Credit card was compromised again...... =~ (

I don't carry a lot of cash, hardly any.  I used my "everyday" credit card for about everything, gas, hardware stores, groceries, every place I would normally write a check.  Last time someone in California a $74 Uber ride, this time it was a $285 Uber ride in California.

The hits coincide with the one place I go out of the ordinary, a local pizza shop.  My buddy owns a foreign car shop, he does me a favor so I buy his Techs a pizza.  The compromise comes a week or so after visiting the pizza shop.

Should I the owner of the shop?  

WWGRMD?      (if anything)

Call them or not, but don't do business with them again. 

My last hit was after a fastener order at work. I don't buy from them anymore. 

914Driver said:

Should I the owner of the shop? 

I think you accidentally the whole thing, but if that's the last place you used the card, I'd talk to the owner of the shop since he's your friend.

Did you get a new credit card after the first false charge?

Cooter’s got it. 

You should be reporting these to your CC company. They will issue you a new card, and refund your money. 

Definitely report to the credit card company. To me it also looks like some cards tend to get compromised more than others, so maybe it's time to change card issuers?

Make it a habit that the card doesn't leave your sight.  In Oklahoma, a few months ago, a waitress at Twin Peaks, I think, or some place like it, was busted.  She had a card reader in her pocket.  She would pick up the card from the guests to pay their bill, walk over to the register and casually put her hand and the card in her pocket, swiping the strip.

Oh, and that card is blown.  Time to start over with a new one.

Did you say anything to the local cops ?

They may already know , but if not you can tell the cops and they can investigate , 

Dr. Hess said:

Make it a habit that the card doesn't leave your sight.  In Oklahoma, a few months ago, a waitress at Twin Peaks, I think, or some place like it, was busted.  She had a card reader in her pocket.  She would pick up the card from the guests to pay their bill, walk over to the register and casually put her hand and the card in her pocket, swiping the strip.

Oh, and that card is blown.  Time to start over with a new one.

That is small potatoes. Street level CC fraud is basically extinct. It's far more likely to get stolen as part of a massive card breach online.

That said, in Canada you never actually relinquish your card to anyone. At restaurants, they'll bring the reader to your table for you to swipe. Handing your card over to a cashier gets you tagged as an American immediately.

The moment you tell your card company about the fraudulent charge, they'll issue a new one.

Very common at pizza places because you tell them your CC number over the phone and they write it down on a sheet of paper.

If it's the same pizza place twice, they probably have an employee who is selling numbers. 

But yeah, the CC company should make you right, and quickly too. 

Robbie said:

Very common at pizza places because you tell them your CC number over the phone and they write it down on a sheet of paper.

The credit card issuers are really cracking down on proper handling of cardholder info. If your processor gets word that you're doing this (and not that you were doing it in 1983), they will drop you like a hot potato. PCI compliance is pretty rigid and well defined.

Fist time, I caught it, the most recent one, the CC Co. alerted me.  Got a new card after the first time and currently waiting for a new card, the compromised one I destroyed.

Both visits to the pizza shop, I scanned the card myself, no exchange of the 3 digit on back.

Thanks for the advise.

It's interesting that the CC companies do so little here in the US about it.  They are 100% liable for these kinds of breaches- as they always refund the money.

While it is a big deal for those of us who have had CC problems, in the end, we are not out the money that was charged.

So why don't CC companies act the same here as they do in the rest of the world?  Where the transaction takes place with the owner holding the card all the time?  That will save huge money for the CC company....

In reply to alfadriver :

I'm willing to bet it's because most people don't notice until they can't buy something, so the CC companies and the money cartels, err banks, behind them get to collect and earn interest until they get caught out.

Looking at all the E36 M3ty E36 M3ty things banks do in this country that they can't or won't do in others, it doesn't seem out of the realm of possibility. 

Over Xmas someone tried to add themselves to my credit card account and have a card mailed to them.  I had to cancel the card and have another one reissued plus put "enhanced" security on my account.

I'm currently dealing with Cox Cable as someone in Las Vegas used all my info to open an account with them there.  They of course didn't pay and Cox sent me to collections and put a negative report on my credit.  I'm 1.5 months in on that one and its been a real PITA so far...

RevRico said:

In reply to alfadriver :

I'm willing to bet it's because most people don't notice until they can't buy something, so the CC companies and the money cartels, err banks, behind them get to collect and earn interest until they get caught out.

I highly doubt that.  If they get one fraudulent charge that they have to refund 100%, that wipes out 50 unnoticed fraudulent charges where they got to keep the 2% transaction fee.

I know you love to hate on banks, but that makes no sense as a business model.

alfadriver said:

It's interesting that the CC companies do so little here in the US about it.  They are 100% liable for these kinds of breaches- as they always refund the money.

While it is a big deal for those of us who have had CC problems, in the end, we are not out the money that was charged.

So why don't CC companies act the same here as they do in the rest of the world?  Where the transaction takes place with the owner holding the card all the time?  That will save huge money for the CC company....

Because the CC company just takes the money from the vendor who took the fraudulent payment. The bank doesn’t suffer, the vendor does. 

In reply to Duke :

What Keith just said. The banks are fine, the vendors are berkeleyed. 

Which is completely opposite of how it should be, but giving executives lead parachutes and throwing them off of roofs is somehow a bad idea. 

Between garbage cyber security, absolutely brain dead middle managers, and 30+ years of credit card number generators churning out thousands of potential targets per hour, it's frankly amazing everyone hadn't had their E36 M3 compromised. 

Then at some point, the vendor needs to do a better job protecting themselves.  Like checking ID every once in a while.

I have Zander Insurance for identity theft.  A little peace of mind.

I've had my debit card released to the wild three times now.  Twice was in one year.  Arvest, the Walton's bank, is VERY good about spotting that.  Like lock your card down and call you up immediately and ask if you just bought something for 42 cents at a motel in North Carolina.  That's why I now have 2 accounts there.  One gets my deposits, the other I put a few hundred in and that's the card I use to buy stuff with.  Then, worst case, I'm locked out on a few hundred briefly and start over with that one.

And I suspect the local Shell quickie mart.  Lots of people working there the size of a toothpick and with no teeth.  I stopped buying gas there, except very rarely, and haven't had a problem since.  Although, I also stopped letting my card go out of my sight at the Mexican restaurant. 

alfadriver said:

Then at some point, the vendor needs to do a better job protecting themselves.  Like checking ID every once in a while.

We spend thousands every year defending ourselves. Anti-fraud services are big business and for good reason. But you have to do it in a way that doesn’t add too much friction to the transaction, or customers will go elsewhere. And of course, the costs for fraud and/or prevention get passed on to the end user.

Banks don’t want cc fraud, it is ultimately bad for business. That’s why they do data mining on your transactions to spot outliers from your usual behavior. You can see the difference in how they behave with cc problems (they have to manage the problem) and identity theft like docwyte (no liability for the banks at all). That’s where we need to concentrate our efforts on reform. 

docwyte said:

  I had to cancel the card and have another one reissued plus put "enhanced" security on my account.

Can you elaborate on the "enhanced security"?  Can't hurt.

Keith Tanner said:

Robbie said:

Very common at pizza places because you tell them your CC number over the phone and they write it down on a sheet of paper.

The credit card issuers are really cracking down on proper handling of cardholder info. If your processor gets word that you're doing this (and not that you were doing it in 1983), they will drop you like a hot potato. PCI compliance is pretty rigid and well defined.

I guess that is why the pizza places around here are all 'cash only' now. hahaha. 

914, what bank/credit card issuer do you use? 

The banks/issuers, for the most part, are very good at detecting the fraud. Consumers don't like change though. And fraudsters are getting sneakier and sneakier. Skimmers are still a huge issue. I've seen (literally seen with my own two eyes and put hands and fingers on) some that are undetectable unless you know exactly what the card reader or ATM looks like before. 

At this point it is why I only use a credit card, and use Apple Pay when I can. And it is why I have multiple cards--they shut one down, no problem. 

The debit card is for the ATM only, and when I use the ATM I grab hold of the card insert slot and pull back HARD. There was a card skimmer that I could get to budge only by throwing all my weight at it. 

In reply to 914Driver :

So when I call in and they want to verify my identity, they have to ask me more questions that only I'd know.  So beyond the standard, address, SS#, etc that can get lost in a phishing scam.