I have written a number of articles over the years about credit card safety. Links to some of my earlier articles are available at the end of this article.
I have always stated that the safest form of payment, especially for payments online, is a credit card. Despite the myths that still float around, credit cards are the safest form of online and offline payment. In fact, stealing credit card numbers on the web is very difficult. It is far easier to steal credit card numbers in person at stores, restaurants, gas stations, beauty shops, and other local business establishments. Security experts report that credit card theft is far more common in person than it is online. Of course, stealing checking account numbers is even easier.
I have written that credit card use on the web is fully insured and that many banks insure credit card usage in person and via mail order as well. If someone does use your card fraudulently, you simply call the credit card company, and they quickly delete the charges. You never pay a dime for fraudulent charges.
Sending checks through the mail is even more risky. Tens of thousands of checks get stolen from the postal service each month. If your check is stolen, you probably will lose the money from your checking account. Very few banks insure their customers' checking accounts. I rarely write checks; I pay almost all my bills online.
You can imagine my surprise today when I opened a newly-received credit card bill. The statement listed six ATM withdrawals that I did not recognize. All were made on the same day, and all withdrawals were made at a single ATM about 500 miles from my home. In addition, each withdrawal had extra fees assessed by the credit card company for use of a "foreign" network. In this case, "foreign" is not referring to international use. It simply means that the ATM used was on a different ATM network from the one used by the credit card company.
The fraudulent charges totaled $660.00.
Of course, I immediately called the credit card company at the 1-800 number listed on the bill. After a two or three minute conversation, the lady on the other end of the phone said that she would credit the $660. That includes both the withdrawals and the added fees. She also stated that she would cancel my present card immediately and would send me a replacement card that has a different number. She said I should receive the new card within 48 hours.
The same lady also offered to help me get a cash advance at any bank in the U.S. immediately, should I need one. I declined that offer.
In short, I am pleased that what I wrote earlier is now proven to be true. Indeed, all credit card charges are fully insured. In fact, this incident didn't cost me a cent. It did cost me about five minutes on the phone after dialing a toll-free number. I was surprised at how brief the call was. I was not asked for any extra proof or documentation. I consider that one phone call to be a minor inconvenience.
As to where the credit card number was stolen: I have no proof. However, it is interesting to note that I don't use this particular credit card very often but did use it to make a purchase in a local department store last month. The fraudulent charges were made the following day in an ATM machine 500 miles away. I suspect that a dishonest store employee copied my credit card number during my in-person use of the card, then sent the numbers to cohorts in another state for their use.
Today's experience verified the safety of credit cards for me, and I am more determined now than ever to use a credit card for all online and offline transactions. My faith in the process has been affirmed. I hope to avoid personal checks wherever possible.
You can read my earlier articles about credit card safety at http://www.eogn.com/plus/online-safety.htm and at http://eogn.com/archives/news0015.htm.
It is most interesting that the theft was via ATM. Don't most ATM's, if not all, require a physical card and a PIN number?
Very mysterious!
jw hile
Posted by: John Hile | May 18, 2006 at 10:38 PM
The physical card is easy to recreate. Equipment to create the mag strips on credit cards is easily available on the black market. I am not so sure about the PIN numbers, however.
Posted by: Dick Eastman | May 18, 2006 at 10:43 PM
I have had a similar experience with a credit card company immediately canceling the transaction. However, in another instance a different credit card company required me to file a notarized affidavit and gave me no assurance the charge would be removed. It finally was removed, but I didn't know for some time whether it would be. Needless to say, the "no-hassle" company is my favorite.
Posted by: Mark Barker | May 18, 2006 at 10:44 PM
Dick,
I'm not sure that all credit card transactions are 'insured.' I think that many banks have user-friendly refund policies, which is good. I think that the law is that the card owner is liable for the first $50 of each transaction, but that is usually waived.
Two questions:
1. Have you reviewed your credit report since this happened to see if there was any other suspicious activity?
2. Have you ever had any unauthorized withdrawals from your checking account?
Posted by: Dino (All Dino, All the Time) | May 19, 2006 at 04:23 PM
All VISA, MasterCard, Discover and American Express cards issued in North America are fully insured for transactions on the Internet. Some of them are guaranteed against fraud for ALL transactions. For details, look at:
VISA: http://www.usa.visa.com/personal/security/index.html?it=gb|/|Cardholders
MasterCard: http://www.mastercard.com/us/personal/en/securityandbasics/index.html
Discover Card: http://www.discovercard.com (Discover guranteees against ALL fraud, both online and offline)
American Express:
"Our Fraud Protection Guarantee means you won't be held responsible for any fraudulent charges when you use your American Express Card. No fine print, no deductible—just pure protection so you can shop with confidence anywhere online or off."
---> Have you reviewed your credit report since this happened to see if there was any other suspicious activity?
The credit report won't change that quickly. However, I did go online to my other credit cards' sites last night and everything looked normal.
---> Have you ever had any unauthorized withdrawals from your checking account?
About twenty years ago a person unknown to me wrote a forged check against my checking account. However, the amount he wrote was more than the funds I had in the account so his check bounced. The bank charged me $20 for bouncing his check.
- Dick Eastman
Posted by: Dick Eastman | May 19, 2006 at 04:39 PM
I expect what was used was a "skimmer". That is a small hand-held device that will copy and store magnetic stripe data. The criminals then produce a new card with an embossed name matching an ID they have. They count on a clerk not checking to make sure the name on the card and the name on the receipt match.
What's strange is that your card was used in an ATM which should require a PIN. I'm assuming that you didn't use a PIN when you made your purchase, so no one could have seen you enter it. PINs are not encoded on the magnetic stripe.
There have been schemes where an ATM was rigged to copy both the magnetic stripe info as well as the PIN when entered, but you probably never used your card in an ATM.
Posted by: Robert Juch | May 20, 2006 at 09:02 AM
Years ago I went to make an ATM withdrawl from my checking account only to discover it was overdrawn. Next business day, I visited the bank and they pulled the films from the transaction. I immediately recognized the culprit, a close family member and so took no legal action, but made that person pay me back under threat of jail time with all the wrath I could summon up. Lesson learned? You can never be too careful. Certain credit cards are the safest way to go.
Posted by: Trudy Kennedy | May 20, 2006 at 09:44 AM
Oct. 2004 a large group of us were at a resort. We checked out individually with different credit cards but somehow the charges of two others, a one single person and one couple, appeared on my account , over $600. When called the resort had to be convinced and finally admitted its mistake but would not credit me until the other two people called them and resubmitted their credit card numbers. We knew the other people and contacted them so the problem was finally taken care of, but it was resolved because of what we did, not the credit card company nor the resort. The credit card company required me to submit a form, they in turn sent the resort a letter asking for justification and waited 30 days for a reply from the resort. All the while the charges on my account were only temporarily suspended. There never was a definitive letter from anyone stating what had happened, and asking for pardon for the worry, time and trouble they caused. I had had this credit card for 20 years and had never had problems, but the card company had been bought out by another bank. 20 years of honest payments and no problems means nothing. Control was in the hands of the big vendor. I believe they are the real customer.
The group (of 300 to 500) still goes to this resort. I pay cash, and in fact now pay cash for all small purchases.
I reduced my credit card limit to $3,000.
Posted by: Fred Westcott | May 20, 2006 at 10:55 AM
Dick,
A few years ago my wife returned from a cruise to Alaska.
A day or so she get a phone call from her Visa company, asking if she had been to the Philippines recently. Someone was using her Visa card over there. She explained that she had just got back from Alaska so it certainly wasn't her. They credited the amounts to her Visa and traced it back to a local gas station who had taken en extra imprint off her card. Their recommendation was only go to a gas station where you can pay at the pump so no one can take that extra imprint.
Posted by: Terry Mulcahy | May 20, 2006 at 08:00 PM
I was a victim of credit card fraud on the internet not long ago.
There were several transactions attempted but ultimately denied by Mastercard. They called me to ask me to verify "suspicious" charges. None appeared legitimate except one that I needed to check. That charge was attempted at Ancestry.com. I had recently purchased a membership but couldn't remember the precise amount. The attempted charge was close to that amount. After checking, I discovered that it was fraudulent and there were two attempts to charge items at Ancestry.com.......the first items to be charged with my card number, but the perpetrator could not supply the correct address or expiration date so the charges were denied. I feel that the number was picked up at Ancestry.com when I bought my membership as my screen froze and I had some difficulty entering my number and had to enter it twice. Please be careful. Mastercard was wonderful! I am indebted to them for being so concientious in protecting online purchasers.
Y
Posted by: Yvonne | May 21, 2006 at 01:38 AM
I have in the last month experienced two occasions where UK banks have telephoned me to check that two transactions were done by myself.
The first involved a pay at the pump machine in Ayrshire. The machine had a wobbly and after 3 attempts I managed to get the card approved and paid for the petrol. The problem was with the machine and the credit card company when they phoned to check, said that they have lots of issues with pay at the pump petrol stations.
The second issue involved Ancestry. com. I always use a debit card, for Ancestry, which I renewed this week, at about noon UK time. At 3.30pm I had a call from the bank to confirm that the transaction had been made by me. When I asked the reason for checking with me I was advised it was because it was an overseas transaction.
I find it very reassuring that banks are indeed checking transactions with customers.
Posted by: Julie | May 21, 2006 at 09:41 AM
I've had an American Express card for some years and only once ever used it. When the replacement card arrived, I never called to activate it as I intended to close the account. However months later I received a bill for $66 for purchases made in Florida. I called the 800 # and the person on the line was most appologetic and said she would just be a few minutes - please hold. SHe came back to say that the fraud dept. had been looking into it and there was a huge amount charged on the account but as I hadn't ever activated that card, there was no charge to me. They had thought they had prevented anything going out on the statement and appologised again for causing me worry. She cancelled the card for me and the next statement showed the charges reversed. I found them most helpful and concerned but I still don't know how that card was used. Did someone at AE pass on the #, did it just get randomly tried and how did AE not catch on more quickly? Or did someone get a quarterly statement from my mail and use that? I've done a lot of checking since then, but have do idea how this happened. Just shows you that things can go wrong even if your card isn't activated!
Posted by: Mary | May 22, 2006 at 03:18 PM
My Discover card number was used by a family member to purchase 3 airline tickets and a 14 day Hawaiian cruise. I happened to check activity since my last statement and found this only 4 days after the transactions. Discover Card has been great but I am having difficulty getting law enforcement to file charges. Only yesterday I was told that the issue was being able to prove "intent to defraud" As long as law enforcement hands are tied and lets criminals get away with no punishment, the problem will only increase. This family member has been in court for a year with charges of obtaining dangerous drugs by fraud/deceit. In addition, she has an outstanding warrant in another state for fraud. And she is still walking around free as a bird!
Posted by: Marilyn | May 24, 2006 at 06:04 PM
I have found that one of the biggest hassles in somebody stealing your credit card number is the cancellation process. I have several accounts I pay monthly by credit card where the cancelled card number created a "bounce," and I got fined for it.
My last experience was interesting. The credit card company believed my number was stolen by someone internally. They cancelled my number immediately, and the person who stole it called and complained and wanted it reactivated. I was patched into the call and I got to listen to this guy claiming it was me trying to get the card reactivated. Wow - that was spooky!
Posted by: John Reed | May 31, 2006 at 11:26 PM
I just had my credit card # stolen and it really pisses me off that I can't know where it happened. I always pay at the pump, but fraudulent charges were only made days after I last filled up. I think it was a movie theater at the self-serve automated ticket booths. This particular theater has a previous incident of stolen ATM numbers, so it would not surprise me. Plus, the fraudulent charges occured the same day I used it there....But lemme tell you, VISA was pretty quick. It took 2 days and I got a call saying some transactions were flagged. The guy confirmed which transactions were fraud or not and said he'd send me a new card and I wouldn't be charged. Moral of the story: try to fill up at the same gas stations all the time. That's how VISA noticed, there were 2 charges at gas stations that I never went to before, and I always use the same ones.
Posted by: Ali | August 04, 2008 at 01:23 PM
The credit card method needs to get away from static details and either implement a electronic token style method or a passwindow style visual one, either way something has to be done about this pre internet system.
Posted by: ATM Services | March 13, 2009 at 02:37 AM
Hi,
"Skimming" is one of the newest ways thieves have found to steal your information from credit and debit cards. For as little as a hundred bucks, criminals can purchase card readers to use as a handheld device or installed into ATM machines to swipe your card -and information, without your knowledge.
Posted by: automatic teller machines | March 31, 2009 at 02:20 AM