Slashdot Mirror

← Back to Stories (view on slashdot.org)

Preventing Identity Theft and Credit Card Fraud?

Posted by Cliff on from the consumer-survival-tips dept.

carefulCredit asks: "I just checked my AMEX balance, and found around $13k in fraudulent charges. Fortunately, AMEX makes it relatively easy to get a new card and the charges revoked, but this is the second time I've had this type of problem. It's clear to me that the steps I've taken to prevent fraud are inadaquate. (reduced number of cards, restricted availability of some funds, increased vigilence in not allowing CC slips to display the full card #, etc). What measures have any of you taken, or can you suggest, to help put a lid on this problem and to help prevent repeats?"

9 of 73 comments (clear)

  1. To whom are you giving your account info? by Evro · · Score: 3, Interesting

    It seems to me that the weakest link in an e-commerce transaction today (or perhaps always) is the company itself. It's doubtful that somebody is intercepting SSLv3 or TLSv1 128-bit communications, but if the company is storing this data in a MySQL db with no firewall, no password, et cetera, you may as well be posting your account info in you Slashdot sig.

    The problem is that there's really no way for you to determine this beforehand. If you portscan www.store.com or whatever it is you might end up in some trouble, depending how much of an ass the sysadmin is.

    Another risk factor for which you're totally unable to account is the employees at the company. You have no idea whether or not Joe Schmoe that's reading your order is honest or dishonest. Maybe he's a disgruntled employee and is sending himself all of the customers' account info to later blackmail the company.

    Like I said, there's really nothing you can do to determine this stuff in advance. Of course, everything I've said here assumes that your CC info was stolen from an e-commerce store, which may or may not be the case. But similar problems exist for brick-and-mortar stores -- if they toss their copy of the receipt right into the trash or have a disgruntled employee, you're at just as much risk, and have just as little chance of knowing so beforehand.

    --
    rooooar
  2. Re:Don't buy online. by Anonymous Coward · · Score: 1, Interesting

    That's just dumb.

    I had my AMEX card number stolen (not the physical card) in Decemeber. I hadn't bought anything online with that card at all.

    As a previous poster mentioned, the credit card slips you get at a brick-and-mortar place has everything you need...most don't even mark out the card # like XXXX XXXX XXXX 3450, they put the whole thing there. And that's how mine was stolen, a busboy picked it up off the table after I left the restaurant.

    Most thieves are low tech and dumb; they lack the technical prowess it would take to knock over even bad computer security.

    Know how the busboy got caught? He made long distance calls billed back to my card #. These calls were from St. Louis (where I live) to his friend in New Jersey. The dolt actually made the calls FROM HIS OWN HOUSE! Oh, and he put a singles ad in the local free paper (with his phone #) and stayed at a really nice hotel ($400/night) downtown on New Years Eve (video camera at the front desk got him too).

    Why doesn't AMEX make it harder? I can understand that it doesn't make business sense to spend more to solve it (like implementing biometrics) than they actually lose through fraud. But I don't understand why they don't require merchants to mask out the card # and other sensitive info on the credit card slips. I now just mark it out with a pen before I leave the restaurant. Getting my card replaced didn't cost me any $$$ but it was a pain in my ass (because I also had to deal with ATT's fraud department directly; they suck!) that I don't wish to have the experience again.

    And, for the love of God, why can't waiters/cashier's actually look at the signature on the back of the card and compare it to what I write? I watch how often this happens now, and it has happened exactly once (out of probably 50-0 transactions) since January.

  3. Re:Don't buy online. by jon+doh! · · Score: 2, Interesting

    Why doesn't AMEX make it harder?

    i used to work as a cashier and i know that every time amex or another of the cc companies tried to force ID checking or something like that, there was always a large percentage of customers who would complain that they didn't have to show ID at the other stores, why should they show it at this one?

    I've even been guilty of it myself everytime i gave my cc to my girlfriend to buy something at the corner store and she wasn't asked for ID, i'd wonder how much i could get taken for if my wallet got lost and i didn't realize it. but then when i go shopping at that same store i used to work at they now require that i actually pull out my driver's license to show it to them, and i get annoyed at the inconvenience of it all..

    --
    Free Webmail
  4. Re:how it may be happening - skimming by joe52 · · Score: 3, Interesting

    I can attest to the fact that manual theft in the real world is still alive and well. I recently had to replace a card that was only two months old because of fraudulent use.

    In the months I was using that card I used it online once to pay my wireless phone bill. I also used it many times in restaurants, shops, and a hotel. I never lost the card and I still have my copy of the receipt for everything I charged on it. The fraud was in the form of people making long-distance calls using obscure phone companies with my card. I assume that someone got my cc number and expiration date and that these companies allowed them to make phone calls with that information.

    Based on where the card was used I assume that someone working at one of the businesses I patronized stole my credit card number. With the current US system of a simple name, number, and date being enough information to use a credit card there isn't much that can be done to prevent this kind of theft. The use of PIN codes would help, but the entire US credit card system would have to be overhauled (new cards, new card readers, lots and lots of consumer education) at massive cost. I'm sure that we will move to a more secure system at some point in the future, but I'm guessing that the cost of the current levels of fraud to the credit card companies may not be high enough to make investing in a new system a high priority.

    joe

  5. Cut your losses... by cybermace5 · · Score: 2, Interesting

    ...don't use a credit card. I use a check card for all online purchases, which means that all anyone can get is what I have in that checking account. You may have a huge amount of difficulty proving that you didn't make those charges, and you could be saddled with $10,000 of debt and years of bad credit, even bankruptcy.

    The worst anyone can do to your check card number is overdraw your bank account. If you only transfer in money as you need it, they can't buy anything at all.

    If you really need to spend money you don't have, plan ahead and get a small loan. Credit cards are a huge risk to your financial situation, and you don't have complete control of how merchants handle your credit card information.

    --
    ...
    1. Re:Cut your losses... by headchimp · · Score: 2, Interesting
      With a credit card you can dispute any item you want and you don't have to pay until the dispute is cleared up. Most of the time the customer will win the dispute. No signature=no guarantee the charge is valid.

      Please read the fine print on using a check aka debit card vs a credit card to make sure you are covered for any fruad.

      Local news did a story on people using check cards when buying gas. Even is is the purchase was for $20 they will place a hold charge of $50-$100 on the account to make sure the money is there so they will get paid. With a credit card, they can only tag the card for $1 to make sure it is a legit card.

    2. Re:Cut your losses... by cybermace5 · · Score: 2, Interesting

      Yes, you can dispute charges. But you've put yourself in the situation of assumed "guilt" (you made the charges yourself) until you can prove "innocence" (someone else made the charges). There is always the risk that you'll never be able to prove you didn't make the charges.

      Plus, you've put yourself through a lot of hassle trying to straighten out a huge mess. The point about using a debit card is that you're not losing much to begin with, so you can absorb the loss and remember to keep the balance lower next time. If you lost 200 dollars from your checking account, how does that compare to hours spent on the phone and writing letters, and possibly still ending up with thousands in losses?

      And what is the problem with check cards and gas...just because your local news did a story on it doesn't mean the gas stations are doing something wrong. People's checking balances might be zero or less. If you authorize the card, someone pumps their gas, and then the balance is not enough to pay, what happens? I've only seen this at a few gas stations anyway, and they have this information posted on the pumps. The charge is there only while pumping the gas, and then it's corrected when you quit pumping. With credit cards, they don't have to take those precautions because most people don't try to use a maxed-out card to buy gas with.

      --
      ...
  6. What about when it's an inside job? by phillymjs · · Score: 3, Interesting

    I had some serious problems with American Express a couple years ago. In late 1999, I applied online for one of their then-new Blue cards, and my first bill included over $12K in balance transfers from accounts that weren't mine.

    AMEX dutifully blew off about seven months of phone calls and letters (complete with photocopies of the entire paper trail) from me, trying to get this rectified. I have never in my life encountered more rude, hostile, and unhelpful CSRs. They were actively attempting to thwart me at every turn, and when they finally forced me to do my own legwork and look into the accounts the balances had come from, I found they had lied to me quite often as well.

    For all that lethargy, though, AMEX was mighty quick to release the 'trademark infringement' hounds when a web site at amexblew.com was created to relate my experience to others (The story that was there will become a part of my personal site in the very near future, if it was online right now I'd link to it).

    I was preparing to sue them in anticipation of my credit being screwed when I finally managed to get this resolved in July of 2000 in the most bizarre way possible... an AMEX employee read my posts on another anti-AMEX web site, contacted me, and took care of almost everything. AMEX still insisted I pay a little under $40 that I absolutely did not owe, so I did. In pennies. Mailed to their CEO, with my pulverized card and a nasty, nasty letter.

    To this day, I still don't know how those balance transfers managed to find their way into my brand-new account at the moment of its creation. You would think that if it had been just a really stupid data-entry mistake on their part, they'd own up to it and apologize for it-- but AMEX representatives said they would only disclose what happened if they were subpoenaed, which leads me to believe there were some internal monkeyshines going on.

    Do yourself a favor and cancel your AMEX cards now, if you like having good credit.

    ~Philly

  7. Re:Using Check Card for Online Purchases by cybermace5 · · Score: 2, Interesting

    Exactly why you have a checking account set up for this purpose, with no overdraft protection. No one should be stupid enough to keep their life savings in a checking account, anyway.

    It would be like keeping all your money in your wallet, and then walking down a dark city street on the bad side of town.

    --
    ...