Winter 2008 Fraud Alert time

[tugrik]

A year and a half ago my bank-card fell prey to a card-skimming scam at the local Arco gas station. The thieves emptied my account (and a few thousand others) from ATMs in Bangkok. I eventually got all the money back but it was 6 weeks of shouting-at-banks heck. Everybody claimed it was my fault for "giving out my card", and it wasn't until the local news broke the story of the ATM skimmers found by investigators on the Arco stations' pumps that the truth came out. Nothing like blaming the consumer, eh?

Since then I've moved 90% of my finances off BofA and into NavyFed. Life with the credit union has been wonderful. But since I still maintain at least a token amount in the old BofA account, I set up all their fraud tools to keep an eye on things this time around. In addition, I never use pin-pad devices; I only use credit-card mode (no-PIN) and only when I can swipe the card myself at a known establishment.

This is how I knew that today -- when an SMS came in telling me I'd just used my ATM card and PIN to pay an $0.18 charge at an appliance store in Texas -- that once again, someone had my numbers. GrrrRRrRr.

Some quick googling around of the 800 number and company listed in the transaction (GFDL, 800-764-0847) showed that this has been hitting all over the country since the start of November. So far it's affecting BofA, Wachovia and Chase customers. The modus operandi is a "hope you don't notice" test charge between 10 and 20 cents, followed up a week later by a ton of $20-or-so charges until your account is empty. Unless you check your accounts daily or have an alerter mechanism like I did, you might not see this 'test' charge until it's too late.

Since I caught it early I was able to cancel my card and get a new one sent, as well as dispute the 18 cents so the bank would have a record of it. This means that I'll be without my ATM card for a week just before the holiday, but that's far preferable to having to play the "get my money back" game a second time.

This scam is getting bigger by the day. Who knows how they got the accounts. It has to be some kind of inside job, as I've not used my card w/PIN, yet they had the card number, expiration, PIN and security digits on the back (!!) when the thieves made the test-charge from Texas. I suspect that some time in the future there'll be another half-swept-under-the-rug story about a big 'card transaction theft' that happened during all these bank bailouts and banks-buying-banks going on.

Check your accounts! If you see anything by GFDL or 'test charges' in the low-pennies range, call your bank and get it dealt with right away.

Comments

[coyoteseven.livejournal.com]

I just checked. My account's fine! And I am with BofA. I've never had anything happen, knock on wood, but I guess I'll keep an eye out.

[selasphorus.livejournal.com]

Permission to link to this?

[tugrik.livejournal.com]

Definitely. That's why this is a public/unlocked entry.

[selasphorus.livejournal.com]

Thanks for that. to_the_wick read the alert in my journal, and, well, you see her comment.

[vantid.livejournal.com]

Thanks for the alert dude. :|

[veleda.livejournal.com]

thanks for the heads up.

[snowwolf42.livejournal.com]

Oh man, not again. Last year just before Anthrocon, my account got cleaned out just when I needed it... And MFF starts Thursday.

Thanks for the heads up! No sign so far on my accounts.

[perlandria.livejournal.com]

Thanks!
Checked, and will keep checking.

[scyllacat.livejournal.com]

nothing here at Wachovia, but I signed up for balance alerts and sent them a message asking for transaction alerts and telling them about this.

[to-the-wick.livejournal.com]

$1.72 here, from 972-470-3597 (TX). Which just appeared today, so much thanks for the info.

[kai-darkwolf.livejournal.com]

My understanding is that it's become common for waiters to write down card info when you use it to pay for dinner. They then give/sell the info to people who move it to someone else who....you get the picture. Two or three steps down the line its nearly impossible to figure out where the information originally came from, and your card information is in the hands of somebody on the other side of the world. The rest is easy.

Thanks for the warning!
-Jack

[tugrik.livejournal.com]

yeah, I don't like giving my card to a walk-away waiter either. But in this case they had my PIN, so that wasn't the source this time...

Still, ugh!

[cybercoyote.livejournal.com]

Actually had something similar happen. Got a call out of the blue saying that my card had fraudulent charges on it. Went though the 800 service to clear that up, then called BoA directly to get a new card coming. Well, according to the BoA rep I talked with, the fraudulent charge call was fraudulent itself! I has just given all of my info to some random person, wonderful. I changed passwords, email addresses, PIN, everything I could. Haven't had anything strange since then, but....
Fraudulent call or email? From now on I'll hit the local branch to find out what's going on.

[timberwuf.livejournal.com]

"Thank you for calling. Let me ask you some security questions. What's your name? What's your supervisor's name? What department are you calling from? Which branch is my account registered in? Do you have a telephone number where I can call you back?"

[cybercoyote.livejournal.com]

Sadly BoA uses an automated system that I've had to go though before.

[jeran.livejournal.com]

Simple solution to that: never trust what you're told on the call. Get the information from them, then hang up, check the bank's web-site (from your own bookmark or a Google search, not based on any URL you get in an e-mail) and get the contact information from there, and call the bank's number yourself. That way you can be sure you're talking to the bank.

one nice thing about being with BofA forever...

[mammallamadevil.livejournal.com]

it's going to be hard to find my account---buried in the backwater...(grin)

but, I did check and it might be time for them to reissue my card. The Alaska Airlines logo has worn off yet again.

MLD

[kyhwana.livejournal.com]

Wait, is ATM card different from credit card?

I assume ATM card == debit card? You can use it at an ATM and at say a supermarket to pay for stuff and the money comes out of your account?

Thanks for the tip

[kagur.livejournal.com]

I checked, everything seems fine.

[sfinder.livejournal.com]

I'm with Citibank, but I checked anyway, thankfully all is there, not that I have much to be cleared out for anyhow at the moment. It was bill paying week, meaning my bank account is more emaciated than starving children in third world countries. Still, thanks for the heads up. This happened to my brother a while ago, it was traced back to a Shell gas station. They cleaned him out of his entire $700 paycheck the same day he deposited it.

Thank god I'm going to start piping my serious income into a savings account, at least that's harder to breech. That and it keeps me from touching it, as I need to save for an apartment.

[ionotter.livejournal.com]

Out of curiosity, why do you still have an account with BofA? I think the Russian Business Network has a better reputation than they do.

[hgryphon.livejournal.com]

Geez, I wonder if that's why my account seems a tad low. It's Wachovia, too, you say? I better pay closer attention...

[schnee.livejournal.com]

Sounds like an inside job indeed - if you've never even so much as used your PIN at all and they still got ahold of it, then obviously, something fishy must've been going on somewhere...

[shockwave77598.livejournal.com]

I no longer use my ATM card at anything but major bank ATMs, and I make certain nothing has been placed over the slot first. Credit cards are much safer to use in insecure locales.

[tikaani.livejournal.com]

I don't think I've ever used my card in anything but a bank machine. If I could, I'd get the bank to just issue me a damn card without all those "just like a charge card" extras.

Thanks for the tip

[iceblink.livejournal.com]

I had my card tampered with about 2 months ago and they wiped out my account as well. I am with a credit union myself. It only took 10 business days to get the money back, but what a pain in the butt.

I just checked my account, just in case.

[vanst.livejournal.com]

Not only did you just remind me to check my bank account, but you also reminded me to generate a new password for my online banking at the same time. Well played, sir.

[tafyrn.livejournal.com]

I just had a fraudulent charge come through on my card today. The account's suspended now, and it doesn't look like they got much. My card is a BofA issue, managed by MBNA, so I suspect that's part of the common nature of all of these incidents.

So, even if you're up in Canada, you're not immune from this.

Tafyrn growls, not looking forward to going through the fraudulent change claims process...

[ranchlamb.livejournal.com]

Thanks for the info! I just checked and nothing is going on in our BofA account. We plan on closing it soon and havn't used our Debit Cards outside the bank since the beginning of October.

About those "test charge"

[atxil.livejournal.com]

I had something like that hit one of my credit cards about a month ago.

The first thing they did was to sign me up for a Gevalia coffee subscription, shipped to my normal address. Sounds crazy, right? They're making fraudulent charges, but they alert me by having their first fraud sent to me?

I think it was because the charges were originating in Germany. The "test charge" was to establish to the card company (for a few days) that it was "okay with me" that charges to my card were being made outside my normal area, because (if they checked with the merchant) the merchandise was being sent to my actual address.

Fortunately, my card company was on top of it, plus I live in a mail hub city, so I received the 1st shipment from Gevalia faster than most people would get it, contacted Gevalia, and informed them that I hadn't placed the order.

[wildw0lf.livejournal.com]

Oh wow. So how did they get your account the second time?