Multiple MS credit card accounts compromised - how 'bout you?
Feb 5, 2014, 2:00 pm
#1
Original Poster
Join Date: Sep 2005
Programs: Northwest, United
Posts: 3,256
Multiple MS credit card accounts compromised - how 'bout you?
I've had an interesting set of experiences in the past few days I wanted to share - you guys may want to watch your credit card accounts and be ready (even more than usual) to hear from the credit card fraud squads...
First, some background: Like many of you, I churn credit cards and do some MS. I'd call my level of activity "low-to-modest" by FT standards. I do have a large number of open CCs (probably 15-20 right now), across the usual issuing banks. Yes, I do buy some gift cards and similar items, to meet minimum spends on new cards, and to keep a little activity in each card every month. Nothing heavy by FT standards - I never get more than 1 or 2 such things per card each month - I'm not the guy who clears out the racks right before you show up. I have been playing the miles game literally for decades, so have a long record with some of the CC companies. I want to maintain good relationships with the banks, so I usually resist the temptation to "go big" and I try to fly way below the radar (I figure the crazy guys I see boasting about their exploits here will take all the arrows for me
).
In the past week, I have been informed by two different credit card issuers that one of my cards has been compromised.
The first one I just shrugged off. Now, I'm wondering if there's more to it...
A few days ago I got email from Chase, asking me about my Chase Hyatt visa. They declined two charges on this card that were attempted at a Walmart on the other side of the country from where I live. At first I freaked a little, since I had been feeding the bird at my local Walmart just hours before (but I was not using a Chase card of any kind for that) - of course, that was unrelated
which I quickly realized. I followed up with Chase, they're sending me a new Hyatt card. OK, no biggie, stuff happens. (Note to self: even when traveling domestically, expect a fraud trigger if, when I'm far from home, I try to use a card that has been resting for a while.)
I thought this was interesting because I had not used my Chase Hyatt card for at least 6 months - I sock-drawered it after I met the minimum spend. Hmmm.
Now, a few days later, I just got a call from Citi. The fraud guy said that a merchant just reported to them that my account was among those that were compromised in a recent merchant hacking. They're closing the account and sending me a replacement card. OK, not terribly alarming by itself. I asked if he could tell me who the merchant was (in case I had used other credit cards there) but he could not tell me that - too bad.
I use the Citi card a few times every month.
That's two cards within the past 4 or 5 days. Different banks. Very different spending patterns. So I started wondering if there might be a common factor. I can only think of one...
My spend on these cards has been mostly at the big chains where we all like to get our little plastic/cardboard game pieces, with a little normal spend on each card mixed in at local places (I always do that, religiously).
The only places that I have used both of these cards are at those places where I (and probably you) get various gift cards and other MS pieces (you all know those places, I'm not going to name them).
This suggests to me that one of the following is probably true:
You all might want to start watching your CC statements closely (just in case you have not been paying close attention).
And don't freak out unnecessarily when the phone rings and it's your credit card company's fraud squad asking for you...
First, some background: Like many of you, I churn credit cards and do some MS. I'd call my level of activity "low-to-modest" by FT standards. I do have a large number of open CCs (probably 15-20 right now), across the usual issuing banks. Yes, I do buy some gift cards and similar items, to meet minimum spends on new cards, and to keep a little activity in each card every month. Nothing heavy by FT standards - I never get more than 1 or 2 such things per card each month - I'm not the guy who clears out the racks right before you show up. I have been playing the miles game literally for decades, so have a long record with some of the CC companies. I want to maintain good relationships with the banks, so I usually resist the temptation to "go big" and I try to fly way below the radar (I figure the crazy guys I see boasting about their exploits here will take all the arrows for me
).In the past week, I have been informed by two different credit card issuers that one of my cards has been compromised.
The first one I just shrugged off. Now, I'm wondering if there's more to it...
A few days ago I got email from Chase, asking me about my Chase Hyatt visa. They declined two charges on this card that were attempted at a Walmart on the other side of the country from where I live. At first I freaked a little, since I had been feeding the bird at my local Walmart just hours before (but I was not using a Chase card of any kind for that) - of course, that was unrelated
which I quickly realized. I followed up with Chase, they're sending me a new Hyatt card. OK, no biggie, stuff happens. (Note to self: even when traveling domestically, expect a fraud trigger if, when I'm far from home, I try to use a card that has been resting for a while.)I thought this was interesting because I had not used my Chase Hyatt card for at least 6 months - I sock-drawered it after I met the minimum spend. Hmmm.
Now, a few days later, I just got a call from Citi. The fraud guy said that a merchant just reported to them that my account was among those that were compromised in a recent merchant hacking. They're closing the account and sending me a replacement card. OK, not terribly alarming by itself. I asked if he could tell me who the merchant was (in case I had used other credit cards there) but he could not tell me that - too bad.
I use the Citi card a few times every month.
That's two cards within the past 4 or 5 days. Different banks. Very different spending patterns. So I started wondering if there might be a common factor. I can only think of one...
My spend on these cards has been mostly at the big chains where we all like to get our little plastic/cardboard game pieces, with a little normal spend on each card mixed in at local places (I always do that, religiously).
The only places that I have used both of these cards are at those places where I (and probably you) get various gift cards and other MS pieces (you all know those places, I'm not going to name them).
This suggests to me that one of the following is probably true:
- One of the popular national drug store/grocery chains that we all use for MS has been hacked; or
- Two places that I used these cards were hacked separately, and it's just a coincidence that I had two different cards from two different banks compromised within the past week
You all might want to start watching your CC statements closely (just in case you have not been paying close attention).
And don't freak out unnecessarily when the phone rings and it's your credit card company's fraud squad asking for you...
Feb 5, 2014, 2:54 pm
#6
Original Poster
Join Date: Sep 2005
Programs: Northwest, United
Posts: 3,256
All of my credit cards are managed pretty easily the old fashioned way (a box on my desk, sticky-notes, and an Excel spreadsheet). I do use cards for online purchases, but none of my cards has ever been out of my physical control/possession except while handed to a cashier. Longest time/farthest away would be when used at a restaurant.
It just seemed like a very odd coincidence that I get two cards compromised within just a few days. Now when the phone rings, my first reaction is "uh-oh...who's next?"
If it was indeed one of the big national chains used heavily for MS, I think we will hear about it here. It may or may not make the 6:00 news on TV, but I posted this thread to see if other FTers were getting the same alerts. If one of the big MS chains was hit, I assume people will be posting about that here.
The other possibility is that it wasn't a specific merchant that was hacked, it was Visa or MC or one of their contractors - or (gulp...) perhaps one of the credit reporting agencies. Wouldn't THAT be ironic if the next "Target" turned out to be Experian or Equifax? Yikes.
Feb 5, 2014, 3:17 pm
#7
Join Date: May 2013
Location: Denver
Posts: 111
Before we start considering scenarios like Experian/Equifax the next Target, let's wait for some other data points.
So far we have one FT member with 2 fraud alerts (one for actual attempted fraud purchase, the other a preemptive number change). One other member also had some fraudulent charges on one card. After hearing about a total of 3 cards compromised out of all the FT MS cards, I'm not ready to start jumping to conclusions that a large merchant/CR agency has been hacked.
I'll add my data points:
I have 37 CC self/spouse. I've checked all of them within the last week, active ones more recently. No unknown purchases, and no fraud calls from any issuers.
So far we have one FT member with 2 fraud alerts (one for actual attempted fraud purchase, the other a preemptive number change). One other member also had some fraudulent charges on one card. After hearing about a total of 3 cards compromised out of all the FT MS cards, I'm not ready to start jumping to conclusions that a large merchant/CR agency has been hacked.
I'll add my data points:
I have 37 CC self/spouse. I've checked all of them within the last week, active ones more recently. No unknown purchases, and no fraud calls from any issuers.
Feb 5, 2014, 3:18 pm
#8
Join Date: Aug 2011
Location: New Jersey
Programs: Delta P, SPG G, Marriott S, Hertz PC
Posts: 1,007
In all likely case, you were either phished, or.... The credit card processor itself was hacked.
Go watch the CNBC special they did on this.
First hackers went after Dave and Busters, than TJ Maxx. Then... they decided to go directly for the processor, Heartland Payment Systems.
Feb 5, 2014, 3:29 pm
#9
Join Date: Jan 2003
Location: California
Posts: 1,122
+1 fraud victim
I have a Chase card with heavy MS that was used by the thief to buy gift cards in ridiculous denominations I would never purchase (50s and 100s). The card was closed and I got my money back. This one was used at restaurants with waiter service in order to bury the MS, so it's possible the card was cloned. The charges occurred about 50 miles south of my home, which is a location that I almost never visit.
I have a Chase card with heavy MS that was used by the thief to buy gift cards in ridiculous denominations I would never purchase (50s and 100s). The card was closed and I got my money back. This one was used at restaurants with waiter service in order to bury the MS, so it's possible the card was cloned. The charges occurred about 50 miles south of my home, which is a location that I almost never visit.
Feb 5, 2014, 3:32 pm
#10
Join Date: Aug 2011
Location: New Jersey
Programs: Delta P, SPG G, Marriott S, Hertz PC
Posts: 1,007
Feb 5, 2014, 3:33 pm
#11
Original Poster
Join Date: Sep 2005
Programs: Northwest, United
Posts: 3,256
Before we start considering scenarios like Experian/Equifax the next Target, let's wait for some other data points.
So far we have one FT member with 2 fraud alerts (one for actual attempted fraud purchase, the other a preemptive number change). One other member also had some fraudulent charges on one card. After hearing about a total of 3 cards compromised out of all the FT MS cards, I'm not ready to start jumping to conclusions that a large merchant/CR agency has been hacked.
So far we have one FT member with 2 fraud alerts (one for actual attempted fraud purchase, the other a preemptive number change). One other member also had some fraudulent charges on one card. After hearing about a total of 3 cards compromised out of all the FT MS cards, I'm not ready to start jumping to conclusions that a large merchant/CR agency has been hacked.
That said, I do think that my recent experience was "interesting" and given the facts I noted, it seemed like an odd coincidence. Perhaps that's all it is - just a coincidence. I just wanted to post about it here, in case lots of other MSers were experiencing similar coincidences. If not, great.
Feb 5, 2014, 3:38 pm
#12
Join Date: Sep 2012
Location: IAD/DCA
Programs: Bunch of mid-tiers
Posts: 1,034
Two cards with fraud or attempted fraud (large charge the bank caught) in the last 3 months. One (USB) I never MS on, the other (Citi) I rarely MS on. My MS cards remain clean. I'm going with just a coincidence for now - we'll see.
Feb 5, 2014, 4:29 pm
#14
Join Date: Jul 2009
Posts: 721
The other possibility is that it wasn't a specific merchant that was hacked, it was Visa or MC or one of their contractors - or (gulp...) perhaps one of the credit reporting agencies. Wouldn't THAT be ironic if the next "Target" turned out to be Experian or Equifax? Yikes.
Experian Sold Consumer Data to ID Theft Service
Feb 5, 2014, 5:26 pm
#15
Join Date: Jun 2013
Posts: 293
I had four cards compromised in a two week period. All but one had been used by me to buy discounted gift cards through various online sellers. Although I try not to "store" that information on any of these sites, many automatically do so unless you opt out. All of these sites claim that they do not themselves store that information, and all such information is maintained by a third party. Nonetheless, I've been much better in keeping that informaiton purged from these sites, and things appear to have calmed down since.
