Sorting a few things out after credit card theft.
July 29, 2011 6:04 AM Subscribe
It appears that my credit card number was recently compromised. I check my statement very regularly, so I noticed the unauthorized charges as soon as they happened. I'm not particularly worried about it since disputing the charges is a trivial matter, and I've seen others go through the process before. The CC company has already overnight-shipped me a new card with a new number, and has credited back the fraudulent charges. But I am curious about a couple things:
1) Is there any way for me to figure out how this happened? I do have a PSN account, which I have barely ever used, and in fact I don't think I even have a payment account linked to the PSN account. How do I know who, or which company, has compromised my information?
2) Should I be worried about more serious identity theft? I try to remember to check my annualcreditreport.com once a year. Is there a recommended amount of time now that I should wait before I check it this year? In other words, do I need to allow the thieves time to "do something" before I check it, or should I look into it right away?
3) The pattern of charges on the card is kind of weird. They seem to all be for wireless data service providers...MetroPCS, Sprint Wireless, and a couple others I've never heard of, all in ~$40-100 charges. Just out of curiosity, what's the deal with this? I always assumed that a stolen credit card would be used to make large purchases right away. Why all random wireless service companies? Is the thief really just buying prepaid cell phones?
1) Is there any way for me to figure out how this happened? I do have a PSN account, which I have barely ever used, and in fact I don't think I even have a payment account linked to the PSN account. How do I know who, or which company, has compromised my information?
2) Should I be worried about more serious identity theft? I try to remember to check my annualcreditreport.com once a year. Is there a recommended amount of time now that I should wait before I check it this year? In other words, do I need to allow the thieves time to "do something" before I check it, or should I look into it right away?
3) The pattern of charges on the card is kind of weird. They seem to all be for wireless data service providers...MetroPCS, Sprint Wireless, and a couple others I've never heard of, all in ~$40-100 charges. Just out of curiosity, what's the deal with this? I always assumed that a stolen credit card would be used to make large purchases right away. Why all random wireless service companies? Is the thief really just buying prepaid cell phones?
Best answer: 1) you don't. you can't. Few states have laws that force companies to tell their customers (you) when their systems are compromised, and even if there are no laws stating that I doubt you're going to get anywhere with calling up your bank and asking if their network has been attacked and your specific number was stolen.
2) nope. It's a big deal, but it's also not. Nobody is specifically after you, they're just going down numbers on a list and when one fails they move on. Just chalk this up to the times we live in today.
3) general plan of action is make small purchases because people are less likely to notice an extra 40$. If they're able to pull off those for a few months then the ante is upped and you might have seen a 400$ charge. It's just a risk/reward thing: they have your card, how much can they charge in how quick a time before someone notices.
It's basically all just a shit-storm that we have to deal with. That being said, if I were you I would be asking my bank (assuming your CC was through one) why they didn't notice multiple charges like this. Usually these actions are done states away as well, so if you're rockin out in Seattle and someone is charging pre-paid phone cards in Atlanta then they should have noticed this immediately. If this is the case and they did not notice I would switch to someone who does.
posted by zombieApoc at 6:12 AM on July 29, 2011
2) nope. It's a big deal, but it's also not. Nobody is specifically after you, they're just going down numbers on a list and when one fails they move on. Just chalk this up to the times we live in today.
3) general plan of action is make small purchases because people are less likely to notice an extra 40$. If they're able to pull off those for a few months then the ante is upped and you might have seen a 400$ charge. It's just a risk/reward thing: they have your card, how much can they charge in how quick a time before someone notices.
It's basically all just a shit-storm that we have to deal with. That being said, if I were you I would be asking my bank (assuming your CC was through one) why they didn't notice multiple charges like this. Usually these actions are done states away as well, so if you're rockin out in Seattle and someone is charging pre-paid phone cards in Atlanta then they should have noticed this immediately. If this is the case and they did not notice I would switch to someone who does.
posted by zombieApoc at 6:12 AM on July 29, 2011
Best answer: I'm sure you know that annualcreditreport.com gives you a free credit report from all three agencies--but you don't have to check all three agencies at once. So you can check Equifax now, Experian three months from now, and Transunion three months after that, to give yourself a wider net of time to make sure everything's still kosher.
posted by litnerd at 6:15 AM on July 29, 2011 [4 favorites]
posted by litnerd at 6:15 AM on July 29, 2011 [4 favorites]
Best answer: I've had this happen to me a couple of times (including once with a debit card instead of a credit card!) so here's my experience.
1) Nope. It could have been a skimmer, it could have been a sketchy waiter, it could have something to do with PSN, it could have been almost anything. In a way, it doesn't matter, since no matter what you do to prevent the situation that caused this time, new techniques are evolving. Just continue paying close attention to your statements.
2) Probably not. I check my annualcreditreport.com reports the way litnerd recommends, so every quarter I'm pretty confident in the state of my credit reputation. Waiting a whole year makes me nervous. You might be eligible for an additional free report due to this situation but I'm not sure about that.
3) Prepaid cell phones can be used for all sorts of things you wouldn't want traced to you, and once they're "paid for" the minutes are yours and can't be taken away. They can be easily sold to others. Also, small charges are less likely to be noticed right away, and thousands of people use those services so it's more likely that they'll get away with those kinds of charges for longer. In addition to your card they probably had a dozen other numbers, so when you think about the scale they're on, it's a pretty good scam.
posted by peanut_mcgillicuty at 6:30 AM on July 29, 2011
1) Nope. It could have been a skimmer, it could have been a sketchy waiter, it could have something to do with PSN, it could have been almost anything. In a way, it doesn't matter, since no matter what you do to prevent the situation that caused this time, new techniques are evolving. Just continue paying close attention to your statements.
2) Probably not. I check my annualcreditreport.com reports the way litnerd recommends, so every quarter I'm pretty confident in the state of my credit reputation. Waiting a whole year makes me nervous. You might be eligible for an additional free report due to this situation but I'm not sure about that.
3) Prepaid cell phones can be used for all sorts of things you wouldn't want traced to you, and once they're "paid for" the minutes are yours and can't be taken away. They can be easily sold to others. Also, small charges are less likely to be noticed right away, and thousands of people use those services so it's more likely that they'll get away with those kinds of charges for longer. In addition to your card they probably had a dozen other numbers, so when you think about the scale they're on, it's a pretty good scam.
posted by peanut_mcgillicuty at 6:30 AM on July 29, 2011
1) No -- there usually isn't a way to back-trace a breach from an individual record.
2) I wouldn't be losing sleep, but I'd take additional steps to avoid identity theft since you have reason to believe your info may have been compromised somewhere. You may want to check out the FTC's identity theft site for information on setting up a fraud alert or credit freeze.
3) They're probably trying not to attract attention. Most people don't review their statements as carefully as you do.
posted by cranberry_nut at 6:33 AM on July 29, 2011
2) I wouldn't be losing sleep, but I'd take additional steps to avoid identity theft since you have reason to believe your info may have been compromised somewhere. You may want to check out the FTC's identity theft site for information on setting up a fraud alert or credit freeze.
3) They're probably trying not to attract attention. Most people don't review their statements as carefully as you do.
posted by cranberry_nut at 6:33 AM on July 29, 2011
NPR's Planet Money had an interesting podcast about the credit card black market if you want a little more insight.
posted by doctord at 6:37 AM on July 29, 2011 [2 favorites]
posted by doctord at 6:37 AM on July 29, 2011 [2 favorites]
3) In addition to the fact that smaller charges are less likely to be noticed by you, they're also (I assume) less likely to trip the automated fraud detection system used by your credit card company.
posted by phoenixy at 6:42 AM on July 29, 2011
posted by phoenixy at 6:42 AM on July 29, 2011
I had my debit card account liquidated through an ATM in Spain once. The Visa fraud protection rep assured me that the problem wasn't on their end, and that it was probably either a skimmer or a shady waiter that lifted the card informaiton. They shipped me a new card, refunded the purchases, and I kept an eye on my credit report, but overall it was a surprisingly painless process. I'd expect the same if it happened again.
posted by craven_morhead at 7:37 AM on July 29, 2011
posted by craven_morhead at 7:37 AM on July 29, 2011
I wonder if (3) isn't a behavioral thing as well. Remember how we all learned that the classic use case for banks doing credit card fraud detection was a bunch of charges showing up at a gas station because the first thing crooks tended to do was fill up their and their friends' cars? I could easily see "pay your and your friends' phone bills" as another of these patterns.
posted by mkultra at 7:49 AM on July 29, 2011
posted by mkultra at 7:49 AM on July 29, 2011
The purchases were probably pre-paid phone cards, which are a good way to convert stolen money into another form of currency that can be traded, sold, or used.
posted by blue_beetle at 7:51 AM on July 29, 2011
posted by blue_beetle at 7:51 AM on July 29, 2011
I've purchased pre-paid phone cards on Ebay at a much lower price than retail and always wondered how they could offer them so cheap.
posted by Dragonness at 7:55 AM on July 29, 2011
posted by Dragonness at 7:55 AM on July 29, 2011
My # was stolen last year when a hotel's reservation website was hacked.
posted by brujita at 8:09 AM on July 29, 2011
posted by brujita at 8:09 AM on July 29, 2011
My number was stolen when I purchased an international book to save money for a graduate school course. I suspect the purchaser sold the credit information. The credit card company found the problem quickly. It is my understanding those that steal credit information run small purchases to check their information is correct and that you have a line of credit usable. For instance, they will run a small donation to places like the red cross and such.
I routinely check our credit reports. However, I was so glad that our credit was frozen when this went down. I would encourage you to freeze your credit. It was a hassle when we went for a small car loan, but nothing compared to the reassurance our credit is frozen.
Regarding annualcreditreport.com - Clark Howard suggests pulling your report one from each bureau separately every 4 months. It is an inexpensive way to monitor your reports for free because you are only pulling one from each of the three bureaus annually.
posted by BuffaloChickenWing at 8:52 AM on July 29, 2011
I routinely check our credit reports. However, I was so glad that our credit was frozen when this went down. I would encourage you to freeze your credit. It was a hassle when we went for a small car loan, but nothing compared to the reassurance our credit is frozen.
Regarding annualcreditreport.com - Clark Howard suggests pulling your report one from each bureau separately every 4 months. It is an inexpensive way to monitor your reports for free because you are only pulling one from each of the three bureaus annually.
posted by BuffaloChickenWing at 8:52 AM on July 29, 2011
1) you don't. you can't. Few states have laws that force companies to tell their customers (you) when their systems are compromised, and even if there are no laws stating that I doubt you're going to get anywhere with calling up your bank and asking if their network has been attacked and your specific number was stolen.Uh, what? According to wikipedia most states have security breach notification laws. According to this PDF pretty much every state has some law, with most with civil/criminal penalties for a failure notify. So... what are you talking about?
Why wireless? My guess is that whoever did this wanted to get online in an untraceable way. A cellphone with a wireless plan, paid for with a credit card that's not yours would be a great way to do that.
Also, there are credit monitoring services out there that will, for a free let you access your credit report online in basically real time.
posted by delmoi at 10:17 AM on July 29, 2011
I would check your billing activity for any restaurant transactions...that's where a lot of credit card fraud happens, when your credit card is out of your sight.
Basically these thieves have people on the inside of restaurants and bars and they run the CC through credit card scanner that they run the cc's through and it remembers your data from the magnetic stripe.
posted by BobbyDee at 12:10 PM on August 12, 2011
Basically these thieves have people on the inside of restaurants and bars and they run the CC through credit card scanner that they run the cc's through and it remembers your data from the magnetic stripe.
posted by BobbyDee at 12:10 PM on August 12, 2011
This thread is closed to new comments.
posted by leslies at 6:10 AM on July 29, 2011