Last Thursday I got a call at work from FIA Services, the owners of the once-named Schwab 2% card (which I currently use as my "all other" card when I can't get a higher cash back rebate somewhere else.) It was from their fraud department. They had noticed some unusual charges and wanted to know if they were legitimate. (BTW, I knew he was legit from the information he had. In addition, I never gave him any personal info and he, in fact, was careful giving me any too. We simply discussed charges.)
I had received a couple calls like this in the past few years, but each time they were instigated by some unusual charging activity on my end (lots of charges in one day, high amounts of charging in one day, charges away from home, etc.) This time was different.
It appeared that three charges were suspicious and these are what drew FIA's attention to the card. After talking to the fraud investigator, I could account for all the charges but these three. That said, I didn't know what my wife had charged that day, so we needed to talk to her. He tried to call her with me on the line, but she was not home. I agreed to talk to her that evening and call them back.
When I got home, we talked and confirmed that the three charges were not ours. They were as follows:
- $1 charge to a charity
- $10 charge to an educational company
- $1,300 charge to American Airlines
I called the credit card company and they said charges like this are very common when the number has been stolen. Thieves try small test charges to see if the card is valid. Once they confirm it is, they then make as many big purchases as possible as quickly as possible. Looks like our thief was planning a trip.
The guy walked me through the next steps. I would be seeing both charges and credits for those charges on my statement. I'd also be getting a form in 7 to 10 days. I'd need to sign it and confirm that the charges weren't mine. And, of course, the cards would be cancelled and new cards issued.
I had four auto-pays set up on the card and asked if they would transfer to the new one. They wouldn't. Ugh. So I need to go through the pain of contacting the companies and giving them the new card numbers. Just something to think of for those of you who have multiple auto-pays -- be sure you have a list of who you have them with, how to contact them, your passwords, etc. handy in case you need to change them for something like this.
Next it was time for the clean up and to make a security check of our finances.
The next day I scanned all our computers (home and work) just to be sure our computers were secure. I also grabbed our credit reports (one for me and one for my wife) from AnnualCreditReport.com. I had been meaning to review our credit reports anyway so this gave me good reason to. I'll be pulling one of the free reports every four months now will keep a close eye on them. It's probably simply a stolen credit card and not ID theft, but I want to be sure and take no chances.
I also checked my online bank and investment accounts. It was highly unlikely that any of these were compromised, but it's better safe than sorry. They all appeared to be fine (BTW, I check each of these accounts at least once a week anyway, so I'm fairly on top of their status.)
This is the first time I've ever had a credit card number stolen (FYI, we had our cards, so it was simply the number that was stolen, not the physical card) -- and I've been using cards for almost 30 years now. My boss says he's had it happen three or four times in his career.
How about you -- have you ever had a credit card number stolen? What did you do? Or do you have any advice for me on what else I should do to be sure everything is safe and secure?
Never had that happen (thank goodness)...but I did get something related to my FIA card, that apparently in the coming months it's going to turn into a Bank of America card with "partnerships" with (IIRC) Merrill Lynch and other things, like the Bank itself.
So, I think I'll be cancelling this card when it happens.
Posted by: Josh Stein | August 29, 2011 at 10:50 AM
Josh --
I've heard that rumor too, but haven't received anything specific in the mail on it. I'll wait and see, but if it's less rewards, I'll be canceling too.
Posted by: FMF | August 29, 2011 at 10:52 AM
My FIA American Express had to be cancelled last month as well when I discovered over $600 in charges to iphone store. We do not own anything "I". So far no problems but watching carefully
Posted by: Rockbell | August 29, 2011 at 11:05 AM
"I had four auto-pays set up on the card and asked if they would transfer to the new one. They wouldn't. Ugh."
Granted, having a card or card number stolen is a low probability event, but this one sounds like an addition to the list of "Reasons not to use Auto-Pay".
I had a foreign charge pop up on a Visa card I have from my local credit union once. Called them and explained why I thought the charge was fraudulent; they suspended the card and had me come to the office and sign (with notary) a form attesting to the facts. Once that form was completed, they issued a new card and cancelled the old one with no liability on my part. No muss, no fuss.
I did do a quick check on my other accounts to make sure all was well, it was.
Posted by: jeffbone | August 29, 2011 at 11:07 AM
I've had my account compromised twice. Once was my debit Mastercard and once was my Visa credit card. The debit card number was used Christmas Eve at about 2am for approximately $3,000 in purchases from a European electronics company ($300-$500 each and all charges hit within 15 minutes, mainly satellite phones and laptops). Working with the bank, we were able to get most of the charges halted and my funds returned, although it took 3-4 months to get everything squared away. The Visa charges were for a few dozen Starbucks gift cards and a recurring subscription to an "escort" service site. Working with Visa, we had the situation cleared in a matter of days. In both cases, they suspected that a force number generator was the means they used to access my accounts (a program that randomly generates legitimate credit card numbers that are then tested for validity). So, you don't need to use the card for your account to be compromised.
Based on my experience, the credit companies are much better prepared for fraud than the banks are. The bank seemed slower and more concerned that I wasn't trying to defraud them, while the credit company had me fill out a few forms and I was done. I check my accounts daily or every other day because of these experiences; the faster you can identify the fraud, the quicker you can get it resolved.
Posted by: Rod Ferguson | August 29, 2011 at 11:09 AM
I got the same call from Fia Card Services on Thursday last week, with the same type of charges. They are sending me a new card as well. Makes me wonder if the card numbers were compromised on Fia's server.
Posted by: Evan | August 29, 2011 at 11:32 AM
This happened to me and my hubby earlier this year. I was at work when I received a call from Discover saying there was suspicious activity on our account and they wanted to verify our last 3 charges. There was a $3500 charge attempted at a Sam's Club in South Carolina which was not ours. They were able to tell me the time of the attempted purchase (note: they called me within 30 minutes of this attempt) and the name on the card. The name on the card was my husband's. The asked if it was possible that hubby made the purchase and I was unaware- nope, we live on the West Coast and had breakfast together only 2 hours earlier. Discover immediately closed that account and sent us new cards.
However, I took it to the next level even though it got me nowhere. I looked up the Sam's Club Location online, called the store and spoke with a Manager. I explained the situation they said that they have cameras at the check out counters and would be happy to turn over the video evidence to the police. So then I called the appropriate police station in South Carolina- and they REFUSED to file a report or investigate. First, I was told that no crime had been committed since the attempted purchase did not go through. I countered that even though the charge didn't go through, obviously laws had been broken since someone was able to clone a card with my hubby's name and number. And since when did not being successful mean a crime had not been committed, what about attempted murder, attempted battery, attempted theft, etc.? Second, I was told that I had to file a report with the police where I lived, which didn't make sense to me since someone tried to use the fake card in South Carolina. I then immediately called my local police department (this didn't sound right, but hey I'm not a legal expert. Its a free call and they might actually do something about the situation) . I explained the situation to my police department and they told me that South Carolina was supposed to file the report and investigate. I waited an hour to calm down then called the South Carolina police again and got the same run around. So frustrated! I decided to leave it alone.
I'm still not sure how our information was compromised. We both have permanent security freezes on our credit with all 3 bureaus which let us sleep a little easier (We did pull review our reports after the incident). And Discover was great, they denied the charge from the get go, called us quickly to investigate the situation, and very quickly and easily issued new cards. I got a letter saying they would investigate...I was a little disappointed I didn't get any more updates, but I suppose its typical in a situation like this. Terribly disappointed with the representatives of the South Carolina police department I spoke to. The whole experience has left me concerned. We're so careful with our personal information I feel like the only way to prevent it is to only use cash. And the best way to minimize damage is to use credit cards (not debit), and monitor your accounts and credit histories regularly.
Posted by: Lynn | August 29, 2011 at 11:33 AM
Testing a credit card against a charity's website is absolutely a tactic that fraudsters use--I know from being on the other side. If you see such a charge, call your issuer immediately as you can be certain much larger charges are about to follow. When I worked with a charity going through this it was AMAZING how many people wouldn't believe us that they should cancel their cards.
It cost the charity so much money in fees and staff time and yet no authorities really care about following up on these charges. Nor did the credit card companies really. All very frustrating.
Posted by: soners | August 29, 2011 at 11:38 AM
We had something similar with our Citibank card. They called up and we found that a fraudulent charge had been submitted. It fortunately had not posted yet so Citi immediately closed the account and issued us new cards. There was no liability on our part and we got new cards in a couple of days.
We also had Chase call up for some potential fraudulent charges on our Chase Freedom card but those all ended up being legitimate charges we made.
Posted by: Mike C | August 29, 2011 at 11:42 AM
Funny, my card number was stolen last week too. (A Citi card though.) Actually, we had one fraudulent charge go through in May, got that taken care of, then I thought nothing more of it. Last week I noticed about 11 charges (including 4 refunds) that weren't ours. I immediately called Citi and closed the card. They are in the process of sending me all the paperwork and a new card.
I also checked my credit report last week and everything is clean, however I had a brand new secured credit card arrive in the mail on Saturday - which I didn't apply for. I'll be calling about that later on today.
Unfortunately I have just applied for a new business credit card, and haven't had the confirmation through yet. As soon as that happens, I'll be contacting the agencies and freezing my credit report. I have no intention of applying for any other credit anytime soon, so I think the peace of mind will be well worth the small fee to freeze my credit.
What a pain!
Posted by: Claire | August 29, 2011 at 11:46 AM
My AMEX card number was stolen last spring. AMEX called me on a Saturday morning, confirmed the charges weren't mine and FEDEX'd me a new card, which arrived Monday morning. This fantastic customer service has made the amex card my go-to card for just about everything, especially with on-line purchases.
Posted by: Mike | August 29, 2011 at 12:06 PM
Geez, I'm going to have to take my credit reports more seriously!
After all, if you had your credit card number stolen, then what to stop mine from being stolen too!
Do you think that it was just a random occurrence or do you think you used it at a particular store and it was compromised there? I would try to figure out where I had used it recently that I hadn't in the past.
My wife does the credit card payment, I'm going to mention your article to her and have her keep on the lookout!
I agree with Claire... "What a pain"!
Posted by: Don | August 29, 2011 at 12:09 PM
My American Express number was stolen once. It was like you said, they called me and told me something was wrong.
But it took a while to take off the fraudulent charges. One piece of mail they sent me said that because the charge was with an actual card (at a pay-at-the-pump 10 states away) that they weren't going to take the charge away. I called them and they said not to worry they'd resubmit it or something and it was finally cleared up. Thought it was odd that I had to jump through hoops to get off a charge that THEY had flagged. Also was odd that the couple of pieces of mail I got about before resolution were kind of nasty, but whenever I spoke to them on the phone they were very nice and reassuring that it all would be worked out.
Really don't know how the thieves had an actual card either--we had both of our cards in our possession. There must be some way to create fake cards? Kinda creepy, but all's well that ends well. No other data stolen at the time, just the CC.
Posted by: Mike B. | August 29, 2011 at 12:14 PM
Yeah, we had our CC# stolen a couple years ago. We suspected that it was a disgruntled cab driver from a flat-rate taxi from the airport. This cabbie drove like a maniac while talking on his phone (illegal in our area) and wasn't particularly interested in helping us with our luggage, so I stiffed him on the tip. He seemed a little miffed when he realized that I didn't include a tip. The very next day some test charges began showing up on our account, followed a few days later with larger charges. If I recall, I think that I noticed the odd charges when I received my bill ~2 weeks later. The card provider reversed the charges (~$1000 total) immediately after I contacted them and sent us new cards. We had to fill out one form, and that was that. Like @Lynn I wanted the person caught because I was guessing that this was part of a larger ring.
We had another couple (maybe three) times when FIA contacted us about potentially fraudulent activity. We were travelling out of state one time, so that triggered a call from them. Another time we had very large purchases because we were doing some remodeling. They seem to be really on the ball WRT identity theft.
BTW, I also found out a couple years ago that the vendor is on the hook when these thefts occur. Ain't that a kick in the head? Previously I'd thought it was the card brand or the bank. The vendors spend all this money for the privilege of accepting this or that CC, and they have to accept all this risk!
Posted by: Jeff | August 29, 2011 at 12:25 PM
@JeffBone
I do not agree that this has anything to do with autopay. This has to do with autopay on a credit card. This and the fact that card companies are always changing things and rules is why I have literally dozens of autopays but never put a single one on a credit card. My autopays are on my bank account only. The little extra in cash back is not worth it to me to put autopays on a credit card.
Posted by: Apex | August 29, 2011 at 12:26 PM
@Mike B: There is - they're called skimmers. Google for more info if you really want to know. I guarantee you'll never look at an ATM or gas pump the same way again.
Posted by: dcs | August 29, 2011 at 12:30 PM
I had a call once from discover.they had a person from six flags georgia security on the phone and somebody there was using a fake card with my number to attempt to buy season passes (I was in new jersey at the time). Discover reviewed all my recent charges - the bad guys had first purchased Amtrak tickets on-line that day and then tried to buy the tickets. Over several calls with six flags, discover and my local police I did the following - reviewed all recent charges, cancelled that card and got a new number and card processed, spoke with ga security as they had the guys arrested, and filed a police report where I lived. Of course, I had no problems with getting the fake charges reversed. I think they even threw in free credit monitoring for three months. But the most interesting part of this is that the bad guys had made a physical discover card with my information!
Posted by: Diane | August 29, 2011 at 12:53 PM
@FMF, thanks for the reminder to make a master list of the accounts I have on auto-pay. I've been meaning to do this, anyway.
This is also a great reminder that if your credit card company offers email/phone/text alerts, set them up! I have my Chase Freedom card set up so that I get a text alerts for a variety of different situations (large purchases, online/phone purchases, etc.) Even though I keep a close eye on all my accounts and transactions weekly, I have the extra peace of mind that I'd be able to catch suspicious activity right away with those alerts.
Posted by: Jenna | August 29, 2011 at 01:37 PM
Jenna --
I'm going to set that up with my cards as well to try and keep a better eye on things.
Posted by: FMF | August 29, 2011 at 01:39 PM
We have not had a problem yet with credit card theft, but have had someone trying to file fake tax returns under my name and social security number in hopes of getting a large refund.
Posted by: JimL | August 29, 2011 at 01:52 PM
I have been a victim of card fraud twice and was beginning to feel helpless. I did not want to carry cash but my cards seemed to expose my accounts to unauthorized charges.
I heard about this new card product called a Secure Identity Prepaid Card. It has a security feature that lets you turn your card on and off using your cell phone. You send a text message to activate it before you make a purchase. If your card is ever lost or stolen, the card could not be used. If someone tried to use the card, you would get a text alert telling you the details of where it was used but the charge would not go through. If you wanted to have the purchase go through, you could activate your card and have the merchant swipe it again.
I can only spend what I load on it which I hope will help me better budget my money. I plan on using it instead of my bank debit card (and certainly not a credit card). You can fund the card by transferring money from your bank account by a bank transfer or from PayPal. I just enrolled for one and I am waiting to get it in the mail. I can't wait to try it out.
Posted by: russell | August 29, 2011 at 01:58 PM
Yes, I'm fairly sure I know where my card number got stolen. I actually told my credit card company this, and they weren't interested...I can't really do anything about it if they don't care. I think total stolen charges came to under $500, so maybe it's just not worth their time and effort to pursue.
Posted by: Claire | August 29, 2011 at 03:23 PM
Yes. Last year, Capital One called me on Black Friday. I had recently used my credit card at a local gas station, something I don't usually do, and I suspect that it was "skimmed." Apparently the thieves thought that I'd be spending so much money that day that I wouldn't notice a few more charges...in Europe. They were wrong. Capital One did a great job with immediately cancelling and reissuing the card. I wasn't held liable for any of the charges. And I started using a gas card at the gas station instead to limit exposure to risk.
Posted by: Alex | August 29, 2011 at 03:26 PM
Claire - You should care (and they should too) because the banks pass their fraud expense on to consumers. I think I read that there was about $8 billion in fraud charged to cards last year and the banks pass it along to consumers in card fees and interest. If the banks could lower their fraud expenses, they could what they card customers ( or just make more $$$$).
Posted by: russell | August 29, 2011 at 04:02 PM
FMF,
I got the same message from FIA Card Services about my Schwab Visa last Thursday. They left it on my home answering machine and at work--apparently I hadn't given them my cell number. The fraudulent charges were on an old card number that was linked to the account, not the current card number, and they weren't approved. Nonetheless, they cancelled my card and are issuing me a new one.
I was on vacation and didn't discover this until Friday when my card was declined at two merchants. Not all of the legitimate charges have shown up on my account yet, so I hope that none of the places I patronized failed to get paid. FIA didn't mention anything about having to fill out a form, but they are issuing me a new card.
It's weird that at least three of your blog readers have had the same experience with an FIA card in the past week.
Posted by: Anonymous Coward | August 29, 2011 at 05:03 PM
It seems a lot of the banks take this "proactive" approach to fraud. It protects their money by cutting a card where they suspect fraud is taking place. In reality, they are creating a negative experience for the cardholder. I had this happen twice to me. Once while I was one vacation (thank goodness my wife had her cards) and another time when I was doing back to school shopping with my family.
Since I had been a legitimate victim of card fraud before at first I thought this was not such a bad thing but in reality its a pain. Not only was I inconvenienced, but then I had to go to every merchant where i had auto-pay and change my card number.
I am hoping with this new card I mentioned above, I have a different way to address fraud. If the fraudsters can't put through a charge on my card, they can't take my money.
Posted by: russell | August 29, 2011 at 05:28 PM
CC number was scammed 15 years ago to buy gas in $40 lots below the limit and they stored the gas in an old station. They stopped the CC after 4 purchases of gas in a 24 hour period sighting something was wrong. They took care of it.
I know things are quite different today and I have no advise other than check your statements.
Posted by: Matt | August 29, 2011 at 07:22 PM
Speaking of the FIA Services "Schwab" 2% Visa, I received a letter tonight that Bank of America would be taking over my account. No immediate change in terms were noted, but I will be starting to search for a replacement.
Posted by: Terrence N. | August 29, 2011 at 09:04 PM
What a timely story! I had my bank call me and text me last Sunday to some unusual charges on my Visa card. When I returned their call, I was informed that someone in Europe had made 4 purchases on my card that day to totaling about $400. They immediately cancelled the card in informed me of the accounting process that would show on my statement and that I would be receiving a new card in about a week. I hadn't used the card in about 3 weeks so it is a mystery as to how they got it but thieves are very creative. I do check my accounts for activity on a regular basis but I'm going to be increasing the frequency after all this!
Posted by: Ron Couey | August 29, 2011 at 09:15 PM
I didn't receive a message that my FIA Fidelity/MasterCard had been scammed but one that told me that they were giving everyone a new CC number. It sounds like their own data was compromised and they were taking corrective action.
In the past I have received "Fraud Alert" messages but they were because I purchased something online from a foreign company and not because of any illegal activity. Before travelling overseas it's a good idea to notify your card company of the dates you will be away. There's also a major problem these days using American credit cards in Europe because their cards use an embedded chip and ours do not and are not likely to anytime soon.
Posted by: Old Limey | August 29, 2011 at 09:48 PM
Wow- the number of people who have had their card stolen is higher than I thought!
I have had to dispute a charge that posted twice on my account, and have received Fraud alert messages when I was using my credit card overseas.
Now I just keep it simple, I have an overseas card at a foreign bank for purchases made outside the USA, they also give more favorable currency exchange rate compared to US cards.
For all on-line shopping, airline tickets, etc, I use my US based cards which are all on auto pay. I review my statements monthly to check for fraud. My US based cards are my backup in case my overseas card has a problem.
-Mike
Posted by: Mike Hunt | August 30, 2011 at 03:54 AM
Can they catch the thief?
1) Determine where the flight originates.
2) Determine the name on the ticket.
3) Hey Presto!
Is that too hard for our government?
Probably. It doesn't involve spending billions and no one get a commission or bonus.
Posted by: Goner | August 30, 2011 at 09:10 AM
Multiple experiences: First - I traveled and lived overseas for several years. ETrade was extremely watchful on my use of foreign ATMs. Every time I withdrew cash at a machine I had not used before, or pulled multiple withdrawals in quick succession, I would receive a call within a few minutes of the transaction.
Living in Paris, prior to having a local card, I went to purchase appliances and my (Chase I think) card was declined. Used an alternate which worked, but then it was declined the next time I tried to use it. Turns out both companies had proactively blocked because appliances were coded as electronics. One blocked before the charge could go through and the other immediately after. Took a couple of calls to the US to unblock.
After I lived there a short while, and had not used my US cards for over a month, two charges went to my Chase card - one for $5000 of expensive wine, and the other for $3000 of clothing. CC company called and charges were subsequently reversed - no cost to me. I always prefer credit cards to debit cards for precisely this reason - if my bank account had been hit with $8K of phony charges I would have had many other issues.
American cards are very appealing to foreign criminals. Most countries now use PIN and chip systems which are more difficult to copy, and also more difficult for common thieves to use. But US banks have made the business decision to favor convenience and low cost cards over security.
Posted by: Mark | August 30, 2011 at 11:53 AM
I have had both my cc's hijacked, one in Jan., 2009 and the other in Jan., 2010. The first one I discovered because I checked my accounts every 3-6 days. I now check them daily. I called and they asked me to call the airline (2 tickets purchased in Atlanta, GA & 2 in Salt Lake City, Utah) to see if they could reverse the charges. They couldn't, as the trips had already been taken. I called back to the cc company and they immediately cancelled the card and sent me another one the next day. There were 3 other pending charges (not mine) that they asked me about. All went fine. I was not charged any $50, which they are allowed to do.
The second card I discovered immediately, due to my daily checking. It was $1400+ for a ski resort & spa in Canada. The reason this took longer is that the person I talked to thought I was just questioning a charge. He said it would take up to 45 days because they would have to contact the spa to double check. I thought that sounded weird, so 2 days later I called back and got another person. They immediately closed the card and sent me a new one. I have autopay on 4-5 bills and donations on this card. I was lucky. I set them all up for the latter part of the month and I had 2 weeks to get all the changes done. Worked like a charm.
If you have a computer, it is extremely easy to check each day. I do this on both cc's and my checking acct. I also put a hold on all my credit. I do still need to get my credit checked once in awhile. And I will now be paying all my gas bills inside and not at the pump. I refuse to use debit cards, so no problem there.
Posted by: Georgia | August 30, 2011 at 12:31 PM
For those concerned about monitoring card activity - many companies now allow you to receive an e-mail or text message when your card is used above some threshold. I receive an e-mail every time my teenage daughter charges $50 or more. This could also be used to help keep track of fraud.
Posted by: Mark | August 30, 2011 at 05:57 PM
I had one of my card numbers stolen once and someone ran up a few hundred in charges. It was a Citi card and the bank called me about it. Citi cleared it up no problem.
I've had credit cards and used them extensively for about 22 years now. That rate of once in 20+ years is no worse than the frequency that I have had my car broken into. And its probably easier to steal my credit card # then break into my car really.
Posted by: Jim | September 01, 2011 at 12:55 AM
what we ALSO need is a database of WHERE these fraudulent cards are used and at what businesses.
Posted by: Matt | February 26, 2012 at 05:45 PM
Beware of Bank of America lowering your credit limit.
In 2009, I had a Wachovia card (that was transfered to MBNA then to B of A) that had my $11,600 credit limit reduced to $6,000 by B of A. My other two over-$20K cards (with non B of A servicers) did not have any reductions. Only the B of A card got reduced.
Now my FIA card (>$20K credit limit) will be transfered to B of A. I expect another reduction.
There was nothing negative on my credit report in 2009 and I had a high credit rating. I thought at the time that BofA was reducing many credit limits in response to the poor economy and the real estate bubble fiasco. I wonder what they'll do now in 2012 with this new FIA-to-BofA transfer.
Posted by: Gracie | April 13, 2012 at 10:39 PM