when it's especially large.
posted by zippy at 11:09 AM on December 8, 2008


We have a card that we've done basically the same thing with, and they would all the time be sending us those balance transfer checks, which stupidly did have our account number on them. We had to raise hell to make them stop doing that. I don't know if you had the same thing happening, but if you did, it's entirely possible that they stole your mail or went through your trash.
posted by Medieval Maven at 11:21 AM on December 8, 2008


Seconding that I get monthly paper statements plus a zillion balance transfer checks for cards even if I have not used them to purchase anything.
posted by desuetude at 11:37 AM on December 8, 2008


As far as I know, banks are not required to report data breaches (at least not in the US). They may ask for help from law enforcement if the breach is especially large or damaging. It's bad for business to publicize a breach, so they try to contain the damage rather than track and prosecute the offenders.

Although maybe that will change with all the government stakes in banks these days.
posted by kjars at 12:06 PM on December 8, 2008


The bank automatically flagged and canceled your card for a single $300 purchase? Immediately?

Well, a card that is never used, then a sudden large internet purchase sounds suspicious to me.
posted by EndsOfInvention at 12:07 PM on December 8, 2008


The credit checks or paper statements are both good possibilities.

But on the other hand, those things don't include the expiry date of the card, and it looks like abercrombie.com also requires the three digit card security code. So I suppose an unreported data breach at the bank is the most likely scenario.

I would hope to get an email or postal mail alert if someone requested an additional card or a change of address...

Thanks for your answers!
posted by East Manitoba Regional Junior Kabaddi Champion '94 at 12:18 PM on December 8, 2008


The same thing happened to me at the end of November. I had completely paid off a balance transfer and had never used the card. Indeed, I had never even *activated* the card they sent me. I had saved all of my statements since the initial balance transfer, so I know this was not a case of mail theft. I called to ask how this could have happened given the above, and was not given any clear answer, so I cancelled my account. Seems like an inside job to me!
posted by pizzazz at 12:46 PM on December 8, 2008


Individual states have developed their own requirements for a US financial institution to report data breaches to customers. Maryland, for instance, requires it - I know this because I contributed language to my company's notification plan.

As mentioned, breaches happen at banks all the time, most frequently by an individual who works for the bank and trolls for low-activity accounts to compromise.
posted by ersatzkat at 4:14 PM on December 8, 2008


I would suspect that it's more likely someone generated a "valid" card number and gave it a shot.
posted by gjc at 6:43 PM on December 8, 2008


« Older I'm looking for a digital came...   |   "No comment" on my w... Newer »
This thread is closed to new comments.