Someone Stole My Money and I WANT TO CATCH HIM
May 23, 2007 5:12 PM
How did someone steal my Debit card number, fabricate a fake card, then get my PIN? + How can I catch them?
Today someone debited $700 from my checking account while I was at work. Fortunately, they were stopped as they reached my withdrawal limit. I have already canceled my card and logged an inquiry, tomorrow I should receive a temporary credit for the amount stolen and hopefully it'll stay there when I am found to be not liable. HOWEVER, the question still stands: How did these bastards get my card number, fabricate a fake card, then get my PIN?
And also, I happen to know the Bank and around what time the money was withdrawn (I check my account obsessively when I have a student loan payment going through, frankly, I still don't trust machines), so how do I catch these guys? I have to wait until tomorrow to file a police report, so I assume they'll write down my side of the story, but are they going to take my clues seriously?
Today someone debited $700 from my checking account while I was at work. Fortunately, they were stopped as they reached my withdrawal limit. I have already canceled my card and logged an inquiry, tomorrow I should receive a temporary credit for the amount stolen and hopefully it'll stay there when I am found to be not liable. HOWEVER, the question still stands: How did these bastards get my card number, fabricate a fake card, then get my PIN?
And also, I happen to know the Bank and around what time the money was withdrawn (I check my account obsessively when I have a student loan payment going through, frankly, I still don't trust machines), so how do I catch these guys? I have to wait until tomorrow to file a police report, so I assume they'll write down my side of the story, but are they going to take my clues seriously?
They can even fake the whole ATM machine. More details from SNOPES.
posted by saffry at 5:21 PM on May 23, 2007
posted by saffry at 5:21 PM on May 23, 2007
How did these bastards get my card number, fabricate a fake card, then get my PIN?
More likely they got your cardnumber and PIN at the same time, and then made the dupe card. I've seen local news stories about set-ups similar to the Snopes details.
Programming the necessary info into the magnetic strip wouldn't be that hard for a dedicated card duplicator. The Mythbusters were able to get their hands on the necessary equipment, software and blank cards when they were testing credit card erasing myths.
posted by CKmtl at 6:04 PM on May 23, 2007
More likely they got your cardnumber and PIN at the same time, and then made the dupe card. I've seen local news stories about set-ups similar to the Snopes details.
Programming the necessary info into the magnetic strip wouldn't be that hard for a dedicated card duplicator. The Mythbusters were able to get their hands on the necessary equipment, software and blank cards when they were testing credit card erasing myths.
posted by CKmtl at 6:04 PM on May 23, 2007
clicked Post too soon...
As for clues, you could let the cops know where you use your debit card... ATMs, stores, etc.
posted by CKmtl at 6:10 PM on May 23, 2007
As for clues, you could let the cops know where you use your debit card... ATMs, stores, etc.
posted by CKmtl at 6:10 PM on May 23, 2007
My banker (whose brothers are all cops) said that more often than not your ATM card is copied by a corrupt sales clerk, who trains a camera on you and who swipes your card twice. Be cautious if you need to reswipe your card.
Also, keep an eye on your payment history. Get internet banking!
posted by gesamtkunstwerk at 6:50 PM on May 23, 2007
Also, keep an eye on your payment history. Get internet banking!
posted by gesamtkunstwerk at 6:50 PM on May 23, 2007
Sorry, I see that you do keep an eye on things. My banker told me to try and use cash at gas stations, convenience stores, or any place that is shitty to work in.
posted by gesamtkunstwerk at 6:52 PM on May 23, 2007
posted by gesamtkunstwerk at 6:52 PM on May 23, 2007
I read the question a couple times and I'm not sure that you said you knew what type of transaction it was. It sounds like you think it was an at ATM? If so, the bank should know what ATM and have security camera footage. If not, if it were an online purchase for example, the criminal wouldn't need the PIN and could easily get your card number from a number of sources, like the reswipe trick or spoofing a secure website.
When something similar happened to me, the bank gave me back the money and I assume launched its own investigation (I would guess, at least in part, to make sure it wasn't me having buyer's remorse or something). I never involved the police, but that's because it was online; if it's local, especially if there's an ATM camera or the like involved, the police might be of some help.
posted by SuperNova at 6:55 PM on May 23, 2007
When something similar happened to me, the bank gave me back the money and I assume launched its own investigation (I would guess, at least in part, to make sure it wasn't me having buyer's remorse or something). I never involved the police, but that's because it was online; if it's local, especially if there's an ATM camera or the like involved, the police might be of some help.
posted by SuperNova at 6:55 PM on May 23, 2007
I'll extend the question: how does reswiping help theives? I've never heard of this. I never use debit cards, but clerks are always reswiping my credit cards. I've never had a problem (I'm meticulous about checking my cc bills), but should I question this when it happens? How do I avoid them having to reswipe?
posted by nax at 7:08 PM on May 23, 2007
posted by nax at 7:08 PM on May 23, 2007
The cleanest way for a theif to trap your card/PIN data is a skimmer at an ATM - we find them occasionally in our ATMs, and there's a general assumption in the industry that most banks find them only 10-20 percent of the time. If a theif can successfully remove the skimmer prior to the bank detecting it, it's a simple matter to retrieve the data and press plastic. Read more here. Fake machines are much less common than just interfering with the existing card reader.
posted by ersatzkat at 7:09 PM on May 23, 2007
posted by ersatzkat at 7:09 PM on May 23, 2007
nax: The scam as I've heard it described is they swipe your card to complete the legitimate sale, then they swipe it again on a portable reader to steal your the information on the mag stripe. Your name, card number, and expiration date are all on the stripe. The only thing they would need to write down is the CCV/CCV2 code that is printed on the back of the card. They can also use a small camera (like in a cellphone) to quickly take pictures of both sides of the card.
posted by indyz at 7:42 PM on May 23, 2007
posted by indyz at 7:42 PM on May 23, 2007
Along the lines of what indyz describes: The Real Hustle - Waitress Card Cloning
posted by niles at 9:41 PM on May 23, 2007
posted by niles at 9:41 PM on May 23, 2007
I see you're in Brooklyn. A few years ago there was a ring who literally did create 'fake' ATMs that they installed around NYC. They worked just like other ATMs -- they even dispensed cash. My guess is that this is what happened, since they captured your PIN. This can also be accomplished by installing a skimmer in an ATM and installing a camera above it as described earlier to get your PIN.
To prevent this in the future, only go to bank-owned ATMs. There are plenty of these in NYC. Doesn't have to be your bank, but this will greatly decrease your chances. In some cases you'll need to swipe your card to gain entry -- they can also get your information this way (but not the pin, obviously). If a device on a door looks suspicious, walk another block and try again.
As for the waiter/waitress scam, this happens too.
posted by Atom12 at 6:10 AM on May 24, 2007
To prevent this in the future, only go to bank-owned ATMs. There are plenty of these in NYC. Doesn't have to be your bank, but this will greatly decrease your chances. In some cases you'll need to swipe your card to gain entry -- they can also get your information this way (but not the pin, obviously). If a device on a door looks suspicious, walk another block and try again.
As for the waiter/waitress scam, this happens too.
posted by Atom12 at 6:10 AM on May 24, 2007
Thanks for your help everyone. I was checking my transaction history and narrowed the possibilities to a skimmer on an ATM or (duh!) a U-Haul I rented on Sunday. Thinking about the truck rental makes it more likely than not, but I wonder: Is this method of card duplication (as the money was removed directly from my account from an ATM, needing a card and my PIN) very sophisticated? The guy behind the counter didn't seem to bright, but I really don't know about anyone else who worked there.
Atom12, where and when did these fake ATM installations take place?
posted by marxfriedrice at 6:46 AM on May 24, 2007
Atom12, where and when did these fake ATM installations take place?
posted by marxfriedrice at 6:46 AM on May 24, 2007
The guy behind the counter didn't seem to bright, but I really don't know about anyone else who worked there.
If a card duplicator has someone teach them how to do it, it wouldn't take a criminal mastermind to do it. Or, it could be that the person who skims the cards (cashier, etc) is being paid by someone else to just skim the cards. This other person takes the data then either uses the dupe cards themself, or sells them to others.
posted by CKmtl at 7:56 AM on May 24, 2007
If a card duplicator has someone teach them how to do it, it wouldn't take a criminal mastermind to do it. Or, it could be that the person who skims the cards (cashier, etc) is being paid by someone else to just skim the cards. This other person takes the data then either uses the dupe cards themself, or sells them to others.
posted by CKmtl at 7:56 AM on May 24, 2007
There are websites that are virtual marketplaces for skimmers, where you can buy the equipment, buy or sell card/PIN pairs, etc. I got curious about it a while back & hunted one of them down, I think skimmers were running about $5K (with a discount for bulk orders) & a couple bucks for card/PIN pairs. Everybody uses E-Gold for their transactions. Really all you need is the nerves to try pulling it off.
posted by scalefree at 10:47 AM on May 24, 2007
posted by scalefree at 10:47 AM on May 24, 2007
I want to say this was around three or four years ago, and the machines were scattered throughout Manhattan. They were most likely generic-looking ATMs in convenience stores and other locations where they wouldn't look out of place.
How exactly did the $700 leave your checking account? Was it a transaction or a withdrawal? If your card was skimmed (meaning, account info is stolen via swipe but they don't know your PIN) they could easily process a transaction for $700 by charging it to a dummy company that they own and operate.
If it was a withdrawal, they skimmed your card and somehow got your PIN either via a dummy ATM or probably a camera. If this happened, and you know when/where, there's a chance that the ATM they used might have had a camera on it and taken a picture of the guy.
posted by Atom12 at 11:45 AM on May 24, 2007
How exactly did the $700 leave your checking account? Was it a transaction or a withdrawal? If your card was skimmed (meaning, account info is stolen via swipe but they don't know your PIN) they could easily process a transaction for $700 by charging it to a dummy company that they own and operate.
If it was a withdrawal, they skimmed your card and somehow got your PIN either via a dummy ATM or probably a camera. If this happened, and you know when/where, there's a chance that the ATM they used might have had a camera on it and taken a picture of the guy.
posted by Atom12 at 11:45 AM on May 24, 2007
Regarding the dummy ATM thing. Yes, it happens, but it's rare. Typically the worst thing you'll experience using one of those is an exhorbitant transaction fee. It's a fairly sophisticated (not to mention ballsy) operation to pull off. It's not Ed and Frank down the street who do this kind of thing, it's the Russian mob. Skimming is a more credible threat.
Incidentally, this is one of the reasons governments are moving toward smart cards (AMEX Blue, with the gold chip on the front? That's a smart card) for ID programs. I think the UK already has smart chips in/on their passports. Chips are much harder to forge than magnetic stripe cards.
posted by Atom12 at 11:53 AM on May 24, 2007
Incidentally, this is one of the reasons governments are moving toward smart cards (AMEX Blue, with the gold chip on the front? That's a smart card) for ID programs. I think the UK already has smart chips in/on their passports. Chips are much harder to forge than magnetic stripe cards.
posted by Atom12 at 11:53 AM on May 24, 2007
This happened to me about six months ago - $500 withdrawn from my account at an ATM in Chicago. I was not in Chicago at the time and indeed had legitimately used an ATM in NYC about 10 minutes before.
The bank was good about putting the money back in my account quickly. It didn't even occur to me to file a police report or try to 'catch' anyone. The dummy ATM/camera method is one way to get a PIN; I also read a few articles like this one that asserted that some retailers inappropriately store in their databases your card info and PIN number when you enter your PIN at point-of-sale. Then those databases are hacked or stolen by disgruntled employees and the information is enough to make a fake card.
posted by yarrow at 12:22 PM on May 24, 2007
The bank was good about putting the money back in my account quickly. It didn't even occur to me to file a police report or try to 'catch' anyone. The dummy ATM/camera method is one way to get a PIN; I also read a few articles like this one that asserted that some retailers inappropriately store in their databases your card info and PIN number when you enter your PIN at point-of-sale. Then those databases are hacked or stolen by disgruntled employees and the information is enough to make a fake card.
posted by yarrow at 12:22 PM on May 24, 2007
How would you even know money had been stolen unless you received an overdraft notice, or until your bank statement came? I'm pretty good about monitoring my money, but even I don't check activity more than monthly. Should I?
posted by nax at 5:50 PM on May 24, 2007
posted by nax at 5:50 PM on May 24, 2007
Just a caveat: In South Africa, the banks will send you a cell phone message (SMS) for every transaction (or transactions over x amount, as you prefer) as soon as it hits the bank (or exclude night time). It's a nice feature, and you can quickly catch the false transactions. Encourage your bank to adopt this.
posted by Goofyy at 4:37 AM on May 25, 2007
posted by Goofyy at 4:37 AM on May 25, 2007
When it happened to me, I knew exactly who faked my card: I all but never used the ATM card, but one day I was out of gas and ended up at an Arco station that only accepted cash or ATM. Wanting to have a paper trail on the transaction, I picked ATM. Very soon after, someone took $300 as cash back three days running at a supermarket in Hollywood, as well as a couple of piddly purchases at Radio Shack, perhaps to see if the card was still good. I didn't find out about this for a while because my mail was being forwarded, but when I did the bank ate all but $50 of the loss.
On the phone with the bank investigator, we narrowed it down to the Arco and she said there had been a rash of these cases tied to Arco stations in LA. And now I really never do use the ATM card, and I never go to Arco! That's maybe part of why I was so mad when ConocoPhillips started destroying the 76 balls, cos the last thing I need is one more gas station to boycott!
posted by Scram at 8:12 AM on May 25, 2007
On the phone with the bank investigator, we narrowed it down to the Arco and she said there had been a rash of these cases tied to Arco stations in LA. And now I really never do use the ATM card, and I never go to Arco! That's maybe part of why I was so mad when ConocoPhillips started destroying the 76 balls, cos the last thing I need is one more gas station to boycott!
posted by Scram at 8:12 AM on May 25, 2007
This thread is closed to new comments.
posted by Brandon Blatcher at 5:15 PM on May 23, 2007