Slashdot Mirror

← Back to Stories (view on slashdot.org)

Preventing Identity Theft and Credit Card Fraud?

Posted by Cliff on from the consumer-survival-tips dept.

carefulCredit asks: "I just checked my AMEX balance, and found around $13k in fraudulent charges. Fortunately, AMEX makes it relatively easy to get a new card and the charges revoked, but this is the second time I've had this type of problem. It's clear to me that the steps I've taken to prevent fraud are inadaquate. (reduced number of cards, restricted availability of some funds, increased vigilence in not allowing CC slips to display the full card #, etc). What measures have any of you taken, or can you suggest, to help put a lid on this problem and to help prevent repeats?"

3 of 73 comments (clear)

  1. To whom are you giving your account info? by Evro · · Score: 3, Interesting

    It seems to me that the weakest link in an e-commerce transaction today (or perhaps always) is the company itself. It's doubtful that somebody is intercepting SSLv3 or TLSv1 128-bit communications, but if the company is storing this data in a MySQL db with no firewall, no password, et cetera, you may as well be posting your account info in you Slashdot sig.

    The problem is that there's really no way for you to determine this beforehand. If you portscan www.store.com or whatever it is you might end up in some trouble, depending how much of an ass the sysadmin is.

    Another risk factor for which you're totally unable to account is the employees at the company. You have no idea whether or not Joe Schmoe that's reading your order is honest or dishonest. Maybe he's a disgruntled employee and is sending himself all of the customers' account info to later blackmail the company.

    Like I said, there's really nothing you can do to determine this stuff in advance. Of course, everything I've said here assumes that your CC info was stolen from an e-commerce store, which may or may not be the case. But similar problems exist for brick-and-mortar stores -- if they toss their copy of the receipt right into the trash or have a disgruntled employee, you're at just as much risk, and have just as little chance of knowing so beforehand.

    --
    rooooar
  2. Re:how it may be happening - skimming by joe52 · · Score: 3, Interesting

    I can attest to the fact that manual theft in the real world is still alive and well. I recently had to replace a card that was only two months old because of fraudulent use.

    In the months I was using that card I used it online once to pay my wireless phone bill. I also used it many times in restaurants, shops, and a hotel. I never lost the card and I still have my copy of the receipt for everything I charged on it. The fraud was in the form of people making long-distance calls using obscure phone companies with my card. I assume that someone got my cc number and expiration date and that these companies allowed them to make phone calls with that information.

    Based on where the card was used I assume that someone working at one of the businesses I patronized stole my credit card number. With the current US system of a simple name, number, and date being enough information to use a credit card there isn't much that can be done to prevent this kind of theft. The use of PIN codes would help, but the entire US credit card system would have to be overhauled (new cards, new card readers, lots and lots of consumer education) at massive cost. I'm sure that we will move to a more secure system at some point in the future, but I'm guessing that the cost of the current levels of fraud to the credit card companies may not be high enough to make investing in a new system a high priority.

    joe

  3. What about when it's an inside job? by phillymjs · · Score: 3, Interesting

    I had some serious problems with American Express a couple years ago. In late 1999, I applied online for one of their then-new Blue cards, and my first bill included over $12K in balance transfers from accounts that weren't mine.

    AMEX dutifully blew off about seven months of phone calls and letters (complete with photocopies of the entire paper trail) from me, trying to get this rectified. I have never in my life encountered more rude, hostile, and unhelpful CSRs. They were actively attempting to thwart me at every turn, and when they finally forced me to do my own legwork and look into the accounts the balances had come from, I found they had lied to me quite often as well.

    For all that lethargy, though, AMEX was mighty quick to release the 'trademark infringement' hounds when a web site at amexblew.com was created to relate my experience to others (The story that was there will become a part of my personal site in the very near future, if it was online right now I'd link to it).

    I was preparing to sue them in anticipation of my credit being screwed when I finally managed to get this resolved in July of 2000 in the most bizarre way possible... an AMEX employee read my posts on another anti-AMEX web site, contacted me, and took care of almost everything. AMEX still insisted I pay a little under $40 that I absolutely did not owe, so I did. In pennies. Mailed to their CEO, with my pulverized card and a nasty, nasty letter.

    To this day, I still don't know how those balance transfers managed to find their way into my brand-new account at the moment of its creation. You would think that if it had been just a really stupid data-entry mistake on their part, they'd own up to it and apologize for it-- but AMEX representatives said they would only disclose what happened if they were subpoenaed, which leads me to believe there were some internal monkeyshines going on.

    Do yourself a favor and cancel your AMEX cards now, if you like having good credit.

    ~Philly