Credit card fraud: How does it work?
January 29, 2012 10:55 AM   Subscribe

How is it that my credit cards get used by people in distant states?

Over the last few years I've had my master card used by people in far away places several times. I keep getting new cards. I don't lose them, they are still in my pocket. The charges come from the opposite ends of the country.

I'm just wondering, in general, what's happening, and am I an outlier, or is this becoming really common?

And how does it work when they have merchandise delivered? Don't they get caught?

As you can see, I don't have much of a criminal mind.
posted by cccorlew to Work & Money (11 answers total)
I'd invest in a good antivirus. They're probably getting your numbers by intercepting the data you type in when you shop online.
posted by Holy Zarquon's Singing Fish at 10:58 AM on January 29, 2012 [2 favorites]

Since it keeps happening, I'm guessing that your computer has been hacked or you use your credit cards on websites that don't have great security in place and get hacked.
posted by J. Wilson at 11:04 AM on January 29, 2012 [1 favorite]

A good first step would be to take your computer to a repair place to get totally wiped. Formatted and given a clean OS install. Since this has apparently been an ongoing problem that you've never addressed, simply installing an AV program probably isn't going to do it. Then you really need someone to walk you through some of the principles of good computing practices.

Most of the time a compromised computer has been compromised because of operator error. You'll save yourself a lot of time and money with just a little bit of education.

Identity theft is far more common than it ought to be, because its victims make themselves very easy targets.
posted by kavasa at 11:10 AM on January 29, 2012 [2 favorites]

Check your computer, but also look for what's common about how you've been using the cards. E.g., restaurants, coffee shops, gas stations. Sadly, there are places where it's a lot safer to pay with cash than to risk an employee running your card through a second skimmer.
posted by dws at 11:22 AM on January 29, 2012

The problem may not be your computer. My card was compromised in one of those little independent convenience stores that still used a dial-up verification system. Also, using a Mastercard is like flashing a big wad of cash in a bad neighborhood. Visa's debit cards have a reputation for having insufficient balances to make worth stealing.
posted by Ardiril at 11:25 AM on January 29, 2012

It can be something really stupid like the ATM at your office building. My husband's debit card was compromised twice - fake card was made in Louisiana and then in Texas - and the only place he was using the card that was terribly different than where I was using *my* card was this ATM at his office.
posted by Medieval Maven at 11:29 AM on January 29, 2012

Once a card number and basic info has been obtained, it tends to get sold. Whether it's a skimmer at an ATM, an unscrupulous waiter, or a keylogger on your PC isn't really the point - you're at risk in all those areas, and need to take precautions.
posted by SMPA at 12:02 PM on January 29, 2012

I've had my credit card number stolen twice. (Oddly enough, the one time I actually lost a credit card, no one ever attempted to use it.) In both cases, the last legitimate charge was for a room at a national chain of budget motels, separate locations each time. They use some antiquated system where your entire credit card number is printed on the charge slip; I don't know if an employee filched the number or if someone was sifting through the trash. The credit card company discovered the theft right away in both cases because of an out of pattern charge and took care of things on their end. Yeah, use cash if possible.
posted by coldhotel at 1:23 PM on January 29, 2012

I can explain why the bad guys don't get caught when the merchandise is delivered. I do e-comm. Usually the card number or the delivery is "laundered" somehow. I've been doing e-comm for 9 years and the "customer" has been outside the US 99% of the time. So wherever the card originated, the bill-to information (and usually the ship-to) is outside the country. We don't usually even bother following up. If it's international, police are not going to cooperate internationally to catch someone doing what they perceive as a petty crime. If the delivery point is stateside, often this person is a patsy themselves - they've been conned into receiving and forwarding the goods for the promise of some monetary reward (which usually doesn't come through).

In any case, the theft is usually discovered long after the goods have been shipped.
posted by randomkeystrike at 2:14 PM on January 29, 2012

cccorlew: "And how does it work when they have merchandise delivered? Don't they get caught?"

There is an underground market for these things, which allows for specialization and makes prosecution more difficult. So the person who steals your card info isn't the person who makes the charge, and they often don’t even know each other. And there's all kinds of parts of the chain you and I wouldn't think of, like verifying the balance remaining. Each market participant performs the part they're best at.

The merchandise delivered is indeed a problem. These are usually people caught in "work from home" scams thinking they're just some new import/export business.
posted by pwnguin at 2:16 PM on January 29, 2012

I have a card which has been used for one and only one thing, the automatic charges for the toll system for the Lake Pontchartrain Causeway. This card is not used online because the Causeway Commission can't process online transactions. It's taken to their office, the info recorded so the automatic charges can be processed, and the physical card stays in a safe and is never used for anything else.

It's been compromised and replaced 4 times in the last 8 years.

It might not be you. It could be a vendor, or the bank, or one of their communication channels that's compromised. Have more than one card, so that if one gets compromised you have a fallback while it's replaced, and don't sweat it as long as the CC company reverses the fraudulent charges.

And do not, under any circumstances, use a debit card for anything. There are no consumer protection laws and you're at the mercy of the bank. A coworker recently got jacked and the bank required him to get a notarized statement for EACH fraudulent charge. Getting back $4K in stolen funds cost $300 in notary fees.
posted by localroger at 2:44 PM on January 29, 2012

« Older Help me make an idea into a book   |   Help me give a horse a name in Arabic, please? Newer »
This thread is closed to new comments.