Is there any connection between these debit card theft issues?
January 10, 2013 8:11 PM   Subscribe

My friend and I both had our debit card numbers stolen within 2 days of each other. Is it possible that we can trace this back to one sketchy business and does it even matter if we can?

My friend is visiting from out of town. The day after she arrived I received an email from my bank saying that there was some fraudulent activity on my debit card. Someone had charged $200 to an online gaming company using my debit card. I called the bank and let them know that it wasn't me and they rejected the transactions before they went through. The bank cancelled that card and are sending me a new one. No biggie.

Fast forward to this evening, when my friend received the exact same email from her bank (we have the same bank) saying that she also had fraudulent debit card activity. She called and found out it was another online gaming company (not the same exact company, but very similar). The bank shut it down and we are now in the same boat.

Since she got into town, we have both used our debit cards at the local convenience store/bodega on my block. It is the only establishment where we have both used our debit cards since she got here. We don't know anything about how debit card numbers get stolen/sold, so we are wondering if we should alert the bodega or alert our bank that we suspect the information leak may have originated from the same business. We don't want to accuse anyone of anything without any real evidence, but we also don't want to let anyone off the hook for trying to steal our money. What should we do, if anything, to try to nail these suckers?
posted by Mrs.Spiffy to Work & Money (16 answers total)
A similar thing happened to my husband and I. After having the charges reversed, we tried to report it to the credit card company who said they needed a police report before they could pursue anything. We weren't able to move beyond that because the business is in a neighboring suburb to where we live, and each police department said that the other was responsible for taking the report, but you may have better luck. I think it's definitely worth pursuing.
posted by goggie at 8:17 PM on January 10, 2013

There is no way to know for sure where the debit card info got swiped from. Even if it was your transaction at the bodega that started it. It could be an employee with a skimmer, the terminals could be tampered with, their computers could be insecure and hacked, the merchant services company that processes the transaction could have leaked it, etc.

The bank has more information on who has had their accounts compromised and could do some data analysis to figure it out, and would if the losses got high enough. For $200, their investigators would cost more money hourly than their losses.

Since your money got restored, you haven't even suffered any monetary losses at this point, which is partly why the police aren't willing to do much.

The only action i would take would be cease using a debit card at that business.

You could try using your new card only there and wait a while, but then you'll just need to get another new card and annoy the bank and yourself more.

(Off topic, but a credit card may be more secure against losses from stolen card numbers, and your account is not drained immediately).
posted by TheAdamist at 8:39 PM on January 10, 2013 [1 favorite]

my friend received the exact same email from her bank (we have the same bank)
I'd give it better-than-even odds that the bank or the card processor was breached and they're not disclosing it. Usually that means huge batches of card numbers and associated data are exfiltrated by the bad guys in a single big lump.

In short, it's probably them, not you.
posted by TheNewWazoo at 9:04 PM on January 10, 2013 [2 favorites]

The bank already knows you and your friend used your cards at the same bodega. They have an entire division dedicated to detecting fraudulent transactions, and finding out the source; that's how they knew to call you. So in this instance, you do not need to do anything.


I would highly recommend using a credit card instead of a debit card for transactions like this. In this case, it was caught early and the transaction was cancelled. If it was not caught early, with a debit card, you are out $200, plus whatever else the thieves managed to get. With a credit card, you get refunded, and it becomes the bank/card-issuer's problem.
posted by jraenar at 9:07 PM on January 10, 2013 [2 favorites]

Just wanted to add a layer of watch out, a reputable bank will never send you an email with a link to click in order to give you more information about fraudulent activity.

I typically always get an automated call to the number associated with my account.
posted by phaedon at 9:08 PM on January 10, 2013 [1 favorite]

The bank already knows you and your friend used your cards at the same bodega.

That is unlikely the cause. Banks typically monitor for online and international purchases, especially in high dollar amounts. If you are in the US, online gaming falls into all three categories, and they typically use processors that show up under different names in your statement. That is probably what triggered the warning.
posted by phaedon at 9:11 PM on January 10, 2013

My state's Secretary of State web site has a page where notices about security breaches that result in personal information being exposed are posted. (Companies are mandated by law to report that here.) Maybe your state has the same.
posted by XMLicious at 9:13 PM on January 10, 2013

I also strongly recommend using a credit card. I had an AT&T phone hooked up to my debit card for automatic payments and my phone was stolen by an Armenian who racked up $3,000 in phone calls to Armenia in two days, unbeknownst to me.

That amount wiped out my checking account, and it took me several days to get reimbursed. That would not have happened if I had used a credit card.
posted by phaedon at 9:15 PM on January 10, 2013 [1 favorite]

I read an extensive series of posts by a guy who obviously worked for a credit card company and was doing "story hour" on a fraud-buster type site. One of the things he pointed out was that whenever this sort of thing happens, people compare everything they've used their card for recently and then post wild accusations to the web, but, in reality, credit and debit card numbers are often stolen in lots of a million or more from an unsecures data systems.

So it could be your local bodega but it could just as easily be the processing system of any number of different brick and mortar chain stores you've both shopped at in the last year.
posted by Kid Charlemagne at 9:19 PM on January 10, 2013 [2 favorites]

Well I think you should listen to this because it will make you feel better.
posted by bananafish at 9:22 PM on January 10, 2013 [3 favorites]

Late to the party, but yeah, the only thing I ever use my debit card for is accessing the ATM. Everything else goes on the credit card (which we keep paid off). My debit card was compromised some years back, and the theives managed to completely empty my checking account (some $4,500 at the time). Took over a month to get it all settled with the bank, in the meantime I've got bills to pay...

When it's your debit card, you're at the bank's mercy. Your money is gone, and maybe you'll get it back. When it's a credit card, you have the leverage. You can just not pay the fraudulent charges while it's being settled.
posted by xedrik at 10:47 PM on January 10, 2013 [1 favorite]

Is it possible your bank was hacked, and they have not publicized this yet? If at all?
posted by jbenben at 11:44 PM on January 10, 2013

Notify the bank of your suspicions, and why, and move on. Occam's razor says it was the convenience store, and skimming at checkouts is so easily accomplished it is ludicrous (you know those cameras on the ceiling that are trained on the cash draw ... you know what they also see!).
posted by jannw at 3:13 AM on January 11, 2013

So I've listened to some lectures from a local Chief of Police talking about his ongoing struggle with CC fraud. He's the chief of a smaller community (about 20-30k people I believe), and CC fraud is still a huge issue there, and of course it's one that's very very difficult for him to combat. He would LOVE a call from a citizen giving him these basic facts. I think it's definitely worth calling your local police and asking if they have any sort of financial crimes division, since you actually have a lead, something that's exceedingly rare. If the culprit is at the convenience store, it's also probably an employee rather than an organized thing, and I'm sure the owners would want to know one of their employees is committing CC fraud. Finally, CC fraud affects all of us. The "the bank will handle it" attitude doesn't ultimately work, because the banks make themselves whole out of our hides.

Oh, and while big financial institutions do get hacked, it's a very rare occurrence. Garden-variety skimming and getting the numbers from the card are much more common, and the "we both shopped at the same store and got defrauded in the same way" bit really stretches plausibility.
posted by kavasa at 5:28 AM on January 11, 2013

Just to add another data point, on Black Friday, I found out from my bank that my card number had been used for charges at an online gaming company as well. The transactions originated in France.
posted by emelenjr at 8:10 AM on January 11, 2013

Different country, but there was a garage round the corner from my old flat which was known to be skimming debit card numbers. The police knew about it, but they couldn't do anything as they had to actually catch them in the act. It might be worth letting the police know, but it doesn't necessarily mean they'll swoop in and arrest anyone.

It's very common to use your debit card for everything in the UK, down to a single loaf of bread at a self-service checkout, but the one time someone stole my physical card and used it, the bank refunded everything instantly. (However, we do have chip and PIN here.) I only use credit cards abroad simply because getting a stolen debit card replaced is more of a hassle (that and my credit card doesn't levy transaction fees) but the only time I've had my details actually skimmed was when using a credit card to buy a travel guide online - that was £100 at a restaurant and £200 on a website for collectable model soldiers.
posted by mippy at 9:59 AM on January 11, 2013

« Older It has been fifteen years. I can't laugh it off.   |   Is coconut yogurt a waste of money? Newer »
This thread is closed to new comments.