CC charged for airport parking in Arlington day of dropoff, but I never parked!
#1
Original Poster
Join Date: Jul 2022
Posts: 2
CC charged for airport parking in Arlington day of dropoff, but I never parked!
First time posting after years of lurking....
Has anyone encountered anything like this? I had am unauthorized $33 charge from a parking lot operator called "SQ *SP Plus Corp Arlington, VA" on my Citi credit card. I actually was in Arlington the day it was billed, but I made no stops other than to drop my daughter off at Reagan National Airport, and I didn't go into, or near, a garage. Per my statement, the only time I used that card that day was at a gas station in Maryland. I submitted a dispute to Citi and I immediately got a notice saying "Congratulations, we resolved the case in your favor. Your $33 credit is permanent." So at least that was good. But how did someone get access to my Visa card to bill it when it never left my wallet? Two possibilities, but does either seem realistic? First, I stepped out of my car at DCA only to help my daughter remove her bags from my truck. Could someone have read my card while I was standing there? Why bill it to the parking garage, though? Second, I did use that credit card 3 weeks earlier to buy my daughter's plane ticket from AA and also flight insurance from Allianz through the AA site. Could it be a scam that someone added local parking and would only remove it if someone spotted and disputed it? Other than my family and the people running the camp my daughter was flying to, the only people who knew I would be in Arlington, VA that day were AA and Allianz. We did not use that credit card for the camp. Could it have been an inside job at AA or Allianz? But why a charge for the parking garage? Despite getting it refunded, I called Citi and was eventually put through to its investigations department. They had no thoughts on how it happened and just suggested I get a new card issued. Very odd. Thanks for any thoughts on this.
Has anyone encountered anything like this? I had am unauthorized $33 charge from a parking lot operator called "SQ *SP Plus Corp Arlington, VA" on my Citi credit card. I actually was in Arlington the day it was billed, but I made no stops other than to drop my daughter off at Reagan National Airport, and I didn't go into, or near, a garage. Per my statement, the only time I used that card that day was at a gas station in Maryland. I submitted a dispute to Citi and I immediately got a notice saying "Congratulations, we resolved the case in your favor. Your $33 credit is permanent." So at least that was good. But how did someone get access to my Visa card to bill it when it never left my wallet? Two possibilities, but does either seem realistic? First, I stepped out of my car at DCA only to help my daughter remove her bags from my truck. Could someone have read my card while I was standing there? Why bill it to the parking garage, though? Second, I did use that credit card 3 weeks earlier to buy my daughter's plane ticket from AA and also flight insurance from Allianz through the AA site. Could it be a scam that someone added local parking and would only remove it if someone spotted and disputed it? Other than my family and the people running the camp my daughter was flying to, the only people who knew I would be in Arlington, VA that day were AA and Allianz. We did not use that credit card for the camp. Could it have been an inside job at AA or Allianz? But why a charge for the parking garage? Despite getting it refunded, I called Citi and was eventually put through to its investigations department. They had no thoughts on how it happened and just suggested I get a new card issued. Very odd. Thanks for any thoughts on this.
#2
Join Date: Nov 2007
Location: WAS
Programs: enjoyed being warm spit for a few years on CO/UA but now nothing :(
Posts: 2,505
The short answer - it is close to impossible to know with any certainty how your card number was compromised.
It is most likely that your card number was compromised (obtained) and some days, weeks or months later the number sold and then later still actually used for the fraudulent charge.
The most prevalent manner of compromise occurs when the card is physically given to a person who then takes the card out of the cardholder's presence to a payment machine for processing (most commonly a server/bartender at a restaurant). While out of view of the cardholder, the person then makes a copy of the card number, date and CVC number - sometimes by manually writing down the numbers (slow, easy to be caught), sometimes by using a phone to take a picture of the card numbers (faster but still easy to be caught), or most common now, by swiping the card through a card reader (extremely fast, very difficult to catch).
Contrary to conventional wisdom, it is rather unlikely the card was compromised due to an online transaction. This is because Payment Card Industry (PCI) standards required to be followed by entities that take credit card/online payments make it pretty much all but impossible for humans to see the card numbers at any point in processing. Card number data is immediately encrypted and truncated to prevent it from being visible and compromised throughout the transaction. If the card was a contactless payment enabled then "theoretically" it is possible for it to have been cloned but this is practically impossible because the technology used only works within a few centimeters of the card.
SP+ manages parking garages all over Arlington - is it possible you used it at a garage somewhere other than the airport but are only attributing it to the airport?
It is most likely that your card number was compromised (obtained) and some days, weeks or months later the number sold and then later still actually used for the fraudulent charge.
The most prevalent manner of compromise occurs when the card is physically given to a person who then takes the card out of the cardholder's presence to a payment machine for processing (most commonly a server/bartender at a restaurant). While out of view of the cardholder, the person then makes a copy of the card number, date and CVC number - sometimes by manually writing down the numbers (slow, easy to be caught), sometimes by using a phone to take a picture of the card numbers (faster but still easy to be caught), or most common now, by swiping the card through a card reader (extremely fast, very difficult to catch).
Contrary to conventional wisdom, it is rather unlikely the card was compromised due to an online transaction. This is because Payment Card Industry (PCI) standards required to be followed by entities that take credit card/online payments make it pretty much all but impossible for humans to see the card numbers at any point in processing. Card number data is immediately encrypted and truncated to prevent it from being visible and compromised throughout the transaction. If the card was a contactless payment enabled then "theoretically" it is possible for it to have been cloned but this is practically impossible because the technology used only works within a few centimeters of the card.
SP+ manages parking garages all over Arlington - is it possible you used it at a garage somewhere other than the airport but are only attributing it to the airport?
#3
Original Poster
Join Date: Jul 2022
Posts: 2
Thanks for the response. It remains a mystery. I am thinking that maybe it was compromised earlier (maybe even via a skimmer at the gas station in Maryland) and it was just a coincidence that it was used in Arlington that same day I was there. I have a new card, so I think I contained the damage there. Just a real head-scratcher.
#4
Join Date: Nov 2007
Location: WAS
Programs: enjoyed being warm spit for a few years on CO/UA but now nothing :(
Posts: 2,505
Thanks for the response. It remains a mystery. I am thinking that maybe it was compromised earlier (maybe even via a skimmer at the gas station in Maryland) and it was just a coincidence that it was used in Arlington that same day I was there. I have a new card, so I think I contained the damage there. Just a real head-scratcher.
Last edited by Section 107; Jul 27, 2022 at 1:46 pm
#5
Join Date: May 2012
Location: DCA, lived MCI, SEA/PDX,BUF (born/raised)
Programs: Marriott (Silver/Gold), IHG, Carlson, Best Western, Choice( Gold), AS (MVP), WN, UA
Posts: 8,701
Thanks for the response. It remains a mystery. I am thinking that maybe it was compromised earlier (maybe even via a skimmer at the gas station in Maryland) and it was just a coincidence that it was used in Arlington that same day I was there. I have a new card, so I think I contained the damage there. Just a real head-scratcher.
#6
Join Date: Jul 2005
Posts: 1,077
Skimmed or as other posited someone who had the card in hand got the number, info, CVV, expiry, etc.
Why do "they" always put this burden on the customer? So, now, wait for new card(s), have to refresh card number and info throughout everywhere, etc. All these banks and card co's claim to have "world class" security yet the default is the reinstall Windows option? How about actually running an anti-fraud system that says - "hmm... guy has been using his card in the area, OK, but now, suddenly a manual entry at someplace? Weird, how about we ping him with a text, app notification, etc. saying, in substance 'is this you'?" But nope. Lazy.
In addition, if OP was a victim, then bank should be helping him/her with info, data, investigation information etc to take to law enforcement with a complaint. Or, coordinate same amoungst OP and other customers who have same/similar "SQ *SP Plus Corp Arlington, VA" charges on their account. (How many former LEOs does bank hire for "security" department?). But ... nope ... our world class security is make you get a new card.
In addition, if OP was a victim, then bank should be helping him/her with info, data, investigation information etc to take to law enforcement with a complaint. Or, coordinate same amoungst OP and other customers who have same/similar "SQ *SP Plus Corp Arlington, VA" charges on their account. (How many former LEOs does bank hire for "security" department?). But ... nope ... our world class security is make you get a new card.
#7
Join Date: Nov 2007
Location: WAS
Programs: enjoyed being warm spit for a few years on CO/UA but now nothing :(
Posts: 2,505
Skimmed or as other posited someone who had the card in hand got the number, info, CVV, expiry, etc.
Why do "they" always put this burden on the customer? So, now, wait for new card(s), have to refresh card number and info throughout everywhere, etc. All these banks and card co's claim to have "world class" security yet the default is the reinstall Windows option? How about actually running an anti-fraud system that says - "hmm... guy has been using his card in the area, OK, but now, suddenly a manual entry at someplace? Weird, how about we ping him with a text, app notification, etc. saying, in substance 'is this you'?" But nope. Lazy.
In addition, if OP was a victim, then bank should be helping him/her with info, data, investigation information etc to take to law enforcement with a complaint. Or, coordinate same amoungst OP and other customers who have same/similar "SQ *SP Plus Corp Arlington, VA" charges on their account. (How many former LEOs does bank hire for "security" department?). But ... nope ... our world class security is make you get a new card.
Why do "they" always put this burden on the customer? So, now, wait for new card(s), have to refresh card number and info throughout everywhere, etc. All these banks and card co's claim to have "world class" security yet the default is the reinstall Windows option? How about actually running an anti-fraud system that says - "hmm... guy has been using his card in the area, OK, but now, suddenly a manual entry at someplace? Weird, how about we ping him with a text, app notification, etc. saying, in substance 'is this you'?" But nope. Lazy.
In addition, if OP was a victim, then bank should be helping him/her with info, data, investigation information etc to take to law enforcement with a complaint. Or, coordinate same amoungst OP and other customers who have same/similar "SQ *SP Plus Corp Arlington, VA" charges on their account. (How many former LEOs does bank hire for "security" department?). But ... nope ... our world class security is make you get a new card.
US wide credit card fraud: $8b Credit Card Fraud 2021 Annual Report: Prevalence, Awareness, and Prevention | Security.org
Nilson Report – Profits for the Top U.S. Credit Card Issuers in 2021
"The most profitable issuers of credit cards in the United States last year were American Express, Bank of America, Capital One, Citigroup, Discover Financial, JPMorgan Chase, Synchrony Financial, U.S. Bancorp and Wells Fargo. They earned a combined $60.22 billion in pretax net income from their card businesses, up 147.9%, an increase of $35.92 billion versus 2020.
#9
Join Date: Nov 2007
Location: WAS
Programs: enjoyed being warm spit for a few years on CO/UA but now nothing :(
Posts: 2,505
Also, keep in mind that credit fraud frequently causes negative data on credit reports resulting in lower credit scores and higher interest rates. Credit card companies are not looking out for customers - doing so is against their own self interest.
#10
A FlyerTalk Posting Legend
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 100,369
The OP should go back as many months as possible to check whether there's a stray unrecognized charge of a couple dollars on the card. Scammers often "test" card numbers by doing a very small purchase to check that the card is valid before attempting to use it for something more significant.
With some credit cards, you don't need to supply the new number to various autopay accounts, so be sure to ask before manually updating information if the bank decides to issue a new credit card number.
With some credit cards, you don't need to supply the new number to various autopay accounts, so be sure to ask before manually updating information if the bank decides to issue a new credit card number.
#11
Join Date: Jul 2005
Posts: 1,077
Sorry. Getting OT here in my comments. But, its an unfortunate situation and hopefully will not repeat itself.