Two cards hijacked in last week!

Dec. 6th, 2015 04:56 pm
dreamshark: (sharon tire)
[personal profile] dreamshark
Two of my credit cards were hijacked in the past week.  In both cases, the illicit transaction was caught by the credit card company (Discover and Citi, respectively) who texted me fraud alerts. The Discover card has been cancelled and replaced. I got the new card in 2 days and it's back in service. I just called Citi's fraud department about today's breach. They tried to get away with "new cards will be sent in 5-7 days."  I said that would not be acceptable, please overnight them. I wasn't real impressed with the alertness of the account rep I talked to, so I repeated this point 2 or 3 times. We'll see if the cards get here.

The Discover frauds were all in-store purchases, which means that they actually stole the number and cloned the card.
Unclear about the Citi card. Both charges were in New York City, which suggests they may also have been physical cards.

If that's the case, Barnes & Noble could be in trouble as they accepted one of the two fraudulent transactions. As of October 1, any store that does not have chip-reader cards is responsible for credit card fraud. And with good reason. Cloned cards don't work on chip-reader POS terminals. So it's about time all the retailers out there quit whining and dragging their feet and just implement the new technology already.

So how did they get our card numbers? Well, as it happens these are two of our newer cards, so it's not hard to look back at the purchase history. The Discover card has mostly been used with Apple Pay, which is pretty much unhackable. And the only two retailers where we have used both the Citi and the Discover card sans Apple Pay were...  Home Depot and Ace Hardware. 
Tags:
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2015-12-06 11:55 pm (UTC)
From: [identity profile] mle292.livejournal.com
If I were sharper, I would try to remember to pay only cash at Big Box stores. Perhaps your post will remind me.

Date: 2015-12-07 12:38 am (UTC)
From: [identity profile] dreamshark.livejournal.com
I still intend to use cards at all these ineptly managed corporate entities because I want the points. The credit card companies are pretty good at catching fraud, and I do look through my credit card activity before paying the bills. About 10 years ago I caught a fraudulent transaction that the credit card company had not flagged, but they've gotten a lot better at that.

And now that I understand how Apple Pay works I want to use it everywhere. It's fast, it's fun, and it's way more secure. I'm finding it really frustrating that so many stores have terminals capable of taking it but just can't seem to get around to upgrading their firmware so it works with my card.
Edited Date: 2015-12-07 12:38 am (UTC)

Date: 2015-12-07 07:02 pm (UTC)
From: [identity profile] vgqn.livejournal.com
So how does Apple Pay work?

Date: 2015-12-07 08:36 pm (UTC)
From: [identity profile] dreamshark.livejournal.com
You link one or more of your existing credit cards to the Apple Wallet app (which typically involves taking a picture of the card and entering a verification number texted by the issuing bank).

Then instead of swiping the card, you hold your phone up to the EFT terminal and it "reads" the virtual card. From that point on it works just as if you had swiped a physical card - you use whatever signature procedure the store normally uses.

But underneath there is some kind of encrypted tunneling going on that I don't entirely understand. The result is that the merchant never gets their inept and slimy hands on your credit card information. All the info is transmitted directly to Visa, Mastercard, Amex, or Discover using a one-time token.

You need at least an iPhone 6 to use Apple Pay - unless you have an Apple Watch, in which case all you need is an iPhone 5. That's what I have. I'm not sure that digging your phone out of your pocket is any more convenient than digging out your credit card. But The Watch is right there on your wrist; all you have to do is press the large button twice to pop up your default card and hold the watch up to the terminal reader.
Edited Date: 2015-12-07 09:47 pm (UTC)

Date: 2015-12-07 03:38 am (UTC)
From: [identity profile] minnehaha.livejournal.com
I got fraud alerted that some tried to use my card to buy beer in Florida. As it happens, it was a legitimate transaction.

K. [in Fla]

Date: 2015-12-07 10:38 am (UTC)
From: [identity profile] supergee.livejournal.com
So that's why the stores are switching to chip readers. I consider them an annoyance but not bad enough to be called an Upgrade.

Date: 2015-12-07 04:55 pm (UTC)
From: [identity profile] dreamshark.livejournal.com
Also, everyone else in the world has switched to Chip and PIN cards, which meant that the old, obsolete magnetic strip cards didn't work in Europe or Asia. USA is still doing chip and signature, at least as they transition from the old style card.

Date: 2015-12-07 08:22 pm (UTC)
From: [identity profile] dreamshark.livejournal.com
Ha ha for "not bad enough to be called an Upgrade."
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

dreamshark: (Default)
dreamshark
June 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 2025

Page Summary

Style Credit