My Credit Card was hijacked...

[DigiSLR]

My credit card company just called me and apparently someone has been making on line purchases with my account number. This particular account hasn't been used in the past 2 or 3 years EXCEPT for 2 recent purchase. One from B&H and one from Adorama.

I shred all my statements and receipts, I'm single, and I make darn well certain I check my PC for spyware, keyloggers, and viruses.

My accounts been closed and the charges have been removed, but it still worries me that someone, somehow, got my information...

I've done plenty of business with both B&H and Adorama in the past, I just can't help but wonder if someone there may have taken my info and started making purchases...

[jagphoto]

I am so sorry that happened to you Matt! I am glad the credit card company took care of everything for you. Just make sure you get a copy of your credit report and make sure there is nothing on that.

[ndsimm]

Sorry to hear this happened, but you might want to also call the credit bureaus and put a fraud alert on all your credit reports so no one applies for any new credit and buys a Jag or something

[DigiSLR]

I subscribe to a credit monitoring service, and ANY inquiry or application for new credit generates an email and report to me. I haven't received any notices, so I am hoping that someone was just using the account number and made some on line purchases.

I'd love to be behind the scenes and see where the orders were shipped to and find out if they ever actually catch anyone.

[Michelle Allmon]

It's very possible that an employee took it, it happens at very reputable businesses. You also could have dropped a receipt, someone could have gone thru your garbage or their garbage. Most businesses don't shred. Heck, someone with a 600mm hiding in the bushes could have snapped a picture of you holding it. :D

[CobyPhoto]

Join the club. Just recently someone went to town with my main business card and did about 6,800.00 worth of damage in a couple of hours...bank cut them off after that. (Total attempted transactions...15,680.00) I, fortunately did not lose anything, however, having to close accounts and deal with all that mess was a major headache.

Bet you money one of the employees at one of the two places you ordered stold your information. This is becoming more and more common.

Just so you know, this was the result of using my card in a store and entering a pin number. The stolen information was used like a debit transaction on line. NEVER use a pin number at a store.

My problem is with the companies that will allow use of the card and ship to addresses other than billing address, with no history of useage or prior arrangments.

CJ

[AndrewCCM]

Sorry this happened to you. Fortunately, limitations on credit liability for unauthorized charges are in place. I work in IT Security and you'd be astonished at how often PII and credit fraud is done at the workplace. Some businesses with reputations to uphold (Banks for instance) have whole divisions that "manage security breaches". In particular, not only working to prevent it, but to keep it from the press. When you're dealing with people's money, reputation is everything. Don't be surprised if someday you (figuratively...not you in particular) find out that much of your information was compromised but kept under wraps. Sad but true.

Hope everything gets cleared up.

[andyz]

While it could have been someone at a store, it could be anyone along the credit card processing trail. Unfortunately these breaches are not rare. They do happen more in bulk where the disgruntled employee (of the store or a processor) stole and sold tens of thousands, hundreds of thousands or millions of numbers.

Where the fear was once the waiter with a card reader under his jacket, it is now the person getting into storage files full of this data.

Be very certain that this is a crime. Someone is losing money, be it you, your bank, a processor or a merchant. The reality is, you'll pay either directly or indirectly for this. Many of us will.

[AndrewCCM]

The ironic thing.. If a company takes credit card orders via the Internet and exceeds a certain amount per period (which both of these companies would), they are required by the Payment Card Industry to meet PCI standards. I would assume they are both subject to SOX requirements as well. In theory, if they do meet these, a CSR (employee) should not see the CC# info (unless you called it in over the phone). The database tables with PII and CC info should be encrypted with very limited access to ops staff. Perhaps it's time for an audit?? :)

You mentioned that the card hasn't been used in a few years prior...Unfortunately, many companies keep this info on file for years and we have even seen some info being compromised by employees and/or contractors while doing the work necessary to meet the newer laws pertaining to PII, SOX, PCI, etc... So it's entirely possible that neither of these companies were even a part of the breach.

Just something to consider.

[Michelle Allmon]

True dat, I use to make deposits for a store I worked at and part of my job was making sure the deposits posted for the right amount. Once, the bank posted a deposit for $80 less than it should have been. They never called, they just made the "correction" on the deposit slip. I called the bank manager and he insisted that the amount in the envelope was the amount they posted and the problem must have been on our end. I knew it wasn't and kept calling and insisted they check their own employees and security cameras. About 2 weeks later he called and said they "found" the money. I have a lot of experience in loss prevention investigation and although I don't blame the bank, it pissed me off that he was so insistent that it was not their employees. I know that was only to save face, but bad hiring decisions happen everywhere.

[TxLerman]

I can feel your pain. I've been victimized three times and I shred everything, etc. The first and second time, the culprit was employees at stores we patronzie. The third time, it was a clerk at the medical center where my wife had procedure done.

You can be extremely careful and still be a victim!

David

[AndrewCCM]

Quote:

Originally Posted by TxLerman

I can feel your pain. I've been victimized three times and I shred everything, etc. The first and second time, the culprit was employees at stores we patronzie. The third time, it was a clerk at the medical center where my wife had procedure done.

You can be extremely careful and still be a victim!

David

Those self serve swiping machines are becoming more commonplace these days. Not going to solve everything, but it is nice to get the card out of the employee's hands. The requirement to have only last few digits printed on receipts is a good thing too. Although, I still run into instances where places are not adhearing to this practice.

BTW: I have all but stop using my DEBIT card anywhere but the ATM. Nothing like a "mistake" to wipe out your bank account until they "fix" the problem. A good friend of mine had that happen...He got it fixed, but there was a couple of days where his account (money in the bank) was very messed up.

[HOUSCOUS]

Hello, Coby. Let's celebrate your fortunate in next Mojito meeting. You are buying.

[gmcrash]

I recently purchased something from B&H and about 5 days later my credit card company contacted me about some charges made at a service station in NY that day. Of course they were fraudulent.

[BlueStar-57]

Matt and all those who have been through this, I’m sorry to hear that it has happened. Others directed you to the appropriate course of actions. I too had to use a credit monitoring service when the VA lost it’s hard drive, but later canceled it since I heard nothing on it.

But now I am curious as to what is the safest practice. So far in expensive equipment all I have dealt with is Adorama and J&R. I have 2 credit cards I use. One has a $500 limit which is the main one I use making orders on the net and another one that I use that has a higher limit. Since I never want to use the higher limit one on the internet and it is the only one that has room to charge camera equipment I have been calling in my orders and giving the card information since I considered that safer than putting it on the net. With my bank I also have to call them to verify such a large charge is coming through and to let it go through. I also prevent credit card/banking information from coming in the mail (get it over the net) since there has been mail theft in the area. If someone was really smart they would just steam open the envelope, make a copy of the information and then put it back in your mail box so you would never know it was tampered with, which so far I have never heard of it happening. So now are you telling me it’s safer to use it on the net than to phone in the order?

No matter how safe you try to be it will end up being a losing battle because we will not demand the steps be taken that will put a halt to it. On phone orders or internet orders, while it’s not fun I’d rather call the bank and tell the them the charge is one I made if it is over a $100. On all other face to face or face to machine charges I’d gladly give them my thumb print for proof. And I never let my card leave my hand period. It is true you may not appear to be paying for this out of your pocket, but believe me you are through higher prices on items. I was shocked to find out how many hot checks, and fraudulent charges run through this small town and still no one checks your ID when you write a check or use a credit card. They don’t take the loss though they just jack up their prices to make up for their losses. The old saying it pays to be honest isn’t true anymore, we are all paying for all the dishonest. And the saying crime doesn’t pay, well looks like today it surely does since a slap on the wrist is all they get due to prisons overcrowding. Honesty is the best policy so I’ll stick with it even as the ship sinks hehe.