Credit Card Blog

A Calgary man was arrested and faces four years in jail for manufacturing and selling credit card skimming devices. Nicholas Wayne Joehle used his apartment as a base of operations, but did business from as many as ten Internet cafes in the downtown Calgary area. He sold the illegal devices over the Internet for about $5,000 each.

Skimming occurs when someone runs a credit card through a hand-held device that stores the account number, expiration date, and other information. Waiters and retail cashiers have been known to employ this method, quickly swiping a customer’s card when no one is looking. The devices themselves are so small that they can be used subtly. Other skimmers have implanted such devices in gas pump card readers, returning to collect the harvested information at a later time. It’s a fast-growing type of credit card fraud, and no one is immune.

To protect yourself, pay in cash if you feel uneasy about handing your card over to a waiter. Keep an eye on your card at all times. And always monitor your credit card statements and credit score for unauthorized activity. Thieves thrive when their victims do nothing; contact your card company immediately if you see anything suspicious.

Foreign hackers used packet sniffing software to obtain the credit card numbers and expiration dates from customers at eleven Dave & Buster’s restaurants across the US. While this incident pales in comparison to the 4.2 million card numbers stolen during the Hannaford security breach, these hackers did manage to find buyers for their ill-gotten information. It’s estimated that they did $600,000 in damage. Luckily, the hackers were tracked down and brought into custody in various overseas locations.

Situations like this can make card holders wonder if all the paper-shredding in the world will protect their personal data. It won’t. When sophisticated criminals target businesses, it’s up to the businesses to have the best and most up-to-date security systems in place. The minute you discover unauthorized charges on your account, cancel the card and file a fraud report with your credit card company. Use online banking to monitor your account. You can even get real-time alerts sent to you when any charges are made.

For the record, though, you should still shred those paper statements and pre-screened credit offers to ward off low-tech identity thieves.

It’s prime time for penny-pinching, but skimping can cost you big in the long run. Just ask Hannaford Supermarket. Customers who used their credit or debit cards at a Hannaford store between December of 2007 and March of 2008 might have had their information stolen. Many people blame sub-par security measures for this breach; Trojan software was found on computers in all 300 store locations. How could this happen?

Retailers have a target on their backs, and identity thieves are taking aim. This is the third major retailer security breach in recent months. Thieves use “Trojan horses” – malicious programs that masquerade as something else in order to infiltrate a network – to gain access to private information. Just clicking an e-mail attachment can set off a Trojan. And since these programs are sneaky and constantly evolving, anti-virus software and firewalls might not be enough to stop them.

Retailers need to educate every employee with access to the Internet about the threat of malware. They should also invest more time and money into beefing up their security. In all of the major breaches, store-level network security failed to detect the problem. Maybe some expert advice is called for?

Card holders should also take a lesson from Hannaford’s unfortunate incident: check your credit card statements often. If you see charges you don’t recognize, get in touch with your card company. Remember that today’s thieves don’t necessarily make huge, obvious purchases. These days, they might be nickel and diming your credit limit to the max. It’s impossible to predict which retailer will fall prey next time, so keep track of your spending. You could also invest in a one of the new security-conscious credit cards that generates a new number with each transaction, invalidating the old number after you make a purchase.

It probably comes as no surprise to hear that phishing – an assortment of scams that trick card holders into giving out their private information - is alive and well. Another form, called ‘vishing’, involves scammers calling up card holders on the telephone and persuading them to part with their card numbers, security codes, and expiration dates. The calls always sound official, so it’s no wonder so many people fall for them. In a recent twist, scammers are pretending to be bank officials and contacting account holders to inform them that their account has been suspended. Victims call 800 numbers provided by the thieves and are greeted by authentic-sounding voice recordings and menus. They enter their card information to reactivate their “suspended” account, and the damage is done. Sadly, even a single mistake can have disastrous effects on one’s credit score after the thieves go on a shopping spree with their ill-gotten cards.

To protect yourself from these scammers, never open any unsolicited e-mail you receive. Just opening some of these e-mails can infect your computer with harmful software programs. If you do accidentally open an e-mail (because, let’s face it, some of them look really official), never click on any link contained therein. Even e-mails that claim to be from Paypal, E-bay, or even your own bank can be fakes, and the links they contain will lead you to official-looking web sites that ask you to enter your credit card information or other numbers that identity thieves want to get their hands on. You can report such e-mails to your e-mail provider and the institution that the imposters claim to represent. Also, run a spyware and virus scanner after dealing with these e-mails, just to be safe.

High tech crime is an unfortunate part of the Age of Technology. Stay smart and don’t fall for phone or Internet scams that put your credit at risk.

RedBox is like a gumball machine for DVD rentals.  It’s one of the newer inventions that allow people to rent a DVD for $1 a night.  They’re found inside grocery stores and other retail areas.  People who want to rent a movie simply swipe their credit card, make a selection and out comes the DVD.  You can also order your DVD online and pick it up at any RedBox location.  When you’re done with the movie, you just return it to any RedBox location- not necessarily the one you rented it from.

Recently, RedBox announced the discovery of an illegal credit card skimmer attached to one of their RedBox locations, as well as several other locations that appeared to show attempts of skimming.  The skimmer is a unit that a criminal has installed so that when a consumer swipes their credit card, the card details are transmitted not only to the company you are making a purchase from; but also to the criminal who has intercepted the card details.  The skimmer on the RedBox found was immediately removed and reported on the RedBox company website so that individuals could check their records and make sure they hadn’t been victimized.

While super convenient, our credit card security is still a little less secure than we’d like for things like vending machine credit card acceptance.  If you use RedBox, here are the reported locations of the skimming and attempted skimmings:

- 1101 South Rural Road, Tempe, AZ (device removed before retrieval by perpetrator)
- 1620 El Paseo Road, Las Cruces, NM (evidence of skimming attempt)
- 2330 East Lohman Avenue, Las Cruces, NM (evidence of skimming attempt)

Despite beefed up security measures from online retailers such as address verification, CVV codes, Verified by Visa and Verisign’s SSL (Secure Socket Layer) technology, there’s always a risk when you provide your credit card information through the Internet that someone nasty is going to get a hold of it.

But a protective measure that is becoming more popular among online retailers is alternative payment options such as PayPal, Google Checkout, 2CO, WorldPay and BillMeLater.  Even Amazon is jumping into the game with its own payment services.

How this works is you sign up with one of these payment services, and provide your banking and credit card information to the service (which is why you should only deal with reputable services like the ones mentioned).  You can then pay through these accounts with participating merchants without having to give your information out again (not to mention skipping all the checkout form fields).  This convenience and added security makes it worth your while to sign up.  And like credit cards, these payment services will protect you from fraudulent activity and resolve any other disputes that may arise.

BillMeLater is a unique service that allows you to pay for items without providing credit card information for a number of online purchases (or telephone orders), and select whether you want to pay off your monthly bills in full or in installments.

Boing Boing TV recently demonstrated how easy it is to buy an $8 device off eBay that will decrypt credit card numbers off of RFID credit cards — which are supposed to be more secure! The irony is it’s even easier now to steal credit card numbers and head right back to eBay for more shopping.

But there is a way you can protect your “butt,” a stainless steel wallet will “foil” any would-be credit card thief.

If you’re good about keeping track of your spending, identity thieves will have a harder time using your credit card information without your knowledge. Of course, big unauthorized charges set off warning bells. But now it seems that identity thieves have a new spending strategy: nickel and diming us to death.

Christopher Null made mention of this trend on Yahoo Tech. He was surprised when his credit card company alerted him to several charges made to his credit card, most fewer than twenty dollars in price. The company suspected fraud, and rightfully so.

Identity thieves have learned that smaller transactions often go unnoticed. But wrong is wrong, no matter the cost. If you suspect that someone has been making small charges to your card without your permission, Null advises canceling your credit card, initiating a charge back, and filing a complaint with the FBI. It’s also a good idea to look over your old credit card statements for other unauthorized charges. A good virus and spyware scanner will pick up intruders who might be gleaning your information from your home computer.

Even the smallest of charges can add up quickly. If you notice suspicious activity on your credit card, act fast. Online banking can make it even easier to monitor your balance, so check into that option if your bank offers it.

There has been much talk about card security in recent days. High tech thieves are becoming bolder and more determined to steal and exploit your financial information. With this in mind, VeriSign and Innovative Card Technologies have joined forces to bring us the InCard. InCards come with a tiny LCD in the upper right corner. When a button is pushed on the back of the card, the LCD reveals a unique PIN that is only good for a limited amount of time.

Online shoppers particularly like this card because they can generate a new one-use authentication number right before their transactions, then forget about it. The number won’t be valid long enough for thieves to put it to use. When it’s time to make another purchase or do some online banking, customers need only generate a new number. This additional layer of security prevents thieves from ever seeing customer’s real credit card numbers. Online merchants can rest easier about accepting cards with built-in one-time-password technology.

It’s good to know that card security technology is staying competitive with criminal minds.

Credit and debit cards have taken the place of cash for most modern transactions. What’s next? According to research from Emme Kozloff, a Sanford Bernstein analyst, the power to buy groceries will soon be at your fingertips.

Wal Mart and Costco are looking into biometric payment systems. These work by recognizing the fingerprint of registered users. The customers place their fingertip on a pad, then select which form of payment they would like to use — check, debit, or credit. Proponents of the new system applaud its benefits to customer security and faster checkout speeds.

Critics of biometric payment point out that fingerprints are left on everything a person touches. It would be fairly easy to take a piece of tape and “lift” these latent fingerprints for fraudulent use. There is also concern about having one’s fingerprint images stored in a computer, but biometric vendors insist that the prints themselves are not stored. Instead, encrypted measurements of the prints are kept. These do not permit recreation of a full print.

Customers are advised to keep their hands clean when making biometric transactions. If hands are too dirty, the machine might not be able to read the fingerprint.