Card fraud and other details

A family member recently encountered credit card fraud.  That isn’t unusual, but there were some features of the whole experience that seemed odd.

First off, the person involved is certain that the fraud relates to the use of the card at a tap/RFID/proximity reader.  The card has been in use for some time, but the day before the fraudulent charges the card was used, for the first time, at a gas pump with a “tap” reader.

(I suspect this is wrong.  The card owner feels that gas pumps, left unattended all night, would be a prime target for reader tampering.  I can’t fault that logic, but the fact that an address was later associated with use of the card makes me wonder.)

At any rate, the day after the gas was purchased, two charges were made with the credit card.  One was for about $600.00, and was with, a supplier of computer parts, particularly cables, based in Ontario.  The other charge was for almost $4000.00, and was with, which specializes in hardware devices for Bitcoin mining, and operates out of Washington state.  (Given the price list, this seems consistent with about 8 Bitcoin mining cards, or about 20 USB mining devices.)  The credit card company was notified, and the card voided and re-issued.

A few days after that, two boxes arrived–at the address of the cardholder.  One came from via UPS and was addressed to John Purcer, the other was from via Fedex and was addressed to Tom Smyth.  Both were left at the door, refused and returned to the delivery companies.  (At last report, the cardholder was trying to get delivery tracking numbers to ensure that the packages were returned to the companies.)

As noted previously, this is where I sat up.  Presumably a simple theft of the card data at a reader could not provide the cardholder’s address data.  An attempt might be made to ensure that the “ship to” address is the same as the “bill to” address (one of the companies says as much on its billing page), but I further assume that a call to the credit card company with a “hey, I forgot my address” query wouldn’t fly, and I doubt the credit card company would even give that info to the vendor company.

One further note: I mentioned to the cardholder that it was fortunate that the shipment via UPS was from the Canadian company, since UPS is quite unreasonable with charges (to the deliveree) involving taking anything across a border.  (When I was doing a lot more book reviews in the old days, I had to add a standard prohibition against using UPS to all my correspondence with companies outside Canada.)  When UPS was contacted about this delivery, the agent reported that the package was shown as delivered, with a note of “saw boy,” presumably since the cardholder’s son was home, or in the vicinity of the house, at the time of delivery.  The cardholder was understandably upset and asked to have that note taken off the record, and was then told a) the record could not be changed, and b) that was a standard code, presumably built-in to the tracking devices the drivers carry.

Just a note to those of you who care anything about privacy …

  • dante

    RE Card fraud and other detailsOne option regarding the cc fraud is that the thief is close or knows the cc owner address etc and planned to take the deliveries themselves. I did alot of ship to diff addresses for various reasons and this is a possible way for a thief to use card and have sent to “correct” address. Could have stolen or looked at monthly statement. Anyone the cc owner knows(neighbour) that is into Bitcoins,computers,privacy etc?? Can also get the info off facebook often and google maps if know just enough.I could explain a bit more :how tos” but would rather not give thieves more help than they already have. I would look into anyone they know and “reverse engineer” the crime,per say.
    Call the stores and see if poss thief has account,if suspect someone close,look at phone for call record to store or store phone number/name in address book.just need to type in phone number hit send for quick check,thief very likely has used those stores before.think creatively to gather info,just like the thieves did.
    Ive been victim of cc fraud.Terrible ordeal.cannot trust anyone.Some people have attitude that cc holder wont “pay” cuz they can fight charges…so can be someone very close to them.
    hope this helps a bit

  • dante

    card fraud cont
    Sorry I have couple other ways they may have gotten info..a simple keylogger on comp,or gained access to email then got cc info from monthly statement or enough info to call cc company.Easily could send”virus” through email that installed program that got them into computer..Check remote control options in comp.(thief obviously comp savvy enough since into bitcoin mining) Victim should put fraud alert on credit report immediately.Very possible they will get hit again.(I did,several times)check other cc statements,put alerts on all and change passcodes. With all our technological advances,and information OVER sharing,we are putting ourselves at risk daily. Facebook is a treasure trove of personal info. Thief could have even asked a :friend” on FB for victims address,using several techniques that look innocent.IF address,phone number etc not already on profile.Getting ip address can get you real address as well with very little problem.