Attempted credit card fraud.

[geisha]

Hi all, don’t know if I’m in the right forum. My bank informed me that someone had attempted to use my card on the internet in the USA.  My card has never been out of my possession, I haven’t bought anything on the internet for 6 months, and only used my card for doctors appointments and some supermarket shopping. I live in France , have a very good bank who have huge security and knew I had nothing to do with the USA. I haven’t lost my purse and nobody has held my card.  Also I never use cash machines, or petrol pumps etc where a card could be skimmed. Also , I check my account monthly on a highly secure site, and never do banking outside of the bank. 
Im at a loss to know how this could happen , and what to do to avoid this ??  Any advice most welcome. 
Thank you. 

[Crossy]

Yeah, it's often a mystery how card details get out into the wild.

 

A few months back I awoke to a lot of 2-factor authentication texts from Citi and an equal number of "please contact security" texts also from Citi.

 

My Thai issued Citi card had also been used online in the US, of course it had failed 2-factor because I'd not responded to the texts (my phone lives on the dining table at night).

 

It still meant I had to get a new card, with a new number ???? 

 

The banks are pretty good at spotting fraud these days, they know your spending habits and any "odd" transactions will raise flags, if you have the option of 2-factor authentication then turn it on.

[Swiss1960]

Your card details - even if you have been very careful - could have been stolen at many points:

• any websites / online shops, where you did your shopping
• any processor of those websites / shops that process your transactions
• any POS / payment terminal where you put your card inside (including ATMs)
• the banks of the merchants (sellers) where you used your goods
• Your own bank where your card data is handled (yes, fraudsters also exist in banks)
• Any piece of paper where your full card details are printed on (should not happen anymore, but...)
• Your phone / computer could have a malicious scanner / virus on it to collect your card data, if you use/store them there
• One of the apps on your phone, where you use your card data is corrupt / hacked

I have been working for a credit card company as head of IT security, I have seen all of the above. You think that big companies should know how to protect data, but... read this article to learn about some of the biggest frauds

[Excel]

25 minutes ago, Swiss1960 said:

Your card details - even if you have been very careful - could have been stolen at many points:

• any websites / online shops, where you did your shopping
• any processor of those websites / shops that process your transactions
• any POS / payment terminal where you put your card inside (including ATMs)
• the banks of the merchants (sellers) where you used your goods
• Your own bank where your card data is handled (yes, fraudsters also exist in banks)
• Any piece of paper where your full card details are printed on (should not happen anymore, but...)
• Your phone / computer could have a malicious scanner / virus on it to collect your card data, if you use/store them there
• One of the apps on your phone, where you use your card data is corrupt / hacked

I have been working for a credit card company as head of IT security, I have seen all of the above. You think that big companies should know how to protect data, but... read this article to learn about some of the biggest frauds

Years ago I had an AMEX card fraudulently used and I was given to understand that the POS terminals are often the most likely suspect and easiest to clone 

[animalmagic]

With a pocket-sized radio frequency scanner that can cost less than $100 or a smartphone equipped with near field communications capabilities, thieves can obtain the data from a credit card right through your wallet and purse, providing they stand close enough to you for a sensor to register the information.

You can get special 'faraday wallets' that can protect the card from these attacks.

[richard_smith237]

It happens to me with my UK card (about once every two years) with online transactions.

 

It happens to my Wife about 3 times per year, with transactions in Thailand (with her Thai card).

 

In ALL situations the Bank’s contact us... the card is stopped and we receive a replacement.

 

We don’t lose any money. 

 

While we try to be careful, we use our cards a lot and certainly don’t avoid using them for risk of fraud. We don’t worry about fraud because there is no personal financial risk.

[richard_smith237]

I’ve had a number of situations in Thailand where I am asked for my credit card details.

 

Most recently an Insurance broker gave me a form on which to write, send my credit card details (for insurance renew), including the 3 digit security code....   I refused and demanded an online portal through which to make a secure payment - they contacted the main provide who sent me their portal details....  

 

It was a strange an unprofessional request from the broker (I was renewing insurance and the previous year payment was made through a secure portal - I’m not sure why this year they tried to change it). 

 

I’ve had the same requests from hotels in Thailand when trying to make a booking - the want the full CC details sent to them by line Messenger !!!!  the direct deal was cheaper than agoda etc.. 

In the end I had to make a ‘bank transaction’ as I wasn’t going to give them all my CC details. 

 

 

 

 

 

[The Hammer2021]

6 hours ago, Swiss1960 said:

Your card details - even if you have been very careful - could have been stolen at many points:

• any websites / online shops, where you did your shopping
• any processor of those websites / shops that process your transactions
• any POS / payment terminal where you put your card inside (including ATMs)
• the banks of the merchants (sellers) where you used your goods
• Your own bank where your card data is handled (yes, fraudsters also exist in banks)
• Any piece of paper where your full card details are printed on (should not happen anymore, but...)
• Your phone / computer could have a malicious scanner / virus on it to collect your card data, if you use/store them there
• One of the apps on your phone, where you use your card data is corrupt / hacked

I have been working for a credit card company as head of IT security, I have seen all of the above. You think that big companies should know how to protect data, but... read this article to learn about some of the biggest frauds

Top information- Ta

[The Fugitive]

Do you have an AliExpress account? Recently, someone in Moldova input their name, 'phone number and address into my account and ordered computer components, mobile 'phone accessories and solar power equipment paying with my stored credit card. Disturbingly, despite twice changing the password and email address they still had access and continued to load up the 'cart'. Can't find any means to enable 2FA? Also, AliExpress must have stored the CVV number on the reverse of my card, something they state they don't do.

[Lacessit]

The only portal I use for my debit card is Lazada, have never had a problem with them. Anyone else, I make a payment to their account. If anyone wants my card details after I have offered to pay that way, I cut them off.

As another poster has recommended, I use a Faraday cage wallet.

On the extremely rare occasions I withdraw cash from an ATM, I will only do it at a bank with a card that matches the bank.

Paranoid, yes. Seems to work for me, I have never been the victim of a card scam.

 

[Photoguy21]

55 minutes ago, animalmagic said:

With a pocket-sized radio frequency scanner that can cost less than $100 or a smartphone equipped with near field communications capabilities, thieves can obtain the data from a credit card right through your wallet and purse, providing they stand close enough to you for a sensor to register the information.

You can get special 'faraday wallets' that can protect the card from these attacks.

It comes under the facility NFC (Near Field Communication)

[chilly07]

Freeze the card when not in use!

[BusyB]

23 minutes ago, chilly07 said:

Freeze the card when not in use!

(My) Master Card has a facility where I can block transactions in all countries - other than the ones I'm in. When I'm in LOS I free up Thai transactions - transactions in the US would be rejected out of hand because the US is locked down on my card. I could free US transactions up if I was to go there.

[The Fugitive]

52 minutes ago, Lacessit said:

The only portal I use for my debit card is Lazada, have never had a problem with them.

Forgot to mention, my AliExpress 'crackers' went into my Lazada account also and selected a PC power supply. However, as the item was out of stock they couldn't order it. I hadn't stored my credit card details in Lazada so they would have been disappointed anyway!

[hotandsticky]

1 hour ago, richard_smith237 said:

It happens to me with my UK card (about once every two years) with online transactions.

 

It happens to my Wife about 3 times per year, with transactions in Thailand (with her Thai card).

 

In ALL situations the Bank’s contact us... the card is stopped and we receive a replacement.

 

We don’t lose any money. 

 

While we try to be careful, we use our cards a lot and certainly don’t avoid using them for risk of fraud. We don’t worry about fraud because there is no personal financial risk.

 

 

+1   ....happened last week.

 

Invariably they try a small transaction first. 

 

The only ba11s-ache is waiting for the new card. Mine gets sent to a UK address and I am reluctant to have the card posted on to Thailand. I only use the card for online transactions and occasional currency transactions ie large restaurant or hotel bill so I will wait until my daughter visits later in the year.

[edwardflory]

7 hours ago, Excel said:

Years ago I had an AMEX card fraudulently used

Same here about 12 years ago.  I was on the phone with AMEX challenging a small charge at 4:50AM ( I was in US ) when someone in South America attempted to use my card. AMEX asked me to hang up and they would call me back - AMEX SECURITY called me within 1 minute to confirm I was at my home.  Told me to file a police report and call them after filed with report info - did so.  They called me a few days later, someone had bought a plane ticket in LA with old card number via telephone. He was arrested at the gate.  Last I heard of it.

 

New card issued within 3 days.

[swm59nj]

There are many ways it could have happened. So by using your account information on the internet the card doesn’t have to be physically produced.  Only the account information.  And  the information from your card could have been compromised in many ways by the way you say you have used your card. 
A company you have used might have had a security breach in their system.  If you physically handled your card to an employee for processing.  They might have copied the information. 
In 2014 both my credit and debit cards issued by the same bank were compromised  within two weeks while still living in the USA.  I had both cards in my possession when I received fraudulent charges.  Two of the charges someone had to physically have the card to produce it.  And the third charge  was an online charge.  So somehow a duplicate card was made to be used for the first two.  
The bank that issued both cards did have a cyber attack the year before so who knows what might have happened. 
I did make a police report to cover myself.  The officer said a lot of this stolen information is sold on line on what he called the Dark Web.  He said people bid on the stolen information as if they were in an auction.  And he said some use the information to actually make duplicate cards .

[scorecard]

12 hours ago, Crossy said:

Yeah, it's often a mystery how card details get out into the wild.

 

A few months back I awoke to a lot of 2-factor authentication texts from Citi and an equal number of "please contact security" texts also from Citi.

 

My Thai issued Citi card had also been used online in the US, of course it had failed 2-factor because I'd not responded to the texts (my phone lives on the dining table at night).

 

It still meant I had to get a new card, with a new number ???? 

 

The banks are pretty good at spotting fraud these days, they know your spending habits and any "odd" transactions will raise flags, if you have the option of 2-factor authentication then turn it on.

For me it happened as follows:

 

- VISA issued in Thailand by Thai bank.

- Not used often.

- Bought a small item at a gift shop at Kuala Lumpur Inter, Airport using the card.

- Next cycle there's five or 6 purchases all around US500- each on my statement.

- Quickly called my bank in Bkk, They established that each of the large purchases was in a different city (S'pore, HK, Seoul, Manila, Djakarta etc.) but all on the same day at nearly the same time.

- Thai Bank quickly contacted VISA international.

- VISA 'detectives' established their had been a string of card no. thefts at several shops at KLIA, and they established my card number had been stolen by a shop employee then sold to an internatiional CC card gang who have the resources/know-how to create 'charges' in multple cities at same time etc.

 

- I had to send clear copies of my passport details page and the pages with recent travel stamps proving that I was in Thailand on the date of the charges.

- VISA promptly reveresed all the charges, and the Thai bank quickly issued a new credit card along with a request to please NOT ever use the card in Malaysia. 

[geisha]

3 hours ago, The Fugitive said:

Do you have an AliExpress account? Recently, someone in Moldova input their name, 'phone number and address into my account and ordered computer components, mobile 'phone accessories and solar power equipment paying with my stored credit card. Disturbingly, despite twice changing the password and email address they still had access and continued to load up the 'cart'. Can't find any means to enable 2FA? Also, AliExpress must have stored the CVV number on the reverse of my card, something they state they don't do.

No, I rarely do internet shopping. The only online payment I do is for books through Amazon France, I download 20 books at a time as it’s a long double check by my bank. I haven’t bought anything at all for 6 months.  And then only 1 trusted site. I buy my emirates tickets too and within Asia but not lately. 
i do see they warn about POS machines, which I use for shopping in supermarkets.  I’m a big cash is king fan , old fashioned , but sure. I get that from inside the bank. 
Theres nothing on my phone at all, no bank info . 

[The Fugitive]

6 minutes ago, scorecard said:

For me it happened as follows:

 

- VISA issued in Thailand by Thai bank.

- Not used often.

- Bought a small item at a gift shop at Kuala Lumpur Inter, Airport using the card.

- Next cycle there's five or 6 purchases all around US500- each on my statement.

- Quickly called my bank in Bkk, They established that each of the large purchases was in a different city (S'pore, HK, Seoul, Manila, Djakarta etc.) but all on the same day at nearly the same time.

- Thai Bank quickly contacted VISA international.

- VISA 'detectives' established their had been a string of card no. thefts at several shops at KLIA, and they established my card number had been stolen by a shop employee then sold to an internatiional CC card gang who have the resources/know-how to create 'charges' in multple cities at same time etc.

 

- I had to send clear copies of my passport details page and the pages with recent travel stamps proving that I was in Thailand on the date of the charges.

- VISA promptly reveresed all the charges, and the Thai bank quickly issued a new credit card along with a request to please NOT ever use the card in Malaysia. 

Very interesting. Thanks for posting. It sounds as if your bank is calling everyone in Malaysia a 'tea leaf'.

Edited August 11, 2022 by The Fugitive
Spelling.

[kidneyw]

So did you use it in Thailand though?

[geisha]

3 hours ago, BusyB said:

(My) Master Card has a facility where I can block transactions in all countries - other than the ones I'm in. When I'm in LOS I free up Thai transactions - transactions in the US would be rejected out of hand because the US is locked down on my card. I could free US transactions up if I was to go there.

Interesting option, wonder if I can get that in France ?? Although maybe I do have that already, as I have to tell them each time I leave the country ?? I’ll ask them tomorrow, new card , new pin. 

[geisha]

Just now, kidneyw said:

So did you use it in Thailand though?

No, only France  since March, and before that only Marriot BKK.  

[scorecard]

12 minutes ago, The Fugitive said:

Very interesting. Thanks for posting. It sounds as if your bank is calling everyone in Malaysia a 'tea leaf'.

In a phone conversation my Thai bank mentioned Malaysia ranked very highly in terms of card number theft (15 years ago).

[Dickp]

My USA credit card was used to purchase a Fan in the USA FL, then a PC program in NY and again some kind of hardware in CA all the same day 2 Aug. I before I never use the Credit card for anything in Thailand its kept in the safe. But on the 1st of Aug I needed to top up my sim card for the phone, so used the card with Large D Thai Phone companies web page, to try to top up sim card but it failed in processing so, gave up and planned on going to the mall next day and top up with PH store there. On the 2nd received fraud msg of a fraud use on my card. Had to call them in the US and they list all the purchase, I told them I''m in Thailand I have the card. They cancelled all the purchase, but also cancel the card and are issuing as new one. I called PH company and told them some one at their company had got the info and sold it . Do not think they will do anything about it but I learn a lesson, Never Use  my USA Credit cards in Thailand

[GarryP]

I do not link my credit cards to any accounts, be that Lazada, shopee or others. Last time it happened to me, it was after I made a purchase at Central Ploenchit (men's shoes department). That evening there were a couple of small purchases, i.e. below Baht 500 so I did not receive a notification on card use, but then the purchase of an airline ticket for which I was notified. I immediately contacted the credit card company and the matter was sorted within a few days. 

 

As to ATMs, like another poster posted, I always try to use the ATM of the bank that issued my card, ie BBL ATMs, but have found that upcountry in many of the small towns there very often are only a few ATMs and they are usually Government Savings Bank, Krungthai and SCB.    

[sanuk711]

1 hour ago, scorecard said:

- VISA 'detectives' established their had been a string of card no. thefts at several shops at KLIA, and they established my card number had been stolen by a shop employee then sold to an internatiional CC card gang who have the resources/know-how to create 'charges' in multple cities at same time etc.

The only way a shop employee can sell/use your card to make Internet purchases is by also knowing the 3 digit code you have on the back.

So why have it on the back?.......

 

Phone/Photo it--or jot it down and remove it. Scratch it out.  Great you have now stopped 50% chance of your card denials being stolen.

[HighPriority]

My bank froze my visa back in 2017 because they detected a fraudulent transaction.

On the phone they explained to me that a common method for the scammers is simply computers crunching numbers until they get one that works.

[JimmyJ]

"Any advice most welcome."

 

There are two kinds of websites - Those that have been hacked, and those that will be hacked.

 

It's really not worth worrying about, other than the hassle of getting the new card itself to Thailand.

Edited August 11, 2022 by JimmyJ

[gearbox]

6 hours ago, The Fugitive said:

Do you have an AliExpress account? Recently, someone in Moldova input their name, 'phone number and address into my account and ordered computer components, mobile 'phone accessories and solar power equipment paying with my stored credit card. Disturbingly, despite twice changing the password and email address they still had access and continued to load up the 'cart'. Can't find any means to enable 2FA? Also, AliExpress must have stored the CVV number on the reverse of my card, something they state they don't do.

I use AliExpress all the time and never had problems. The issues you describe mean that they have control of your endpoint (your PC or phone). If you change your password they lose access, if they know your new password it means they have access to your keyboard (key logger).

 

AliExpress can store the CVV, if you don't want that delete your payment method and put your card details by hand...but if your endpoint is hacked they'll get all the details and can shop anywhere.