Someone Just Guessed My Credit Card Number And Started Using It Online!

Hoc · Jun 3, 2009

Got a call from Citibank today, who noticed suspicious activity on my card. They mentioned a charge at an online store called "Kit's Bags," and another one at the Gap's website. I never shop the Gap (much less online), nor have I ever heard of Kit's Bags. All of the hard charges were mine, because the card is still in my possession.

Online, I use "virtual numbers" to shop, so there is no risk of someone getting my number via an online purchase. There are only two ways they could have gotten this number: 1) they guessed it, probably using some kind of software; or 2) they got it from a physical charge I placed in a store, and started using it.

Luckily, federal law limits my liability in this instance to no more than $50, and probably to nothing, since it's not a lost card, but rather a fraudulent charge. But it just reminds me what scum is out there. . . .

DeniseM · Jun 3, 2009

While we are on the subject of you getting scammed

- whatever happened with your restaurant gift certificate???

LAX Mom · Jun 3, 2009

Hoc-

What do you mean you use "virtual numbers" to shop online?

My dad recently had someone try to use his cc for some online purchases. He never shops online but had recently used his card in a restaurant. I think the waiter likely retained his cc number & name and tried to use it online.

It is frustrating that there are so many dishonest people in the world. Sorry to hear about your experience. That would make me very upset!

Cotswolder · Jun 3, 2009

Last year we had fraudulant charges on our CitiBank CC in the UK.
After many months of fighting we got the charges refunded.

We could not pin down the exact source where the card was scammed but, from discussions we had with the bank, we got the distinct impression that it could have been an inside job.
Has anyone ever considered this probability ?

JeffW · Jun 3, 2009

Hoc said:
... 1) they guessed it, probably using some kind of software; ....

That seems a bit iffy. Besides the credit card number, they'd also need the expiration date, last least part of your name, and possibly the 3 digit security code (as a test, you could go to one of the sites, place a dummy order, and see what information they ask for). That's a LOT of information to get (and apparently got right) just by guessing.

Jeff

JudyH · Jun 3, 2009

We use "virtual numbers" on line too, and for phone orders or mail orders. Its called Shop Safe, and its available thru Bank of America.

Stricky · Jun 3, 2009

Paypal also offers a single use CC number that you use online and then it is gone. It is part of the Paypal plugin.

My guess is that a store clerk or restaraunt staff pocketed the number 6 months or a year ago and sat on the number untill they were certain it could not be traced back.

Make sure you put a fraud alert on your credit reports in case they got other info somehow and try to steal your identity.

nonutrix · Jun 3, 2009

Last November I got a message on my answering machine from an online electronic store. I think it was Best Buy. They wanted to know if I had ordered a $500+ item to be shipped to Seattle on my credit card. They had all of my credit card info including my name and phone number. I never shop at Best Buy, but my husband does frequently. We don't know how they got my name or phone number. I agree with the other poster that it was probably lifted at a restaurant. In the end, I was thankful that somebody was suspicious enough to call and verify the charge before they sent out the item. I immediately cancelled the card to be safe.

nonutrix

Tia · Jun 3, 2009

While in STT this past winter my Discover card sent me a cell phone text while I was making a $500 purchase that I needed to call them at the same time the merchant was having trouble processing the charge. I called them and continued to use the Discover, but they had me change #'s when I got home. I love my Discover, but they did just change the due date like mentioned in another post.

This has to be costing them $ and us too somehow.

grest · Jun 3, 2009

I'm curious too...what are those virtual numbers you're referring to?
Connie

Moosie · Jun 3, 2009

I signed up years ago for Discover's secure on-line account numbers.

When you go to a site that asks for info it pops up and I don't use it. However I use it all the time when buying on line as it fills in all your info and then creates a number with an expiration date and a 3 digit security code. I have never had a problem.

However the other day I called about a charge, found out it was fine as the restaraunt chain had been bought out by another company, Charlie Browns bought out Bugaboo Creek.

I asked how secure are these numbers, he said fine, but the company once you issue it can retain it and use it for 2 years! Of course should only use it when you tell them too, I never check off the box that requests to retain CC info. But be carful if you use it for something that states they will continue to send you a supply of something monthly if you don't cancell in a certain time frane. Now, that I found out recemtly thinking hey they can't use that number again, but luckily when I called to find out about a charge they did credit it back to me, and cancelled future shipments.

JimJ · Jun 3, 2009

My wife had a Capital One card that was used for some balance transfers with a 0% APR offer. All transfers were made by phone. Payments were made via the CapOne website. About a year after we had paid off the balance we got a call that there had been a $1,000 charge to the account.

Since the only people we had ever dealt with had been CapOne employees and the website, we felt for sure it was an inside breakdown. We cancelled the card and declined their offer of a new account number.

MelBay · Jun 3, 2009

I'm curious too...what are those virtual numbers you're referring to?
Connie

What is ShopSafe?

http://infocenter.bankofamerica.com/ic2/online-banking/getting-started/shop-safe-what-is-shop-safe/

I love it for paying my South African maintenance fees.

AKE · Jun 3, 2009

Technologically it is next-to-impossible to intercept a credit card number IN TRANSMISSION between your computer and where it is going to as the number is broken down into segments and each segment could be transmitted over a different route before the number is reassembled at the end. I worked in IT for 35 years and never heard of this happening however, what security is at the receiving end? How are these credit card numbers stored at the online or other store where you purchased from, etc.? Another example - when you go to a restaurant you hand your credit card to the waiter who disappears with it for a while -

he could copy down EVERYTHING needed for fraud and you would not have a clue. The only fraud we have had on or cc has been with certain parking lots and the credit card was in my sight at all times on all occasions (so someone was taking the numbers from the receipts or it was an inside job).

MuranoJo · Jun 4, 2009

AKE said:
Technologically it is next-to-impossible to intercept a credit card number IN TRANSMISSION between your computer and where it is going to as the number is broken down into segments and each segment could be transmitted over a different route before the number is reassembled at the end. I worked in IT for 35 years and never heard of this happening however, what security is at the receiving end? How are these credit card numbers stored at the online or other store where you purchased from, etc.? Another example - when you go to a restaurant you hand your credit card to the waiter who disappears with it for a while - he could copy down EVERYTHING needed for fraud and you would not have a clue. The only fraud we have had on or cc has been with certain parking lots and the credit card was in my sight at all times on all occasions (so someone was taking the numbers from the receipts or it was an inside job).

This I am curious about, too--how many of you give your CC to the waiter to go ring it up? I have always heard never do that--go up to the cashier as they are doing it and watch until they hand it back. I have to admit I haven't been very good about doing this.

Kona Lovers · Jun 4, 2009

muranojo said:
This I am curious about, too--how many of you give your CC to the waiter to go ring it up? I have always heard never do that--go up to the cashier as they are doing it and watch until they hand it back. I have to admit I haven't been very good about doing this.

Same here. Makes me want to make sure I go by an ATM before dinner from now on. Not always convenient, but we've gone through a debit card number being stolen (online) and it is no fun.

Marty

Hoc · Jun 4, 2009

DeniseM said:
While we are on the subject of you getting scammed - whatever happened with your restaurant gift certificate???

They never answered. I took a default against them and sent the Sheriff to their restaurant, who collected my money from the cash register and sent it to me.

Hoc · Jun 4, 2009

LAX Mom said:
What do you mean you use "virtual numbers" to shop online?

If you have a Citibank card, they use an online software that will generate a unique number for a single purchase. You can specify the credit limit and the expiration date, and by using that number, the money is deducted from your regular credit card. After the purchase goes through, you then close the virtual number, which can then never be used again.

I also use it for things like AOL or Netflix, where they are likely to keep billing your credit card after you cancel their service. When I cancel the service, I also cancel the virtual number, so that they can't auto-deduct unauthorized future payments and then try to blame it on a mistake.

Jennie · Jun 4, 2009

About 8 years ago, my husband and I were vacationing in southeast Florida. We had separate cards with slightly different numbers on one Amex account. We used those cards only for purchasing gas at the pump. About two weeks later, there was a message left on our home answering machine in New York, asking if my husband had ordered an expensive pocketbook from a store in Miami to be sent to someone in Chicago. Of course he hadn't so they told us they needed to cancel his card and send him a new one. We told them to wait until we returned home a few weeks later to replace it.

When the bill came in, there was one other fraudulent charge on his card and 4 on my card. The charges were cancelled quickly and new cards were sent to us.

I posted info about this on TUG and a very respected member (now deceased) sent me a link to a southeast Florida newspaper describing a major scam where crooks were inserting a device in the card reader at the gas pumps. It captured an image of any credit card inserted in it. We had been paying for gas at the pumps, instead of going into the office to have it processed by an employee.

Recently it has been happening at bank ATM machines.

davhu1 · Jun 4, 2009

they could have gotten you cc number other way and not necessarily from online purchases. Recenty two waitresses at a local well known restaurant were charged. They took the customers credit numbers and made copy of the information. The information is then passed to a third person. By the time the customer get out of the restaurant, over $1,000s in online purchases already have been made. the waitress got something like $20 per credit card.

I guess the delivery companies like FedEx, UPS, USPS make this easy for them by leaving the delivery at the front door. Cheaper for them to claim in insurance than to return. The crooks just track the delivery date and drive by to pick it up.

AKE · Jun 4, 2009

There are so many holes in security. As an example, nuerous stores now keep all transactions against credit cards ONLINE so that if I am returning an item and forget my receipt they simply swipe my cc to locate the transaction and process the refund (and regardless of which store I bought the item at). Now this is very convenient for me, but what is the security where the numbers are stored? What is even scarier is how much personal information is sent through the mail - ever thought of this?

gorevs9 · Jun 4, 2009

Jennie said:
I posted info about this on TUG and a very respected member (now deceased) sent me a link to a southeast Florida newspaper describing a major scam where crooks were inserting a device in the card reader at the gas pumps. It captured an image of any credit card inserted in it.
Recently it has been happening at bank ATM machines.

In our area last year a few guys were able to swap out the electronic card readers that are at supermarket checkouts. They went back a few days later and retrieved the readers with all the recorded card numbers, pin numbers, etc.

bogey21 · Jun 4, 2009

I have a 2nd Discover Card that has never been used except for a low rate loan. It has never been out of my safe. I don't know why I activated it, but I did. Discover called when fraudulent charges started coming through. I have no idea how someone got the number as no-one has seen the card but me. Discover was great about it. Cancelled the card immediately and issued me a new one without the fraudulant charges.

George

Janette · Jun 4, 2009

We have a Marriott Chase Visa card. It was put on hold when we made a purchase that was unusual for us in Alexandria Va. I just had to call and verify the purchase to open up the card again. This past week, there was an online charge that I had made and it was a little unusual for me. Again, the card was put on hold until I called them. I appreciate their monitoring usage of my card.

Jaybee · Jun 4, 2009

I always try to remember to notify our CC companies when we travel, particularly out of the country. It is helpful to their fraud departments, and it is an inconvenience to the cardholder to find their card denied. That happened to us once, and it is something I try to avoid.

Someone Just Guessed My Credit Card Number And Started Using It Online!

Hoc

DeniseM

LAX Mom

TUG Review Crew: Veteran

Cotswolder

JeffW

JudyH

TUG Review Crew: Veteran

Stricky

nonutrix

Tia

grest

TUG Review Crew

Moosie

JimJ

MelBay

AKE

TUG Review Crew: Veteran

MuranoJo

Kona Lovers

Hoc

Hoc

Jennie

davhu1

AKE

TUG Review Crew: Veteran

gorevs9

bogey21

Janette

Jaybee