So this weekend was my first and hopefully my last experience with my credit card being compromised. This also verifies and solidifies why I bank and will continue to bank with Wells Fargo. Here’s the story.
Starting on Friday, we started getting calls at the house from an 800 number. I don’t answer calls from 800 numbers and I ignored them like all the others. Then on Saturday morning that same number called again, I was in a pissy mood, so I thought I’d take care of this telemarketer and have a good chuckle. I answer and to my amazement it’s was not a telemarketer but Wells Fargo’s Fraud center. The automated message wanted confirmation on some recent charges that the bank had rejected. One of the charges was a $1.06 Itunes charge, which very well could have been us, but I didn’t recall buying any app in the past few days. But I knew it was much more than just a courtesy call when the next transaction was $1,000 for a Travel Agency. Hold on!
I got a representative on the phone and she was very informative as well walked through the activity. I don’t know how they determined fraud was happening on my card, but I am very confident that it works. Good thing was the charges never went through in the first place.
Being a computer security expert, I know how things work on both sides of the equation. I know from this little adventure, that whoever got my number was a real professional. This was not a local hick who swiped my numbers and ran to Target. This was methodical and precise.
Here’s how it worked. The first thing they did was run a $1 charge against a credit reporting agency. This is to test if the card is live. Second they did a small $0.99 iTunes purchase. Then they made a $1,000+ charge at a German Travel website. I checked the website out, it looks legitimate, they were probably not in the loop. What they do, if the charges go through, is they will turn around and cancel the travel transaction, get the $1,000 and the credit card company doesn’t catch it. Wells Fargo saw the behavior and stopped it.
I have had this credit card for years and have used it online on all kinds of sites, big box stores and not so big, one off Yahoo stores and such. My card could have been from a breach 2 years ago. Most of the credit card stealers from breaches sit on the cards for a long time before trying them. Usually the breached will provide protection and such for 12 months. After 12 months people forget. The stealers then test the cards, make big purchases and dump the cards. Profit heavy up front. They most likely wont use the card over and over, just once is all the need. If you have 50 cards and get $1,000 off each of them, not a bad score.
This is not a case of identity theft as my identity is not being used, at least I don’t think. I have signed up for enhanced credit monitoring and I’ll keep an eye on it for a while just to see if anyone tries to open new cards or my credit score starts to tank. This situation most likely came from a breach on a website my card was on or from a low end site who’s security was not up to par.
But this leads into the rules of online transactions and why you should do things with credit cards.
NEVER, EVER USE YOUR DEBIT CARD FOR ONLINE PURCHASES – Debit cards which are tied to your checking account is your money. Credit cards are the bank’s money. It’s much harder to get your money back from a breach than the bank trying to hold you accountable for a credit card breach. NEVER USE YOUR DEBIT CARD ONLINE!!!! EVER!!!!
DON’T TRUST ANYONE – Just because a website has SSL, a certificate and has a little shield of security on it doesn’t mean it’s legitimate or it’s back end security to protect your data is up to par. There is no standard of security that every follows, each website does things their own way. Sometimes the great deals from Bob’s Garage website may not be worth it. Stick to the big store online site for shopping. If you are hesitant, then don’t use it, go elsewhere.
Check your credit scores – Checking your credit scores no longer is a ding against your credit rating. It used to be, no more. You need to know what’s going on with your credit score.
Things are very easy now to make purchases of goods and services… that goes for anyone that has your number. If they do there is not much you can do about it other than rely on your bank who owns the card to have sophisticated systems in place to protect you from this type of crap.
Aside from the real pains in the butt to have to change my online accounts with the new card, it’s worth it. I can live without a credit card for a few days as my new account and cards get sent out. Wells Fargo stepped up, saw bad behavior, stopped it, then repeatedly attempted to contact me to verify the activity. That’s why I have been a customer with them for over 15 years and why I will continue to be a customer with them.
To the people that used my info for fraud…. I hope you get various forms of cancer in and around your genitalia.
End of Line.
– Posted using BlogPress from my iPad
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.