By Judi Curry
I received an automated call this morning at 11:27 am. It went like this: “This is your credit card company calling. We are not trying to sell you anything but we think that your credit card has been compromised. We want to talk to either Robert Curry (so do I) or Judith Curry. If this is Robert Curry please press 1. If this is Judith Curry please press 2. If neither Robert Curry or Judith Curry is available, please press 3.”
Since I am “Judith Curry” I pressed 2.
“So that we can be sure we have the right person, please enter your 5 digit zip code.” I entered my zip code.
“Please hold for the next available representative.”
There were many thoughts that went through my mind during the 2 minute hold time. Was I being scammed again? How could they figure out who I was by my zip code? I just used my credit card moments ago to purchase new cards for my new business. Was that a scam? I decided that I would ask the questions when the representative came back on line.
“Is this Judith Curry?” I answered in the affirmative. “Did you make a $405.64 purchase at Walmart in Florida today?” Me? At Walmart? Anyone knowing me knows that I haven’t stepped into a Walmart for 20 years. Florida? You are talking to me in San Diego. “I realize that, Ms. Curry, but a purchase was declined by Walmart today using your credit card and we just want to make sure that you did not authorize anyone in Florida to use your number.” I asked her what time the purchase was made. She said2:15pm, EST. Twenty minutes ago! “What was it for”, I asked. She said she didn’t know; she was with the fraud department and because Walmart turned it down they were checking with me. They do not get to see transactions.
She then asked me if I had made two purchases on my credit card within the past 2 hours. She told me what companies they were; the amount; and the time but did not tell me what the purchases were for. As it turned out she was correct; I had made two on-line purchases to the two companies she mentioned. At that time I felt the call was legitimate.
I asked what the next step should be and she told me I had two choices: First of all the account would be closed, effective immediately. Then (1) they would send me a new credit card but it would take 7-10 days before I would receive it or (2) I could go to the credit union and obtain a new card immediately. I elected to go to the credit union.
I left the house at 1:15pm and drove to the credit union on Morena Ave and was taken immediately by a teller – do they still call them teller’s – at the window. I told her the problem and she immediately checked my account, only to find that there was no record of the phone call I received. She called her supervisor, who did more checking and found that the card was cancelled but that the wired information had not yet been received by the branch. (Thank goodness, because I didn’t want to feel like I was had – again!) Again I was given two choices: (1) I could order a credit card that had raised numbers on it, but I wouldn’t receive it for two weeks, or (2) I could accept a “flat” card – no raised numbers and I could receive it immediately. I asked if I could keep the same “pin” number and was told there was no problem with that at all. Two weeks without a credit card? Apparently she had not seen my balance to know that I NEVER could go that long without it. I elected the “flat” card. (What difference does it make anyway?) Within 10 minutes of walking into the credit union – Mission Federal by the way – I walked out with a new credit card number and card; the same pin; and the helpful rejoinder of “call us if you need anything else.”
Will they try to go after the thief that had my number. Maybe, if he/she tries to use it again and the merchant calls the police, because now it is listed as a “stolen” card. But truthfully – probably not. Since it was rejected they probably won’t try to use it again.
I want to thank the fraud division of Master Card for picking up on this so soon. It could have been a more lengthy and expensive procedure if the theft was not noticed sooner. How did the thief get the information? Who knows. I was at Target during the time of their breech, but I used a different card. I think. Most of the time I use it is on-line when ordering things. I’ll be careful next time, and the time after that, and…until my memory of this experience fades. All I can say to you is to be careful what site on-line you go to to use you credit card. May your experience be as neutral as mine was this time.
Judi, this is a common occurrence. All of the major credit card companies are vigilant and respond similarly to any attempted use of your card number that is atypical of your usual purchase habits, especially when use is attempted in a distant zip code area. I got a similar call recently when someone tried to use my card number at a Bakersfield gas station – a station where I had stopped on a road trip months earlier (I really recall that stop, because a young gypsy-looking girl who said she was from Russia and was carrying a baby was working all the pumps with a story about needing to get to the doctor in Sacramento, and was asking for money). A credit card number can be stolen in several ways: at restaurants, staff who handle it can photograph it or record the number/name in a variety of ways; at gas stations, some illicit owners or workers or even organized crime gangs have installed built-in scanners at the pump to capture numbers. The numbers/names are sold and used to make counterfeit cards.
Fortunately, in most cases, the stolen numbers/names on a counterfeit card are not associated with the real home or billing address, nor the pin number, so the fraudulent user can’t respond at a point of purchase to any security questions. And their (fake) DL or photo ID isn’t likely to correspond to the real card-holder’s address. That is likely why Walmart declined to accept the purchase and notified Mastercard. You should think about where you recently used your Mastercard : that is likely where the number was captured. It was certainly not Target: at this point their in-store and online security is very high.
It is also important to not make your home address/phone number/birthday/personal data/facial photo easily findable on the Internet. It always amazes me when people carelessly post personal info for the world to see. Don’t do it. Most organized-ring credit-card-number thieves don’t look for this personal data, they just collect numbers and sell them en masse, but once a purchaser has the counterfeit card in hand, he/she might start looking online for the data.
This is a big business. As the previous commenter mentioned, credit card numbers are stolen in a variety of ways and then sold in bulk to buyers on the “dark” web. The buyers usually can use the credit card only a couple of times before they are canceled. Planet Money did a program on this recently. Google Planet Money and listen to their program. It’s pretty scary, but usually results in no cost to the customer. It’s a good reason to use a credit card rather than a debit card though. The credit card protects the customer. By the way the same thing happened to me.
Dear Dorothy and John,
Thanks for all the information. I hadn’t used my credit card in a physical place for almost 6 months. Most of the usage was on-line in places that I thought were secure. Dumb me. I am thankful that Walmart rejected the transaction and am amazed it only to 20 minutes from the denial to the phone call. I have to say, though, that the robotic message at first threw me off and I was more skeptical at that than I was of the message.
The robotic message is part of what enables the company to reach you in such a timely fashion.
Another thing to keep in mind is to let your credit card company know when you are traveling, especially to other countries. Otherwise, a legitimate charge might be flagged/denied by their security department.
My credit card company will turn down all transactions in a foreign country including Mexico unless you call first and tell them you’ll be there on a certain date or dates.
I had no idea, John. It has been so long since I’ve traveled was unaware of that. Hope others have learned from your post.
It is worth a try to ask the credit card company to overnight a new card to you. Thank the rep for their call and simply state it is the only card you use all the time. Then politely say if you don’t have access to your favorite card, you will start using your “brand X” card. Often the rep has the power to decide to send you a new card ASAP.
I did ask for a card to be sent – not overnighted – but they said it would take 7-10 business days. Truthfully, it was easy to go to the credit union and get one immediately. Thanks for your suggestion.