Credit Card Fraud Alert

[Porthole 15]

There are programs which can generate credit card numbers that would appear valid, because there is an algorithm used.  Typically, the first 4 digits are like a routing number, that's the issuing bank.  So, even if your card made it to your house fine, then never left, and was never even used, someone could still generate a valid credit card number and attempt to use it.

 

On Visa and MC cards it is the first 6 numbers that are a BIN, Bank Identification number, Wells Fargo, Citibank etc. That leaves the next 10 numbers, the 3 digit CCV code and your zip as the card info. There are programs in place that use random generators to take those 3 sets of numbers and output card info, which then is randomly run around the net until a combo works. Typically you will see a $1 charge. That is the test that shows a valid combo.

 

I just went through this the past 3 weeks for the 3rd time since last May. I have learned a lot and was thinking about posting that info here if there was any interest.

 

Some very key points:

• credit cards and debit cards are not the same. I know everyone knows that, what I am referring to are how they are handled when fraud strikes and how the federal regulations affect each.
• Stop using debit cards, you are at the most risk
• "Zero liability" is not exactly zero liability in the short term.
• Set text, mobile or email alerts with low limits. Email takes too long so mobile texts are best
• Check you limits - turns out my debit card had a $10,000 daily POS limit!

 

Another popular thing to do after grabbing a credit card number is to buy a green dot, net spend, or Amex reload able card and erase the magnetic strip and write their own information in. This is how a credit card could be used in a physical store. And if you're wondering how they make it look real all it takes is acetone and an embossing machine to redo a ready use card. Takes two hours max.

 

 

The newest Discover cards have no embossing, the numbers are screen printed on the rear.

 

 

My latest fraud hack was $4800+.

 

If there is interest I will post my stuff.

 

BTW - did you know that the password hacking programs are capable of running 300,000 hits per minute trying to crack passwords?

 

Did you know that there is a simple password generator that is by almost all means foolproof?

[Recon Racoon 49]

300,000 is if you have a great processor and enough RAM to handle the brute force cracking or dictionary attack. If you have lesser equipment it's more than likely it'll be closer to the 10-20k range.

 

The thing about generated passwords though is if your computer is already compromised and you don't know it then a key logger can screen grab or log what's going in. Which is why a nice sturdy anti virus and decent firewall are must haves for the computer security concious. Especially if it lets you monitor real time TCP/IP outgoing and incoming connections.

 

I did not know that about the new discover cards. Kinda weird to be honest. How are they preventing fraud with screen printed fonts?

 

 

Sent from my iPhone using Tapatalk

[Njbanshee 9]

Last year my account was hacked. I was paying someone's electric bill, cell phone bill, and I think gas bill. The made large purchases till it got declined. Then they switched to $50 debits until the account was all but empty. My bank gave me every dime back, but it took about two weeks. I tried to press charges, but I don't think they ever did.

[MikeL 3]

The newest Discover cards have no embossing, the numbers are screen printed on the rear.

 

How does that prevent fraud? 

[EWC88 24]

That's crazy, this just happened to my girlfriend on Friday. She was checking her CC information and say a $141 purchase at some entertainment company in San Fran. She called her CC company which is our bank as well, and they stated the person tried making 3 purchases. But only was able to make one because they canceled the other two purchases.

 

They were able to get it they believe because month or so ago she texted me her card info to pay a bill for her, so they got her info that way.

[Scorpio64 5,177]

.........

 

As a precaution, make sure your computer antivirus is up to date and do a full scan, and try running a program like Malwarebytes Anti-Malware to scan for something like a trojan horse or other malware that captured your info.  If anything is found, make sure you also change passwords once you've cleaned up the system.

 

My thoughts exactly.  When one uses a CC to make online purchases, the transaction typically occurs over a SSL server.  Meaning the information is encoded before it is transmitted to prevent snooping devices from capturing the information.  The only flaw is that the information is not encoded as it is entered on the keyboard.  That's where the trojan horses come into play.  A trojan horse can easily capture the info and forward it elsewhere before anything is encrypted.  While SSL servers do provide a layer of security, they also tend to give some folks a false sense of security.

 

There is only one computer in my house that I use for CC transactions, my "serious" work computer.  I never visit porn sites, illegal video streaming sites, download flash games or any other nonsense on this particular computer.    Every time such sites are visited, one's chances of having their PC become compromised increase.  Guys need to think of their PC as if were their "willy".  Think twice before you make a connection.  You may walk away with more than you bargained for.

[Malice4you 627]

There is only one computer in my house that I use for CC transactions, my "serious" work computer.  I never visit porn sites, illegal video streaming sites, download flash games or any other nonsense on this particular computer.    Every time such sites are visited, one's chances of having their PC become compromised increase.  Guys need to think of their PC as if were their "willy".  Think twice before you make a connection.  You may walk away with more than you bargained for.

Only problem with that is some computer viruses are network aware, so unless you have it completely disconnected from all the other computers and it has its own internet connection, there's still a chance...less of one...but still a chance...  Also, transferring files via sneakernet with a thumb drive can still cause problems, since computers often attempt to run files on insertion.  Course, even if you're rock solid on your security precautions, Target goes and fcuks up your day anyway.

 

 

Also, most of us are on a constantly connected connection these days, so keep in mind anything that is stored on NAS drives could potentially be accessed remotely - private pictures and personal information might be saved on one of these, and someone phishing around for interesting stuff might find your IP.  Many routers have very basic firewall functionality, so make sure you log into your routers and make yourself as secure as you can be - research anything you don't understand online.  And change the damned password from 12345 or password.  If you're more security minded, look into an actual hardware firewall...properly set up, it can make you a lot more secure from external attacks.  It can make you seem to not exist, which is one of the best things you can be online...

[Porthole 15]

How does that prevent fraud? 

 

I did not know that about the new discover cards. Kinda weird to be honest. How are they preventing fraud with screen printed fonts?

 

I don't know, I only brought it up because you mentioned the embossing machines.

My new cards have no raised portions.

 

Looks just like this on the front.

 

 

The back is all printed including a phone number that is actually big enough to read without a magnifying glass.

And the stripe is completely different then any other card I have. It is a a silver reflective material with holograms across the width.

Which looks something like this, without the mag stripe on the bottom.

 

[MikeL 3]

I too have the Discover IT. The holograms on the mag strip ("holomag") don't do anything really; they're for visual inspection which, as we know, virtually no cashier does.

[Recon Racoon 49]

I too have the Discover IT. The holograms on the mag strip ("holomag") don't do anything really; they're for visual inspection which, as we know, virtually no cashier does.

I'm probably the only one in my store that checks ID's on CC and check purchases over x amount of dollars or if they're acting very suspicious. And if I believe any kind of fraud is involved I have the right to kill the transaction before it posts. I started doing this last year after we had someone come in with a stolen CC and made erroneous charges.

 

But I was completely unaware of the holomag strip until now. Definitely something I'll have to look for from now on when checking them out.

[Malice4you 627]

Sadly, TD Bank also issues [at least debit] cards that are totally flat without imprinting now too.  It annoys me that they do this, especially when the old cards they issued in 10 minutes used to be imprinted, so not sure why they still aren't.

 

Last fall, I had fraud on my TD account, and when I went to get a new card, they did the printing right there, like they always have.  However, for some reason the printer screwed up, the girl helping me came over and showed me and said they were going to redo it.  I stopped her and asked if there was any reason I couldn't keep that one.  My debit card has a random pattern of blue stripes on it now, the account information is all 100% fine, and it's at least different looking...  No one has ever questioned it.

 

Slate cards are flat with a strangely done imprinting of the credit card number, but they at least look like a real card once you examine them. 

 

I forget who makes metal cards, but I always liked those - though those are imprinted.

[mikka1 2]

Chase Sapphire Preferred is quite hard to forge - metal with embossed (not flat at least, not sure how they do this) letters and numbers in a non-standard location, so that this card can theoretically not be copied with a usual imprinter. (Edit: By saying "copied" I meant the situation, when you have a usual embossed card - one (especially in a restaurant) can secretly make an "imprint" of all card data using a simple imprinter, or even sheet of thin paper and a pencil in a matter of seconds. It's harder for cards without embossed numbers, so I actually think new Discover IT is safer than most of imprinted cards).

 

On the other hand - you write its data to another card (flat etc.) and you are mostly good to go - nobody really checks cards now, especially if they are swiped by a customer himself/herself on a POS-terminal (like in all Walmarts etc.)

 

But in fact (while I don't have a ready-to-use and ready-to-share statistics to back this up) I suppose that most of the cards are compromised in much easier ways than copying them per se in stores/restaurants. I was actually more than surprised to read about how many people provide all their credit card details to famous Indian guys calling from "Microsoft Technical Support Department" to "clean your computer from viruses", LOL :-)))

[leahcim 680]

Sometimes, the $1.00 are "pre-charges" that a merchant may send as a test to ensure that the "real" charge will go through OK. It's usually rescinded when the real charge comes through.  A thief may also charge very small amounts to see if the card holder will notice them. Then they'll get the shipping address changed so that the goods of whatever's being charged will go to them instead of the cardholder. That happened to me (I got things shipped to me that I didn't order), and we caught it in time before they attempted something huge.

 

 

But, oddly enough, I saw a Web article on this very subject today. If you get a charge of (precisely) $9.84, it seems, it may be a fraudulent charge and a security alert.  I checked all of mine, and I'm GTG, so far. The key is checking those on-line statements, regularly... daily if possible.

I had one of those $9.84 charges on my Chase card in December.

I contacted them to have it removed and issue a new card, then today I see an article in USAToday about this!

 

I have had at least 10-15 incidents with various cards, but the CC company always cover the fraudulent charges.  I do not use a debit card, but I understand you have some limited liability with those?

[MikeL 3]

I had one of those $9.84 charges on my Chase card in December.

I contacted them to have it removed and issue a new card, then today I see an article in USAToday about this!

 

I have had at least 10-15 incidents with various cards, but the CC company always cover the fraudulent charges.  I do not use a debit card, but I understand you have some limited liability with those?

Quite limited. Something like... if you don't report the fraud within 2 business days, you're liable for up to $500 of the charges. Risk vs reward... no one should use a debit card.

[leahcim 680]

Quite limited. Something like... if you don't report the fraud within 2 business days, you're liable for up to $500 of the charges. Risk vs reward... no one should use a debit card.w

I have one that I only use for cash at ATMs, but I am reconsidering that now too--problem is, banks are reluctant to give you an ATM-only card.  They really try to push the debit cards.

[raz-0 1,259]

I have my Amex card set to send me an email any time a card not present transaction takes place.  Just got a flag that it was used on Amtrak.com for two charges, one for $101 and one for only $1.  My question is how does this happen as don't they need the four digit security code as well for an online transaction?  My card has never been out of my possession.  So, how do they do this.  I called Amex and they are sending me a new card tomorrow and will take care of the charges, but just want to know how this happens.

 

Shop at target? that big breach of 110 million + cards included the security codes. 

 

I got hit with fraud from that. I got home form work and had gotten 3 email alerts on the drive home. I got 4 more while waiting 20 minutes on the phone to have the card cut off. they funded itunes and an amazon account with them as well (amazon caught it and flagged the account immediately and was nice enough to warn me they had to do that, apple cleaned up the false charges it seems a couple off days later, still have to do some justification of legit and non legit charges form them). 

 

The charges were submitted as at least seven different vendors, many in dollar ammount the vendors don't deal in (i.e. $0.50 on itunes? $30 charge from a vendor that has you contact a salesman to talk about writing up a contract for their service?)

 

So bad stuff is going on both on the card side and processing side. 

 

I have had a ton of compromised cards over the years. Usually it's one or two things with an actual legit transaction taking place (i.e. they actually bought a service form someone legit who didn't check for fraud). This is WAY, WAY worse than that. Someone has a plan to take the card system and banks for a fair chunk of change IMO. 

 

fun times kids, fun times. 

[Howard 538]

Shop at target? that big breach of 110 million + cards included the security codes. 

 

I got hit with fraud from that. I got home form work and had gotten 3 email alerts on the drive home. I got 4 more while waiting 20 minutes on the phone to have the card cut off. they funded itunes and an amazon account with them as well (amazon caught it and flagged the account immediately and was nice enough to warn me they had to do that, apple cleaned up the false charges it seems a couple off days later, still have to do some justification of legit and non legit charges form them). 

 

The charges were submitted as at least seven different vendors, many in dollar ammount the vendors don't deal in (i.e. $0.50 on itunes? $30 charge from a vendor that has you contact a salesman to talk about writing up a contract for their service?)

 

So bad stuff is going on both on the card side and processing side. 

 

I have had a ton of compromised cards over the years. Usually it's one or two things with an actual legit transaction taking place (i.e. they actually bought a service form someone legit who didn't check for fraud). This is WAY, WAY worse than that. Someone has a plan to take the card system and banks for a fair chunk of change IMO. 

 

fun times kids, fun times. 

Nope have not gone to a Target in many years.

[raz-0 1,259]

Nope have not gone to a Target in many years.

Nieman Marcus got hit too as well as three other national retailers as yet unnamed.

 

1 in 4 cardholders were exposed they say.

[Howard 538]

Nieman Marcus got hit too as well as three other national retailers as yet unnamed.

 

1 in 4 cardholders were exposed they say.

Never go to "Needless Markup" either    About the only mall I go to is Amazon

[Porthole 15]

Someone has a plan to take the card system and banks for a fair chunk of change IMO

 

 

Consumers and vendors are the losers. The banks stand to actually] make money

[mikka1 2]

Consumers and vendors are the losers. The banks stand to actually] make money

While not arguing with the latter, I am still not sure if consumers are really the losers here. Any specific example of a customer in US to be on the hook for fraudulent credit card charges?

I personally see US Credit card market to be so extremely competitive and client centric that this client centricity can even backfire sometimes. I don't know what kind of credit card losses you actually talk about - I forgot when was the last time I actually paid for domestic air ticket, LOL...

[Porthole 15]

While not arguing with the latter, I am still not sure if consumers are really the losers here. Any specific example of a customer in US to be on the hook for fraudulent credit card charges?

I personally see US Credit card market to be so extremely competitive and client centric that this client centricity can even backfire sometimes. I don't know what kind of credit card losses you actually talk about - I forgot when was the last time I actually paid for domestic air ticket, LOL...

 

 

With my recent issue, in the end I was out 26.39. My local branch did a "customer good will" credit because I refused to close the claim with that balance.

 

The other "loss" is time. On the net it seems the average victim spends 30 hours trying to correct the fraud.

 

I have at the minimum 30 hours between phone calls, trips to the bank, local PD etc.

[raz-0 1,259]

30 hours trying to correct fraud?

 

Tip one: no debit cards.

Tip two: don't bother with the police.

 

Even this incidence which was worse than most ate up about five hours over three days.

 

Also Amex rocks for the customer. B of A had me confirm or dispute each and every charge in the last 30 days with one incident.

 

It gets more complicated for bad vendors, but an outright fraudulent charge for a single item is maybe 10-20 minutes with a rep and however long the hold is to get to them.