Failed Credit Card Fraud?
July 15, 2010 8:25 AM
Why did someone use my credit card information to make a fraudulent online purchase, but then have the goods shipped to me?
I came back from having been out of the country to find an $800+ charge on my credit card from an online store I had never heard of. There was also a $1 temporary authorization from the Microsoft Store (which I had also never used) which I think was probably a test to see if my credit card information was valid. I called up and reported it as fraud to my credit card company, and they canceled the card and removed the charge.
That's all pretty normal, but the weird part is that the item that was purchased was actually sent to me at my address. Since I was out of town the delivery attempts failed (it was apparently shipped with a requirement that it could only be signed for by a someone with a valid ID at least 21 years old), but I went to the FedEx location, verified that it was the $800 thing I didn't buy (it turned out to be a camera lens) and refused to accept the package. So at this point the charges have been reversed and the online store has their camera lens back.
What was the point of all that? Was the person trying to use my credit card just inept or is there some sort of scam I don't know about that involves shipping the merchandise to the victim?
I came back from having been out of the country to find an $800+ charge on my credit card from an online store I had never heard of. There was also a $1 temporary authorization from the Microsoft Store (which I had also never used) which I think was probably a test to see if my credit card information was valid. I called up and reported it as fraud to my credit card company, and they canceled the card and removed the charge.
That's all pretty normal, but the weird part is that the item that was purchased was actually sent to me at my address. Since I was out of town the delivery attempts failed (it was apparently shipped with a requirement that it could only be signed for by a someone with a valid ID at least 21 years old), but I went to the FedEx location, verified that it was the $800 thing I didn't buy (it turned out to be a camera lens) and refused to accept the package. So at this point the charges have been reversed and the online store has their camera lens back.
What was the point of all that? Was the person trying to use my credit card just inept or is there some sort of scam I don't know about that involves shipping the merchandise to the victim?
Or it is possible they knew you were out of the country and were just planning to steal the package from your mailbox/door step.
posted by special-k at 8:28 AM on July 15, 2010
posted by special-k at 8:28 AM on July 15, 2010
Sorry, that might have been unclear - some websites will pull the buyer's address information automatically from their credit card provider. The online retailer clearly did that in this case and the fraudster either didn't notice or forgot to change it.
So yeah, common-or-garden ineptitude I should think.
posted by Happy Dave at 8:28 AM on July 15, 2010
So yeah, common-or-garden ineptitude I should think.
posted by Happy Dave at 8:28 AM on July 15, 2010
Yeah I'd vote they were going to steal it from your door -- but didn't know that FedEx was going to require a signature.
posted by brainmouse at 8:37 AM on July 15, 2010
posted by brainmouse at 8:37 AM on July 15, 2010
Another possibility is that they got not just your credit card number, but a bunch of them, and wanted to check if they were ok for expensive purchases before proceeding to the item they really want.
posted by flif at 8:40 AM on July 15, 2010
posted by flif at 8:40 AM on July 15, 2010
In the UK at least, many retailers will only make their first delivery to the registered card holder.
If you time it right, I have no doubt you could order something to the registered cardholder, wait a few days for funds to clear (but not long enough for the recipient to complain) and then get another package delivered to your "work" address.
posted by sodium lights the horizon at 8:45 AM on July 15, 2010
If you time it right, I have no doubt you could order something to the registered cardholder, wait a few days for funds to clear (but not long enough for the recipient to complain) and then get another package delivered to your "work" address.
posted by sodium lights the horizon at 8:45 AM on July 15, 2010
I'd second Happy and say they are idiots. Any smart thief immediately charges readily available necessaries (#1 would be gas) or fungible goods with potential arbitrage (#1 would be cigarettes). Buying an 800 dollar lens sounds like something a stoner would do, just like forgetting to change the address from the billing.
posted by Hurst at 9:03 AM on July 15, 2010
posted by Hurst at 9:03 AM on July 15, 2010
If you time it right, I have no doubt you could order something to the registered cardholder, wait a few days for funds to clear (but not long enough for the recipient to complain) and then get another package delivered to your "work" address.
I didn't figure any of this out until about a week after the first delivery attempt was made. Some people might not check their credit card balances online but getting a weird package would have tipped off pretty much everyone before I found out, and they didn't try to make another purchase after the first one.
Or it is possible they knew you were out of the country and were just planning to steal the package from your mailbox/door step.
It's unlikely that any random person would have known I was going to be out of the country that week, it was a last minute thing and there were no obvious signs that I had even left when the charges were made. And anyway if someone was going through the trouble to steal it from my porch I would think they would have seen the failed delivery notices on my door and decided on some sort of Plan B to use the card before I found out.
posted by burnmp3s at 9:11 AM on July 15, 2010
I didn't figure any of this out until about a week after the first delivery attempt was made. Some people might not check their credit card balances online but getting a weird package would have tipped off pretty much everyone before I found out, and they didn't try to make another purchase after the first one.
Or it is possible they knew you were out of the country and were just planning to steal the package from your mailbox/door step.
It's unlikely that any random person would have known I was going to be out of the country that week, it was a last minute thing and there were no obvious signs that I had even left when the charges were made. And anyway if someone was going through the trouble to steal it from my porch I would think they would have seen the failed delivery notices on my door and decided on some sort of Plan B to use the card before I found out.
posted by burnmp3s at 9:11 AM on July 15, 2010
I remember seeing this on a 20/20 episode there is a scam that involves shipping you the stuff. I just dont remember how it goes.
posted by majortom1981 at 9:35 AM on July 15, 2010
posted by majortom1981 at 9:35 AM on July 15, 2010
It's unlikely that any random person would have known I was going to be out of the country that week
They don't have to know you were out for a week. Most people leave the house for work during the day, which is when FedEx delivers.
All the thief has to do is check the package's shipping status, stake out your house on the appointed day and wait for FedEx to show up. Thirty seconds after FedEx leaves, they steal the package.
posted by Cool Papa Bell at 9:35 AM on July 15, 2010
They don't have to know you were out for a week. Most people leave the house for work during the day, which is when FedEx delivers.
All the thief has to do is check the package's shipping status, stake out your house on the appointed day and wait for FedEx to show up. Thirty seconds after FedEx leaves, they steal the package.
posted by Cool Papa Bell at 9:35 AM on July 15, 2010
This is going to sound idiotic, but is there any way a family member could have been using the card? I mean -- hoofbeats, horses.
posted by The Bellman at 9:53 AM on July 15, 2010
posted by The Bellman at 9:53 AM on July 15, 2010
I guess it depends on how they got the number. Did the fraud rep give you any indication? If it was through hacking or randomly guessing, then it makes sense that they tried a large purchase to see if the card was being monitored. Sometimes they might come across an account that's forgotten about (like those stands at football games that give free gear for CC sign-ups), or owned by an elderly/deceased person, which they'll then hijack and try to get as much out of as possible.
If the card is being watched by a person, then they'll catch a large purchase and claim fraud on it. If the card isn't being watched, then they know they can go ahead and do deposit transfers, or buy large, easily fencible goods. Keeping the card data as-is gives a better chance for the transaction to go through, since a mismatch in shipping address and billing address is a flag for fraud.
Basically: get a huge dump of card numbers. Try increasingly risky purchases. Start with 1$ at an anonymous online retailer, advance to larger purchases to the billing address, if it passes those tests then you're clear to change the contact info, and force through money-transactions.
That's not authoratative by any means, but is my best guess.
If it was obtained by someone cloning the card at a restaurant, or an ATM skimmer, or stealing mail, or something similar (like they had physical access to the card and were trying to get as much stuff as possible) then I'd say it's more likely incompetence or steal-from-the-doorstep.
Can you give us any more information as to how you think the card was compromised?
posted by codacorolla at 10:01 AM on July 15, 2010
If the card is being watched by a person, then they'll catch a large purchase and claim fraud on it. If the card isn't being watched, then they know they can go ahead and do deposit transfers, or buy large, easily fencible goods. Keeping the card data as-is gives a better chance for the transaction to go through, since a mismatch in shipping address and billing address is a flag for fraud.
Basically: get a huge dump of card numbers. Try increasingly risky purchases. Start with 1$ at an anonymous online retailer, advance to larger purchases to the billing address, if it passes those tests then you're clear to change the contact info, and force through money-transactions.
That's not authoratative by any means, but is my best guess.
If it was obtained by someone cloning the card at a restaurant, or an ATM skimmer, or stealing mail, or something similar (like they had physical access to the card and were trying to get as much stuff as possible) then I'd say it's more likely incompetence or steal-from-the-doorstep.
Can you give us any more information as to how you think the card was compromised?
posted by codacorolla at 10:01 AM on July 15, 2010
Same thing happened to my fiance. Thief ordered a couple hundred dollars worth of gym equipment and had it shipped to Fiance's home address. We just assumed that one of the neighborhood idiots was planning on driving by during the day to grab the package before the family got home.
posted by specialagentwebb at 10:04 AM on July 15, 2010
posted by specialagentwebb at 10:04 AM on July 15, 2010
The Bellman also makes a good point, and depending on your situation the simplest and most likely solution. A lot of theft happens inside of the family.
posted by codacorolla at 10:05 AM on July 15, 2010
posted by codacorolla at 10:05 AM on July 15, 2010
Just to offer a differnt, albeit unlikely suggestion - maybe someone used your credit card to make a purchase from their own personal business so that the business could profit in some way.
posted by WeekendJen at 10:37 AM on July 15, 2010
posted by WeekendJen at 10:37 AM on July 15, 2010
This is going to sound idiotic, but is there any way a family member could have been using the card?
The Bellman also makes a good point, and depending on your situation the simplest and most likely solution. A lot of theft happens inside of the family.
It seems highly unlikely. No one but me has physical access to the card (I live alone) and I only have a few relatives in the area, none of which have a history of theft or fraud.
I guess it depends on how they got the number. Did the fraud rep give you any indication?
No, they didn't really tell me anything other than that they were going to send me a new card. I use the card online and offline quite a bit, so I'm not sure exactly how they got the information. I don't get paper statements for that card so I don't think they could have gotten it from my mail, and I would think with a skimmer or similar physical capturing of the card number they would have had the problem of getting my correct billing address, which is not obvious. I do know they didn't physically have the card at the time the purchase was made, because it was in my wallet in another country.
posted by burnmp3s at 10:37 AM on July 15, 2010
The Bellman also makes a good point, and depending on your situation the simplest and most likely solution. A lot of theft happens inside of the family.
It seems highly unlikely. No one but me has physical access to the card (I live alone) and I only have a few relatives in the area, none of which have a history of theft or fraud.
I guess it depends on how they got the number. Did the fraud rep give you any indication?
No, they didn't really tell me anything other than that they were going to send me a new card. I use the card online and offline quite a bit, so I'm not sure exactly how they got the information. I don't get paper statements for that card so I don't think they could have gotten it from my mail, and I would think with a skimmer or similar physical capturing of the card number they would have had the problem of getting my correct billing address, which is not obvious. I do know they didn't physically have the card at the time the purchase was made, because it was in my wallet in another country.
posted by burnmp3s at 10:37 AM on July 15, 2010
Fraud investigator here. I would say that the online merchant probably requires an address verification to complete the sale -- they check that the billing address provided matches the address on file with the bank. Per Visa/MC rules, the merchant takes the loss if they ship it anywhere else than the verified address and it turns out to be fraud.
My guess is this: crook gives an shipping address for a maildrop in Crooksville, USA but the merchant sees the order and identfies it as risky, based on dollar amount, purchasing history, shipping location, etc. Merchant agrees to ship only to the verified billing address, and the crook says "sure, whatever" and abandons it.
On preview, the billing address and verification code could have been stolen in an e-commerce environment at the same time the card number was.
posted by Hlewagast at 10:46 AM on July 15, 2010
My guess is this: crook gives an shipping address for a maildrop in Crooksville, USA but the merchant sees the order and identfies it as risky, based on dollar amount, purchasing history, shipping location, etc. Merchant agrees to ship only to the verified billing address, and the crook says "sure, whatever" and abandons it.
On preview, the billing address and verification code could have been stolen in an e-commerce environment at the same time the card number was.
posted by Hlewagast at 10:46 AM on July 15, 2010
A few years ago someone broke into my boss's house. Thieves knew he was out of town from his kid's FB status and knew how long he was gone for. Thieves stole the card and ordered a bunch of stuff to get shipped to the house overnight. Took their time robbing the joint over a few days, also hit a few other houses but had all the goods shipped to the boss's address.
They were likely just guessing you'd be gone for longer. Did you FB status indicate you were out of the country?
posted by charlesv at 12:15 PM on July 15, 2010
They were likely just guessing you'd be gone for longer. Did you FB status indicate you were out of the country?
posted by charlesv at 12:15 PM on July 15, 2010
They were likely just guessing you'd be gone for longer. Did you FB status indicate you were out of the country?
No, and I hadn't told any of my neighbors or otherwise publicly announced that I was leaving. As far as I know there was basically no way that any random stranger could have figured out that I was gone.
posted by burnmp3s at 12:41 PM on July 15, 2010
No, and I hadn't told any of my neighbors or otherwise publicly announced that I was leaving. As far as I know there was basically no way that any random stranger could have figured out that I was gone.
posted by burnmp3s at 12:41 PM on July 15, 2010
Last time I looked at it, it was my recollection that you could verify the billing zip code, but not the address itself, and I would be surprised if it was possible for the merchant to get the address from the CC company. The way it works is you send the zip code to the processor to verify.
Merchants may store your shipping address to make it easier the next time you buy something, but I don't think they can get the address based on a card number (I could be wrong or remembering wrong, but that would surprise me a lot).
So, if you're sure you never bought anything from that merchant (or from somebody else who may use the same payment processing system like paypal?), I'd guess it must be somebody who got your address at the same time they got your card.
Shipping to your address if they could find a way to get the package would make it harder for the authorities to track down the thief. Maybe it's somebody where you bought your plane tickets. They'd know you were traveling and may have access to your card number and address. Pure speculation though.
posted by willnot at 2:47 PM on July 15, 2010
Merchants may store your shipping address to make it easier the next time you buy something, but I don't think they can get the address based on a card number (I could be wrong or remembering wrong, but that would surprise me a lot).
So, if you're sure you never bought anything from that merchant (or from somebody else who may use the same payment processing system like paypal?), I'd guess it must be somebody who got your address at the same time they got your card.
Shipping to your address if they could find a way to get the package would make it harder for the authorities to track down the thief. Maybe it's somebody where you bought your plane tickets. They'd know you were traveling and may have access to your card number and address. Pure speculation though.
posted by willnot at 2:47 PM on July 15, 2010
Thanks for all of the responses. I think the most likely explanation is that they wanted to ship it somewhere else and weren't able to, although it's also possible that they were planning on stealing it after it was delivered but didn't count on the signature/ID being required. Either way it sounds like a failed attempt at fraud rather than a more convoluted scheme that was supposed to end up with me getting the package.
posted by burnmp3s at 7:19 AM on July 16, 2010
posted by burnmp3s at 7:19 AM on July 16, 2010
This thread is closed to new comments.
posted by Happy Dave at 8:26 AM on July 15, 2010