Credit card number compromised

Status
Not open for further replies.
I had something similar occur a few months ago. I had my citi credit card account converted to a different one (rewards account). After receiving the card, it never left my house. I used it for online purchases only, and most of those were made using the citi "virtual card numbers" service (a one-time use card number with dollar amount and/or time limit).

Somehow someone tried to make an online charge against my account (using the true card number) but the transaction was halted because they used an incorrect card expiration date. I used the real card info only at two online retailers - Amazon and NewEgg. The attempted fraudulent charge was at some small online clothing or shoe store.

I know credit cards aren't totally "random" numbers and there is some sort of algorithm involved. I used to have a little app that could check a number for viability.
 
Originally Posted by Linctex
Originally Posted by Donald

I use a ExxonMobil app on my phone to pay for gas. And a couple of similar apps for other gas companies


Probably how it will all go to in the future

Future is an embedded chip inside our body and facial recognition scanning. Everywhere we go - we will be tracked. The bad guys committing crimes will not like this new setup. Even Walmart will know all about you - the moment you walk into the store. Yes, it's coming soon. See 666 for references.
 
Last edited:
Originally Posted by Triple_Se7en
Originally Posted by Linctex
Originally Posted by Donald

I use a ExxonMobil app on my phone to pay for gas. And a couple of similar apps for other gas companies


Probably how it will all go to in the future

Future is an embedded chip inside our body and facial recognition scanning. Everywhere we go - we will be tracked. The bad guys committing crimes will not like this new setup. Even Walmart will know all about you - the moment you walk into the store. Yes, it's coming soon. See 666 for references.


Actually the bad guys will love this because it means they will have won and accomplished what they want.

You will then get the you can't deny the fraud because we have infallible proof argument
 
Originally Posted by Rmay635703
Originally Posted by Triple_Se7en
Originally Posted by Linctex
Originally Posted by Donald

I use a ExxonMobil app on my phone to pay for gas. And a couple of similar apps for other gas companies


Probably how it will all go to in the future

Future is an embedded chip inside our body and facial recognition scanning. Everywhere we go - we will be tracked. The bad guys committing crimes will not like this new setup. Even Walmart will know all about you - the moment you walk into the store. Yes, it's coming soon. See 666 for references.


Actually the bad guys will love this because it means they will have won and accomplished what they want.

You will then get the you can't deny the fraud because we have infallible proof argument


1. It would never happen, putting chips in people, unless for some, if google gave them free stuff at least 50% of the population would get a chip.

2. "infallible proof" = not possible with technology as we know it, certainly not with a chip, body identification features would be much more reliable.
A chip can be programmed, finger prints, retinas and other body parts can not be.

In the future, we will communicate with devices using our brain waves for sure.
 
Last edited:
Originally Posted by Rmay635703
Originally Posted by Mad_Hatter
Have you run a check for malware? Trojans can log keystrokes and send the info back to whomever, wherever.


Most credit card fraud is internal



No, it's not. It is not retail employees or bank and card company employees as that comment implies. Not internal in any way shape or form. By saying most you are saying majority, i.e. greater than 50% of all card fraud being an inside job. No way no how, sorry.

The chip on front of the card is completely meaningless from a security perspective as long as the mag stripe on the reverse side is encoded with the four tracks of card data. It is the magnetic stripe that is exploited, skimmed, etc.

The chip is also useless as security for card-present transactions until the industry ties all chip-insert transactions to a PIN and ends the option to cancel out of the PIN and run as credit (on debit cards). How is it useless, you ask? Because without a PIN entry required, any card is a bearer instrument. Who ever bears it (holds it) can use it. Their (someone who has your card) usage may be illegal, but the card will work to buy things with, until the card is deactivated by the bank or financial institution. You want to do a card-present transaction then you enter your four digit PIN, no other options, is how it should be. It does not slow down the check-out line at the cash register or self-checkout, unless you're an idiot and have to rifle through your wallet, pocket, purse, or phone to find your PIN because you can't remember it. If you can't remember a frequently used four digit number sequence, you have or are developing a cognitive disorder and should see an MD asap and setup a trusted person as POA over your finances.
 
Originally Posted by LoneRanger
Originally Posted by Rmay635703
Originally Posted by Mad_Hatter
Have you run a check for malware? Trojans can log keystrokes and send the info back to whomever, wherever.


Most credit card fraud is internal



No, it's not. It is not retail employees or bank and card company employees as that comment implies. Not internal in any way shape or form. By saying most you are saying majority, i.e. greater than 50% of all card fraud being an inside job. No way no how, sorry.

The chip on front of the card is completely meaningless from a security perspective as long as the mag stripe on the reverse side is encoded with the four tracks of card data. It is the magnetic stripe that is exploited, skimmed, etc

You want to do a card-present transaction then you enter your four digit PIN, no other options, is how it should be. It does not slow down the check-out line at the cash register or self-checkout, unless you're an idiot and have to rifle through your wallet, pocket, purse, or phone to find your PIN because you can't remember it. If you can't remember a frequently used four digit number sequence, you have or are developing a cognitive disorder and should see an MD asap and setup a trusted person as POA over your finances.


Internal as in card data is accessible remotely from a variety of sources regardless of my actions. The loss of said data is an internal problem with those sources.
Many of these sources it is potentially illegal for them to storehouse consumer credit data but they do anyway. When I was a small retailer I had to sign agreements that I would destroy credit and customer information after a specific period of time, odd that Target and others don't.

The average credit card has 2-3 fraudulent charge attempts per day,
the reason there isn't chaos is because the card companies are extremely good at identifying fraud based on location and previous behavior such charges are almost always blocked.

So just because it doesn't make it on your bill is meaningless and doesn't mean everything is fine.

The storage of credit data in remotely accessible systems is what has lead to this scourge .

Convience has over ridden security.

Fraud is inherent to a system that for all intensive purposes is openly viewable.

These systems never had any business being on the internet, they were always closed systems and closed and separate they should have remained
 
Last edited:
Reading all the above, for those that care about credit card fraud (personally I dont care to much about credit card fraud yet can get unsettling not knowing how you info was obtained) ...
There is always Apple Pay (apple wallet) and numerous Android apps. not all places have NFC in their card readers yet but its getting there and just a matter of time now, most up to date businesses have it, the big sticking point are still restaurants and where A LOT of card skimming takes place
 
Last edited:
Maybe most credit card fraud isn't internal, but I think more than we realize is. In a different thread I outlined how I went through 18 months of talking to a certain big-bank card issuer because every 2 months a card that I stopped using online and rarely used, period, was being used in attempt by someone paying their Xfinity bill. I'd get a new card, and two months later, literally like clockwork, I'd get a text asking me if I attempted to make a payment with that card to Xfinity. The whole process started when I received an e-mail from said bank confirming changes I'd allegedly made to my contact info. I called them and found out that I apparently moved to Georgia, the changes were made via a phone call at 11AM that day, and the person making the request had enough of my information, including my SS#, to convince the rep that it was me calling.

If that's not an inside job, I don't know what is. I hadn't applied for credit nor done anything that would have given anyone my SS# in years. And in the other thread I'd also mentioned that the hacks stopped when I suggested to the fraud specialist that I thought it was unusual that these hacks were occurring every 2 months, same attempt, and by pulling up my account she could see that I was barely using the card, so it looked like something was going on at the bank.

Anecdotal, I admit. But it is what it is.
 
Okay, I do agree with the clarification posted about how the concept of internal is perceived. Agreed on that. But I still say, unequivocally, that the magnetic stripe needs to go bye bye and it needs to happen asap. And also, PIN entry at point of sale (card insert/card-present) must be mandatory. That alone will stop the vast majority of card-present fraud. Online is different, but by going to chip insert only it will require a much more sophisticated and not-as-easy to produce skimming device and also decryption of the skimmed data.

The better skimming devices now use rasberry pi technology and do not even need to be physically harvested from the gas pump or wherever as they can upload, via cellular 4G LTE, captured batches of skimmed card data to an email account. Google "card skimmer rasberry pi 4g lte" and look at the 5th hit down in the list. For sale on the interweb !!
 
Originally Posted by opus1
Maybe most credit card fraud isn't internal, but I think more than we realize is. In a different thread I outlined how I went through 18 months of talking to a certain big-bank card issuer because every 2 months a card that I stopped using online and rarely used, period, was being used in attempt by someone paying their Xfinity bill. I'd get a new card, and two months later, literally like clockwork, I'd get a text asking me if I attempted to make a payment with that card to Xfinity. The whole process started when I received an e-mail from said bank confirming changes I'd allegedly made to my contact info. I called them and found out that I apparently moved to Georgia, the changes were made via a phone call at 11AM that day, and the person making the request had enough of my information, including my SS#, to convince the rep that it was me calling.

....

Anecdotal, I admit. But it is what it is.


If I were you, I would call all the major (3) and a minor (1) credit agencies and lock your credit report. What you posted seems more then a credit card. Also I doubt employees have access to your full SS# number, normally its the last 4.
But if they had the full, it sounds more like a bank data breach and there have been a ton of them.
Whatever the circumstances are, your SS# and your name are out there on the web.

Anyway, with your credit locked (its free) you have nothing to worry about, not a thought. Then, once locked, if your going to make a major credit purchase or apply for any type of credit, you simply go online with your password that you set up when you locked it and unlock it, you can even pick a time period that you want it to automatically relock. All free.

Its amazing to me that the vast, vast majority of Americans to this day do not take advantage of this free service, yet you hear ads all day long for subscription credit protection services. Go figure! :eek:)
 
Last edited:
Originally Posted by alarmguy


...If I were you, I would call all the major (3) and a minor (1) credit agencies and lock your credit report...


It was done immediately and by the issuing bank's fraud department (with my approval).

And I know it works. A little over a year ago I was purchasing a new furnace and took advantage of the company's 0%/5-year finance offer. I filled out the credit app online and within a minute of submitting it, my cell phone rang -- it was the financing bank calling to verify it was really me that put in the application.
thumbsup2.gif
 
Originally Posted by opus1
Originally Posted by alarmguy


...If I were you, I would call all the major (3) and a minor (1) credit agencies and lock your credit report...


It was done immediately and by the issuing bank's fraud department (with my approval).

And I know it works. A little over a year ago I was purchasing a new furnace and took advantage of the company's 0%/5-year finance offer. I filled out the credit app online and within a minute of submitting it, my cell phone rang -- it was the financing bank calling to verify it was really me that put in the application.
thumbsup2.gif



Glad it works for you, though what I mentioned is a free credit lock from the actual credit bureau's Equifax, Transunion and Experian (for the benefit of clarifying my post for others) it sounds like you are subscribed to a service as no one can unlock the free service except for you or anyone you give your password too. This must be done from a computer before you actually apply for credit... it is ironclad, controlled only by you.
Its easy to lock credit, simply go to the websites of those three companies.
 
Last edited:
Originally Posted by alarmguy

...If I were you, I would call all the major (3) and a minor (1) credit agencies and lock your credit report...

Glad it works for you, though what I mentioned is a free credit lock from the actual credit bureau's Equifax, Transunion and Experian (for the benefit of clarifying my post for others) it sounds like you are subscribed to a service as no one can unlock the free service except for you or anyone you give your password too. This must be done from a computer before you actually apply for credit... it is ironclad, controlled only by you.
Its easy to lock credit, simply go to the websites of those three companies.



I agree with alarmguy, just contact the credit agencies and freeze your credit. One thing I will add, make sure you keep the pin number you get from the credit agencies somewhere safe. You will need it to unfreeze your credit. If you don't have the pin you have to call them, which is a hassle. With the pin you can lift the freeze online in a matter of minutes.
 
Originally Posted by alarmguy
...
Glad it works for you, though what I mentioned is a free credit lock from the actual credit bureau's Equifax, Transunion and Experian (for the benefit of clarifying my post for others) it sounds like you are subscribed to a service as no one can unlock the free service except for you or anyone you give your password too. This must be done from a computer before you actually apply for credit... it is ironclad, controlled only by you.
Its easy to lock credit, simply go to the websites of those three companies.



It looks like what I have is a 'consumer statement' in my files which is what prompted the financing bank to call me, but not the freeze you mentioned. It sounds like I could make things a bit stronger. Thanks for the heads-up.
thumbsup2.gif
 
I had my credit card compromised about 12 years ago. The first use was about $2. at a parking lot in Toronto Ontario, the second attempted fraud about 2 hours later was in England for about $300. it was blocked by the credit card company. When I got home that day there was a voice mail for me to call the card company.

Old card was cancelled and a new card was mailed out right away.
 
Originally Posted by LoneRanger
Okay, I do agree with the clarification posted about how the concept of internal is perceived. Agreed on that. But I still say, unequivocally, that the magnetic stripe needs to go bye bye and it needs to happen asap. And also, PIN entry at point of sale (card insert/card-present) must be mandatory. That alone will stop the vast majority of card-present fraud. Online is different, but by going to chip insert only it will require a much more sophisticated and not-as-easy to produce skimming device and also decryption of the skimmed data.

The better skimming devices now use rasberry pi technology and do not even need to be physically harvested from the gas pump or wherever as they can upload, via cellular 4G LTE, captured batches of skimmed card data to an email account. Google "card skimmer rasberry pi 4g lte" and look at the 5th hit down in the list. For sale on the interweb !!



Not really disagreeing but would question why?
The security of credit cards do not need to be improved as far as the consumer is concerned.
This is a bank "issue" meaning credit card fraud cost the consumer nothing. Its the banks that pay. The banks are doing cushy good after the tax payers bailed them out just a decade+ ago, we still pay for the bailout in our weekly paychecks.
Just look at the latest earnings reports for them.

Much of the fraud is now from the internet and not as much from card swiping, again, it really doesnt matter where it is from, the public is not responsible for credit card fraud.
 
Last edited:
Status
Not open for further replies.
Back
Top