[ale] OT: I AM paranoid!...Debit Card Fraud

[matty91 at bellsouth.net]

On Thu, 9 Oct 2003, Ernie wrote:

> Debit Card Fraud
> I had this happen to me on Christmas eve this past year.  Just under $2600
> got drained from my checking account.  All of the activity took place in or
> around Orange county, CA.  None of the transactions were on the internet but
> appeared to be in person.  They even bought a bed and mattress along with
> some high fashio items at Louis Vuiton.  All in all, there were 5 separate
> stores that were visited.
>
> I promptly reported it to Bank of America who to their credit returned the
> money to my account within 24 hours.  This was temporary pending the
> completion of their investigation.  They sent me a legal document which I
> signed which said that I had not purchased the items.  I never contacted law
> enforcement directly.
>
> I never lost my card..my best guess is that someone stole it from the
> records at the GA toll authority.  Now, I ONLY use the debit card in grocery
> stores, gas stations and other places where I am always in control and
> possession of the card.  The clerks at the grocery store never see the
> number...all they see is that it was approved.

I still feel a bit more comfortable using my credit cards or cash for
these purposes. I had some issues with a couple of charges, and Discover
was extremely helpful in clearing up the matter.

>
> Ernie
>
> ----- Original Message -----
> From: "Jeff Hubbs" <hbbs at comcast.net>
> To: "Atlanta Linux Enthusiasts" <ale at ale.org>
> Sent: Thursday, October 09, 2003 10:25 PM
> Subject: Re: [ale] OT: I AM paranoid!
>
>
> > For one thing, NEVER use a debit card for these kinds of remote
> > transactions!  You have FAR fewer protections associated with debit
> > cards than credit card carriers give.
> >
> > - Jeff
> >
> > On Thu, 2003-10-09 at 16:53, Jim Philips wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > The previous thread gets awfully close to an issue I've been dealing
> with the
> > > last two weeks. Some goon got my debit card number (how, I don't know)
> and
> > > bought a bunch of stuff on the Internet. They bought $378.83 worth of
> stuff
> > > at Walmart.com and spent another $59.95 at USSearch.com. The latter site
> does
> > > public records searches, so I guess they were looking for a new victim.
> By
> > > reporting it all quickly, I got Walmart to stop the shipment of
> merchandise
> > > and USSearch quickly reimbursed me. But there are some scary things that
> came
> > > out of this.
> > >
> > > The DeKalb County cops gave me some resistance when I reported this as a
> > > crime, saying it had to be investigated in the jurisdiction where it
> > > occurred. They took this to mean the city where the servers live. Never
> mind
> > > that this is utterly stupid, I set out to call the police in
> Bentonville, AR
> > > (home of Walmart). And--wonder of wonders!--they simply turned over all
> of
> > > the information they got from Walmart. Now here is what was weird about
> that.
> > > I was already doing business with Walmart.com for their DVD rental
> service.
> > > So, they already had my debit card number. The fraudster used that same
> card
> > > number with them, but gave them the wrong e-mail address, the wrong
> phone
> > > number and also misspelled my name. So, what this tells me is that they
> do
> > > absolutely no checking on the identity of the person presenting the
> card. If
> > > they communicated with the card issuer, they could get the spelling for
> my
> > > name and my home phone number. Or, barring that, all they would have to
> do is
> > > check to see if someone else has tried to use the same card number with
> > > different information. But they don't do either thing. Now given the
> fact
> > > that Walmart is the biggest retail operation in the world, you would
> think
> > > they could afford this kind of diligence. But apparently, it's too much
> > > trouble for them. I sent them an e-mail asking about all of this and
> what I
> > > got back was their stock answer to all security questions: SSL, your
> > > information is encrypted and all of that crap.
> > >
> > > Side note: Last Saturday, I got e-mail from Amazon.com saying that my
> debit
> > > card might have been compromised in some way. I wrote back and explained
> that
> > > I had no suspect transactions from their site, but that my card had
> indeed
> > > been compromised. I asked them to tell me what might have happened. They
> sent
> > > me back a tersely worded reply, saying that information could only be
> turned
> > > over to law enforcement. So, something happened, but I don't deserve to
> know.
> > > Amazon.com is now my most likely suspect for the place where my
> information
> > > got stolen. I hadn't used them in a couple of years. But just a few days
> > > before I got ripped off, I registered my debit card with them and
> ordered a
> > > DVD.
> > >
> > > Just so you'll all know how concerned the major e-commerce sites are
> about
> > > your money.
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.2.3 (GNU/Linux)
> > >
> > > iD8DBQE/hcrNmqVh/g13CaoRAv6pAJ91q2vkp0cmBFmvSoYF+iyx3gPDGwCfYKV1
> > > Ub/7ey+5v+VJgTVEhqqrJWw=
> > > =Sfhb
> > > -----END PGP SIGNATURE-----
> > >
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://www.ale.org/mailman/listinfo/ale
> > --
> > Jeff Hubbs <hbbs at comcast.net>
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> >
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>

Ryan Matteson - UNIX Administrator | GPG ID: 92D5DFFF
Public Key: http://www.daemons.net/~matty/public_key.txt
Fingerprint = 4BEC 6145 30A6 BCE6 5602 FF11 4954 165D 92D5 DFFF