Internet Credit Card Fraud

[Carolena]

Our cards have been compromised several times over the years - more when I used to travel a lot for work (and eat out most meals). Every time, the charges were reversed and a new card overnighted to me wherever I was located at the time. I caught most of the instances, as I check my account online several times a week, but before being able to check online, I wouldn't know until the statement arrived. Once, the company contacted me. The annoying thing is when your card gets flagged as you are making a purchase. That happened once at the grocery store because the checkout person didn't think the charge went through and tried to do it again, causing a flag for a duplicate charge. One reason to have at least two cards on you (was also embarrassing being told for the first time in my life my card was being declined).

Most recently, we had a couple fraudulent charges on the card and so I called the company. As always, they reversed the charges then sent a new card. A few days later, I got a shipping notification from one of the companies tied to the fraudulent charges. A few days after that, a box showed up at our house with a pair of expensive flipflops that we didn't order. I kept the credit card company updated as to all of this. They told us to just keep the item and don't worry about the charge. And the most ironic part of this is that I prosecute fraud cases in my day job!

 

[john61ct]

The US industry has thrown "what is right" right out the window.

Lack of effective industry oversight here means it's more profitable to just pass rising fraud losses on to customers and merchants, write it off against taxes etc.

In other, more civilized, parts of the world the regulators haven't been quite as thoroughly "captured" through systemic corruption so they better look after the public interest, not just the 1%.

Our public sector has applied **zero** lessons from the 2008 collapse, which resulting depression continues to drastically impact the bottom 80% of the working population worldwide.

But since the top 10% have mostly recovered, no problem, lots of desperate workers is a feature, not a bug for the rich.

Point is, there is nothing in place to prevent the next collapse from requiring maybe even bigger bailouts.

And the sanctity of the USD as the world trading currency is ever increasingly threatened, when that is gone the whole house of cards comes down and we (the bottom 80%) join the third world.

/end rant

 

[HiDHo]

I talked this afternoon with the internet sales mgr. where I used the card last, he assured me they don't store names, addresses and card #'s. CC fraud hackers like companies that store this type info, they hack into the data and get thousands of card#'s and sales data. Tip off for this marine sales company is CC purchases near the end of the business day for multiple items with a different delivery address. They of course order the items overnight delivery and pick the package up at the distribution center before it goes out for delivery using of course phoney ID's. Then to fence the multiple items they need buyers buying at half price for the new in the box loot. He of course didn't mention what % his companies loss is and how it's passed on to the consumers to keep there profit margin in tack. I guess we are headed for Bitcoins !

 

[ranger58sb]

Credit card companies don't go after fraud perpetrators. It would cost them money in the form of employees wages. They're goal is to prevent it from happening, make sure they're not on the hook for the money, and keep their credit card holders happy, in that order. On two occasions I told Chase where the fraud originated from, and they weren't interested in persuing it as they weren't out any money and it would cost them man hours.

Your right. My brother-in-law is a restaurant owner in Vermont. Last month I asked him why he doesn't have the personnel card readers. He said he can't justify the cost since he would need at least three at ~$600/machine.

So the banks don't want to spend money (manpower), and the restaurants don't really lose anything by not having chip readers... and generally the credit card holder doesn't really lose money either (all that inconvenience aside)...

Seems like it's the other ("follow-on"?) retailers who lose most when skimmed cards have been used to acquire their merchandise... for which they're not reimbursed after fraudulent activity has been identified.

And I guess they can't get to the critical mass required to induce a system-wide fix...

Even though those same retailers have to load their prices to balance against losses due to theft and fraud...

And even though those loaded prices pretty much affect consumers everywhere... there doesn't seem to be any huge ground swell of consumer lobbying for solution...

-Chris

 

[Seevee]

The US industry has thrown "what is right" right out the window.

Lack of effective industry oversight here means it's more profitable to just pass rising fraud losses on to customers and merchants, write it off against taxes etc.

In other, more civilized, parts of the world the regulators haven't been quite as thoroughly "captured" through systemic corruption so they better look after the public interest, not just the 1%.

Our public sector has applied **zero** lessons from the 2008 collapse, which resulting depression continues to drastically impact the bottom 80% of the working population worldwide.

But since the top 10% have mostly recovered, no problem, lots of desperate workers is a feature, not a bug for the rich.

Point is, there is nothing in place to prevent the next collapse from requiring maybe even bigger bailouts.

And the sanctity of the USD as the world trading currency is ever increasingly threatened, when that is gone the whole house of cards comes down and we (the bottom 80%) join the third world.

/end rant

Yea, wish we, as a country, would do more to prevent fraud and prosecute the perps. However, might disagree on the 80%, as we ALL are affected. We all pay taxes the provides for the bail outs. And the lower 80% pay less taxes. And the 80% crowd didn't do any worse than anyone else in the collapse, as a lot of them ended up with free housing for a few years and even loan forgiveness when a lot of folks just paid their bills and struggled thru it.

And the top 10% probably loose a lot more in a collapse, but have the smarts and ability to recover.

 

[Seevee]

Your right. My brother-in-law is a restaurant owner in Vermont. Last month I asked him why he doesn't have the personnel card readers. He said he can't justify the cost since he would need at least three at ~$600/machine.

Larry,

I don't understand why he wouldn't spend the lousy $1800 to help prevent fraud in his restaurant which probably costs him a ton more. Heck, if he needs three of those machines, he's probably doing $10K in revenue a day, so the cards would cost him a few hours of revenue.

And CC fraud in restaurants is significant. Of the restaurant owners I know, they all have it... some continuously. There are so many ways to get your number its hard to imagine.

For me, it's ALWAYS cash at a restaurant... and prefer exact change. Never a CC.

 

[Seevee]

I've been lucky.... no CC fraud at all, but a few times the CC company "thought" there could be and sent me a new card. I occasionally just ask for a new card for that reason, but doubt it does a lot.

I try to order stuff from reputable companies, like Amazon or favorite vendors. I like the mom and pop stores where I know them, or a larger company that has the ability to put more fraud prevention into their system.

Now, what worries me is gas stations. I still use a CC there, because it's really convenient. Cash is a pain, having to go in, drop the cash off and if the amount is different, go back in for change. For you experts, are there any techniques to use to reduce CC fraud at gas stations?

Do the scammers have the ability to read your card from a distance, electronically? Or do they have to see it?

 

[Larry M]

Larry,

I don't understand why he wouldn't spend the lousy $1800 to help prevent fraud in his restaurant which probably costs him a ton more. Heck, if he needs three of those machines, he's probably doing $10K in revenue a day, so the cards would cost him a few hours of revenue.

And CC fraud in restaurants is significant. Of the restaurant owners I know, they all have it... some continuously. There are so many ways to get your number its hard to imagine.

For me, it's ALWAYS cash at a restaurant... and prefer exact change. Never a CC.

On a busy night he serves 200 dinners (only opened from 5-10:30pm). In the summer, 100 dinners is a good night. I guess, one reader would be at the bar and the other 2 would be split between the wait staff? He hasn't had any staff double swipe or steal CC #s. Customers using bad CC are not a problem. Who's going to use a stolen CC for a sit down meal or eat/drink at the bar? The restaurant is in a ski area in Vermont so maybe the cliental is different? Some of his wait staff has been with him for over 25 years and I know he has a bunch of regular customers that keep him alive in the off season.

His staff would love to have you for a customer. We were having breakfast one morning when I asked how many people pay with cash. He said last night he had $120. Lena and I looked at each other and laughed. $80 of that was for us. Almost everyone uses a credit or debit card. The wait staff and bartender hate it.

 

[Mike.p]

One tip we received from a police official is to never sign the back of the card. instead write in the space " ask for I.D. ". e.

I do this too

 

[BandB]

Do the scammers have the ability to read your card from a distance, electronically? Or do they have to see it?

There are many different ways they can get it at a gas station or ATM. Most of it is done by skimming by using a device at the credit card reader. If the readers all had EMV technology that would be reduced. The cost of retooling is $3.9 billion and the date has been moved back several times. The last I knew the deadline was 2020.

Here's an article on preventing credit card fraud at gas stations, but not really a solution.

https://www.gobankingrates.com/credit-cards/5-tried-true-strategies-protecting-credit-card-gas-pump/

While gas stations and ATM's are most prone to issues, let's not overlook the massive incident with Target and those with other retailers.

We're in an electronic age. Whether it's credit cards or just storage of information. We regularly have companies hacked and information stolen. While we might work hard to reduce risk, we are far from eliminating it. That's the reason we must all individually remain alert and regularly check out own accounts.

Many of the solutions, are not really. For instance, the person who won't use their card at a restaurant but then goes to an ATM before dining to withdraw cash. ATM's have been regular targets of card information theft and skimming and places of robbery.

Your real protection as an individual is twofold. It's you keeping on top of all charges to your cards and it's the fraud prevention efforts of your bank, which for most banks today has gotten very good. They are quick to put temporary holds until you confirm transactions.

Now, the one card I do not use is a debit card. Here the risk is going directly after your bank account, a slightly lower level of fraud protection, and longer time to get the charge or charges reversed. Plus it removes money from your account. The only worse exposure is if you have overdraft protection, then it removes money beyond that you have. I strongly advise against anyone having overdraft protection. One thing to allow theft of money you have but to continue beyond that is worse. Overdraft protection increases your exposure in the event of identity theft or theft by check or electronic check. I know that the only way my account would ever be overdrawn is a thief and I sure don't want protection of them.

Then there's the whole issue of passwords and codes and most people remain careless with them.

 

[HiDHo]

The CC fraud is most likely a federal offence and several web sites I yahooed give statistics and arrest information. World wide fraud in the billions, top state, Nevada, go figure. We have thought about joining LifeLock and may head that way because some of the FBI sites on CC fraud arrest shows the scope of the problem which include not only CC #'s but also your name, SSN, birth dates, address, etc. It looks like the FBI has made arrest but for bad IT types it's just too juicy a plum not to pick.

 

[BandB]

The CC fraud is most likely a federal offence and several web sites I yahooed give statistics and arrest information. World wide fraud in the billions, top state, Nevada, go figure. We have thought about joining LifeLock and may head that way because some of the FBI sites on CC fraud arrest shows the scope of the problem which include not only CC #'s but also your name, SSN, birth dates, address, etc. It looks like the FBI has made arrest but for bad IT types it's just too juicy a plum not to pick.

Identity theft is rampant. Whether signing up with LifeLock or someone else for protection is worth it, is an individual choice. There are, in my opinion, options I would select over LifeLock. Ultimately, your best protection against identity theft is careful monitoring of your credit reports. Now, most banks are providing a free service of some sort or you can sign up on a credit bureau site. The free services provide regular updates of your credit scores and do quickly notify you of any changes. Setting up alerts on your bank accounts and credit cards is also important.

LifeLock has had issues with the FTC, starting with a 2015 injunction and including a 2016 amendment. They have been found to use deceptive advertising and to fail to secure customers' information. They also have many negative reviews and complaints.

The problem with credit card theft and identity theft is when has a crime been committed and against whom. Not surprisingly, every state has slightly different laws plus there are some federal laws. The FBI does get involved and bust some massive rings. However, the small time criminal is difficult to prosecute. Most states have now made identity theft a felony and many award the victim but then the question of who was victimized and by how much becomes an issue.

 

[BandB]

One word of caution to those who feel Paypal is a safer option. Paypal has their own fraud challenges and their investigative processes can leave things in limbo for extended periods. Any payment processor is subject to fraud and problems. Paypal has their share. The larger they get the more they'll be targeted.

 

[Bigsfish]

My card has been cloned and used in various foreign countries, this has happened every year or so. Once $70K was charges for car parts, another time it approached $100K. Every time either Merrill Lynch or I caught it and it was reversed immediately. No muss, no fuss.

 

[BandB]

My card has been cloned and used in various foreign countries, this has happened every year or so. Once $70K was charges for car parts, another time it approached $100K. Every time either Merrill Lynch or I caught it and it was reversed immediately. No muss, no fuss.

Most ever charged to one of mine was $82.00. With alerts set and checking things I can't imagine it reaching your levels. Was the car parts charge a single charge?

 

[Bigsfish]

Yes and no, two transactions from the same location hours apart. ML caught that one. It has always been a CMA account card.

 

[Seevee]

One tip we received from a police official is to never sign the back of the card. instead write in the space " ask for I.D. ". It's a interesting way to see if the retailer checks the back of the card, about 90% ask for I.D.
But that still doesn't protect someone from stealing your card #'s. Our card issuer also has the algorithm theft protection so they some what protect losses. I guess they figure the losses are just part of business expenses instead of the legal cost to track down the theives.
I have noticed some internet retailers have started using a system where you enter your card #'s and verifying information non-verbally to limit exposing card information orally which might be a safer alternative.

Well, wouldn't you know it, our own US post office requires a card with a signature or they won't take it. I do the same with ask for ID, but it's hopeless as less than 10% even look at the back of it.... and I rarely give it to anyone anymore. And, if a crook had it do you think they would have a hard time signing it? And that would be easy and they they can provide another phony ID with signatures that match.

 

[Planobilly]

I buy a lot of electronic parts world wide on the internet. The far east for the most part but Europe also.

I experience issues about once a year on average. My bank finds these issues in 99% of the cases. They cancel that card and issue a new one.

I decided to have one special bank account for all online purchase and do not use that account for anything else. I also do not keep any excess money in the account. This has the effect of limiting my risk to acceptable limits no mater what the outcome could be.

I also use this account when I travel to high risk areas of countries outside of the United States.

So far I have not experienced any issues in operating in this manor.

 

[BandB]

I decided to have one special bank account for all online purchase and do not use that account for anything else. I also do not keep any excess money in the account. This has the effect of limiting my risk to acceptable limits no mater what the outcome could be.

You mention money in the account? So are you using a debit card to purchase? There's no money in a credit card account.

 

[AusCan]

I have had a few unauthorized purchases, but the funds are returned soon after reporting it. Nothing to do with the internet, as far as I'm aware.

I travel quite a bit, and hate when the bank stops payment, so I've given them a list of about 20 countries where the card could be used. I'm not overly concerned about it. If a card get used for unauthorized purchases, it is the credit card companies problem, not mine. I just have to report it.

 

[MYTraveler]

I guess it depends on what you mean by "victim". So far as I know, I have never lost a cent, but there have been fraudulent charges, most of which my credit card company confirmed with me before paying. But there have been a few that made their way to my statement. I disputed those and got full credit back without a problem.

 

[BruceK]

You mention money in the account? So are you using a debit card to purchase? There's no money in a credit card account.

There can be, you just transfer more $ to the a/c than the outstanding balance. Very occasionally, there can be reason to do so.

 

[MYTraveler]

There can be, you just transfer more $ to the a/c than the outstanding balance. Very occasionally, there can be reason to do so.

I can't imagine any good reason, but it happened to me once. My wife accidentally paid our bill for a rarely used credit card twice, so we had a credit balance on the following statement. So she paid that amount and the following month the balance had doubled. Suspecting fraud, she brought it to my attention. I think that was just her way of getting out of bill paying duties.

 

[saltcod]

One tip we received from a police official is to never sign the back of the card. instead write in the space " ask for I.D. ". It's a interesting way to see if the retailer checks the back of the card, about 90% ask for I.D.
But that still doesn't protect someone from stealing your card #'s. Our card issuer also has the algorithm theft protection so they some what protect losses. I guess they figure the losses are just part of business expenses instead of the legal cost to track down the theives.
I have noticed some internet retailers have started using a system where you enter your card #'s and verifying information non-verbally to limit exposing card information orally which might be a safer alternative.

That's all fine but here in Canada, we don't sign our credit card slips. we use p.i.n. numbers. If you don't know the p.i.n., then the transaction does not go thru.However, phone transactions are not protected by this feature. BTW, if the back of the card is not signed by the cardholder, a merchant is not obliged to honour the card.

 

[Bay Pelican]

This may be just personal experience but my guess is the majority of credit card fraud comes from someone getting the numbers on the card through internet purchases, copying the card, or hacking, not from someone physically stealing the card. Thus the signature on the back of the card is not the most important issue.

The United States is way behind the curve in credit card protection. It resisted the introduction of the chipped cards and still has not implemented the pin requirement. In a few places in western Europe US cards are not accepted because of the lack of a pin.

 

[BandB]

This may be just personal experience but my guess is the majority of credit card fraud comes from someone getting the numbers on the card through internet purchases, copying the card, or hacking, not from someone physically stealing the card. Thus the signature on the back of the card is not the most important issue.

The United States is way behind the curve in credit card protection. It resisted the introduction of the chipped cards and still has not implemented the pin requirement. In a few places in western Europe US cards are not accepted because of the lack of a pin.

Internet theft of card information is a very small percentage of the problem. Skimming, card theft, copying are far more common. Then accessing the card processors and stealing the information from them has happened several times. The vast majority of internet merchants never receive the information necessary to commit fraud. Most internet sales with any form of substantial business entity go directly to the card processor. Even when you store the card number for repeat usage, the merchant doesn't have all the information, they have a token from the processor.

Credit card processors, banks, stores and many other entities have been breached and card information taken. Whereas the waiter or bartender gets one card at a time, in these breaches they get tens or hundreds of thousands.

As to the US trailing in card protection, absolutely. There's a very strong incentive now for merchants to update their equipment to EMV, If they process a fraudulent card on a machine that doesn't have an EMV reader, they may have to absorb the loss. Similarly if a merchant disables 3DSecure or similar technology online they may have to absorb. Otherwise, the vast majority of the time, the bank absorbs the loss.

Here is an article discussing the above.

https://www.quora.com/When-a-stolen...a-chargeback-is-then-filed-who-takes-the-loss

 

[BandB]

One more item in card fraud protection and that is that the market for selling volumes of cards or other private information is The Dark Web. Law Enforcement and Bank and credit card security services are regularly checking it and searching today.

 

[Simi 60]

One tip we received from a police official is to never sign the back of the card. instead write in the space " ask for I.D. ". It's a interesting way to see if the retailer checks the back of the card, about 90% ask for I.D.
.

I don't have a credit card or bank account eftpos card but my wife does and I use them with her name on them all the time.
For near 10 years I have made purchases all over the world online and over the counter, not once has the female name on the card been an issue.
Pin numbers, numbers on the back for online purchases and now tap and go for eftpos cards makes it easy.

 

[ranger58sb]

The United States is way behind the curve in credit card protection. It resisted the introduction of the chipped cards and still has not implemented the pin requirement. In a few places in western Europe US cards are not accepted because of the lack of a pin.

I suspect the ball is in the merchants' (point of purchase) court, now.

Chip card distribution seems to have reached critical mass.... but shops don't have chip readers... and the ones that do mostly aren't requiring pins.

Skimming happens in restaurants (for example), cards are used at retailers...

Bank feels no pain, restaurant feels no pain, card holder feels no pain (perhaps not noticing the higher cost of goods and services across the board caused by credit card fraud)...

-Chris

 

[BandB]

I suspect the ball is in the merchants' (point of purchase) court, now.

Chip card distribution seems to have reached critical mass.... but shops don't have chip readers... and the ones that do mostly aren't requiring pins.

Skimming happens in restaurants (for example), cards are used at retailers...

Bank feels no pain, restaurant feels no pain, card holder feels no pain (perhaps not noticing the higher cost of goods and services across the board caused by credit card fraud)...

-Chris

The burden is on all of us. Users can be more diligent in watching for fraud. Merchants must add the equipment, whatever it costs, and the issuers have found that the only way to get them to do so is to hold them accountable if they don't. Card issuers must continue to upgrade their protections and continue to spend on new and better security systems.