Got a call today from the bank that my credit card number was stolen and used to buy $219 worth of crap at a CVS in Texas. My bank (Navy Federal) automatically canceled the card, is sending me forms to fill out and return to have the charge reversed, and sending me a new card.

[/cool story bro]

Reason for the thread is, is there anything I should do now? I'm assuming the transaction happened either yesterday evening or this morning. Recently, being the past few months or so, the only places I've used my card that was unusual was an online store, http://www.braceshop.com/, and a few gas stations . I ordered a brace and received it no problems. After work yesterday I used my card at a new gas station in town right next to my work, which was the last transaction I used it for. I possibly used my credit card at a CVS or Walgreens around Christmas, and a sketch gas station pump, but that's about it.

So do I just move on from this and be more careful in the future?

[Edited on December 31, 2010 at 3:54 PM. Reason : places]

12/31/2010 3:49:45 PM

Might want to scan for a keylogger on whatever computer you made the online purchase from.

12/31/2010 3:52:22 PM

Good point...I only use my personal laptop. Any recommendations on anti-virus/spamware?

12/31/2010 3:54:55 PM

I use Norton, but no idea if it's the best, just that it came with my laptop

12/31/2010 4:10:18 PM

Two years ago I bought some stuff from a FL store....then like two weeks later I noticed a charge from CA that I had not made...kinda sucks because the thing I order was hard to find and that is why I had to buy it from a store in FL. I got the item and all and the store seemed legit....it sucked not having a card for a 10 days.

[Edited on December 31, 2010 at 4:39 PM. Reason : w]

12/31/2010 4:39:07 PM

This is why credit card > debit card

12/31/2010 4:58:07 PM

Stamps.com for all your identity theft solutions

I'm astraladvent and I approved this message

12/31/2010 8:49:51 PM

Quote :

"a few gas stations "

Skimming devices on gas stations is the most common avenue thieves use to steal your credit card info. I work in a Fraud Dept for SECU and I deal with this 4 days a week, so if you want to discuss it more just pm me.

Quote :

"So do I just move on from this and be more careful in the future?"

Pretty much. If you have to use a card, always opt for the credit card vs your debit card. And no, it's not the same when you run your debit card as a credit... Since working in this dept. I've stopped handing my card to servers to pay my bill. They walk away with your card and who's to say they aren't going to copy your card info or slide it on a skimmer in their pocket? I don't let my card leave my sight or person when in public. If using it at a new merchant online for the first time, do a little google search to make sure the company is legit. A lot of people have been dooped by fraud sites trying to purchase shoes from China this Christmas. Some sites are legit, others are not, and the ones that aren't get taken down after Christmas and the customers never get their product. Take the time to do a quick background check on unfamiliar merchants.

Use the same gas station as much as possible so you are familiar with how their machine looks. That way if a skimming device is attached, you'll be able to recognize it easier. Same with ATMs.

[Edited on December 31, 2010 at 10:32 PM. Reason : .]

12/31/2010 10:24:32 PM

Quote :

"I use Norton, but no idea if it's the best"

not even close; MSE is the best anti-virus, with comparable detection rates, much fewer false positives, lower resource consumption, and no annoying browser toolbars: https://docs.google.com/viewer?url=http://av-comparatives.org/images/stories/test/ondret/avc_od_aug2010.pdf

You should also scan with MalwareBytes and Sophos Anti-Rootkit, and if you still notice problems and the people at places like BleepingComputer advise it, consider the big guns: ComboFix.

12/31/2010 10:28:46 PM

the real guy that the movie, catch me if you can, is based on says: do NOT have a debit card with visa/mastercard functionality. not just, don't use it, he says don't even HAVE one associated with your account. He says use credit cards only and with low limits so that the worst thing that can happen is somebody steals some hopeful lender's money, not yours. He has a bunch of other advice too. Even when shit happens with your card that isn't your fault, it reflects badly upon you in secret databases maintained by the finance industry: you'll find you're suddenly and inexplicably disqualified from some financial services and transactions now. Things might be more lenient now due to the recession but I don't know.

12/31/2010 11:24:31 PM

free identity theft insurance ftw

thanks america!

12/31/2010 11:34:45 PM

Yeah, I installed and ran MSE (Microsoft Security Essentials) and it found nothing. Did a quick check on braceshop.com and found nothing (plus they have all this hoopla about being secure with payment info), so I guess it was a gas station card skimmer.

Thanks for the advice and knowledge!

1/1/2011 1:38:49 AM

my question is...if they got your number...

how were they able to purchase merchandise at a physical store? or was it purchased online in texas on the cvs site?

most stores require you to have the physical card with you, even if you know the numbers

1/1/2011 1:48:00 AM

My dad asked the same thing. My bet is that they programmed the card number into the magnetic strip on a blank card (think a wiped hotel key card) or even wiped a gift/cash card to make it look legit. I've seen it on TV documentaries so it must be for real!

That or I completely heard it wrong for some reason.

1/1/2011 2:14:47 AM

Quote :

"I've stopped handing my card to servers to pay my bill."

So you pay cash?

1/1/2011 4:01:56 AM

Burn notice is not a tv documentary

I'm astraladvent and I approved this message

1/1/2011 5:14:37 AM

Quote :

"how were they able to purchase merchandise at a physical store? or was it purchased online in texas on the cvs site? most stores require you to have the physical card with you, even if you know the numbers "

All you need is a magnetic stripe reader/writer, which can be had legally by anyone with an LLC license (which is as easy to obtain as it is to take a lollipop from a baby). From there, you can buy these magnetic r/w devices. What you do with it is another story... Most merchants selling these devices will require you to provide your LLC information, but not all. These entry level devices are as "cheap" as $100. Of course, sometimes they are sold via ebay, craigslist, or stolen from merchants.

Software is sold online from anywhere from $40-$200.

Blank smart cards can also be bought in packs, usually about $100 for a pack of 50 or so. Larger bulk can drop costs to as little as $1/card.

Once you've placed a skimmer and captured data from users (say at an atm or gas pump), you upload the information onto blank cards with your station at home. Then with a label maker, you can make each card look like an authentic bank card, with your own photo and whatever name you want.

The process is no different from say burning a CD/DVD. The concept is the same, but the devices used are different. Scary shit, and the punishment for shit like this is not severe enough imo. Cumulative charges under $500 is usually a misdemeanor with less than a year in jail. Multiple cards and higher amounts may increase the charge to a felony, but usually larger stings involve multiple parties and charges are not a severe.


With a quick search, I found this site. One of many:
http://www.incodenet.com/magnetic/msr606.htm

[Edited on January 1, 2011 at 5:41 AM. Reason : .]

[Edited on January 1, 2011 at 5:43 AM. Reason : .]

1/1/2011 5:41:40 AM

Lol a label maker wouldnt cut it to make counterfit cards. Most scammers sell your info in bulk on sites like cardersmarket. Most sophisticated operations use the same embossers and holograms that are used when your card is legitimately made.

1/1/2011 2:31:44 PM

with the PIN you just need a blank PVC card. But think back to the last 10 credit card transactions you've made. How many of those times did the cashier ask for ID?

The hologram/embossed cards are for your serious shit like multiple laptops and plasmas. Most people will just re-write legit cards with different info and take their chances. Hell every time an associate has to enter in the last 4 to combat this, they just ask me and i read off the (any) number. In fact, I've bought about 500 bucks of stuff at one store and 600 or 700 at another and I was never even ID'd. I had a company CC and I know I could have socially engineered my way through the purchase even if I had been questioned. Shit's crazy.

http://security.magtek.com/white-papers-documents/
http://twitter.com/magtek

[Edited on January 1, 2011 at 3:32 PM. Reason : ]

1/1/2011 3:27:26 PM

My debit card was recently compromised. Someone in Albany, CA spent $97 at Target. Luckily, BB&T contacted me and said they would reimburse me.

1/1/2011 8:10:02 PM

There's been a huge string of counterfeit cards in CA and TX as of the last two days, most of them at Target.

Quote :

"The hologram/embossed cards are for your serious shit like multiple laptops and plasmas."

As well as anything pharm. like Walgreens and CVS. I totally agree with what you said though GM.

[Edited on January 1, 2011 at 9:23 PM. Reason : .]

1/1/2011 9:21:54 PM

Hmm, now my credit card is not listed on my account at all. Hopefully they reset the balance to zero

1/2/2011 5:30:31 PM

^^good call. That didn't even occur to me.

[Edited on January 3, 2011 at 9:03 PM. Reason : ]

1/3/2011 9:03:29 PM

Quote :

"CVSPHARMACY #7489 Q03 BURLESON TX $219.01 "

Apparently this CVS didn't give a shit about holograms.

[Edited on January 5, 2011 at 10:11 AM. Reason : lkj]

1/5/2011 10:11:27 AM

So now my debit card was compromised. Luckily, Visa called and put a hold on my card. Now I have no monies.

1/6/2011 12:51:49 PM

just see if your bf will spot... you... wait.

oh.

1/6/2011 1:35:26 PM

exactly,


looks like I won't be able to go clothes shopping on Saturday.

1/6/2011 1:37:23 PM

poor bmel

1/6/2011 1:43:19 PM

Quote :

"Apparently this CVS didn't give a shit about holograms."

i would call them and complain

1/6/2011 4:09:54 PM

Is there anywhere the two of you have shopped together lately that both of your CC#s could have been taken from?

1/6/2011 4:11:58 PM

Amazon.com is about the only place we could think of where we both used our credit cards. I didn't buy anything from there since 12/23 though, and I bought the shoulder brace around then too (before Christmas).

I'm not certain where she fills her gas tank. Her brother did give her some bootleg software that might have gotten her number stolen with hidden spyware, but it wouldn't explain how it got my credit card too that I know of...unless it goes into your cache. I'll scan her computer.

That is, I haven't used my credit card on her computer since she got the bootleg software installed.

Could just be a coincidence, but I'm not about to just chalk it up to that.

Also, her debit card was used at a Rite Aid out in California.

[Edited on January 6, 2011 at 4:34 PM. Reason : clarify]

1/6/2011 4:27:04 PM

my friend with coastal just this call a week ago and i just got the call yesterday and i bank with suntrust. kinda scary

1/12/2011 6:07:55 AM

guess this is happening a lot. I suppose I'll stop ordering cheap stuff online.

1/12/2011 6:54:13 PM

My credit card #'s were used in georgia multiple times over a weekend before I got a txt alert from Citi. Got everything cleared with Citi the same day on a Sunday no less. Gotta say Citi has their shit on lock. They said it was more than likely the person or group just did the blank magnetic strip card thing and got lucky since I hadn't made any online purchases or gone anywhere out of the norm the few months preceding the fraud and that I still had the card with me.

[Edited on January 12, 2011 at 7:27 PM. Reason : .]

1/12/2011 7:20:54 PM

That's happened to me before. It sucked man... I'm sorry... I really feel for you

Some guy used my card and took $2,800 of it to fly to Myanmar. Talked to the bank and they gave me back my money and I had to fill out some forms.

You gotta watch out for small stuff too. Like websites that say "Don't check here to agree to these terms" because they'll take out 5 dollars here 15 there so as not to raise suspicion.

FreeCreditReport.com currently has that kind of scam going.

1/13/2011 4:07:45 AM

Somebody tried to use my CC info at El Pollo Loco and then Ames Apparel in Whittier, CA. Amex immediately put a hold on it, called to make sure that it wasn't me, cancelled it, and then mailed me a new one.

I didn't lose any money, but my the last 4 digits of my old card were "1000" and now they aren't.

1/24/2011 11:19:45 PM

AmEx Costco card was charged $1600 at a convenience store in Italy. They stopped it an issued a new card. Probably skimmed by a restaurant because I pretty much just use it at Costco and eating out.

When I first got my Amex Card I didn't use it for the first 3-4 months, didn't even activate it. Yet someone still managed to charge $500 to cafepress.com. Data center must have been hacked... crazy.

1/25/2011 2:38:49 PM

The call centers are the absolute weakest point. Pretty much anybody can do internet research on you and then call and have a new card issued.

1/25/2011 2:42:13 PM

^^^^my last 4 were "0666"

1/25/2011 2:46:29 PM

Quote :

"guess this is happening a lot. I suppose I'll stop ordering cheap stuff online. "

You don't have to do that. Just use a one time card number. With citi you can log in and get one whenever you want and it's completely free. I'm sure all the other credit card companies have something similar.

1/27/2011 9:27:53 PM