Credit card stolen, again and again and again
December 22, 2014 10:06 AM   Subscribe

My credit card was stolen, again, for the fifth or sixth time this year. What gives?

I've also had the unfortunate experience of having family members open cards in my name, but that seems to be an unrelated issue. I've placed fraud alerts on my cards, filed identity theft paperwork, and placed fraud alerts on my credit reports. I do a fair bit of online shopping, but only big name retailers. (Although perhaps third-party vendors on Amazon can gain access to my information?) I've had both debit and credit cards used from different banks, so it doesn't seem institution-specific. I've had no problem getting the charges forgiven and new cards issued, but I'd like this to stop! I'm wondering whether thieves are just getting more savvy, or my identity has been stolen. Has anyone else had this happen? And how do I (or can I) make it stop?
posted by stillmoving to Work & Money (17 answers total) 6 users marked this as a favorite
What kind of computer security do you have in place?
posted by J. Wilson at 10:12 AM on December 22, 2014

Best answer: Test your computer for malware and/or a keylogger. I would probably just wipe it clean.
posted by alligatorman at 10:13 AM on December 22, 2014 [6 favorites]

Best answer: How is it getting used when it gets stolen? Are new cards being opened in your name, are they being spoofed and used in person at department/discount stores, are they buying iTunes gift cards, what? Those are all different theft vectors at play, usually.

Step one is designating one card for each kind of transaction - don't use the debit card anywhere but in person swiped, use one credit card for Amazon, use another for less well-known sites. If you subscribe to anything shady, use a specific card for that and that only.

Also make sure your antivirus and malware software is up to date. If someone's keylogging all your credit card entries it doesn't really matter where you use them.
posted by Lyn Never at 10:13 AM on December 22, 2014 [2 favorites]

If there are fraud alerts on your credit reports and you've frozen your credit, it's unlikely that your identity has been stolen. That would involved opening new cards in your name and/or ordering replacement cards from your existing accounts after logging into your accounts and changing your address on file so it get sent to them instead of you. You can easily detect this type of identity theft by looking at your account details for your bank and credit card accounts.

More likely is that thieves are physically skimming your card details when you use it in person or using malware on your computer (keyloggers, etc.) to detect and transmit payment info to a server somewhere.

Thieves could be using skimmers installed at ATMs, gas stations, or other unattended card readers. Or there could be an unsavory person skimming your card out of sight when you use it at a restaurant or other location where they take your card away from you and bring it back.

I would start by making sure your computer is clean. If you're using major retailers like Amazon or payment services like PayPal, they aren't transmitting payment info to third party sellers - they collect the money, subtract their fees, then make direct payment to the sellers. So if there is an electronic theft happening, it's probably at your end. You may need to go as far as reformatting your hard drive and reinstalling your OS and all applications - although that's quite a hassle, so in the short-term, you can use a mobile device like a tablet or smartphone to do all your purchasing. There aren't any documented cases of malware that leads to keylogging and credit card theft resulting from anything downloaded from the official app stores. Just don't sideload apps from unknown sources and you'll probably be safe that way.

I agree with Lyn Never - if you have several cards that you use interchangeably, designate each one for a specific purpose and stick to it for six months. That way, if anything is stolen again, you'll know whether the breach was from a card that you physically used somewhere, or used to buy something online, etc.
posted by trivia genius at 10:22 AM on December 22, 2014 [3 favorites]

When my card was stolen again and again, it turned out to be because my gmail account had been compromised. Change ALL your passwords after you clean your machine.
posted by KathrynT at 10:44 AM on December 22, 2014 [4 favorites]

To build on trivia genius and Lyn Never's suggestions, I think the minimum thing you should split out between cards is online vs in-person payments.
posted by deludingmyself at 11:17 AM on December 22, 2014

In my small U.S. state the Secretary of State has a web site where the legally-mandated notices from companies who have experienced data security breaches are posted, so your government may have a similar thing. Perhaps some place that you frequent is getting hit repeatedly.
posted by XMLicious at 11:31 AM on December 22, 2014 [1 favorite]

Nthing wipe your computer and change your passwords.
posted by cnc at 12:11 PM on December 22, 2014

Best answer: My credit card was stolen, again, for the fifth or sixth time this year. What gives?

I've also had the unfortunate experience of having family members open cards in my name, but that seems to be an unrelated issue. ...

I think the possibility that these two things are not unrelated deserves further exploration, if only because both are rare, and because family tend to have information and access that are harder to come by for strangers -- and they've already demonstrated a willingness to do it if they could.
posted by jamjam at 12:33 PM on December 22, 2014 [10 favorites]

Some credit card companies offer single-use "disposable" credit card numbers. If that's available to you, it might be a good way to rule out the online angle, at least. Maybe use that together with Lyn Never's suggestion, to get a little more info without a bundle of separate cards?
posted by jeffjon at 12:47 PM on December 22, 2014 [2 favorites]

Best answer: Honestly, a couple-few times a year seems the norm for me and most credit card users I know--even those of us who are scrupulous about shredding sensitive info and not using our cards at untrusted sites--and has been for the past few years.

Though there was one year it kept happening to me and my partner over and over and over again, until we finally traced it to one particular restaurant after noticing a pattern. It's still unclear whether someone who worked there was directly responsible, or if it was their credit card processor.

So you could just be unlucky enough to get slightly more than the average number of compromises, or your card could be getting repeatedly compromised at the same place, either by an unscrupulous employee copying your number (and either using it for themselves or selling it online) or a breach at their credit card processor.

BTW, I'm an Amazon Marketplace seller both for a larger company and as an individual, and third-party sellers do not ever have access to your actual financial data--all we get to see is your shipping address and sometimes your email address. And keep in mind that big-name retailers aren't immune: Best Buy and Target have both had high-profile data breaches in the recent past that affected credit card data.
posted by rhiannonstone at 1:24 PM on December 22, 2014 [3 favorites]

Shredding is always a good idea, but I don't think people are still able to get credit card info from trash. Neither statements nor receipts show credit card numbers any more.

Are your credit card numbers that are being stolen always from the same issuer? I would first get another card from somewhere else, or more than one. Then, as suggested above, start using different cards for different kinds of transactions, and see what happens with each one.
posted by still_wears_a_hat at 2:39 PM on December 22, 2014

Family members open cards in your name, yet you seem to turn a completely blind eye to such incredibly fraudulent activity. Why would anybody not-you open a card in your name, except to use it? How do you know these family members aren't sharing your info with others? Sounds to me like that's your problem, not anything with your computer. I think you need to change your SSN - and then DO NOT share that info with these family members.
posted by Rash at 7:33 PM on December 22, 2014 [3 favorites]

Just mentioning that third-party sellers on Amazon have zero opportunity to get any of your card info.
/3P seller for a living.
posted by thebrokedown at 5:07 AM on December 23, 2014

"don't use the debit card anywhere but in person swiped"

And always select "credit" instead of "debit" otherwise you can end up financially liable for any fraud.
posted by I-baLL at 5:39 AM on December 23, 2014 [2 favorites]

Response by poster: Thanks everyone. I do shred paperwork, and am glad that 3P sellers don't have access to my info. It sounds like malware might be the issue, so I'll try that fix first. I'm also glad to hear that others have had similar(ish) experiences and that I'm not alone.

To rash: I haven't turned a blind eye; in fact, have filed multiple police reports, identity theft paperwork, etc.
posted by stillmoving at 9:12 AM on December 23, 2014

I'm not super educated on this topic, but I read Kingpin a couple of years ago. Contrary to public opinion, most credit card theft (during that era) was from was from Mom and Pop restaurants that were not patching their security software, rather than online stores. Once patches for physical workstations were released, hackers would reverse engineer exploits and go searching for targets.

One way to rule this out as a possibility would be to use cash only in physical locations. If that's unrealistic, consider using card at only well established / large chains that have a fraud department, etc.

Of course, make sure your individual network is secured, your computer isn't compromised, etc. but (from a fraudster's perspective), it's likely REALLY inefficient to try and penetrate individual subjects rather than brick and mortar establishments that do hundreds of transactions per day. I'm sure you could monitor your network traffic as well to see if anything nefarious is happening.
posted by sk8ingdom at 10:52 AM on December 23, 2014 [1 favorite]

« Older Major "Antique Roadshow" score, or just plain cute...   |   How can I make a website? Or two, actually. Newer »
This thread is closed to new comments.