Happy

I honestly could not figure out how this can happen.

Today when I logged in Chase Online to look up activities on our Freedom Card, I noticed the BA card has an outstanding balance of $283. The card has been in the drawer since Jan this year and only been used once for a $2 payment to Comcast in June for the Authorized User bonus.

The line item has this:
08/05/2010 08/08/2010 Sale REDWOOD EMPIRE GYMNASTICS(Other) 24013390218020845229xxx $283.00

Needless to say, this is a Fraudulent Charge. But how the card info can be stolen?

Given the card is never outside home from January, and the Comcast payments have been done many many times online - In fact, the only latest usages were in June that we used each other's BA authorized user card to make $2 payment to Comcast back to back just to make sure we would get the 5K Add Authorized User bonus - I am at a loss where in the "food chain" the card info can be stolen.

When I called to report the fraudulent charge, the woman in Manila insisted to tell me how Chase would protect us for any frauds, yet also kept asking me if we ever authorized someone to use the card at the gym in California ... My husband was getting annoyed and asked her, "Do you understand what Fraudulent Charge meant? This IS A FRAUDULENT CHARGE." She finally agreed to remove the charge but then said the card does not need to be replaced since now the card is on "Watch List"... and Chase would monitor the activities on said card...

Huh? I have never heard from a card issuer rep who does not immediately close a card if it is reported being used fraudulently. On our recent experience, Citi's rep immediately closed the card while she was talking to us after making sure we had both our cards in possession and were not in Mexico. And this Chase rep from Manila told me there is no need to close the card? and the card is being put on "Watch List"? How the hell Chase can distinguish legitimate charges made by us and fraudulent charges made by the crooks?!

She also cannot answer my question about when to expect the receipt of the Affidavit Form of the fraudulent charge claim. We had the misfortune of a breached Chase Priority Club Visa card 18 months ago, again was being used fraudulently used at a gym in California but for a "preauthorized" recurring charge so we had the fraudulent charge repeated in following month and Chase could not do anything to stop it... The Affidavit Form came almost 30 days later, nearly passed the deadline of return. So I want to know WHEN the Affidavit Form would arrive.

Meanwhile, before I could print the page of account activity, the charge disappeared from online viewing. I guess it is removed by the woman we were talking to.

We asked to talk to Fraud Dept - which again is in Manila also. The card is then canceled by this guy at Fraud Dept and a replacement card will be sent. Instead of telling us what would followed, we are directed to listen to a Voice Mail which volume is very low - what I got from it is, a replacement card will be sent within 5 to 7 business days. Once it is received, we need to add the card online in order to get access. It also said that a Blue envelop labeled "Claim Materials Inside" will be sent within 14 business days and we need to return the complete form(s) as soon as possible ...

When we logged back in, the BA card now completely disappeared and there is an error message instruct us to call...

This is a second card breach in less than 2 months - the first one is a Citi card that has a clone being used in Mexico 5 times before Citi caught it and called us. This Chase BA is not caught by Chase despite our location is Florida and the usage is in a gym in California (it is not like someone would use a gym 3 thousands miles away for several hundreds purchase... )

I start to wonder there may be some security breaches within the bank(s) as I could not find other ways to explain this.

GetawaysRus

The crooks are getting smarter all the time.

I've had at least 4 or 5 cards compromised over the past few years. I am careful, and usually have no idea how this has happened.

The instances that I remember:
1. even though I live in Southern California, I was using a Citicard to make long distance phone calls in Russia. Card canceled.
2. even though I was home, I was spending quite a lot at gas stations all over Northern California on an AmEx card. Card canceled.
3. The funniest one: I had an inactive Marriott Chase card which someone used to sign up for one of those identity monitoring/credit score services. Now that is chutzpah. Card canceled.
4. The one that we figured out: I used an AmEx card at a restaurant while on a trip to San Antonio. The waiter must have snagged the number, and fraudulent charges followed immediately after.

I give the credit card companies credit. They have gotten much better at recognizing fraudulent charges, and now they sometimes call me before I am even aware of the fraud. Usually, the fraud seems to start with a small "test charge." If I see a "test charge" on my bill, I immediately call the card company to cancel the account.

Since I'm honest, I really have no idea how the thieves do this so successfully.

philemer

Sometimes it's an "inside" job. An employee steals a bunch of data files & sells the info.

Here's another good one: we got a letter from Discover Card's fraud dept. asking us to call. They said they had been trying to call us (that's a lie because we have caller ID). Anyway, someone bought over $1800 of Avon products with our card. We haven't used that card in a year. It's been in a drawer at home.
They insisted that the card be cancelled & they mailed us a new one.

About 2 years ago someone in Toronto used a CITI card of mine to charge a meal. I've never been to Toronto. The card never left the house. That card was also cancelled & re-issued.

The crooks are definitely getting smarter.

Wicked Witch

At work once we had a customer enter their details on our Website wrong. The card number was off by only ONE digit, and it ended up charging the order to someone else's card.

I should note that I found this to be incredibly odd as I was always under the impression that there would be more than just one digit off on a card number/expiration date.

Anyway, we did get the whole thing straightened out and we credited back the "wrong" cardholder and charged the right one.

Is it possible that something like that could have happened to you?

I find it difficult to imagine that someone would use a fraudulent number to charge gymnastics lessons.

Happy

Shouldn't the billing address info must match the card being used? Most online purchases require you to enter the billing address. Even the card digit can be off by 1 and is still a legitimate card number, the billing address entered must be different in this case... Yet the charge can still go to the wrong card?

I have found out by accident long time ago that the expiration date means nothing as long as the date entered is within the valid period of the card being used. I found this out when doing a Priceline bid - the expiration date entered was off, but the bid went through successfully.

How did you find out the charge went to wrong cardholder? Was it because the wrong cardholder reported it being unauthorized charge and the CC contacted your company, or your company found it out all by internal procedures?

No idea - because the gymnastic center is in California and we are in Florida, there is no way for me to get down there to find out! Chase would not / could not tell me more details other than the merchant and their phone number. I found the merchant's website and sent them an email to alert them about the fraudulent charge. I imagine they do not have hundreds of charges to look at at any given day - with the exact amount and last 4 digit of the card, they should be able to identify the "owner" of the card for the $283 charge.

At this moment we have no idea whether this is a Point of Sale type (swipe) or an Online payment. If it is a Point of Sale, it would eliminate the "off" digit possibility completely - it would be a plain and simple cloned card being used. I assume either the merchant or Chase can tell me what type of transaction is, but Chase is not telling.

Ironically, 18 months ago our Priority Club Visa was used fraudulently also at a gym - 24/7 fitness center in San Diego. The authentic cards were in our drawer but the cloned card was used thousands miles away as point of sale (swipe) transaction to pay monthly membership due therefore a recurring charge coded under "pre-authorized". The fraudulent charge occurred AGAIN the following month, on the replacement card. Chase told me there is NO WAY it can stop the fraudulent charge of recurring type, and told me to contact the merchant to stop it! I tracked down the merchant's accounting processing dept which is located in Panama City, Panama, Central America! The guy I talked to tracked down the card number and was able to identify the user. He removed the card from that account and told me they would investigate. I never heard back from the outfit but I canceled the card for good regardless. After monitoring the canceled card online for 9 months I removed it from Chase online. For that one at least the card was used once at a restaurant a few weeks before the fraudulent charge occurred. So we suspected it was the waiter who stole the info with a card reader.

I wonder if the gymnastic outfit would answer my email?

EDIT:

I did a bit exploring on the Gymnastic Center's website and found their "Electronic Payment Form" - on it, if you pay by Credit Card, the billing address must be on the form. This leads me to think that my card information is not used for online payment but a Point of Sale type of transaction - i.e. a fraudulently cloned card.

Now I really hope the outfit would reply to my email.

Row2

Somewhat different story. I had a college branded Chase card. When they stopped issuing the college cards they sent me a Chase Freedom card. I took the unsolicited card and put it in my file cabinet and never used it.

Last week I got an email from Chase asking me to go online and pay my statement for $15.79. The scary part is that the charge was from UPS, and referenced my correct UPS account number. When I called Chase, they seemed to know just what was happening. The lady credited the account immediately and told me I might or might not get a form to sign.

She closed the account and was going to send me a new card, but I told her not to. Since I felt that the card wasn't needed I decided to take the small hit for closing a long standing account. Somebody out there has more information than I care to think about.

Splittin' Aces

Happy, one other possibility is that a bill was physically mailed to someone. They filled in the credit card number (off by a digit) and mailed it back. As you know, some places (doctor bills, etc.) let you physically write down your credit card number on the payment portion of the bill and mail it back. When the vendor receives the payment form back I don't know if they would be required to match up the customer's address on the bill to the card number, or if they just run the card number on the payment form through a point of sale machine to charge you. Just a thought.

Mountain Trader

My advice to the OP is to send Chase a letter TODAY with all the required info needed to dispute a charge, which you find on your physical or online statement. Send the letter in the mail, not online. Mention in the letter that you suspect this may involve fraud.

Happy

Fraud Dept already is involved and the card is closed. A new replacement card is ordered and should come in 5 business days. A "Claim Material Package" in Blue Envelope should also come in 14 business days. The latter IS the important part - it is an Affidavit Form you would need to fill out the details, signed and fax/mail back I did BOTH fax and mail in previous incidents with Chase 18 months ago and with Citi which is less than a month ago! - It took Citi less than 10 days to resolve the matter which actually was alerted by Citi's Fraud Alert Dept - 5 fraudulent charges at Mexico with 4 in restaurants and 1 in food store between June 26 and 28. Citi resolved it on July 6.

If the above has not happened in time, then a written letter as you suggested is in order. Cardholder has 60 days after the statement on which the disputed item is billed, to dispute the charge.

Unless this breach is done as Recurring Charge, the resolution is usually quick. If it is done as a "preauthorized" type for recurring charges such as your billpay, then it is more involved to get this clear up, including getting in touch with the merchant to inform it the fraudulent use. The part with CC issuer actually is fairly simple and straight forward.

Just for the information sake, my brother told me last night that his CC was fraudulently used by someone to sign up a Tivo account in Sept 2009. While he was able to stop the CC payment, he had a rough time to get Tivo to take his card off and Tivo wound up sending his info to collection agency! He finally had to file a police report and worked with Tivo who was not very helpful in order to put that behind. It was the merchant, NOT the CC isser, that was not helping despite it was a clear-cut fraudulent usage case - the delivery address of Tivo service is not the CC billing address and there is nothing in common, but Tivo insisted my brother owed them... and sent him to collection agency.

I hope the Gymnastic Center would eventually return my emails - sent one via their website and another one via their general email address. I would give them a few days before use my own dime to give them a call and hopefully to find someone in the accounting dept but I am not very hopeful at this moment.

xkwyzyt

I just had a similar experience with Chase as someone ordered exercise equipment, self help classes and magazines with my card. Very strange though...they're having everything sent to MY mailing address. Why would they steal my information and have the items sent to my own address.

outoftown

I too had a card in a drawer for several months and suddenly got a fraudulent charge on my Citi AA MC. My mother is a secondary off the card but all charges except to a Terminix account are at the pump gas purchases. Citi replaced the card and I replaced Terminix.

I also had a fraudulent $1000 charge for Adobe Photoshop on my AMEX. Adobe sent me forms as if I was returning software which I filled out, but without the serial # of the software, which I didn't have for nonexistent software. Two months later AMEX reinstated the charge which I contested again. Finally AMEX sent me all the whole invoice info. Everything was me, my address, phone, all except the email address. They removed the charge a second time and sent me a new card. Maybe the older card # was already compromised. I had a $10 Itunes charge that wasn't mine and I was credited back. Maybe I should have replaced the card then, but I thought it was a billing mistake. The $1000 charge showed up several months later.

-outoftown

Mountain Trader

Happy-

I went through a similar episode with a card a few years back. I hadn't used the card for months (it was for for-ex charges only), then I used it to reserve an overseas hotel, and a few days later, here's the fraudulent charge.

Your story could have been mine-overseas phone rep with limited English skills, no one (including fraud department) who actually understood that it was fraud.

In my case, they used the card to buy an online gift card from a major US retailer, then immediately used the gift card to send merchandise to a physical US address. Now you'd think that the card company would, with this information, do something about chasing down the fraud-tell the local police in the area of that physical address. Now I don't have the card company's files on the matter, so I can't say for sure. But after a couple of months of phone calls, letters, etc., it was my strong impression that for the $100 involved, they just wrote it off and called it a cost of doing business. The card company added insult to injury when, after removing the charge from my account, they added it back a second time after 30 days saying they couldn't determine that I didn't owe it, based on the information I sent in (which they couldn't find, even though I sent it certified mail).

I wound up telling the card company fraud rep that he and I were in the wrong business because we had to go to work every day-we should just sit at home and make fraudulent credit card purchases on the internet since it seems there is no risk of anyone caring.

So my advice is what I would do in the future myself-send the letter right away, thus getting yourself off the hook legally for good, and then forget about it. Sure, fill out any forms and answer any requests for information from the credit card company. But don't be surprised if there's never any pursuit of the matter.

Happy

The replacement card shows up on Chase Online today when I logged in.

They changed the posting date of the Fraudulent Charge from 08/10 to 08/08.

The activity page now shows:

Trans Date Post Date Type Description Transaction Number Amount
08/05/2010 08/08/2010 Sale REDWOOD EMPIRE GYMNASTICS(Other) 24013390218020845229xxx
$283.00
08/05/2010 08/10/2010 Adjustment REDWOOD EMPIRE GYMNASTICS(Other) 24013390218020845229xxx
$-283.0

The merchant has not contacted me. I will call them next Monday on my dime to inform them this incident - we do not know whether it is an online payment or a point of sale transaction. Even online payment can be off 1 digit on the CC, this does not make sense because the Merchant would have used the payer's address registered with the facility to bill the CC - in that case the charge should NOT go through if Billing Address is of any meaning. Therefore I am still inclined to think it is a Point of Sale type of transaction using a cloned card. Though I still could not figure out HOW the information got stolen - Except one $2.00 online payment to Comcast, all other activities were on the first billing cycle in December to meet the spending requirement - and actually only 3 activities - State Auto Tag, Princess Cruiseline and the coinage.

Therefore it really beats me HOW the card info could be stolen because this card has NEVER used at any swipe machine nor even leaving home once!

The recent breach on our Citi card happened about a month after the authorized user card was used in a doctor's office with card swipe transaction. The fraudulent charges in Mexico were all done with authorized user's card info. We suspect something either happened at the doctor's office, or at the processing company's end. At least this has an explanation that we could speculate. But the breach on the BA card? It really is very very odd - almost like an inside job in Chase...

Happy

No. The first woman phone rep was fluent in English with VERY LITTLE Accent or almost no accent. I wanted to make sure which call center I talked to, hence I asked her whether she was based in US or Philippines. She said she was in Manila. You would NOT be able to tell she is Filippino just by listening to her. It was her incorrect protocol in handling the fraudulent charge report that caused my discomfort. Turned out she is in the Dispute Dept according to the Fraud Dept guy I was transferred to. (I can tell right away he is in Philippines.) My suspicion is, Chase does not want to immediately close card when unrecognized charge initially reported - especially this woman kept asking us, "Are you sure you have not authorized others to use your card?" I can understand that in some cases, especially in an account that has authorized user, one may not know the other's activities. However the training should have emphasized that, if the customer called to clearly report a FRAUDULENT CHARGE, the rep should immediately transfer the customer to the Fraud Dept. Instead, she actually contacted the merchant and then came back to tell us a person named so and so has made this charge... And she apparently did not even put the info she found on the account because later when I tried to get that info from the Fraud Dept, I was told there was no info. I want that info to talk to this Redwood Gymnastic Center to identify the offender.

Have you ever received an Affidavit Form from the CC company for you to fill out and sign then send it back to them? THIS IS IMPORTANT - Only when this happens, the case is NOT closed even though the charge may have reversed. The Affidavit Form is a LEGAL document that you MUST sign and submit to the CC issuer to make your claim that the charge is indeed fraudulent. Without that, the reversal of the fraudulent charge is a temporary credit - and in the case if the merchant kept after you for the unpaid amount (which was charged back by the card issuer), you will be in the soup again. The worst case would be like what happened to my brother, Tivo sent him to collection agency and he had finally filed a police report and worked with Tivo which was not helpful at all, to eventually put that behind him.

When you do not receive the Affidavit Form from CC company on this fraudulent charge within 30 days from reporting, that is when you should pursuit them with formal letter from you.

Too often people think once the CC companies reverse the charges and the matter is taken off. NO. You need the Affidavit form completed and in file. You also need to contact the merchant in some cases. I know it is not fair - that the crooks make out like bandits but we the victims have to do all the hard work to get our clean names back. Unfortunately life is never fair...

You need the Affidavit Form which is a LEGAL DOCUMENT. That IS the legal document the card company wants from you in their file. I guess a letter from you also can serve that purpose. However, if you have reported the fraudulent charges, the next step you need is to make sure the Affidavit Form is coming. It is also a good idea to contact the Merchant to let them know the payment they received is NOT legit.

In your case you have demonstrated that the letters from you have not had the expected effect. You would think once you have sent that letter, and the charge is reversed, the case is closed. Unfortunately it is not so.

It is UP TO YOU to make sure the Affidavit Form is sent to you by the CC company. In our previous experience on a Chase card, the Affidavit Form did not come until almost 30 days later, about the deadline of returning the form. In the recent experience with Citi, I was told the form would come in mail with the new card - NO, the form came as a document to download from Account Online, and the notification about its availability was from an email the 2nd day after reporting. There is NO form comes with the new card, and no form ever arrives via snail mail. We will see what the newest experience is this time with Chase. The voicemail we are made to listen, said it would come in 14 business days in a Blue Envelop with "Claim Materials Inside" - very specific instruction on that. Hopefully it would come as described!

The Affidavit Form goes to the RIGHT Dept to be processed. Your letter(s) went to God Knows What Dept and may have been laid around and then got lost - that is why you said you have sent letter(s) via certified mails and still the CC company claimed they did not receive it.

BTW, would it be CapOne card that you have this episode with?

Happy

On the Citi AAMC, the pump gas purchases could be the culprit - one of the pump may have been compromised by a card reader.

On the AMEX, the iTune could have been a test by the crook in your case. These days any unrecognized charges should be treated as if the card is being breached and immediate closure of the card is warranted.

Did AMEX send you an Affidavit Form for the $1000 fraudulent charge of the Adobe photoshop after you reported it? Or it simply reversed it on the first occurrence?

Was the software shipped to your address or it was a download version? If it was a download version, I suspect the crook used his email address and got the software and had you paid for it.