Is this the creepiest credit card hack ever?
May 13, 2013 4:06 PM   Subscribe

Is this the creepiest credit card hack ever?

Asking for my brother: He called me perturbed and puzzled over this last night, and I am wondering if the wise hive mind has insight to this particular situation. Yesterday he came back home to a package from a department store waiting for him containing a couple of pairs of shoes, both his size. He hadn't ordered them, so he immediately called the store, who told him that someone had made the online order a week before at 6:15 pm, and charged it to a credit card that was one my brother had only recently received, used a couple of times, but never with this particular store. 6:15 last week, my brother was actually with me as I was dropping him off at the airport to catch his plane, so barring the possibility he rushed inside and made the order while waiting in the security line, it wasn't him to did it.

Other weird elements:
1. My brother thinks he actually had looked at both of these shoes before at this store, online, and had at one point placed them in his cart on his account, but never bought them.
2....but the order was not made from his account, but from a guest account.

So, he's doing all of the usual stuff: changing passwords, credit checks, notifying credit card company, but this experience was creepy and odd enough that I wanted to find out more (why did they send two pairs of shoes to him, if it was a hacker? Wouldn't that tip him off?). Anyone know about this?
posted by knmr76 to Computers & Internet (13 answers total) 2 users marked this as a favorite
Could it be an SO? We share accounts so this happens from time to time.
posted by tilde at 4:14 PM on May 13, 2013

Check the credit card records and verify that it does indeed show a charge from that store. Did they have an actual number for the credit card or just say it was a "Chase Mastercard" or something like that?
posted by yohko at 4:28 PM on May 13, 2013

Drunk/Sleep shopping? is he on any medication?
posted by pyro979 at 4:38 PM on May 13, 2013 [4 favorites]

Does he live with anyone?
posted by heyjude at 4:39 PM on May 13, 2013

This sounds like what might typically be called user error.
posted by Dansaman at 4:39 PM on May 13, 2013 [12 favorites]

Ok, may be unrelated but this happened to an elderly neighbour who was upset enough to ask us what was going on: He had received a pair of women's trousers. They were correctly addressed to him, but (obviously) not his. He hadn't ordered them.
We spent sometime speaking to the shop and explained the situation. They were reticent to give details, but it transpired that the daughter of an old friend of his had ordered a gift for him last Christmas. She'd then, recently ordered herself a pair of women's trousers, which were out of stock. The sales assistant had asked if she wanted them sent to her on-line address. She agreed. The shop had sent her trousers to a previous address she'd used rather than her-own registered address.
I'm just wondering (unlikely, given the information, but this might jog a memory) if something like that might have happened... {e.g. had he ordered something for someone else}

Had his new card been used at the store before or if your mailbox is accessible to others (who may have intercepted the mail, got the card details, and put it back in the mail)?
posted by Dub at 5:05 PM on May 13, 2013

This may not help, but I've had something similar happen to me. I was logged into my account at an online retail site, sort of "window shopping". Putting stuff on a wishlist, etc. Something really caught my interest and I put it in the cart, but didn't check out. I also didn't log out when I closed the window.

About a month later, the item I'd put in the cart arrives. I hadn't received an email confirmation or any other contact.

I contacted the store and my credit card to do a return and chargeback. The store said my credit card and security code had been used, but not from my account, and somehow it was shipped to me. They accepted the return, I was issued a new card, and life went on.

I don't know what happened. I assume it was a website/cookie/account glitch of some kind. I'm more careful about logging out of websites now.
posted by Boxenmacher at 5:08 PM on May 13, 2013 [9 favorites]

I am also going with user error on this one. But could the website tell him the IP address of whoever placed the order? If it's his IP address, then he accidentally ordered the sneakers. I did see someone on AskMeFi say someone had put a bunch of items in their Amazon cart that they had never searched for or were interested in and wondered how it happened. So I guess weird stuff can happen, but if he placed the sneakers in his cart, it may stand to reason they were accidentally ordered somehow, even from a guest account, all his address info may be auto-fill.
posted by AppleTurnover at 5:17 PM on May 13, 2013

I think it's a problem with the store's website, somewhat along the lines Boxenmacher lays out.

The shoes are sitting there in his cart awaiting final purchase authorization. Then someone else makes another purchase, and through an error, either a number transposition or perhaps even an electronic problem of some kind, their purchase completes your brother's transaction.

And then, the credit card the store had on file for your brother failed somehow, but they (the store) were able to prevail upon the credit card company to apply the transaction to his new card, and the whole thing went ahead.
posted by jamjam at 5:27 PM on May 13, 2013 [3 favorites]

Online shopping carts are often often provided by a third party, and I'm wondering if he made a purchase on the same card at another store that used the same online shopping cart system. And through some kind of glitch, when he checked out at the second store, both purchases were charged to his card.
posted by zombiedance at 6:12 PM on May 13, 2013 [1 favorite]

Worth considering is whether the store is in a different time zone.
posted by moira at 7:01 PM on May 13, 2013 [5 favorites]

A new but increasingly common ATM crime is to put a false front on an ATM that looks exactly like the real one, except it's a couple of inches thicker. When you use it, you get your cash, but the false front also records your card info and PIN for the crooks to use later.

This sounds exactly like what happened in your case.

Always look at any row of ATMS and stay away from one that sticks out further than the others.
posted by KRS at 7:12 AM on May 14, 2013

My guess is this is part user error, part bad website design. This is based on an experience I recently had. I bought a pair of eyeglasses online. I entered all the information, and then right before I was going to submit the order, I thought, "Hey! I wonder if there are any discounts or coupons for this site?" So I did a little searching, and sure enough, there was a coupon I could apply to my order. So I clicked the back button, and applied the coupon code, then submitted the actual order.

Problem was, the site decided that I had already placed my order once (even though I had never clicked "Place my order"). So when I checked my shipping status a couple days later, it showed two different shipments coming to my address. It took some persistence and careful explanation on my part to make sure I was only charged for and only received one pair of glasses.

So my theory is that your brother had them in the cart, and then perhaps closed the browser window and forgot about them. The store took that as "Oh, he *totally* wants these shoes" and sent them on their way.
posted by BeBoth at 9:15 AM on May 14, 2013

« Older Do you have advice for an MPP student ISO research...   |   I just interviewed for a job and I have no idea if... Newer »
This thread is closed to new comments.