Credit Card Fraud

[dirtypool40]

IBILLCS was charged to me too. So was some "downloadMP3" site. Neither of these charges I recognized, and just happened to be lucky checking my account that day and caught things when there were "only" about $60 charged.

I called IBILLCS, they seem to be a legit company, that does billing for various merchants.

This one happened to be an internet charge. The conversation went something like this....

"but I don't pay for internet, we have it at the office"

"No, Sir, it's for a website"

"I don't have a website"

"You subscirbed to one"

"No, I didn't. wait ........ ok I"ll bite, which one?"

(I could not make this sh1t up if I tried) "uh......girls go both ways dot com".

"Ok, let's go ahead and file this as a fraud claim".

" No problem, sir".

Actually they were very nice and did refund my money. They also gave me the email address of the goober in SINGAPOR (!!) who is using my CC# to get porn.

I shut off the cards but now I am stuck in South America waiting for replacements. Eating lots of PB&J this week.

[michael_aos]

12/28/2004 WNT*SETSYSTEMS SW SALE ($21.23)

12/27/2004 WWW.MP3DOWNLOADING.COM ($35.94)

12/28/2004 PAYPAL $60.14

12/27/2004 INTERACTIVE CLASSIFIED N ($9.95)

12/25/2004 PAYPAL ($62.37)

 

 

[raz-0]

Just because the fraud is happening online doesn't mean that is where the theft of the card number originated. A whole mess of visa numbers got out into the wild, in fact I think I just got snagged this month by someone in texas ordering restaurant chain gift cards. Still persuing it.

The AMEX one time use card number was piloted, annoucned for nationwide rollout, then promptly canceled.

At least my MBNA visa offers shop safe, which is another one time use thing. Just noticed this, so I'll have to start using it.

[dirtypool40]

12/27/2004 WWW.MP3DOWNLOADING.COM ($35.94)

yup, that's the second one.

I know these folks probably aren't the culprits, it's just where the scumbag thief went to use my #.

[weebles]

i dont like ordering stuff over the internet

[EricW]

Everybody blames the internet, yet internet transactions are far and away the most secure ways in which we use our credit cards. I've got $20 that says 95% of credit card # thefts were *not* stolen directly off the net, but came from other sources. I, for one, am exceedingly happy that I NEVER have access to anyone's CC# so I don't have to worry about human security issues.

[Rob Boudrie]

The actual transmission of credit card data using SSL is generally regarded as secure, however, there are potential problems with on-line credit cards:

1. If the server is not "hardened", and credit cards numbers are stored on-line in unencrypted format, there is a treasure trove of cards for a hacker to grab. A dumpster diver is not going to get a year's worth of card data - a hacker might.

2. There are numerous commerce packages which run on SSL enabled servers, but do not enforce the security policy for the server. If you get OS commerce, Miva Merchant, etc. and put it on a generic Linux or Windows box, but do not shut down all unused ports, deny shell access to users, keep up to date on all patches, avoid any possibility of sql injections, etc. you are setting yourself up for an "incident". Security is nearly a full time job, not something you set on your server by adding a password. Based on Brian's comments, it appears he made the same decisions for his cart which I did for uspsa.org, and for the same reason.

3. Anyone near your building can check to see if you left unshreaded data in an unlocked dumpster. Anyone on the internet can check your server for security problems.

4. There is the issue of the "level of care" given credit card numbers once collected - who has access, how often is data purged, are steps taken to assure that credit card numbers and the passwords to access them are never sent in plain text? (When I change passwords on the credit card systems, I fax the new ones to USPSA HQ rather than email them in).

[EricW]

4. There is the issue of the "level of care" given credit card numbers once collected - who has access, how often is data purged, are steps taken to assure that credit card numbers and the passwords to access them are never sent in plain text?

That is the #1 issue I've seen in my personal experience: custodianship. I still believe that unsecured mailboxes, waiters, waitresses, and gas station attendants are a far greater risk than using my CC to pay my phone bill over the internet.

[Rob Boudrie]

4.  There is the issue of the "level of care" given credit card numbers once collected - who has access, how often is data purged, are steps taken to assure that credit card numbers and the passwords to access them are never sent in plain text?

That is the #1 issue I've seen in my personal experience: custodianship. I still believe that unsecured mailboxes, waiters, waitresses, and gas station attendants are a far greater risk than using my CC to pay my phone bill over the internet.

Interesting example and no doubt true. The "phone companies" are full time commercial concerns with people dedicated to their on-line transaction systems. It's the small businesses and do it yourselfers which result in "hit & miss" with respect to the level of actual security of the stored data. Care to gues show many small on-line stores use OsCommerce, Miva, Able, etc. on a shared server without any idea as to the steps taken to maintain system security?

Since you aren't liable for fraud, it's a "hassle factor." It;'s also another reason to never have a debit card .... one fradulent charge can set a chain reaction of bounced checks in motion compounding the mess, leaving the unresolved issue of who is liable for the fees imposed by a third party (for example, you bounce a check at the grocery store because your bank paid a fradulent debit card charge and your bank imposes a fee on top of the check amount).

[GlockPghLady]

Newbie here - and happened to see this topic so decided to delurk.

I had 4 fraudulent charges posted to my Visa Debit card back in Sept as well. Good thing I check that account online daily. They had me for about $150 total. Someone had signed up for Porn and Music download sites.

I called and cancelled the card immediately. Still had to do a few go rounds with the bank to convince them the charges were truely fraudulent. Had to file a police report and try to get the charges cancelled from the companies who made the charges to my account. Two were to IBILLS who gave me no problem reversing the charges. Two were to CCBILLS who were MF'ers and refused to reverse the charges. The bank had to intervene to get those credited.

I just got a letter last week from the bank concluding these were indeed fraudelent charges.

I figured since I do a lot of online purchases someone had hacked my number or an employee of one of the sites had used my CC#.

Funny thing was the year before the bank had cancelled my Visa Debit card and issued me (and a lot of other customers) a new one since some website that acts as a repository for a number of merchants had been hacked.

Since then except for one site - Amazon - where I do some selling, no one else has my CC#'s. I got a Citibank Visa for online purchases since they offer a virtual # that generates a new CC# each time used. Discover offers the same service.

So that's my adventure in the world of CC fraud. I've since been keeping a close eye on my Credit Report and all cards just to make sure I don't suffer identity theft.

[waktasz]

I had a similar issue but I caught it by checking my statements online probably while the person was using it. I had payments to IBillCS.com and mp3downloading.com

The only two things from your lists that I also had charges from were Benos's store and Brownells. I've since had it corrected and don't want to necropost this thread but I thought I'd just note it for you guys how have also had issues.

[Dead Buff]

It appears as if iBillCS is targeting BE.....

[raz-0]

It appears as if iBillCS is targeting BE.....

how do you arrive at that conclusion?

[geezer-lock]

Sign up for a AT&T Universal Card. They offer a "virtual" card service that really works. Never use your real number on-line again.

geezer

[carinab]

Anyone got a web link or other resource for the commerce laws? I know what discover says their policy is but I'd like to know what the laws are. When I google I get way too much to sort through (although I'm probably entering my search criteria badly).

[paraman1]

I have been nailed by the SKYPE.NET and the W-P internet hosting one in the last 3 months . It has been a pain getting my credit card company to deal with it . They send me paperwork , I fill it out , they say they never got it and put the charges back on my account .

Just curious but does anyone besides me here have a Paypal account ? I am wondering if thats where my info got taken from as I cancelled my first card and when I got the new one I updated my Paypal account and then the second one showed up . Ipulled the info from my account and changed my password so hopefully that helps .

[davidwiz]

Anyone got a web link or other resource for the commerce laws?

This seems to have a link to most of the relevant laws.

The Uniform Commercial Code (UCC) is also relevant, as is the regs that the Federal Trade Commission puts out, which are codified in the US Code.

[Dead Buff]

It appears as if iBillCS is targeting BE.....

how do you arrive at that conclusion?

The only ever internet/CC transaction my wife made was to order me a Christmas gift from the BE store...and see the first couple of posts in the thread. This is most probably not BE's or his merchants fault, but some other idiot who get a hold of the CC nr's off the merchants web site....IMHO

[The Hangin' Chad]

I received this in an email a while back, appearently, this came from some branch of Florida law enforcement. Notice how none of this is internet related.

CREDIT CARDS SCENE 1

A friend went to the local gym and placed his belongings in the locker. After the workout and a shower, he came out, saw the locker open, and thought to himself, "Funny, I thought I locked the locker. Hmmmmm." He dressed and just flipped the wallet to make sure all was in order.

Everything looked okay - all cards were in place. A few weeks later his credit card bill came - a whooping bill of $14,000! He called the credit card company and started yelling at them, saying that he did not make the transactions. Customer care personnel verified that there was no mistake in the system and asked if his card had been stolen.

"No," he said, but then took out his wallet, pulled out the credit card, and yep - you guessed it - a switch had been made. An expired similar credit card from the same bank was in the wallet. The thief broke into his locker at the gym and switched cards.

Verdict: The credit card issuer said since he did not report the card missing earlier, he would have to pay the amount owed to them. How much did he have to pay for items he did not buy? $9,000! Why were there no calls made to verify the amount swiped? Small amounts rarely trigger a "warning bell" with some credit card companies. It just so happens that all the small amounts added up to big one!

SCENE 2

A man at a local restaurant paid for his meal with his credit card. The bill for the meal came, he signed it, and the waitress folded the receipt and passed the credit card along. Usually, he would just take it and place it in his wallet or pocket. Funny enough, though, he actually took a look at the card and, lo and behold, it was the expired card of another person.

He called the waitress and she looked perplexed. She took it back, apologized, and hurried back to the counter under the watchful eye of the man. All the waitress did while walking to the counter was wave the wrong expired card to the counter cashier, and the counter cashier immediately looked down and took out the real card. No exchange of words --- nothing! She took it and came back to the man with an apology.

Verdict: Make sure the credit cards in your wallet at yours. Check the name on the card every time you sign for something and/or the card is taken away for even a short period of time. Many people just take back the credit card without even looking at it, thinking that it has to be theirs.

FOR YOUR OWN SAKE, DEVELOP THE HABIT OF CHECKING YOUR CREDIT CARD EACH TIME IT IS RETURNED TO YOU AFTER A TRANSACTION!

SCENE 3

Yesterday I went into a pizza restaurant to pick up an order that I had called in. I paid by using my Visa Check Card which, of course, is linked directly to my checking account. The young man behind the counter took my card, swiped it, then laid it flat on the counter as he waited for the approval, which is pretty standard procedure.

While he waited, he picked up his cell phone and started dialing. I noticed the phone because it is the same model I have, but nothing seemed out of the ordinary. Then I heard a click that sounded like my phone sounds when I take a picture. He then gave me back my card but kept the phone in his hand as if he was still pressing buttons.

Meanwhile, I'm thinking: I wonder what he is taking a picture of, oblivious to what was really going on. It then dawned on me: the only thing there was my credit card, so now I'm paying close attention to what he is doing.

He set his phone on the counter, leaving it open. About five seconds later, I heard the chime that tells you that the picture has been saved. Now I'm standing there struggling with the fact that this boy just took a picture of my credit card. Yes, he played it off well, because had we not had the same kind of phone, I probably would never have known what happened.

Needless to say, I immediately canceled that card as I was walking out of the pizza parlor. All I am saying is, be aware of your surroundings at all times. Whenever you are using your credit cards, take caution and don't be careless. Notice who is standing near you and what they are doing when you use your card. Be aware of phones because many have a camera phone these days.

When you are in a restaurant and the waiter/waitress brings your card and receipt for you to sign, make sure you scratch the number off. Some restaurants are using only the last four digits, but a lot of them are still putting the whole thing on there. I have already been a victim of credit card fraud and, believe me, it is not fun. The truth is that they can get you even when you are careful, but don't make it easy for them.

FORWARD THIS TO AS MANY PEOPLE AS YOU CAN THINK OF. LET'S GET THE WORD OUT

[waktasz]

IBILLCS was charged to me too. So was some "downloadMP3" site. Neither of these charges I recognized, and just happened to be lucky checking my account that day and caught things when there were "only" about $60 charged.

I called IBILLCS, they seem to be a legit company, that does billing for various merchants.

This one happened to be an internet charge. The conversation went something like this....

"but I don't pay for internet, we have it at the office"

"No, Sir, it's for a website"

"I don't have a website"

"You subscirbed to one"

"No, I didn't. wait ........ ok I"ll bite, which one?"

(I could not make this sh1t up if I tried) "uh......girls go both ways dot com".

"Ok, let's go ahead and file this as a fraud claim".

" No problem, sir".

Actually they were very nice and did refund my money. They also gave me the email address of the goober in SINGAPOR (!!) who is using my CC# to get porn.

I shut off the cards but now I am stuck in South America waiting for replacements. Eating lots of PB&J this week.

EXACTLY!!!

I had a girlsgobothways.com and a mp3downloading subscription.

Call IBillCS back and get the email address and IP used to register that website account. I did and reported it to my bank, who is reporting it to Secret Service (they handle this type of thing but I wonder how high priority my ~$70 is)

[davidwiz]

I received this in an email a while back, appearently, this came from some branch of Florida law enforcement. Notice how none of this is internet related.

That's BS. You've got at least 30 days to report fraudulent charges on a CC, by federal law, and the most the cc company can whack you for is $50 for fraudulent charges.

[Rob Boudrie]

I received this in an email a while back, appearently, this came from some branch of Florida law enforcement. Notice how none of this is internet related.

That's BS. You've got at least 30 days to report fraudulent charges on a CC, by federal law, and the most the cc company can whack you for is $50 for fraudulent charges.

And, the standard is "from the time you know the card was stolen".

[davidwiz]

You might not know that your card was stolen until you look at your monthly bill. From the FTC's web site:

By law, once you report the loss or theft, you have no further responsibility for unauthorized charges. In any event, your maximum liability under federal law is $50 per card.

If you suspect fraud, you may be asked to sign a statement under oath that you did not make the purchase(s) in question.

From the FTC's page on what to do if your card is lost or stolen:

Credit Card Loss or Fraudulent Charges (FCBA). Your maximum liability under federal law for unauthorized use of your credit card is $50. If you report the loss before your credit cards are used, the FCBA says the card issuer cannot hold you responsible for any unauthorized charges. If a thief uses your cards before you report them missing, the most you will owe for unauthorized charges is $50 per card. Also, if the loss involves your credit card number, but not the card itself, you have no liability for unauthorized use.

I think posting alarmist, inaccurate things like the above poster did (not Rob) is not helpful.

[Nik Habicht]

I think posting alarmist, inaccurate things like the above poster did (not Rob) is not helpful.

Counterpoint: I thought it was helpful --- since it caused you to research the situation and post a synopsis of cardholder's rights, for lack of a better term. If it ever happens to me, I'll have more of a clue that the bank's trying to get away with stuff they're not entitled to......

[The Hangin' Chad]

Excuse me David

What you point out makes sense. But whether or not it is true, I really don't know.

I personally have experienced the interpretation of the words change when the attourney's get involved.

It does amaze me that out of that long post (I appologize for the length, I didn't realize how much content was there) you pin point in on something like that.

Please tell me you do realize that the post was intended to show other ways of how easily your credit card info. could be stolen.

I personally received this email from a police officer, and I was very glad this person sent this to me.

Please excuse the ---- out of me for trying to help you out.

THC