Credit card fraud, transactions not showing up?
March 27, 2015 5:45 PM Subscribe
My debit card was stolen remotely (I assume over the Internet). There are two processed transactions on my statement and one pending. I called both places and neither could find a record of the transactions. What gives?
The first transaction as for a Pizza Hut. I took the store number from the card statement and found the number and called. No such purchase for the past three days. This was a local store.
Second transaction was on Expedia for $189. The third was a pending on Expedia for $964. Called Expedia. No such transactions.
They were both from yesterday. The two cleared ones cleared yesterday, the pending was charged yesterday.
They clearly exist as transactions, so why can't they pull them up? The card is cancelled and I'll be refunded, but I can't figure out why I can't get the details of the transactions. For the Expedia ones, I feel I could get a name and address, assuming the charges were for travel.
The first transaction as for a Pizza Hut. I took the store number from the card statement and found the number and called. No such purchase for the past three days. This was a local store.
Second transaction was on Expedia for $189. The third was a pending on Expedia for $964. Called Expedia. No such transactions.
They were both from yesterday. The two cleared ones cleared yesterday, the pending was charged yesterday.
They clearly exist as transactions, so why can't they pull them up? The card is cancelled and I'll be refunded, but I can't figure out why I can't get the details of the transactions. For the Expedia ones, I feel I could get a name and address, assuming the charges were for travel.
Sometimes there's privacy rules why you cant get the info (medical, maybe travel) sometimes its incompetence. Either way you can't or shouldn't do anything about it.
Report the fraud to your bank, get refunded, keep asking us questions.
posted by TheAdamist at 9:51 PM on March 27, 2015
Report the fraud to your bank, get refunded, keep asking us questions.
posted by TheAdamist at 9:51 PM on March 27, 2015
Agreed with TheAdamist above; just report the fraud to your card issuer and let them handle it. Calling the merchants is something that the person assigned to your case may do; though they're more likely to pursue recovery through chargeback.
ETA: Issuers only have chargeback rights for certain transactions, but you mention they're e-commerce, so chargeback rights may apply.
posted by Verdandi at 9:27 PM on March 28, 2015
ETA: Issuers only have chargeback rights for certain transactions, but you mention they're e-commerce, so chargeback rights may apply.
posted by Verdandi at 9:27 PM on March 28, 2015
Actually, card issuers can issue chargebacks for almost anything, and some of the incompetent ones will automatically issue chargebacks due to crappy automated "fraud detection systems" even for transactions where a customer has an established regular business history with a merchant. However, the vast majority of chargebacks are initiated by cardholders. The merchant then has an opportunity to provide supporting documentation of the validity of the charge, which can result in the chargeback being reversed (but the merchant still ends up being dinged fees for the chargeback).
Because of this, merchants often try to proactively cancel fraudulent charges before the issuer or cardholder notice them and initiate a chargeback. It's cheaper that way, since some merchant accounts include chargeback fees as high as $100 per event.
While it may not seem to make sense, you often cannot call a merchant to get details about a purchase.
For example, that Pizza Hut may have been an online order, where a central service provider processed the order, charged the card, and sent it on to the store as a fax. This was very likely a probe transaction to determine whether the card was valid, and the carders are aware of any number of creative ways to see if a card is valid in a low-risk manner.
Expedia wasn't likely to provide you an address or any information about the tickets even if they had it, though if you talked to your local police department and they chose to investigate, the police would have a much greater chance of getting details. There is substantial risk for a business such as Expedia in disclosing details about the travel plans of a customer. How do they know you are not the fraudster in this situation? Merchants cannot validate that you are the legitimate cardholder and that they're actually talking to you - if they could, fraud would never happen in the first place. This is actually a real problem, and is called "pretexting". Would I be right in guessing that they also referred you to your card issuer? That would be the customary pretexting-defense blowoff which allows them to make sure a legitimate cardholder's issue is still properly addressed.
Your question is a complex topic and the answers above are not comprehensive. As a merchant, I can tell you that it is very difficult to deal with fraudulent transactions. They're difficult to detect, and a real pain in the bottom line if they progress to the point where a cardholder becomes aware of them and initiates a chargeback.
Card issuers have been highly resistant to doing more to combat fraud, preferring instead to let merchants suck it up. The card issuers like to use terms such as "zero liability" when talking about your card to make it sound like they're eating it when a fraudulent charge comes along, but in reality what is usually happening is the merchant is getting left holding the bag - first for the goods or services, then also for the chargeback fee.
In general, I believe the whole card processing industry hasn't cared because they're raking in fees. Carder tries a fraudulent card online and gets declined? Merchant pays small fee. Carder successfully clones a card and passes it off at a retail store? Bigger fee. Etc.
This has finally hit a tipping point in the last year or two, though, with all the high profile massive scale data breaches. Target, Staples, K-mart, Michaels, Home Depot, Dairy Queen, Anthem, PF Changs, Albertsons, UPS, Jimmy Johns ... there's a dozen easily named just from recent history. Looking back longer term, the TJ Maxx event back in 2007 was considered one of the first "big ones."
There are now black market web sites with hundreds of millions of stolen credit card numbers available along with varying amounts of supporting detail. Many or even most of these are worthless, but thanks to the miracle of automation and the Internet, that won't stop carders from trying to identify the ones that can be used. They commonly use online transactions as a first tier to probe for cards that haven't been cancelled. It used to be common that they'd find a charity and donate a dollar. This now tends to raise red flags with fraud detection systems (and charities were getting tired of being socked with massive fees for all the declined transactions), so things like online ordering of pizza delivery, etc., seem to be taking its place.
I realize I'm a little bit outside the scope of the question, but for anyone interested in further reading, Brian Krebs has awesome informational resources.
posted by jgreco at 2:00 AM on March 29, 2015
Because of this, merchants often try to proactively cancel fraudulent charges before the issuer or cardholder notice them and initiate a chargeback. It's cheaper that way, since some merchant accounts include chargeback fees as high as $100 per event.
While it may not seem to make sense, you often cannot call a merchant to get details about a purchase.
For example, that Pizza Hut may have been an online order, where a central service provider processed the order, charged the card, and sent it on to the store as a fax. This was very likely a probe transaction to determine whether the card was valid, and the carders are aware of any number of creative ways to see if a card is valid in a low-risk manner.
Expedia wasn't likely to provide you an address or any information about the tickets even if they had it, though if you talked to your local police department and they chose to investigate, the police would have a much greater chance of getting details. There is substantial risk for a business such as Expedia in disclosing details about the travel plans of a customer. How do they know you are not the fraudster in this situation? Merchants cannot validate that you are the legitimate cardholder and that they're actually talking to you - if they could, fraud would never happen in the first place. This is actually a real problem, and is called "pretexting". Would I be right in guessing that they also referred you to your card issuer? That would be the customary pretexting-defense blowoff which allows them to make sure a legitimate cardholder's issue is still properly addressed.
Your question is a complex topic and the answers above are not comprehensive. As a merchant, I can tell you that it is very difficult to deal with fraudulent transactions. They're difficult to detect, and a real pain in the bottom line if they progress to the point where a cardholder becomes aware of them and initiates a chargeback.
Card issuers have been highly resistant to doing more to combat fraud, preferring instead to let merchants suck it up. The card issuers like to use terms such as "zero liability" when talking about your card to make it sound like they're eating it when a fraudulent charge comes along, but in reality what is usually happening is the merchant is getting left holding the bag - first for the goods or services, then also for the chargeback fee.
In general, I believe the whole card processing industry hasn't cared because they're raking in fees. Carder tries a fraudulent card online and gets declined? Merchant pays small fee. Carder successfully clones a card and passes it off at a retail store? Bigger fee. Etc.
This has finally hit a tipping point in the last year or two, though, with all the high profile massive scale data breaches. Target, Staples, K-mart, Michaels, Home Depot, Dairy Queen, Anthem, PF Changs, Albertsons, UPS, Jimmy Johns ... there's a dozen easily named just from recent history. Looking back longer term, the TJ Maxx event back in 2007 was considered one of the first "big ones."
There are now black market web sites with hundreds of millions of stolen credit card numbers available along with varying amounts of supporting detail. Many or even most of these are worthless, but thanks to the miracle of automation and the Internet, that won't stop carders from trying to identify the ones that can be used. They commonly use online transactions as a first tier to probe for cards that haven't been cancelled. It used to be common that they'd find a charity and donate a dollar. This now tends to raise red flags with fraud detection systems (and charities were getting tired of being socked with massive fees for all the declined transactions), so things like online ordering of pizza delivery, etc., seem to be taking its place.
I realize I'm a little bit outside the scope of the question, but for anyone interested in further reading, Brian Krebs has awesome informational resources.
posted by jgreco at 2:00 AM on March 29, 2015
This thread is closed to new comments.
If this is the case, the businesses may not have a normal record of the sale, because the order may already be cancelled and the charge is in the process of being refunded or voided already.
posted by randomkeystrike at 7:22 PM on March 27, 2015 [2 favorites]