Spanish Credit Card Fraud
Today I experienced credit card fraud on my Chase Bank Card. It only has a $1000 limit, so the potential for damage was limited. However, the charge came from a company in Spain called ARTEOPTICA 63 for $246.29 after the conversation from Euros.
How could a company in Spain get my credit card number and use it to try and commit international bank fraud? My theory is that Wine.com, from whom I bought this Spanish Wine, somehow leaked or had stolen the number. Class action, anyone?
I do have to applaud Chase card services, though, for their excellent job. The charge itself was never authorized and I called them today to dispute it. I will be issued a new card in a couple days.
| This entry was posted on Sunday, March 12th, 2006 at 12:22 pm and is tagged with credit card fraud, chase card, bank fraud, spanish credit, spanish wine, chase bank, couple days, spain, credit card number, job. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback. |
I get e-mails everyday from the dataloss mailing list over at attrition.org regarding loss of, well, data. You would be surprised on how many ’safe’ companies lose personal data of customers through various means, about half of which are caused by crackers. Deloitte and Ernst & Young are just the most recent names to come to mind. These companies have blocks of CC numbers, not just one or two. This, then, explains how your number got to Spain.
People that have CC information will usually trade them overseas. They will then write out white-cards and proceed to cash-out at the nearest bank machines. Sometimes they will order goods, but that’s too risky. Much easier to go with 20 cards at an ATM in a shady convenience store, pop a grand or 500 from each and leave. Some people make a lot of money out of cash-outs like these.
Of course liability should fall on those companies that do not use enough protection on their systems, physical, digital and otherwise.
I used to work for an electronics company. Last summer the companies online store was targeted by fraudsters in NJ. The basic scam was that they had bought numbers online somewhere. They didn’t have the correct name as printed on the card, nor the three digit code on back. They did have the expiration date, but no addresses.
So our site which flagged for cc number, expiration date, 3 digit code, billing address & phone number kept haulting the transactions. But the fraudsters kept trying different variations on names and addresses. Ergo J S Smith, John S Smith, Jon Smith.
They would try different combinations for small amounts trying to get a preliminary authorization. If they got an authorization they would put in a large order (several thousand dollars) if it was rejected for limit reasons they would try and scale it down.
What they did not know was that our company would not ship large orders via cc, so we never processed/charged the cards, and we were able to see the trend of what they were doing and turn it over to the NJ police.
The NJ internet police however thought that this particular area of NJ was to dangerous to stake out so nothing ever came of it.
Sounds like the fraudsters in Spain had some but not enough info to put through on the site, and you were protected in part by Chase and in part by the merchant service company and in part maybe by the controls of the online store.
About two months ago I got a credit card from Chase Bank. On 3/6/06 my husband noticed that we had a charge from Arteoptica in Spain. They also tried to purchase something else but it did not go through. I am very upset about reading about the same thing happening to other people with a Chase Card to the same place Arteoptica. What’s going on here? Why the same place with the same bank? Confused……..
Could be all sorts of reasons. Unless I’m mistaking, a massive amount of CC numbers were stolen in the past year or so. Could be that yours was among them.
It could also be that your card got copied while you made an offline order. My ex-girlfriend experienced this in Quebec: She purchased something with her card there, and the next week her bank account got emptied.
Interesting. My Chase card used to be a Bank One card before the merger. On four occasions Bank One security called me before authorizing a charge. Once it was me shopping out of town, Once it was me buying something out of character (remember the old ad showing a guy in bluejeans buying a tux?) Twice it was unauthorized users making large purchases. There was no need to replace my card. In the cases of the two fradulent charges, they simply didn’t authorize the charge. I’m hoping Chase has the same diligent security Bank One had.