Credit card fraud
November 1, 2005 10:50 AM   Subscribe

Sometimes stores will do mail order through their point of sale if they only rarely have mail order work. They are not really supposed to since the agreement forbids it, but if they were to get mail order agreements for the 1 or 2 mail orders a month their rates might go from 2% of the purchase price to 6% or more of the purchase price for *all* purchases.

Instead they may take a risk for the sales.

But you can't be sure unless you phone the stores and find out!
posted by shepd at 11:00 AM on November 1, 2005

Did credit card thieves somehow encode my number onto multiple fake plastic cards?

Yes. At some point when you carried out a transaction, your card was 'skimmed' by a reader and the details copied.

The readers can be so small that they can be attached to the end of a normal card swipe reader and not be noticed. Or sometimes the sales assistant (working in conjunction with the cloners, for a fee per card cloned) will swipe the card a second time in a reader with such sleight of hand that you wouldn't even see it unless you were looking for it.

The card details are downloaded by the thieves and fake cards made. Normally the cards are used for a large number of transactions over a short period of time until the legitimate owner spots them on his statement/atm balance, or unless the bank is unusually savvy and sees a pattern that's outside the norm (but the bank will usually only pick up on it if the account goes overdrawn - whilst it's operating within its normal limits the bank is unlikely to notice, the account won't be 'flagged' on the computer).

Part of my job involves investigating credit card fraud and many of the fake cards are so good that your average sales clerk would not look twice at it.

Some more info here
posted by essexjan at 11:05 AM on November 1, 2005

More likely than skimming is the possibility that your card info could have been part of the large data compromises made public this year. I work in fraud prevention at a midsize financial, and we see this kind of thing all the time. And essexjan is right, the fake cards look pretty authentic.

Do you know if the transactions were PIN-based "debit" or Visa/MC "credit" transactions?
posted by Hlewagast at 11:13 AM on November 1, 2005

When you say they were POS transactions, do you know for sure that they presented that actual card.

The store I work for will take phone orders with a credit card and ring the purchase at the front register. It rings up exactly as if you hand keyed at credit card at the register. Then when the slip prints up we write "phone order" in the signature blank.

In theory, we're supposed to call and confirm shipping addresses on phone orders (by calling the credit card company), but I know this isn't always done. Really, I mean it's rarely to never done.
posted by dial-tone at 11:48 AM on November 1, 2005

If that's what happened, I'd guess someone just got your number some how.
posted by dial-tone at 11:48 AM on November 1, 2005

When my brother stole my dad's credit card years ago, he swiped a credit card that couldn't be read through the card readers, then keyed in my dad's number and expiration date into the reader. The cashiers never asked to see the card to confirm it was the same number.

He's quite a guy, my brother!
posted by amarynth at 12:12 PM on November 1, 2005

I also work for a shop that processes mail orders on the POS terminal. I don't think it's forbidden in Australia, though. Our card reader actually gives an option for "ECOM" (ecommerce) which doesn't even bother printing out a signature line. I had no idea that this sort of thing wasn't common in the US.
posted by web-goddess at 12:48 PM on November 1, 2005

Rather than hard-wiring each POS terminal to the computer that contacts the card issuer for approval, many stores use a wireless internal connection.

The ones trying to save money don't bother with encryption and simply use WiFi. This leaves the transaction wide open for interception.

I once had my cell phone "cloned" by what I learned is pretty simple equipment. I expect that there's similar stuff that lets you sit outside the store in your car and collect credit and debit card information.
posted by KRS at 1:36 PM on November 1, 2005

KRS: You're right.
posted by Hlewagast at 1:57 PM on November 1, 2005

[Tangentially Related]
A friend of mine who works as a retail clerk recently had the surreal experience of being presented with his own debit card information by some customers.
When the card didn't scan, they urged him to enter the information in manually. Good thing he had his numbers memorized.
Didn't catch the crooks though, the sheer coincidence of the situation was enough to prevent immediate action (other than refusing to run the card, naturally). After the goons absconded he did call his bank and end up canceling his card though.
posted by ktrey at 2:25 PM on November 1, 2005

Did credit card thieves somehow encode my number onto multiple fake plastic cards?

Yes. At some point when you carried out a transaction, your card was 'skimmed' by a reader and the details copied.

Yep -- happened to me. I later learned from the credit card company investigator that my card was just one of hundreds used by an organized group that they eventually busted.
posted by ericb at 4:28 PM on November 1, 2005

« Older Massage question: can anybody ...   |   I'm looking for some soul musi... Newer »