Can someone explain this scam to me?
July 27, 2013 8:31 AM   Subscribe

I received a package of 6 toothpastes from Amway at home yesterday. I didn't place this order. I called the enclosed number immediately and got myself expunged from their database. I have no desire to be involved with Amway. The order was placed by someone else, using MY credit card info (with no PIN), and sent to my address.

The amway phone rep was very confused, there was a phone number on the order that's a fake number. They cancelled the order, removed my info. Asked for a credit card number to see if there had been any charges... I told them I could find that out. And sure enough, there was a $23 charge to my debit card. That card has been used in hundreds of places.. so it's now cancelled, and the charge is voided.

But what on earth... were they hoping to get reseller credit for tiny little amway packages, hoping I'd never catch on?
posted by DigDoug to Shopping (16 answers total) 2 users marked this as a favorite
I would be much more worried that your credit card has been compromised than by why it was specifically Amway toothpaste that was purchased with it.
posted by Sara C. at 8:32 AM on July 27, 2013 [6 favorites]

Call your debit/credit card company. Explain the situation, and ask for a new card.
posted by oceanjesse at 8:33 AM on July 27, 2013 [2 favorites]

Response by poster: I did that. I'm trying to figure out what would have happened had I not noticed it.
posted by DigDoug at 8:35 AM on July 27, 2013

Best answer: A lot of times, credit card thieves will try a small purchase first, sort of as a test case: that might explain the toothpaste. The next purchase would be something bigger as they then proceed to max out your card.
posted by easily confused at 8:40 AM on July 27, 2013 [17 favorites]

TBH, my guess is that your card info was stolen and the person who used it accidentally had something shipped to your address instead of their address. As to why Amway, it could be any number of reasons, but it probably has nothing to do with you, personally.
posted by Sara C. at 8:41 AM on July 27, 2013

Response by poster: I'm watching my *other* accounts super closely now. But if people are going to order me stuff with my own money... $24 of "Glister" toothpaste sure seems like weaksauce.
posted by DigDoug at 8:46 AM on July 27, 2013

2 months ago I logged on to my credit card account. And unexpectedly saw odd charges for cell phones and other electronic gear happening before my eyes. In 20 minutes there were $15,000 in charges to my credit card through WalMart online. I was able to cancel every charge before they were actually charged to my card. Call my credit card company and they issued a new card and made sure none of those charges were going to affect my credit card.
It is amazing how these crooks can operate. The charge was from a guy in North Carolina. I live in West Virginia.
posted by JayRwv at 8:49 AM on July 27, 2013

Best answer: A lot of online companies will only deliver to the address the card is registered to for the first purchase made on that card. This is to make it harder for thieves to use stolen cards. However, a way round this for the thieves is to make a relatively small purchase, which goes to the real cardholder's address, then a minute later, order a much more expensive item or items and have it sent to an address they can actually receive the goods at.
posted by ardinno at 8:52 AM on July 27, 2013 [11 favorites]

Response by poster: Hah. So he ordered me toothpaste, and was going to order himself a crapton of other Amway stuff? I can see that happening.
posted by DigDoug at 8:55 AM on July 27, 2013

YOU got the Amway: they probably planned to order from the Apple Store or similar for themselves!
posted by easily confused at 9:51 AM on July 27, 2013 [3 favorites]

I could see someone ordering stuff on Amway with stolen cards just to boost their numbers so they could move up the sales ladder.
posted by zsazsa at 10:19 AM on July 27, 2013 [8 favorites]

The card PIN isn't used for anything except cash advances through an ATM or purchases made debit-style at a point-of-sale. Don't forget that there's a Visa or Mastercard logo on your debit card for a reason; it can be used as a credit card, one that just happens to have a "credit limit" which is dynamically adjusted to the available funds in your corresponding bank account.

If you're referring to the 3-digit (CSC, Card Security Code, with half a dozen other common names), it's not required by every retailer. Retailers get incrementally reduced rates on their CC transaction fees by gathering additional confirmation information from the buyer, such as name printed on the card, billing address (at least, street number and zip code) and CSC, but for the retailer to require more than the 15-16 digit cc number and expiration date is between them and their merchant bank.

I agree that this was probably some kind of trial transaction. It's also common for CC thieves to order stuff to your address and then try to steal it off your porch, so that may have been testing whether you are around often enough to receive the package before they can intercept it. (They'd watch the tracking.)
posted by Sunburnt at 11:19 AM on July 27, 2013 [4 favorites]

Fortunately more credit card thieves are complete dolts than otherwise, and that may apply in this case.
Once I left my credit card in a Staples store - could have been a disaster, but instead the person who picked it up only bought himself a subscription to an online dating service!
posted by Abinadab at 12:08 PM on July 27, 2013 [1 favorite]

Could also have been a deal where the guy tried to use the CC number to make a trial purchase, and then the retailer would only let it ship to the address on the card. Instead of giving up, they hit the submit button just to see what happened.

Also, it could be some rogue Amway dealer trying to up their numbers by ordering and sending stuff to people, hoping a good percentage of them will not check their balances.
posted by gjc at 12:11 PM on July 27, 2013 [1 favorite]

>A lot of online companies will only deliver to the address the card is registered to for the first purchase made on that card.<>
I wouldn't count on that being a common practice.

Some thieves just do really stupid things on their test purchases, which I agree is what this sounds like. I had someone trying a bunch of hot card purchases on one of my websites who used the real phone number of the cardholder, which is not keyed to the CC at all. But it did allow me to call the cardholders and let them know their card was stolen.
posted by randomkeystrike at 4:57 PM on July 27, 2013

Fraud detection systems typically pay far more attention to suspicious purchases - like when a new purchase is made on some system and it's not to your address. Location of the purchase/delivery is right at the top of the list of signals for suspicious activity.

So it's also highly likely that the purchase to your address doubled as a test purchase (valid credit card details), and an avoid-tripping-the-fraud-detection purchase.

There's some quite good information about how the fraud detection works about halfway down the comments in this post:
posted by Ashlyth at 2:12 AM on July 28, 2013

« Older SENSORS ONLINE   |   great neighborhood, dumpy house. best way to... Newer »
This thread is closed to new comments.