How can I staunch this indentity theft?
February 4, 2005 1:24 PM Subscribe
I had to cut up my credit card today because I definitely was not the person who charged sixty bucks for gas in Israel. What should be I be doing now to ensure that there are no other negative repercussions, in regards to identity theft and anything else that I may be overlooking. (MI)
I do a lot of online shopping, but I thought I'd been careful in my purchasing, always using established merchants (like Amazon) and using PayPal for most other purchases. My PC is not spyware-ridden, and I save all my paper statements. I'd like to know how they got my info, even if it's just an educated guess. But more importantly, what steps do I take now to protect my credit and my identity?
I do a lot of online shopping, but I thought I'd been careful in my purchasing, always using established merchants (like Amazon) and using PayPal for most other purchases. My PC is not spyware-ridden, and I save all my paper statements. I'd like to know how they got my info, even if it's just an educated guess. But more importantly, what steps do I take now to protect my credit and my identity?
One thing I do to keep my credit safe- never use an ATM that isn't attached to a brick and mortar bank (in the wall). Those little bodega ATMs get stolen and hacked all the time- they are just not safe.
posted by ThePinkSuperhero at 1:32 PM on February 4, 2005 [1 favorite]
posted by ThePinkSuperhero at 1:32 PM on February 4, 2005 [1 favorite]
Lychee, this just happened to me this weekend, so I'm there with you on this. I was told to call the three credit bureaus (Equifax [1-800-525-6285], Transunion [1-888-397-3742], and Experian [1-800-680-7289]) to let them know that I might be a victim of identity theft. They'll attach a warning to your credit report that requires them to contact you by telephone if anyone uses your information to apply for credit. I do know that the 3 companies say that they share these warnings amongst themselves, but I was told to call all three anyway.
posted by yellowcandy at 1:41 PM on February 4, 2005
posted by yellowcandy at 1:41 PM on February 4, 2005
I absolutely second everything above, but also counsel not to panic just yet -- twice in my many years of having credit cards, a weird and random charge has gone through by accident on one of my credit cards (for example, there was a bulk purchase of oysters from Fisherman's Wharf in San Francisco when I was living in St. Louis at the time), but wasn't repeated.
I was told that sometimes there's just a random error in processing the card number, particularly if the original (legitimate) charge went through on one of those increasingly-out-of-date manual credit card processing thingies (you know what I mean -- where you put the card in a plate, then a set of carbons over it, then yank the other thingy over it...). When those get old, all the numbers don't always show up clearly. (Similarly, my sister once bought several train tickets in Europe that never showed up on her account, and she always assumed that this was why.)
posted by scody at 1:51 PM on February 4, 2005
I was told that sometimes there's just a random error in processing the card number, particularly if the original (legitimate) charge went through on one of those increasingly-out-of-date manual credit card processing thingies (you know what I mean -- where you put the card in a plate, then a set of carbons over it, then yank the other thingy over it...). When those get old, all the numbers don't always show up clearly. (Similarly, my sister once bought several train tickets in Europe that never showed up on her account, and she always assumed that this was why.)
posted by scody at 1:51 PM on February 4, 2005
Lychee, keep in mind your card and what you do with it has little to do with fradulent charges. People run numbers all the time, mockup up phony cards and embed random info that may map to someone's real info, and it was nothing you did but be unlucky. Contact your credit company immediately and contest the charge.
Twice I've had my bank or a company call me to ask if I really did try to buy diamonds in Sri Lanka, and this was even for a card I never used online, only at local establishments. They wiped the charges and it was fine after that.
posted by mathowie at 1:57 PM on February 4, 2005
Twice I've had my bank or a company call me to ask if I really did try to buy diamonds in Sri Lanka, and this was even for a card I never used online, only at local establishments. They wiped the charges and it was fine after that.
posted by mathowie at 1:57 PM on February 4, 2005
Something like this generally isn't a big deal. You contact your credit card company, they reverse the charge and issue you a new card. I'm surprised they let a charge from another country through in the first place.
And cutting up the card will only prevent you from using it...
posted by neckro23 at 2:03 PM on February 4, 2005
And cutting up the card will only prevent you from using it...
posted by neckro23 at 2:03 PM on February 4, 2005
Very good answers.
The credit card company is on your side in this. Simply report it stolen, they'll send you a new card with new info and might up the fraudulent activity algorithm on your account. You will not be responsible for any charges. Don't allow them to say "it will be 7 to 10 days." Tell them you need your card now, that you are a good customer, and that they should overnight it to you. They do this, easily, upon request. Do of course request your free credit report when you are able, it is good practice in many respects.
posted by sled at 2:37 PM on February 4, 2005
The credit card company is on your side in this. Simply report it stolen, they'll send you a new card with new info and might up the fraudulent activity algorithm on your account. You will not be responsible for any charges. Don't allow them to say "it will be 7 to 10 days." Tell them you need your card now, that you are a good customer, and that they should overnight it to you. They do this, easily, upon request. Do of course request your free credit report when you are able, it is good practice in many respects.
posted by sled at 2:37 PM on February 4, 2005
They say you should not let your card out of your sight, lest someone copy all the magnetic data from it. That effectively means I can't use it to pay for a meal at the table, since the waitperson carries it off for a couple of minutes.
I have only had bogus charges on a card once, and I think it was the result of a trip I took to KY (no reflection on KYians, just that I used unfamiliar ATMs, and handed my card over in strange places.) Predictably, the charges were from a porn website.
posted by Kirth Gerson at 2:46 PM on February 4, 2005
I have only had bogus charges on a card once, and I think it was the result of a trip I took to KY (no reflection on KYians, just that I used unfamiliar ATMs, and handed my card over in strange places.) Predictably, the charges were from a porn website.
posted by Kirth Gerson at 2:46 PM on February 4, 2005
Taken from a /. story:
http://yro.slashdot.org/article.pl?sid=05/01/13/0017222
Following are steps each of us should take to minimize the likelihood of ID theft from this, or any other similar incident.
- Contact any of the three major credit bureaus to place a fraud alert on your credit file. The fraud alert advises new and potential creditors that they should contact you before opening any new accounts in your name. Additionally your existing creditors are advised that they should contact you prior to making any changes (e.g. credit limit change) in your account. Once you notify one credit bureau, the fraud alert will be sent automatically to the other two. All three bureaus will send you credit reports free of charge once they receive the fraud alert. The three credit bureaus can be contacted as follows:
Transunion
1-800-680-7289
www.transunion.com
Equifax
1-800-525-6285
www.equifax.com
Experian
1-888-397-3742
www.experian.com
- Continue to check all your accounts on a regular basis for unusual activity.
- The Federal Trade Commission Identity Theft Hotline gives a good overview of what to do when you think your information may have been stolen but have no evidence that it is being used. The number is 1-877-438-4338. Press #3. The Federal Trade Commission also has a website with extensive information about identity theft at www.ftc.gov/idtheft.
posted by krisjohn at 3:07 PM on February 4, 2005
http://yro.slashdot.org/article.pl?sid=05/01/13/0017222
Following are steps each of us should take to minimize the likelihood of ID theft from this, or any other similar incident.
- Contact any of the three major credit bureaus to place a fraud alert on your credit file. The fraud alert advises new and potential creditors that they should contact you before opening any new accounts in your name. Additionally your existing creditors are advised that they should contact you prior to making any changes (e.g. credit limit change) in your account. Once you notify one credit bureau, the fraud alert will be sent automatically to the other two. All three bureaus will send you credit reports free of charge once they receive the fraud alert. The three credit bureaus can be contacted as follows:
Transunion
1-800-680-7289
www.transunion.com
Equifax
1-800-525-6285
www.equifax.com
Experian
1-888-397-3742
www.experian.com
- Continue to check all your accounts on a regular basis for unusual activity.
- The Federal Trade Commission Identity Theft Hotline gives a good overview of what to do when you think your information may have been stolen but have no evidence that it is being used. The number is 1-877-438-4338. Press #3. The Federal Trade Commission also has a website with extensive information about identity theft at www.ftc.gov/idtheft.
posted by krisjohn at 3:07 PM on February 4, 2005
Response by poster: Great, thanks everyone! The credit card company called me actually, and the charge was posted today (in Israel), so I'm glad they were quick on the draw and contacted me so soon. A new card was issued and I won't be held responsible.
Looks like I'll be contacting the credit bureaus. Besides being extra vigilent, it sounds like this won't be like one of those dreaded 20/20 reports where my bank accounts are suddenly empty and some random thief is tooling around the Middle East in a brand new car.
posted by lychee at 3:46 PM on February 4, 2005
Looks like I'll be contacting the credit bureaus. Besides being extra vigilent, it sounds like this won't be like one of those dreaded 20/20 reports where my bank accounts are suddenly empty and some random thief is tooling around the Middle East in a brand new car.
posted by lychee at 3:46 PM on February 4, 2005
If you are interested in reporting this to the police in Israel, you can give their headquarters a call at +972 2 5308444. They should have English-speaking representatives. They have a website, but it's Hebrew-only, unfortunately.
posted by ori at 6:42 PM on February 4, 2005
posted by ori at 6:42 PM on February 4, 2005
Don't even use your credit card in Kentucky. We have cleverly linked every Gas-n-Sip, Tabacco Hut, and BBQ Joint to a distributed network that strips your magnetic data for use in bulk Sudafed and ammonia purchases to manufacture meth. Then we download some porn while the meth is cooking.
Never let your card out of your sight when in Kentucky. Not even in your wallet!!! Place globs of fun-tac on your dashboard and stick all of your credit cards there so you can keep an eye on them. But when you drive past a weigh station (with those creepy sensors hanging over the interstate), first place each card in a Tyvec, static neutral sleeve. Then place the sleeved cards in a magnetically sheided bag. At the next exit, leave the interstate and use each card to make a minor purchase to verify that the card has not been corrupted and to establish your legitimate location.
Seriously, most of the comments have been absolutely correct, I would just emphasize to memorialize all communications with the credit card company in writing. Even if it seems like everything was taken care of on the phone. Most credit card agreements specificy that the only communication that is binding is in writing.
posted by seajay at 11:11 PM on February 4, 2005
Never let your card out of your sight when in Kentucky. Not even in your wallet!!! Place globs of fun-tac on your dashboard and stick all of your credit cards there so you can keep an eye on them. But when you drive past a weigh station (with those creepy sensors hanging over the interstate), first place each card in a Tyvec, static neutral sleeve. Then place the sleeved cards in a magnetically sheided bag. At the next exit, leave the interstate and use each card to make a minor purchase to verify that the card has not been corrupted and to establish your legitimate location.
Seriously, most of the comments have been absolutely correct, I would just emphasize to memorialize all communications with the credit card company in writing. Even if it seems like everything was taken care of on the phone. Most credit card agreements specificy that the only communication that is binding is in writing.
posted by seajay at 11:11 PM on February 4, 2005
I had a similar thing happen to me a year or two ago (the vendor actually called me up to confirm payment, and read out all my details to me).
I'd always been careful with my details, so my only explanation was that one of the small-but-reputable dealers I'd dealt with had been hacked and had their customer details stolen.
The biggest problem I had was that I got charges on my new credit card for fraudulent use from my old one. I don't know if this applies to you, but the banks here (UK) transfer "continuous authority" transactions, like the monthly payments for AOL, onto new credit cards. So it turned out that whoever stole my details signed up for AOL, and I got charged a few months later, when the free trial ran out.
My bank tell me that they can't guarantee that another charge won't appear, and there's no time limit. The card companies aren't always on your side...
posted by OldMansHands at 5:54 AM on February 5, 2005
I'd always been careful with my details, so my only explanation was that one of the small-but-reputable dealers I'd dealt with had been hacked and had their customer details stolen.
The biggest problem I had was that I got charges on my new credit card for fraudulent use from my old one. I don't know if this applies to you, but the banks here (UK) transfer "continuous authority" transactions, like the monthly payments for AOL, onto new credit cards. So it turned out that whoever stole my details signed up for AOL, and I got charged a few months later, when the free trial ran out.
My bank tell me that they can't guarantee that another charge won't appear, and there's no time limit. The card companies aren't always on your side...
posted by OldMansHands at 5:54 AM on February 5, 2005
This happened to me a year ago. My credit card company called to ask if I was really charging US$10,000 for jewelry from BlueNile.com. I wasn't. They then said that my new phone number didn't work. "What new phone number?" Someone had called them 2 weeks previously and changed the primary contact phone number on my account. (I called "my" new number and it was an ATT cellphone which no one ever answered.) The crook had also made two smaller charges (a dollar or two each) at Blue Nile, probably as a test to see if their numbers were all valid.
It really can't hurt to cover your ass, so here's what they told me to do. Cancel the account and have them issue you a new card with a new number. Give it an entirely new PIN. Not a bad idea to change the PINs on any other cards you might have, and any online banking passwords too.
Call *all three* credit bureaus yourself. (Even though they say they share data, they are slow about it and you will feel better knowing that each one has timely information.) Then call the FTC (this page has all you need) and report a suspected case of identity theft. Then call your local police department and file a report. This is to protect yourself, period. Call the credit card company again and give them the police report number. This lets them know you're serious and not shirking any legitimate charges.
Sit back for a couple of weeks and wait for the three credit bureaus to send you (free) copies of your records. Look these over carefully. If anything looks weird, deal with it sooner rather than later. This is a good time to close old accounts that you haven't used in years.
The police detective who handled my case (which went nowhere, because no actual money was successfully stolen) said that there are two primary ways that crooks get your info. One is restaurants, when the wait person takes your card away and copies down your name and all the numbers (including those on the back). The second way is to shoot in the dark. It's not that hard to come up with a valid card number, and it's not that hard to throw expiration dates at it until you find a match.
Take this seriously, but don't panic. I found it very disturbing that someone had enough of my info to successfully change the phone number on my account. Also, one other fraudulent charge went through that I didn't know about until I received my next statement, for someone else's credit report from Experion (for some woman in Alabama, and I strongly suspect she was either the next victim or one of the thieves). Even though I had reported the fraud to Experion, it took several months to get that charge expunged. Can't you just smell the irony?
Oh, and seajay is right. We Kentuckians are all crooks and thieves.
posted by Alylex at 7:40 AM on February 5, 2005 [1 favorite]
It really can't hurt to cover your ass, so here's what they told me to do. Cancel the account and have them issue you a new card with a new number. Give it an entirely new PIN. Not a bad idea to change the PINs on any other cards you might have, and any online banking passwords too.
Call *all three* credit bureaus yourself. (Even though they say they share data, they are slow about it and you will feel better knowing that each one has timely information.) Then call the FTC (this page has all you need) and report a suspected case of identity theft. Then call your local police department and file a report. This is to protect yourself, period. Call the credit card company again and give them the police report number. This lets them know you're serious and not shirking any legitimate charges.
Sit back for a couple of weeks and wait for the three credit bureaus to send you (free) copies of your records. Look these over carefully. If anything looks weird, deal with it sooner rather than later. This is a good time to close old accounts that you haven't used in years.
The police detective who handled my case (which went nowhere, because no actual money was successfully stolen) said that there are two primary ways that crooks get your info. One is restaurants, when the wait person takes your card away and copies down your name and all the numbers (including those on the back). The second way is to shoot in the dark. It's not that hard to come up with a valid card number, and it's not that hard to throw expiration dates at it until you find a match.
Take this seriously, but don't panic. I found it very disturbing that someone had enough of my info to successfully change the phone number on my account. Also, one other fraudulent charge went through that I didn't know about until I received my next statement, for someone else's credit report from Experion (for some woman in Alabama, and I strongly suspect she was either the next victim or one of the thieves). Even though I had reported the fraud to Experion, it took several months to get that charge expunged. Can't you just smell the irony?
Oh, and seajay is right. We Kentuckians are all crooks and thieves.
posted by Alylex at 7:40 AM on February 5, 2005 [1 favorite]
This thread is closed to new comments.
The most important thing you can do, probably to protect your identity: credit reports and make sure that you're not at any trojan sites and that your computer doesn't have spyware. They could have gotten your number breaking into a site online. More likely, I would guess your number was stolen when you used it in person somehow.
posted by skynxnex at 1:29 PM on February 4, 2005