User Panel
Posted: 6/16/2024 4:48:16 PM EDT
This is a new one.
My old business credit card had two cards active. One was in my wife's name and she would keep it on her incase I had to call her to pick something up for me. I stopped using that account except very infrequently so her card has been in the safe for over a year, mine was put in there a few months ago and they've sat with no activity. I was getting books caught up and noticed a charge on my account from the other card two weeks ago. $50 to onlyfans and $20 to some other vendor. The onlyfans charge was refunded the following day and the other one locked the card. I called them up, told them it was fraudulent and to make the card inactive. I asked my wife if she still had it in her wallet or something....nope, been sitting upstairs locked up the whole time. She also recently had a card for a committee she is on get compromised. I'm wondering if someone has been scanning cards with an RFID reader or something either at her work (unlikely, but possible) or when she's at her meetings at the school or something. Just weird that it took that long for it to get used. Probably got purchased on a list or something.....stupid assholes. And before the jokes....if either of us were going to actually spend money on porn we would just use one of the personal cards....unprofessional to use the business card. |
|
[#2]
Very likely one of you shopped someplace that had a skimmer, or was otherwise pwnt.
Can take years sometimes before it gets sold to someone that actually charges something on it. |
|
[#3]
RFID scanning doesn't work very well with current tech. It only sells special wallets.
Odds are a database hack solely on the type of charges. Those aren't charges done through roulette games of account number guessing. |
|
[#4]
Probably unrelated but were you in thet AT&T data breach? I have a co-worker that is getting so screwed with she is trying to change her SS number on top of literally everything else. They are trying like hell to hijack her phone to get her 2FA
|
|
[#5]
I had a business account once with BOA. It was a secondary account to just park extra money in. I specifically told them --- NO DEBIT CARD. Anyway, opened the account, deposited funds, and never made one transaction. Never ordered checks, no paper statements.
Wouldn't you know, a debit card came. Took it out, put it in my RFID bag, and into safe. 8 or 9 months later, there were purchases on the card for cosmetics. Card was never even activated. Some computer algorithm guessed the card and started using it. Then they make a physical card with the info on it. Maybe phish the bank? I dont know how it works. I forget the type of attack it's called, it's known thing. BING or BNF attack --- don't know, don't remember. |
|
[#6]
There's only 8 numbers to the Account (the first 8 essentially act as a routing number, first number indicates the card type, the next 7 indicate which bank) and some retailers don't check the expiration date or cv2 when processing the transaction.
ETA: Technically 7 as the last digit is a check value |
|
[#7]
Quoted: Data Base theft, or Social Engineering are my guesses. View Quote |
|
[#8]
So? You’re not liable for fraudulent charges you did not authorize.
|
|
[#9]
Businesses store your credit card number when you buy something, then their computer systems get hacked and the thieves steal all the numbers.
|
|
[#10]
I've had credit cards that were never activated and never used get stolen before.
|
|
[#11]
Someone stole the data from a website or it was otherwise compromised-like at a restaurant, and sold.
I used to get a card compromised maybe once every year or two. I think it was the smaller tactical gear stores. I had someone call me and leave a voicemail that he'd seen my credit card number and I for sale. It was for a card that I knew was compromised and had replaced. I had a card used at a porn site in the UK. I emailed them and they gave me an IP address in Ohio it came from but I figured that could be a bot on some clueless guy's computer so I didn't bother. The porn guy was cool about it. |
|
[#12]
People (boomers) voluntarily make life difficult for themselves because they think if they don't participate in modern technology they won't get hacked or otherwise ripped off. I have several friends that refuse to pay bills or do anything else online thinking that will keep them safe.
In fact the data is already there regardless of whether you choose to use it or not. I get alerts whenever my cards are used, plus I log on every couple days just to verify. Oh, and before spells are had, I am also a boomer, but I'm not a luddite. |
|
[#14]
Happened to me a few years back.. Brand new card never used or taking out of the house. Activated & put in safe. Months later text alerts on charges.
|
|
[#15]
Somewhere you've used it has had a data breach. Pretty common.
|
|
[#16]
Quoted: Probably unrelated but were you in thet AT&T data breach? I have a co-worker that is getting so screwed with she is trying to change her SS number on top of literally everything else. They are trying like hell to hijack her phone to get her 2FA View Quote We haven't used ATT since college, but that card has literally never been used for anything other than a handful of work stuff years ago. Like hardware from Lowes. |
|
[#17]
Wife had 3 fraudulent charges on her debit card last month. I think she said all of them were out of state charges and delivered to out of state addresses. Somehow card security didn't see anything suspicious about the transactions.
|
|
[#18]
Quoted: People (boomers) voluntarily make life difficult for themselves because they think if they don't participate in modern technology they won't get hacked or otherwise ripped off. I have several friends that refuse to pay bills or do anything else online thinking that will keep them safe. In fact the data is already there regardless of whether you choose to use it or not. I get alerts whenever my cards are used, plus I log on every couple days just to verify. Oh, and before spells are had, I am also a boomer, but I'm not a luddite. View Quote The post office said checks are stolen all the time, even from the blue official mailboxes and theft occurs from "washing" the checks and rewriting them |
|
[#19]
The worst offenders for credit card theft seem to be random websites for buying ammo and other items in that general category.
None of them use embedded apple pay or equivalents. Thankfully one of my cards allows virtual account numbers again. I don’t understand why all physical vendors don’t enable tap to pay (talking to you HEB grocery stores, Home Depot, etc.). Online vendors would be wise to support secure tokenized payment systems like Apple Pay, Google Pay and Samsung Pay. I’d even pay a small premium 0.1-0.5% to be able to use Apple Pay for online purchases just for the extra security. |
|
[#20]
Quoted: My father in law paid by check because he doesn't trust online payments. He put a check in his mailbox and later saw the mailbox door open and the check stolen (mailman hadn't come yet) The post office said checks are stolen all the time, even from the blue official mailboxes and theft occurs from "washing" the checks and rewriting them View Quote This happened to my brother about 6 months ago. The rocket scientist that stole the checks washed the payee and made it out to himself. We were able to find him in the AZ court system and he'd been charged with the same type of fraud multiple times and was always able to plea out to something minor. PO said the same thing, basically told my brother if he was going to pay with checks to only mail them at an inside mailbox at the PO, and even then they couldn't guarantee that it wouldn't be taken on the other end. |
|
[#21]
Either vendor from a prior transaction had a breach or the hacker compromised a vendor's processing account and just brute force until the card's number worked.
Best thing to do is turn on notifications for transaction by enabling it and/or setting the alert for a minimum of $1. It's not a question of if but when. |
|
[#22]
Quoted: The worst offenders for credit card theft seem to be random websites for buying ammo and other items in that general category. None of them use embedded apple pay or equivalents. Thankfully one of my cards allows virtual account numbers again. I don’t understand why all physical vendors don’t enable tap to pay (talking to you HEB grocery stores, Home Depot, etc.). Online vendors would be wise to support secure tokenized payment systems like Apple Pay, Google Pay and Samsung Pay. I’d even pay a small premium 0.1-0.5% to be able to use Apple Pay for online purchases just for the extra security. View Quote They won't do it because SaaS pricing can get extremely expensive and PCI Tokenization isnt cost effective for many businesses. But huge chains like HEB could afford it, most larger companies would rather play the "what if" game and wait for something to happen, rather than be proactive to prevent it in the first place. Security is not seen as a money maker for these businesses, they all see it as a huge business expense. |
|
[#23]
Quoted: RFID scanning doesn't work very well with current tech. It only sells special wallets. Odds are a database hack solely on the type of charges. Those aren't charges done through roulette games of account number guessing. View Quote My cards barely read on the gas pump scanners. You pretty much have to lay them across the readers. |
|
[#24]
|
|
[#25]
Quoted: They won't do it because SaaS pricing can get extremely expensive and PCI Tokenization isnt cost effective for many businesses. But huge chains like HEB could afford it, most larger companies would rather play the "what if" game and wait for something to happen, rather than be proactive to prevent it in the first place. Security is not seen as a money maker for these businesses, they all see it as a huge business expense. View Quote View All Quotes View All Quotes Quoted: Quoted: The worst offenders for credit card theft seem to be random websites for buying ammo and other items in that general category. None of them use embedded apple pay or equivalents. Thankfully one of my cards allows virtual account numbers again. I don’t understand why all physical vendors don’t enable tap to pay (talking to you HEB grocery stores, Home Depot, etc.). Online vendors would be wise to support secure tokenized payment systems like Apple Pay, Google Pay and Samsung Pay. I’d even pay a small premium 0.1-0.5% to be able to use Apple Pay for online purchases just for the extra security. They won't do it because SaaS pricing can get extremely expensive and PCI Tokenization isnt cost effective for many businesses. But huge chains like HEB could afford it, most larger companies would rather play the "what if" game and wait for something to happen, rather than be proactive to prevent it in the first place. Security is not seen as a money maker for these businesses, they all see it as a huge business expense. That’s okay, I “what if” my shopping at Tom Thumb (Randalls, Safeway, etc.) and Kroger since I can use tap to pay with either my cards, watch or phone at both of those chains. I avoid HEB and Central Market if I can because of this. Probably one of very few. |
|
[#26]
I had a fraud charge recently on a often used card.
I was alerted the moment the charge occurred and called to lock and replace. It was a card not present transaction via paypal for some fake online scuba shop. FUCK PAYPAL. Anyway, What was concerning was the bank agent said she would delete the "paypal" wallet that was created as well as replace the card. I was like "WTF" is that. She said sometimes (when a paypal ??) transaction happens your bank will create a unique "wallet" so if the card number is replaced, the wallet will just get the new cardnumber. Thats dumb as fuck. I never asked for them to do that. I asked if they could block any wallet from being created again and she said yes she could. What a stupid feature. My own bank potentially fucking me over. Banks are complicit in this somehow. |
|
[#27]
Quoted: They won't do it because SaaS pricing can get extremely expensive and PCI Tokenization isnt cost effective for many businesses. But huge chains like HEB could afford it, most larger companies would rather play the "what if" game and wait for something to happen, rather than be proactive to prevent it in the first place. Security is not seen as a money maker for these businesses, they all see it as a huge business expense. View Quote View All Quotes View All Quotes Quoted: Quoted: The worst offenders for credit card theft seem to be random websites for buying ammo and other items in that general category. None of them use embedded apple pay or equivalents. Thankfully one of my cards allows virtual account numbers again. I don’t understand why all physical vendors don’t enable tap to pay (talking to you HEB grocery stores, Home Depot, etc.). Online vendors would be wise to support secure tokenized payment systems like Apple Pay, Google Pay and Samsung Pay. I’d even pay a small premium 0.1-0.5% to be able to use Apple Pay for online purchases just for the extra security. They won't do it because SaaS pricing can get extremely expensive and PCI Tokenization isnt cost effective for many businesses. But huge chains like HEB could afford it, most larger companies would rather play the "what if" game and wait for something to happen, rather than be proactive to prevent it in the first place. Security is not seen as a money maker for these businesses, they all see it as a huge business expense. I'm surprised more cyber insurance doesn't require it (or maybe it does?). But when the penalty is nothing more than buying a few years of credit monitoring for anyone compromised, on the off chance there is a breach that you actually have to report, well... |
|
[#29]
I've had new cards get compromised that had never been used before or taken out.
|
|
[#30]
Banks, credit unions and even card issuers get breached and data stolen.
That is almost guaranteed what happened. |
|
[#31]
I had a Kohl's charge card get flagged for fraud before the card even found it's way into my possession.
|
|
[#32]
Quoted: I've had new cards get compromised that had never been used before or taken out. View Quote My worst one was a replacement card for a previously compromised card, where the replacement was used before it even arrived in the mail -- it did arrive a few days and hadn't been tampered with. Under those circumstances it had to be either brute forced or it was compromised at the card issuer. |
|
[#33]
The most likely thing is that some server somewhere was compromised and a whole bunch of CC info was stolen.
It is also no surprise that a card you never used was compromised. Again: A server somewhere was compromised. The card issuing institution, or a 3rd party they used for card production or whatever, had a server that was compromised. It is worth understanding that any online purchase means that your data travels all over the freaking place through all kinds of hardware before it reaches your bank. Read that last sentence again. Your info goes all over the fucking place on its way to your bank. I am over-simplifying, but it means that it probably wasn't Jim-Bob's Ammo that stole your info; it was some nameless fuckhead hacking into a piece of hardware somewhere along the way. That hardware might retain your info for some period of time, so the issue could crop up long after you used the card. |
|
[#34]
They will sit on a stolen CC number for a long time before using it.
|
|
[#35]
Quoted: My worst one was a replacement card for a previously compromised card, where the replacement was used before it even arrived in the mail -- it did arrive a few days and hadn't been tampered with. Under those circumstances it had to be either brute forced or it was compromised at the card issuer. View Quote I have had this happen as well. Ridiculous. |
|
[#36]
Stuff happens and you can drive yourself crazy trying to figure out the initial vector.
|
|
[#37]
Recently had a debit card that sits in a safe that was used one time ever at the ATM at Chase get hacked. Card has never been used otherwise.
|
|
[#38]
Quoted: This is a new one. My old business credit card had two cards active. One was in my wife's name and she would keep it on her incase I had to call her to pick something up for me. I stopped using that account except very infrequently so her card has been in the safe for over a year, mine was put in there a few months ago and they've sat with no activity. I was getting books caught up and noticed a charge on my account from the other card two weeks ago. $50 to onlyfans and $20 to some other vendor. The onlyfans charge was refunded the following day and the other one locked the card. I called them up, told them it was fraudulent and to make the card inactive. I asked my wife if she still had it in her wallet or something....nope, been sitting upstairs locked up the whole time. She also recently had a card for a committee she is on get compromised. I'm wondering if someone has been scanning cards with an RFID reader or something either at her work (unlikely, but possible) or when she's at her meetings at the school or something. Just weird that it took that long for it to get used. Probably got purchased on a list or something.....stupid assholes. And before the jokes....if either of us were going to actually spend money on porn we would just use one of the personal cards....unprofessional to use the business card. View Quote But you can't deduct it if you use your personal card. |
|
[#40]
A few years ago wife got a call from our auto insurance that they would be canceling our policy due to non-payment. She checked the bank statements and found the check and told the insurance agency the check no. and the transaction date. Nope, no payment made. She went to the bank and got an image of the check - someone had crossed out the insurance companies name, written their name over it in red pencil, and physically cashed the check at the bank. It wasn't hard for the police to track the idiot down. Teenager not far from us stole our mail and who knows how many others wrote his name on checks and cashed them.
|
|
[#41]
Nobody is hacking cards or stealing data.
It's simply a matter of trying different number combinations until it works. |
|
[#42]
Ive had 2 cards hacked in a month. I travel a lot at night for work. Stops in some small gas stations was my thinking. Some clerk or processing place they use (gas only). So I started going to the bigger places and cut out the small suspect stations. Speedway, Shell, Casey's.
Went to a recently built Casey's on a Friday, card was deactivated by the bank Sunday when I went to use it. Card was a replacement from recent fraud crap. |
|
[#43]
It's not even worth trying to figure out how it was done.
Dispute the charge and move on. |
|
[#45]
You need to gave text/email alerts set up on all bank accounts/cards. I’ve caught a small fraudulent transaction within 5 minutes.
|
|
[#46]
What do/have you used that account for?
The physical card need not be used or physically accessed (RFID read) for an account to be compromised. And this is a reminder for everyone to keep an eye on all of your accounts! I used to use Mint.com, but they decided to derp themselves and push everyone to the ad-filled Credit Karma. I switched to Monarch late last year and really like it. I force a refresh every morning so I can review balances and transactions. I could also put my home address in it and it will pull the current value from Zillow as an asset. Quoted: So? You’re not liable for fraudulent charges you did not authorize. View Quote It's still annoying as fucking fuck to have to update all of your shit that you used the card for. I use one of my cards for the majority of my recurring payments. I've done that for a long time, and as per my above reply, I monitor it daily. When that card got skimmed at a gas pump (this was in 2018), I had to change all of my shit that used it when I got the new card. My ISP at the time was retarded AF and didn't have a way to change the card on my account without fucking calling them. That's not the card's fault, but it was still a PITA. Quoted: [/b] They won't do it because SaaS pricing can get extremely expensive and PCI Tokenization isnt cost effective for many businesses. But huge chains like HEB could afford it, most larger companies would rather play the "what if" game and wait for something to happen, rather than be proactive to prevent it in the first place. Security is not seen as a money maker for these businesses, they all see it as a huge business expense. View Quote It annoys the fuck out of me that HEB hasn't enabled contactless payments across the board. They've had terminals that support it for years, and most of the stores around me (Central TX area) have been upgraded, and they also support contactless. IIRC, HEB wanted to set up their own payment app/service but when everyone else trying to do that couldn't get people to support it, they stopped. Not enabling contactless now is pretty boneheaded, IMTO. |
|
[#47]
Had a card get compromised a week after I got it. Hadn't even used it yet. Sometimes it's the bank that gets hacked not you.
|
|
[#48]
Quoted: There's only 8 numbers to the Account (the first 8 essentially act as a routing number, first number indicates the card type, the next 7 indicate which bank) and some retailers don't check the expiration date or cv2 when processing the transaction. ETA: Technically 7 as the last digit is a check value View Quote this happened to me as well. I never even took it out if the envelope that it came in with because I was never going to use. I believe BOA is doing it , they can make a quick buck on BS transaction knowing you are going to dispute it. |
|
[#49]
I've gotten into the habit of just always keeping my card locked at all times until I need to use it. Open the app, unlock it, use it, lock it again. Haven't had a bullshit charge since. Used to get hit with fraudulent charges every few months before.
|
|
[#50]
I had something almost exactly the same happen.
BOA card I never wanted and literally never used, sat in a desk at home. Started getting fraudulent charges that were caught by the fraud dept and reversed, card canceled. The agent told me that the number was generated by scammers using whatever software to find actually card numbers. |
|
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.