Credit card number stolen! How do I protect others?
January 14, 2009 9:33 AM Subscribe
My credit card number was stolen! How do I determine the most likely culprit (or at least how they did it) and try to ensure it doesn't happen again either to me or to someone else?
posted by attercoppe to Computers & Internet (13 answers total) 2 users marked this as a favorite
I have a relatively new credit card. It lives in my pocket, I have never handed it to anyone else or given out the number except as described below. I've used it twice at the grocery store, swiped it myself. On 10 January I placed an order through a website, on 12 January they ran my card, and early this morning (14 January) I got a call from the fraud department of my credit card company. Someone had made three small (>$10) purchases with my card. The purchases were dated today, 14 January. (Capital One was right on top of it!) Classic fraud flag, the thief checking the card works with small purchases before using it for something big. I confirmed I did not make those purchases, I won't be liable, that number is cancelled and they're sending a new card. No problem there. The question is, how did someone get my card number? The only answers that make sense to me are (in order of likelihood):
1) The website I ordered through has been hacked;
2) Someone at the company I ordered from stole it;
3) Someone in my building, no more than two apartments away, has been sniffing my as-yet-unsecured wireless router (dumb, I know) and got it.
I rate #3 as pretty unlikely given my neighbors. I'm on the third floor, far from the street and parking lot, and it's cold here - a random wardriver/walker is even more unlikely.
I let the company I ordered from know about this. Of course I was speaking to a lowest-level CS rep, and she seemed pretty sure that couldn't ever happen - "We've never had a problem with that before." Then again, she seemed to think I was implying a #2 scenario, that an employee there was responsible.
Am I reasonable in thinking this was a failure of security either with the company website, or within the company? Should I call back and ask to speak to someone as high up as I can get? How likely is it that their website is compromised, and that they don't know, or haven't told the majority of their employees?