#302645 - 29/09/2007 13:25
Sick of Visa card theft
|
pooh-bah
Registered: 19/09/2002
Posts: 2494
Loc: East Coast, USA
|
I've grown tired of having to get new Visa cards because my number keeps getting stolen. I know what you'll say, "You don't HAVE to get a new card, let the thief keep your number." :P Actually, it seems like I have no choice.
Yet another new Visa card arrived in the mail today, saying my old number was stolen or is vulnerable to theft. I can only guess that the same thing happened as last time I randomly received a new card in the mail - a massive bulk compromise of thousands or millions of cards forced the issuer to proactively replace all of them.
Aren't there certain cards which are less vulnerable to bank compromise, etc? My Discover card has only been replaced once (proactively, like this one). I'd heard that's because Discover doesn't use "merchant banks", meaning only Discover issues cards and is entirely responsible for safeguarding the numbers. Whereas the more popular Visa and Master Card are issued by any old bank who could be easily compromised.
Or maybe it wasn't large scale theft and only my card was compromised. I do use it online at tons of sites, large and small. I also use it in person at many placed, even having used it a few times in the UK earlier this month.
Oh well, gone are the days when I could actually keep the same account for longer than 9 months.
_________________________
- FireFox31 110gig MKIIa (30+80), Eutronix lights, 32 meg stacked RAM, Filener orange gel lens, Greenlights Lit Buttons green set
|
|
Top
|
|
|
|
|
#302646 - 30/09/2007 13:06
Re: Sick of Visa card theft
[Re: FireFox31]
|
carpal tunnel
Registered: 20/12/1999
Posts: 31578
Loc: Seattle, WA
|
I have used debit and credit cards constantly, my entire adult life, and I have only ever had the number stolen *once*.
If it keeps happening to you, I would suggest that one of your regular haunts is repeatedly stealing the number, or perhaps is regularly the victim of dumpster-diving.
As you use the new card, I would recommend looking at every receipt you sign, and if you ever run into an establishment which doesn't asterisk-out your number on *both* copies (theirs and yours), then make sure to scratch out the number on both copies before signing and returning.
I could have *sworn* that they had passed a law (perhaps only in some states?) requiring that POS terminals asterisk-out the number. Does anyone have any links to information on this if it's true?
|
|
Top
|
|
|
|
|
#302647 - 01/10/2007 01:06
Re: Sick of Visa card theft
[Re: FireFox31]
|
carpal tunnel
Registered: 17/12/2000
Posts: 2665
Loc: Manteca, California
|
Did you receive a new terms of service agreement with the new card?
I'm wondering if the CC co is using this as a way of switching you to a new agreement.
_________________________
Glenn
|
|
Top
|
|
|
|
|
#302648 - 01/10/2007 01:35
Re: Sick of Visa card theft
[Re: gbeer]
|
pooh-bah
Registered: 19/09/2002
Posts: 2494
Loc: East Coast, USA
|
There were no new terms of service with the card, but that's a very good suspicion.
It could very well be one of my regular haunts. The last time fraudulent charges appeared on both my sister and my Visa cards (with the same merchant bank), a little Internet searching revealed that it was a massive compromise. The thieves put small charges, $9.99 to $19.99, on who knows how many thousands of cards. The Internet was full of speculation as to which database was hacked. The popular theory was: Amazon. Talk about my "regular haunt".
I heard a report recently of a gas station which didn't ***** out the number on both copies. That may explain the ONLY time my Discover card was stolen. I only use that card to book flights and pay for gas at essentially the same gas station every week. Which may explain why, one day, there were a bunch of police cars in the gas station talking to some of the workers. And may explain why the guy who always filled my tank is no longer there.
I shrug and carry on, soothed by my information protection mantra: Why bother, everyone already has my credit card information already anyway.
_________________________
- FireFox31 110gig MKIIa (30+80), Eutronix lights, 32 meg stacked RAM, Filener orange gel lens, Greenlights Lit Buttons green set
|
|
Top
|
|
|
|
|
#302649 - 01/10/2007 12:19
Re: Sick of Visa card theft
[Re: FireFox31]
|
old hand
Registered: 14/04/2002
Posts: 1172
Loc: Hants, UK
|
My credit card was used a few months ago, the company called and asked me to confirm some transactions, the two were < $10 purchases at obscure sites they said are often used with stolen card numbers prior to a big hit.
Interestingly I had only used it a few times in previous months - once as a regular debit for an Easynews subscription (unlikely to be the source), a few days earlier to purchase an LCD TV (possible, but I think they are reputable and likely to be security conscious). The previous uses were back in January at various shops and restaurants while on holiday in California - this is possibly the most likely place, although I would have thought they would make use of captured card numbers sooner.
Edited by g_attrill (01/10/2007 12:19)
|
|
Top
|
|
|
|
|
#302650 - 01/10/2007 12:23
Re: Sick of Visa card theft
[Re: FireFox31]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
You could find a card that has "virtual account numbers". I have a card that allows me to generate such card numbers. They're only valid for a single reseller, and they only last for two months, tops, so that may not solve your actual issue, but it would prevent you from handing out your real account number, and I can't see why they'd need to issue you a new card if one of the "virtual account numbers" was compromised.
_________________________
Bitt Faulk
|
|
Top
|
|
|
|
|
#302651 - 01/10/2007 15:36
Re: Sick of Visa card theft
[Re: wfaulk]
|
carpal tunnel
Registered: 13/02/2002
Posts: 3212
Loc: Portland, OR
|
Quote:
You could find a card that has "virtual account numbers". I have a card that allows me to generate such card numbers. They're only valid for a single reseller, and they only last for two months, tops, so that may not solve your actual issue, but it would prevent you from handing out your real account number, and I can't see why they'd need to issue you a new card if one of the "virtual account numbers" was compromised.
They also generally let you specify a maximum amount for the virtual account, so when you create one to pay for a $50 charge, you can limit the charges to $50, and any subsequent attempts to make charges on that account will ultimately fail.
|
|
Top
|
|
|
|
|
#302652 - 01/10/2007 16:12
Re: Sick of Visa card theft
[Re: wfaulk]
|
carpal tunnel
Registered: 20/12/1999
Posts: 31578
Loc: Seattle, WA
|
I always thought virtual account numbers were a good idea in theory, but doesn't that pollute the available address space? (What *is* the available address space for credit card numbers with their current number of digits?)
|
|
Top
|
|
|
|
|
#302653 - 01/10/2007 16:21
Re: Sick of Visa card theft
[Re: tfabris]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
That's an interesting question. The first digit specifies the card type. 3 is AmEx, 4 is Visa, 5 is Mastercard, 6 is Discover. I'm sure there are some other lesser-known ones. After that, there's effectively a single checksum digit. So that's a 14-decimal-digit address space for Visa, Mastercard, and Discover, which is 100 quadrillion combinations. (13-digit for AmEx, so only 10 quadrillion.) So that's like 50,000 numbers for each person on Earth. Probably not a big deal.
I've glossed over a lot of details that actually make the numbers less today than what I've quoted, but the fact of the matter is that there's a single checksum digit, so assuming that the cards expanded to fill the 16-digit address space, that's one quintillion numbers.
_________________________
Bitt Faulk
|
|
Top
|
|
|
|
|
#302655 - 01/10/2007 16:38
Re: Sick of Visa card theft
[Re: tfabris]
|
carpal tunnel
Registered: 20/12/1999
Posts: 31578
Loc: Seattle, WA
|
Interesting. It's actually even more complicated.
|
|
Top
|
|
|
|
|
#302656 - 01/10/2007 16:44
Re: Sick of Visa card theft
[Re: tfabris]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
Supposedly, Visa owns all the ones. Mastercard owns like half of the fives, but no one owns the rest of the fives. Amex only owns two of the threes, JCB would seem to own the rest, but they have different lengths, which puts them in different address spaces. Diners' Club and Carte Blanche used to own a number of the threes, but they've been subsumed by Mastercard, and they were 14-digit cards anyway. Also, Visa has both 16-digit and 13-digit cards, so that gives them two distinct address spaces, one of 10 quadrillion and another of 100 billion. Discover actually does own only 6011, but no one owns any other sixes.
_________________________
Bitt Faulk
|
|
Top
|
|
|
|
|
#302657 - 01/10/2007 17:58
Re: Sick of Visa card theft
[Re: tfabris]
|
carpal tunnel
Registered: 12/11/2001
Posts: 7738
Loc: Toronto, CANADA
|
Quote:
I thought that the first *four* digits of the card were the company. I guess I should look this up in wikipedia. 
The first four of a Visa definitely tell you which institution issued the card. Some institutions have more than one set of 4-digit prefixes.
|
|
Top
|
|
|
|
|
#302658 - 02/10/2007 04:52
Re: Huh?
[Re: tfabris]
|
carpal tunnel
Registered: 17/12/2000
Posts: 2665
Loc: Manteca, California
|
So if the CC # includes coding for the issuing company - Why the heck do I always have to identify which company on web forms?
_________________________
Glenn
|
|
Top
|
|
|
|
|
#302659 - 02/10/2007 09:30
Re: Huh?
[Re: gbeer]
|
carpal tunnel
Registered: 24/12/2001
Posts: 5528
|
Quote:
So if the CC # includes coding for the issuing company - Why the heck do I always have to identify which company on web forms?
Extra verification to say that you're legit
|
|
Top
|
|
|
|
|
#302660 - 02/10/2007 13:05
Re: Huh?
[Re: tman]
|
carpal tunnel
Registered: 12/11/2001
Posts: 7738
Loc: Toronto, CANADA
|
Quote:
Quote:
So if the CC # includes coding for the issuing company - Why the heck do I always have to identify which company on web forms?
Extra verification to say that you're legit
I think it's more to do with default programming. It means the designer of the cart software didn't have to put in any tables to identify the card type. Just another step to skip in field validation.
|
|
Top
|
|
|
|
|
#302661 - 02/10/2007 14:41
Re: Huh?
[Re: hybrid8]
|
carpal tunnel
Registered: 24/12/2001
Posts: 5528
|
Quote:
Quote:
Quote:
So if the CC # includes coding for the issuing company - Why the heck do I always have to identify which company on web forms?
Extra verification to say that you're legit
I think it's more to do with default programming. It means the designer of the cart software didn't have to put in any tables to identify the card type. Just another step to skip in field validation.
When I wrote some cart software for somebody, the reason for asking for the issuing company is to help spot stolen CCs. Not everybody can be bothered/knows how to find the issuing bank from the BIN. Even if they did know it, it'll be suspicious if they're using an Australian bank CC to mail order stuff to a American address etc...
|
|
Top
|
|
|
|
|
#302662 - 02/10/2007 18:46
Re: Huh?
[Re: tman]
|
carpal tunnel
Registered: 12/11/2001
Posts: 7738
Loc: Toronto, CANADA
|
Sorry, I didn't mean to imply identifying the actual issuing institution, just the card type. It would be totally impractical to maintain a list of issuers for VISA and MC. Though I've also never seen any cart software asking for such information, just what type of card is being entered. Sometimes the form will reload to show particulars for the card type (such as field length restrictions).
|
|
Top
|
|
|
|
|
#302663 - 02/10/2007 22:17
Re: Sick of Visa card theft
[Re: wfaulk]
|
pooh-bah
Registered: 19/09/2002
Posts: 2494
Loc: East Coast, USA
|
Quote:
virtual account numbers
That is an interesting idea! However, I thought credit card account numbers somehow encoded your name. I'll swear that I validated this claim sometime in my young life while trying to make up random credit card numbers to register with AOL 2.0. I think the card verification was an offline system (because my modem wasn't dialed in), so I was convinced that it had the name decryption algorithm built in. Who knows though...
_________________________
- FireFox31 110gig MKIIa (30+80), Eutronix lights, 32 meg stacked RAM, Filener orange gel lens, Greenlights Lit Buttons green set
|
|
Top
|
|
|
|
|
#302664 - 03/10/2007 05:04
Re: Sick of Visa card theft
[Re: g_attrill]
|
carpal tunnel
Registered: 30/04/2000
Posts: 3810
|
It's possible that I've been victimized as well, but I'm not sure. There was a charge last Friday for $18 to Alamo Rent-a-car on my account. I don't use Alamo. When I rent cars, I use Hertz.
I called my Chase Visa card's 800-number. They said I might want to double-check with my wife. So I did. She didn't do it either. I called back and spoke to them again. "Well, your card was swiped." (Implicit: you swiped it.) I offered that it's just as possible that somebody copied my account information to the back of a blank card. Anyway, all they could tell me is that the charge came from "Santa Clarita", but that could well have nothing to do with where the charge actually occurred. So, they said they're going to ask the vendor to produce the slip with my signature. We'll see how this pans out. I can't wait.
(If this really was some kind of theft, though, wouldn't you think the thief would go for something more impressively expensive, like consumer electronics or something?)
|
|
Top
|
|
|
|
|
#302665 - 03/10/2007 07:03
Re: Sick of Visa card theft
[Re: DWallach]
|
carpal tunnel
Registered: 18/01/2000
Posts: 5682
Loc: London, UK
|
Quote:
(If this really was some kind of theft, though, wouldn't you think the thief would go for something more impressively expensive, like consumer electronics or something?)
Credit card companies have fraud detection people and algorithms. I don't know how effective they are, but they might be capable of detecting impressively expensive things, making the fraudster's efforts wasted.
On the other hand, low value things like this will probably go straight through, and the odds are that you might not notice either.
_________________________
-- roger
|
|
Top
|
|
|
|
|
#302666 - 03/10/2007 08:15
Re: Sick of Visa card theft
[Re: DWallach]
|
old hand
Registered: 14/04/2002
Posts: 1172
Loc: Hants, UK
|
I believe that the majority of card fraud is things that can be liquidated as easily as possible. eg. quite a lot of reports I hear about in the UK is prepaid phone top-ups - I think either the voucher or the use of the card is sold to somebody to top up the maximum allowed. I presume the phone company reverses the top-up when the fraud is reported or just doesn't bother - I very much doubt that anybody follows up with the user of the phone.
Another one is full-fare (flexible) airline flights - apparently because with some companies you can get a refund in cash even if the tickets were purchased on a card.
|
|
Top
|
|
|
|
|
#302667 - 03/10/2007 11:30
Re: Sick of Visa card theft
[Re: DWallach]
|
veteran
Registered: 25/04/2000
Posts: 1522
Loc: Arizona
|
Quote:
I called my Chase Visa card's 800-number. They said I might want to double-check with my wife. So I did. She didn't do it either. I called back and spoke to them again. "Well, your card was swiped." (Implicit: you swiped it.) I offered that it's just as possible that somebody copied my account information to the back of a blank card. Anyway, all they could tell me is that the charge came from "Santa Clarita", but that could well have nothing to do with where the charge actually occurred. So, they said they're going to ask the vendor to produce the slip with my signature. We'll see how this pans out. I can't wait.
Its been my experience that dealing with Chase just isn't worth the hassle. I can't stand their customer service. Because of that customer service, I have two open, but inactive (the cards expired in 2002 and 2004), accounts with them and have no plans of ever reactivating the cards to those accounts.
|
|
Top
|
|
|
|
|
#302668 - 03/10/2007 12:16
Re: Sick of Visa card theft
[Re: DWallach]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
Quote:
There was a charge last Friday for $18 to Alamo Rent-a-car
...
If this really was some kind of theft, though, wouldn't you think the thief would go for something more impressively expensive, like consumer electronics or something?
How about an automobile?
I mean, I have no way to know if he stole that car from Alamo, but that would be a pretty good scam. Rent a car with a stolen credit card and with some fake ID for that card. Chop the car. Car rental place comes after the person whose card was stolen.
_________________________
Bitt Faulk
|
|
Top
|
|
|
|
|
#302669 - 03/10/2007 12:58
Re: Sick of Visa card theft
[Re: wfaulk]
|
carpal tunnel
Registered: 30/04/2000
Posts: 3810
|
To steal a rental car with a stolen credit card... that's entirely feasible. But why would it generate an $18 charge? Normally, the charges come at the end of the rental, not the beginning. What can you get for $18 from a car rental agency?
|
|
Top
|
|
|
|
|
#302670 - 03/10/2007 13:05
Re: Sick of Visa card theft
[Re: DWallach]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
Good point. It's been a long time since I rented a car. I'd say insurance, but that doesn't exactly seem to fit the proposed scenario.
_________________________
Bitt Faulk
|
|
Top
|
|
|
|
|
#302671 - 03/10/2007 15:55
Re: Sick of Visa card theft
[Re: FireFox31]
|
carpal tunnel
Registered: 20/12/1999
Posts: 31578
Loc: Seattle, WA
|
Quote:
I thought credit card account numbers somehow encoded your name.
No. If that were true, then a bank couldn't issue you a new card with a new number. Or worse, someone who knew the algorithm could reverse-engineer the credit card number from your name and make purchases on your behalf.
Quote:
I'll swear that I validated this claim sometime in my young life while trying to make up random credit card numbers to register with AOL 2.0. I think the card verification was an offline system (because my modem wasn't dialed in), so I was convinced that it had the name decryption algorithm built in. Who knows though...
No, all you validated was the Single Digit Checksum.
|
|
Top
|
|
|
|
|
#302672 - 05/10/2007 22:33
Re: Sick of Visa card theft
[Re: DWallach]
|
pooh-bah
Registered: 19/09/2002
Posts: 2494
Loc: East Coast, USA
|
Search online for some keywords about this suspected fraud. With any luck, you'll find a thread on dslreports.com loaded with other victims of this fraud. This is how I validated a $9.99 charge on my (and a family member's) card as a massive wide spread charging of tiny amounts to fly under the radar.
Bitt's got a great idea, though. But is it worth it for Ford Focus parts?
_________________________
- FireFox31 110gig MKIIa (30+80), Eutronix lights, 32 meg stacked RAM, Filener orange gel lens, Greenlights Lit Buttons green set
|
|
Top
|
|
|
|
|
#302673 - 10/10/2007 01:30
Re: Sick of Visa card theft
[Re: FireFox31]
|
new poster
Registered: 24/08/2000
Posts: 33
|
Inadvertent fraud is even more annoying.
Several years ago I stayed at the Holiday Inn Munich North. One night. It sucked. What a dump.
Last summer I get an Amex bill for the Holiday Inn Munich North. Turns out another "Ian Kennedy" stayed there and upon checking out the clerk charged it to the first "Ian Kennedy" in the system. Me.
Amex refused to reverse the charge. They said they had proof that "Ian Kennedy" stayed there. Indeed they did, a guy by the same name that lives in the UK, as I had a copy of the reservation card that clearly showed it was not me. I live near Seattle.
None of the mattered. They had their "proof." Three levels of escalation didn't matter, the people on the phone were all quite polite but after every call session I'd get a letter from some douche-bag telling me they had their "proof."
But, since it was a corporate card I just sicked the lawyers on them. Didn't hear anything after that, and I got a new number.
So, it might not always be intent, just incompetence.
|
|
Top
|
|
|
|
|
|
Previous Topic
Index