Police charged a Fort Wayne woman Monday with racking up nearly $2,000 worth of charges on an Allen Superior Court judge’s stolen credit card.
Barbara Ann Evans, 39, of the 3000 block of Woodrow Avenue, is charged with two counts of forgery, two counts of credit card fraud, three counts of receiving stolen property and one count of check fraud.
According to court documents, Evans is accused of running up charges using the stolen credit cards and checks of Allen Superior Court Judge Kenneth Scheibenberger and his wife, Susan.
Susan Scheibenberger, who works as a home health care nurse, was working at a patient’s home Dec. 17 when family members and their friends distracted her while they took her car keys and stole her wallet out of her purse in her car, Kenneth Scheibenberger said.
They returned her keys as if she had just misplaced them, and Susan Scheibenberger didn’t notice until later that her wallet had been stolen, he said.
Police said Evans purchased $1,178.51 worth of merchandise that same day using Kenneth Scheibenberger’s Macy’s credit card, according to court documents.
Kenneth Scheibenberger said the thief also spent $200 at a gas station and about $500 at a J.C. Penney.
That same day, the Scheibenbergers told police someone had tried to cash one of Susan Scheibenberger’s checks at a Pizza Hut, even presenting Susan Scheibenberger’s driver’s license. The manger refused to accept the check, but kept the driver’s license and later returned it to Susan Scheibenberger.
As police showed the Pizza Hut manager photos from Macy’s, another employee identified Evans.
Evans tried to pass a fake payroll check using Susan Scheibenberger’s check card at White Swan Supermarket on Jan. 14, according to court documents. The store’s managers told police they recognized the check as a fake and denied the transaction.
Evans was arrested Friday on unrelated charges of forgery and receiving stolen property after police said she tried to cash a stolen check.
She has prior convictions for forgery and receiving stolen property.
A local woman was arraigned on Monday in Bennington District Court on charges she fraudulently used a credit card belonging to Hoosick Falls, N.Y., Mayor Laura Reynolds.
Charlotte Rogers, 61, of Rich Lane, North Bennington, pleaded not guilty to two counts of fraudulent credit card use greater than $50, and seven counts of fraudulent credit card use less than $50. According to an affidavit filed by Bennington Police Department Officer David Rowland, the department was contacted by the Hoosick Falls Police Department regarding the use of a stolen credit card. According to police, Reynolds had reported that her purse and wallet were stolen from a restaurant in Hoosick Falls.
Although the card was stolen in Hoosick Falls, the card was being used in Bennington stores, including Hannaford, CVS, Kmart and Wal-mart. The total amount of the charges was around $391.
One of the store employees allegedly identified Rogers as the customer for those transactions. According to police, when they entered Rogers' residence, they found the missing wallet with the credit cards inside.
Reynolds praised the work of the police. "The Hoosick Falls Advertisement Click Here! police worked very well with the Bennington police," Reynolds said. "They did a great job."
Reynolds recommended that those who find themselves in a similar situation go to the police, because the police may be able to track the usage of the credit card and find those responsible.
City Police are advising the public to be on guard against a possible fraud attempt by someone claiming to be a representative of credit card giant Visa. Constable Gary Clow said Tuesday at least one city resident has received a call from the party in question. "This person called from the 712 area code in Iowa, said they were from Visa and proceeded to offer the recipient of the call a lower interest rate on their Visa card," Clow said. "They then proceeded to ask for personal banking information." Clow said police contacted Visa and officials of the credit card company said Visa does not solicit personal banking information over the telephone. "This is clearly a scam," Clow said. "Somebody just wants access to your personal information. Anyone who gets a call like this should refuse to provide that information, hang up and call police."
Figures released last week show one Briton in five thinks they have been a victim of identity crime, and this figure is only set to increase as millions more leave themselves vulnerable to criminals.
Identity fraud is when criminals impersonate someone, using their victim's personal details to take out or get access to credit cards, loans, and other financial products in their name.
For example, bank statements and credit card bills fraudsters find in a bin could be used to get access to a customer's bank account or to take out a loan in that person's name.
But despite the risks, one Briton in three admits to throwing away personal documents such as bank statements and receipts without shredding or destroying them, one person in four does not routinely check bank statements for unfamiliar transactions and almost half of us use the same pin and password across different accounts.
And despite the increased risk of identity theft, four Britons in five have never requested a copy of their credit file. This file holds your credit history and is an easy way to check if credit has been taken out in your name by someone else.
"We are living in an age where protecting your personal information has never been so important," said David Smith, deputy commissioner at the Information Commissioner’s Office (ICO).
"Almost every day we give out our personal details which can leave us open to identity theft, unwanted marketing and a loss of privacy."
In response to this danger, the ICO has produced a top ten list of tips to keeping your identity safe from fraudsters and released a new toolkit for protecting yourself from ID fraud.
The ICO's top ten tips to protect against ID fraud
# Remember, your personal information is important - treat it like any other valuable item. # If you move house, redirect all your mail and inform your bank, utility companies and other organisations of your new address. # Ensure your home computer is protected before you go online. # Always think about who you are giving your information to. # Get a copy of your personal credit file to check any suspicious credit applications. # Never disclose secret passwords or pins. # If you have to post personal documents, ask the post office for advice on the most secure method. # Check your bank and credit card statements regularly for unfamiliar transactions. # Shred or destroy personal documents you are throwing away such as bills, receipts, bank or credit card statements, and other documents that show your details. # Stop unwanted marketing by registering with both the mailing and telephone preference services.
Feb. 1 - KGO - Our advice: Check your credit card statements carefully. It's always a good idea, but especially for anyone who's eaten at a certain Chinese restaurant in San Francisco in recent years.
We've uncovered many scams over the years, but the experts say this goes beyond a scam, that it's an out-and-out crime.
When we met 50-year-old Phau Lam, he took off and kept running and running, until he was out of sight. We know why.
Irene Bartholomew, Victim: "It's a scam. It's a crime and he has to be in jail. That's it. He has to be in jail."
Irene Bartholomew used to have lunch at Lam's Home Menu restaurant on Mission at South Van Ness, before it closed almost a year ago. She was shocked when she checked her bank statement recently and found a new charge for $175 dollars.
She went to the restaurant -- still closed -- and confronted Lam.
Irene Bartholomew: "'Why I was charged $175 dollars for just lunch, you know, a rice plate meal, you know.' And he goes, 'Oh, can you come back, my friend, tomorrow at about 12 o'clock at this time?' I go, 'Okay, I'll come back.'"
And she brought the I-Team with her.
ABC7's Dan Noyes: "What's going on here? What happened?"
Phau Lam, Restaurant Owner: "I don't know."
Dan Noyes: "Why did you bill her ATM card?"
Phau Lam: "I don't bill that."
Dan Noyes: "You didn't bill that, well, who did?"
Phau Lam: "No, I don't know."
Dan Noyes: "Oh, come on."
Phau Lam: "No, I don't want to take a picture."
Phau Lam didn't want to answer any questions about his business. He led us through the back of the restaurant and out the loading dock.
Dan Noyes: "You aren't even selling food and you're billing their credit card? Mr. Lam."
He took off and kept running. On few occasions have we seen someone run so far from our cameras. Lam left the doors to his restaurant wide open. It's clear he was not ready for business -- we found no food on the shelves. But two cash registers and three credit card machines were powered up and ready for action.
We found several receipts for credit card charges dated long after the business had shut down -- one for $800 dollars.
Pat Wallace, Better Business Bureau: "This isn't even a scam. I don't even call this a scam. This is just out and out theft."
Pat Wallace of the Better Business Bureau has received several complaints about Lam charging his former customers' credit cards, months after the restaurant closed.
Pat Wallace: "We found that he not only charged once, but two and three times to the same card. So, I guess he ran through his, all of his credit card records and then started over again at the beginning."
Naveen Nathan had his card charged four times since the restaurant closed, for more than $800 dollars.
Naveen Nathan, Victim: "And the credit card company finally said that there's no way that we can stop these guys charging you. Rather you report this as stolen or lost and we could stop the number and we can issue a new number."
In all, we tracked down 15 people who say they've had fraudulent charges from Home Menu or another restaurant Lam's preparing to open, Asia Taste. All of the bills are for much more than you would expect to pay for a meal at a Chinese restaurant -- $145, $218, $475, up to $935 dollars.
Van Dyke Roth, Victim: "Had he been successful it would have totaled, you know, easily, I don't know, $1,200 dollars or so."
One thing we wondered was why -- why would someone think they could get away with this? And what kind of pressures would drive them to take such risks?
Bank records show that someone using Phau Lam's machines tried six times to charge Van Dyke Roth's credit card, but didn't have the correct expiration date. They finally entered the right date at four o'clock one morning -- the charge went through for $125 dollars.
Van Dyke Roth: "How can someone do that? Just how can someone do that? You're still affecting lives even though it's just a bunch of numbers that you're running through a machine."
We may have found the answer in Phau Lam's court records. In them, a picture emerges of a man with serious legal problems and money troubles. He's been sued at least 16 times in the last 15 years by restaurant vendors, car companies, the government and former business partners.
Shun Lui, Lam's Former Business Partner: "It was $180,000 dollars, we lost."
Shun Lui and his brother, Roy, loaned Lam almost $180,000 dollars to help open his restaurant. What's more, they say Lam ran up tens of thousands of dollars in unauthorized charges on Shun's credit card. So, they sued and a judge awarded more than $200,000 dollars in damages, finding Lam "guilty of actual fraud."
Shun Lui: "Even a penny, he don't pay back."
Another of Lam's partners even filed a police report in 2004, again, for charging customers' debit and credit cards after they dined at the restaurant.
Agatha Okuda got charged $850 dollars.
Agatha Okuda, Victim: "He just kept giving me the run-around, and call back tomorrow, and we'll get in touch with our bank, yeah."
Dan Noyes: "Eight-hundred-fifty bucks, for how much of a lunch?"
Agatha Okuda: "Seventeen dollars (laughs)."
She can laugh about it now. Agatha Okuda's bank finally credited her account. Next stop for us, the authorities. Tomorrow at 6 p.m., we take the case to the San Francisco District Attorney's Office.
By the way, we've tried several times to get some explanation from Phau Lam and his attorneys for what he's done -- no luck
A sweeping high-tech credit card fraud ring is victimizing dozens of banks, cities and people in northeast Ohio, NewsChannel5 reported.
Authorities said the crooks are cloning credit cards and stealing thousands of dollars. They do it by obtaining working credit card numbers, stamping out duplicate cards and then taking out huge cash advances.
Police said two men shown on a bank surveillance camera ripped off nearly $3,000 from National City Bank using fake IDs.
The high-tech part of the crime is actually duplicating credit cards, even cloning the magnetic strip on the back, police said.
In a three-day period last week, the fraud team hit banks in Beachwood, Strongsville, Shaker Heights, Mayfield Heights and University Circle.
The crooks made off with an estimated $30,000.
Bank security and police passed the surveillance photos around and finally caught up with 31-year-old Larry Colbert.
Police said Colbert came to Cleveland from Tennessee to conduct his credit card crimes. Investigators are now trying to find a man and a woman they believe are his partners in crime.
Colbert is facing a host of charges, including fraud and theft.
Two people were arrested after a search warrant served at their residence turned up thousands of dollars in fraudulently purchased merchandise on Monday.
Deputies from the San Bernardino County Sheriff's Department arrested Jose Trujillo, 33, and Stephanie Martinez, 31, at their home in Ontario, according to a sheriff's statement.
Macy's employees reported the two made purchases with fraudulent credit cards.
Trujillo and Martinez were arrested after deputies found items from Bebe and Victoria Secret stores in their possession. It was later determined that those items were purchased fraudulently, according to the statement.
Investigators later found $4,000 worth of items from Best Buy and more than $8,000 in stereo and electronic equipment, once they served a warrant at the home. Also found were 12 fraudulent credit cards from 12 different victims, according to the statement.
Criminal charges have been filed against a Hippensteel Funeral Home director suspected of using a customer's credit card to access pornography Web sites.
Michael J. Moehring, 31, of Lafayette was charged Friday in Tippecanoe Superior Court 5 with two counts of felony fraud and felony identity deception.
Detective Jeff Rooze of the Lafayette Police Department said a customer had paid for a relative's funeral services in early January using a credit card. About two weeks later, the family found four suspicious charges on their monthly credit card statement.
"They weren't big purchases -- $30, $40. But they questioned it and took the initiative to investigate," Rooze said. "In this case, look what it resulted in."
He said the family was able to track the Internet protocol address to a computer at Hippensteel. Rooze got a subpoena to further narrow it down to a computer that Moehring used.
Hippensteel officials said that Moehring, a licensed funeral director who had worked there since 2003, was immediately terminated upon news of the charges.
Rooze said that Moehring is suspected of using the credit card number on two separate days to pay membership fees to four adult porn sites.
The fees totaled about $179.
Moehring also is accused of using a portion of the dead man's name to create an e-mail address that he used as correspondence for the Web sites, Rooze said.
ADVERTISEMENT
He said both Hippensteel and Moehring have been cooperative in the investigation.
"They are devastated by this," Rooze said of Hippensteel employees.
Police believe it was an isolated incident and do not suspect that there are other victims.
Still, Rooze encourages everyone to carefully check their credit card statements and contact the card issuer and police if there are any suspicious charges.
If convicted of the most serious charge, fraud as a Class D felony, Moehring could be sentenced to up to three years in prison for each count.
Moehring, who was arrested Friday afternoon, after posting a $5,000 bond.
Customers of at least seven Delaware banks say money was stolen from their accounts this week, the latest scam where PIN numbers for debit cards have been used to withdraw thousands of dollars from checking and savings accounts.
Customers from Wachovia, Wilmington Trust, PNC, DPL Federal Credit Union, Dexsta Federal Credit Union, Commerce Bank and Delaware National Bank have told The News Journal their money went missing shortly after they shopped at the Rite Aid store in the Graylyn Crest Shopping Center using their debit cards and PINs.
"I went online to check my account and knew I had not made these withdrawals," said Tina Hall, of Brandywine Hundred, who discovered that someone had made three unauthorized ATM withdrawals totaling $1,500 from her PNC account on Wednesday and Thursday. Four days earlier, Hall made a purchase at the Rite Aid store using her debit card and PIN number. When she made a fraud report, bank officials told Hall that two of the $500 withdrawals were made in Montgomeryville, Pa., and the other on MacDade Boulevard in Delaware County, Pa.
PNC spokesman Edward Kozmor confirmed that more than 10 bank customers have been affected by the latest thefts, and the bank is continuing to monitor its accounts.
"If any customer feels that their account has been compromised, they should go to their local PNC bank branch immediately," Kozmor said. "Our customers are not liable for any fraudulent activity on their accounts."
Jody Cook, spokeswoman for the Rite Aid corporation, said the investigation into the origin of the bank robberies is under way.
A company loss-prevention employee visited the Graylyn Crest store Friday morning along with a bank official to investigate the complaints.
The thefts coincidentally occurred the same week that banks sent out reissued credit and debit cards to thousands of customers in response to a massive data breach in December at TJX Companies Inc., parent company of T.J. Maxx, Marshalls HomeGoods and A.J.Wright.
Joel Romaine, vice president of Operations at DPL Federal Credit Union, said the bank sent out about 450 new debit and credit cards in response to the TJX breach.
He said that he hadn't heard from customers about the newest thefts, but advised people to contact the bank immediately if they noticed suspicious activity on their accounts. "The quicker they contact us, the quicker we can get them a new card," he said.
Wilmington Trust spokesman Bill Benintende said the bank learned last month that some of its customers were affected by the TJX data breach, and it has notified those customers and replaced their cards. Many of those customers received their new cards in the mail this week.
The bank is now working with the Delaware State Police on the most recent scam, which it just discovered.
"We started seeing a pattern of fraudulent activity on Tuesday," said Benintende. "Within 24 hours we were on the phone and began calling those clients. Within 24 hours of that, we had printed and issued new cards."
Benintende said the bank continues to monitor the situation "aggressively and proactively."
He could not say how many customers have been affected or how much money had been stolen. "It's still very early," he said.
He recommended that customers not use their PIN numbers, but swipe their debit cards like a credit card and sign a receipt.
Jason Estock, 24, of Brandywine Hundred, said he usually makes purchases with his credit card, but on Jan. 14, when he visited the Rite Aid store in the Graylyn Crest Shopping Center, he used his ATM card and PIN number to make a $1.79 purchase.
"That's the only time in the past two weeks that I used that card with the pin," Estock said.
Early this week, Estock found $980 had been taken from his bank account without his knowledge; $500 on Sunday night at a Wawa convenience store in Lima, Pa, and $480 Monday morning from the Wawa on Naamans Road in Claymont.
Estock's bank, Dexsta Federal Credit Union, took a fraud report and credited the stolen money back into his account as a disputed transaction. He also is awaiting a new debit card from the bank.
Dexsta could not be reached for comment.
Delaware State Police spokesman Cpl. Jeff Whitmarsh said that customers who suspect fraud should report it to their bank immediately.
"The banking industry and the state police in Delaware have a cooperative working relationship," Whitmarsh said. In fraud cases like these, it's more efficient if customers work with their banks first, because a bank can immediately begin an investigation. Police, however, will have to subpoena bank records, a process that takes time.
"If folks think they're a victim of this kind of case, they need to call their bank and make them aware of it," he said.
Banks are reissuing millions of debit and credit cards after a hacker gained access to TJ Maxx and Marshalls databases, putting customers' financial information at risk of theft.
It's going to cost banks about $20 for each reissued card, according to Joseph Pietroski Jr., president of the Maine Bankers Association.
The stores' parent company, TJX Companies Inc., said it discovered the unauthorized intrusion into its computer systems in mid-December 2006. But it didn't announce the breach publicly until Jan. 17, 2007.
Mark Walker of Maine Bankers Association said CitiBank already has reissued at least 1 million new cards. TD Banknorth's number of reissued cards is in the tens of thousands. Bank of America announced Thursday it will reissue an untold number of cards, Pietroski said.
Walker said usually the reissued cards are attached to new account numbers.
"Banks are absorbing an awful lot of cost for this thing," Pietroski said Friday.
Mark Young, vice president of operations at Maine State Credit Union, said the credit union has been notified by Visa that approximately 3,100 Maine State Credit Union cards were affected. A total of 7,400 Visa credit cards and 8,500 Visa debit cards were issued by the credit union.
Young said it appears the breach involves millions of card accounts across all major payment brands accepted by TJX.
"The credit union's card services department reacted swiftly to the notification by blocking each card that may have been affected, ordering new cards and notifying each member to inform them of the situation," Young said Friday.
"Members were also reminded that account holders would not be responsible for any fraudulent charges resulting from the compromise."
In Massachusetts, 28 banks were contacted by credit card companies indicating some customers had personal information that may have been exposed, according to the Massachusetts Bankers Association.
Walker said most of the affected banks are in Massachusetts and New Hampshire. Only about a half-dozen Maine banks are affected.
Pietroski said a breach doesn't necessarily mean accounts have been tapped. Banks often choose to reissue cards as a preventive measure to head off fraudulent charges.
"If TJX had let the banks know early on that the cards had been compromised, then the banks could have responded a lot quicker," Pietroski said. "I don't know the depth of the information compromised. That's the scary thing."
William Lund, director of the Maine Office of Consumer Credit Regulation, said a new state law enacted Wednesday requires individuals, businesses and other entities to notify consumers and state regulators when there has been a security breach of computerized data containing the consumers' personal information that could result in identity theft.
"If these breaches had taken place a couple weeks later, TJX would have had to either call an office like ours or the attorney general's office and also send out individual letters to consumers," he said.
For the time being, Lund said people should monitor their credit reports to make certain they don't fall victim to identity theft. He said there are three steps people can take to protect themselves.
"First, look at your credit reports. You can do that under the law without charge once a year," Lund said. "The second step is to put a fraud alert on your credit report.
"And the third step, under Maine law, consumers are permitted to freeze their files, which locks access to a credit report without the consumer's specific permission. That's the most protective step a consumer can take."
Lund said people can access all three credit agencies -- Equifax, Experian and Trans Union -- at http://www.annualcreditreport.com
Calls to local branches of Kennebec Savings Bank, Gardiner Savings Bank, TD Banknorth and Bank America were unreturned Friday.
On Monday, a lawsuit seeking class-action status was filed in federal court in Boston accusing TJX of negligence for waiting to publicly announce the intrusion and for failing to protect consumer credit- and debit-card information in its computers.
The lawsuit, filed on behalf of a West Virginia woman, seeks credit-card monitoring for affected customers and compensation for damages.
David Loughran of the Maine Office of the Attorney General said the Massachusetts attorney general also is investigating TJX.
"We're working with the Massachusetts attorney general's office on this to protect Maine consumers from credit card and other fraud," Loughran said.
Mechele Cooper -- 623-3811, Ext. 408
mcooper@centralmaine.com
Reader comments
Ben of Cliff Island, ME Feb 3, 2007 5:13 PM I believe that this article downplays the impact of this "data breach." My card number was one of those stolen, and I spent most of last Sunday afternoon and parts of Monday and Tuesday dealing with the mess, and there'll be more to come. This is far more than the $20 impact quoted by the article. The real question is why was TJX keeping our credit card number on file months after we last shopped at their store (the South Portland Home Goods)?
al375 of Dresden, ME Feb 3, 2007 10:01 AM I think it is definately time to go back to cash only. It is inconvenient but at least your identity is safe when you make purchases. Many stores, especially the larger grocery chains, treat checks as debit devices - so checks are no longer safe either. Except for banks, businesses don't charge interest or fees for using cash.
GreatNana3 of Augusta, ME Feb 3, 2007 8:29 AM I can't imagine a worse time of year for TJX to I hope they are fined "big time" for deriliction of duty. Even if I am not one of the customers that is notified it still reduces my confidence in the security of using credit/debit cards. This is not the first breach of security - it seems to me that it is only a matter of time before there is a major problem. Can you imagine: your credit card info is stolen - and used to finance terrorism. You spend years regaining your "good name" - if ever. I don't even want to think about it . . . .
Detecting some fraud means casting wide net Think you've heard most of the tips about preventing identity theft?
You know, shredding documents, checking your credit reports and credit-card statements, keeping your Social Security number to yourself and not falling for phishing schemes or the infamous Nigerian scam.
Actually, there's no such thing as identity-theft prevention, experts say. But, you can reduce your exposure. Here are some ways not often spoken about:
Check for fraudulent account activity in your name, urged Troy Allen, chief fraud solutions officer at Kroll Inc. in Nashville, Tenn. You're entitled to a free consumer report once a year from each of two data warehouses, the Shared Check Authorization Network, which has retailers among its clients, and Chex Systems Inc., whose members are financial institutions. If someone has opened an account using your name, the details will show up on these reports.
Check your Social Security earnings and benefits statement each year. Someone may have stolen or purchased your identity and used it to get a job in your name, as some illegal immigrants are suspected of doing at the Swift Inc. meat processing plants in Colorado, Allen said. "They need your name to live." You'll be liable for the taxes on all that income until you prove it's not yours.
Find out if someone has stolen medical services using your name. If you've applied for life, health or disability insurance during the past seven years, you can find out what insurers know about you by calling the Medical Information Bureau at (866) 692-6901, Allen said. Be sure the codes on your free report match your medical history.
Medical identity theft is "when somebody builds up hospital bills or other medical bills using your name and Social Security number," said Linda Foley, founder of the nonprofit Identity Theft Resource Center in San Diego. You are responsible for the charges, unless you successfully dispute them.
Health-care thieves may target your wallet, mailbox, discarded billing statements or a provider's database, said Alex Johnson, head of the special investigative unit at The Regence Group in Portland, Ore., an affiliation of health-care plans. Never give out your health-insurance number and be sure to study your medical bills and explanations of benefits just as you would a bank statement.
Don't let your teen download free music and videos. Not only does it illegally infringe copyrights, but cybercriminals can download a remote-control tool into the family computer that tracks everything anybody does on it, including typing in personal account numbers, warned Ken Colburn, founder of Data Doctors Franchise Systems Inc. in Tempe, Ariz.
Don't open e-greeting cards from strangers. You could be diverted to a third-party Web site that attaches a keylogger, sends it to your computer and then captures everything you do on it, said Roger Thompson, chief technology officer of Exploit Prevention Labs in Atlanta.
Don't carry your child's Social Security card and don't permit your teen to do so, urged the Council of Better Business Bureaus Inc. Also, don't let your child post his or her phone number, address or school name online. It's a red flag if credit-card offers or other notifications start arriving in your child's name.
Delete personal information from company and family Web sites. Be sure your information is not available via online directories and searchable databases, said Tom Walton, vice president at AlliedBarton Security Services in King of Prussia, Pa.
If someone calls and says you failed to appear for jury duty, don't give out any personal information, Foley said. "No county in the country is going to call you and ask you for information like that to remind you that you've failed to show up for jury duty."
Ask for details if you get a seemingly mistaken call from a creditor, urged Troy Allen. Don't hang up. "Find out why they think you are that person, because you might be." Don't give out any personal information.
Use one low-limit credit card exclusively for Internet shopping, said Jim Ruel, a senior vice president at The Hartford insurance company in Connecticut.
"We haven't even begun scratching the surface of what's going on out there," said Kroll's Allen. "We're not even close"
TORONTO -- Assurances from Winners and HomeSense that a security breach reported last month did not involve Canadian debit-card transactions isn't making much of dent with customers of the two retail chains.
Not much can keep them from their bargain hunting.
The deals to be found at Winners make the risk of becoming the victim of credit card fraud worthwhile, said Sherry Croney as she slowly sifted through the blouse racks at one of the chain's cavernous stores in downtown Toronto.
Croney said she never uses her credit card when clothes shopping, and even if she did, a security breach wouldn't stop her.
"The prices (are) unbelievable," she said. "You see really nice stuff that you'd normally see for like one-hundred-and-something and it's excellent."
Winners' president, Michael MacMillan, appealed to Canadian customers directly yesterday with full-page ads in at least two of the country's largest daily newspapers, saying he believed the transactions using debit cards issued by Canadian banks weren't involved in the breach.
"Based on our investigation, we can now report we believe transactions using debit cards issued by Canadian banks were not involved in the systems breach," the ad read.
MacMillan went on to reassure customers the company has beefed up security of its computer systems.
TJX Companies, the U.S. parent company of Winners and HomeSense, revealed last month it was the victim of a massive security breach.
The company discovered in mid-December that customers' credit and debit card information had been stolen from its computer network, which included data from its Winners and HomeSense stores in Canada.
Updating its investigation earlier this week, TJX noted that debit cards issued by Canadian banks didn't seem to have been compromised.
Take proactive steps to protect your identity, personal information.
GALESBURG - Lori Brittingham has first-hand experience with identity theft.
The East Galesburg resident became a victim in September when someone stole checks sent to her from her credit card company out of her mailbox. In November she noticed $6,300 of extra charges on her statement.
"(Whoever did it) called the credit card company and said they were me," Brittingham said. "They did it over the phone. Then the money was transferred from my credit card to their bank account."
Brittingham said the only information the thief needed was her mother's maiden name, which people who know her knew as well.
"They did five different transactions in a month's time, so I didn't know that this was going on," Brittingham said.
She made the mistake of not checking her statement in October. Instead, she wrote her usual check to the credit card company without verifying all the transactions registered to her account. She never noticed the checks were missing from her mailbox.
"I never look at those checks, I just tear them up and throw them away," Brittingham said. "They didn't come with the bill so I would've never known that I didn't get them."
Brittingham was able to prove she hadn't used the checks and the charges were removed from her account. And she learned her lesson about protecting personal information.
Chris Kieffer is the vice president for electronic banking for First Bank in St. Louis. He said people tend to be more reactive than proactive when it comes to protecting themselves from credit card fraud and identity theft.
"The biggest things I tell people to be aware of is stay in touch with your bank account, review credit card and bank statements and make sure there's nothing on them you don't recognize, and annually pull a credit report on yourself," Kieffer said. "These are proactive steps any consumer can take."
For credit card offers that are sent through the mail, Kieffer suggests a shredder. Most of those offers will have a lot of your personal information on them already.
"Protect that information about yourself," Kieffer said. "It's just as easy for somebody to tape it together as it is for you to tear it apart once or twice."
Kieffer said online banking is safe on bank sites, but to be cautious of fake e-mail correspondence from banks, called phishing. These e-mails claim to be your bank trying to secure personal information about you. They will link you to a site that looks similar to your banks site. Kieffer said banks will never send e-mails like that to your private account.
"Banks are never going to validate through that mechanism," he said. "If something doesn't look right, don't use it. If you have questions ask a branch employee."
For online shoppers, Kieffer advises getting to know the merchant.
"Make sure it's somebody reputable," he said. "Fraud happens after the fact when we don't know where we're shopping or who we're using as a vendor."
And Brittingham has some advice, too. After her experience she had the limit on her credit card lowered to only $300.
"Never have a limit that's more than you're willing to lose," she said. "Whatever you might spend if you were somewhere and needed to buy something."
And she's learned another lesson.
"I will read every statement that I get," she said. "It's just been a complete nightmare."
1. Keep an eye on your credit card every time you use it, and make sure you get it back as quickly as possible. Try not to let your credit card out of your sight whenever possible.
2. Be very careful to whom you give your credit card. Don't give out your account number over the phone unless you initiate the call and you know the company is reputable. Never give your credit card info out when you receive a phone call. (For example, if you're told there has been a 'computer problem' and the caller needs you to verify information.) Legitimate companies don't call you to ask for a credit card number over the phone.
3. Never respond to emails that request you provide your credit card info via email -- and don't ever respond to emails that ask you to go to a website to verify personal (and credit card) information. These are called 'phishing' scams.
4. Never provide your credit card information on a website that is not a secure site.
5. Sign your credit cards as soon as you receive them.
6. Shred all credit card applications you receive.
7. Don't write your PIN number on your credit card -- or have it anywhere near your credit card (in the event that your wallet gets stolen).
8. Never leave your credit cards or receipts lying around.
9. Shield your credit card number so that others around you can't copy it or capture it on a cell phone or other camera.
10. Keep a list in a secure place with all of your account numbers and expiration dates, as well as the phone number and address of each bank that has issued you a credit card. Keep this list updated each time you get a new credit card.
11. Only carry around credit cards that you absolutely need. Don't carry around extra credit cards that you rarely use.
12. Open credit card bills promptly and make sure there are no bogus charges. Treat your credit card bill like your checking account -- reconcile it monthly. Save your receipts so you can compare them with your monthly bills.
13. If you find any charges that you don't have a receipt for -- or that you don't recognize -- report these charges promptly (and in writing) to the credit card issuer.
14. Always void and destroy incorrect receipts.
15. Shred anything with your credit card number written on it.
16. Never sign a blank credit card receipt. Carefully draw a line through blank portions of the receipt where additional charges could be fraudulently added.
17. Carbon paper is rarely used these days, but if there is a carbon that is used in a credit card transaction, destroy it immediately.
18. Never write your credit card account number in a public place (such as on a postcard or so that it shows through the envelope payment window).
19. Ideally, it's a good idea to carry your credit cards separately from your wallet -- perhaps in a zippered compartment or a small pouch.
20. Never lend a credit card to anyone else.
21. If you move, notify your credit card issuers in advance of your change of address. If you suspect credit card fraud:
If your credit cards are lost or stolen, contact the issuer(s) immediately.
Most credit card companies have toll-free numbers and 24-hour service to deal with these emergencies -- they are eager to avoid credit card fraud.
According to US law, once you have reported the loss or theft of your credit card, you have no more responsibility for unauthorized charges. Further, your maximum liability under federal US law is $50 per credit card -- and many credit card issuers will even waive that fee for good customers.
If you follow all these tips, it will go a long way in protecting you from credit card fraud.
If you are accepting online orders and would like to greatly reduce your exposure to credit card and check fraud, implementing protective measures can reduce online fraud by approximately 80%.
Please note: Some of the techniques contained below require a working knowledge of .cgi scripts and HTML coding. We cannot provide technical support or explanations for non-members. However, most competant webmasters will be able to easily implement these tools and techniques.
This material is adapted from a series of articles written by the founder of AntiFraud.Com that originally appeared in the online newletter The VirtualPromote Gazette.
The Internet is the perfect environment for every crook, thief, and pickpocket to ply their trade with almost complete anonymity. Being in the online software business, I have seen a tremendous increase in fraudulent purchases made with stolen credit card information. In many cases, the thief has more complete and current information about the actual cardholder than the credit card company. In some cases, credit card numbers that receive an approval number turn out to be totally fictitious numbers -- based on the algorithm used to produce authentic numbers.
I recently formed an alliance with a large merchant account provider specializing in providing credit card merchant accounts for Internet and Home-Based businesses. Through working closely with the credit card companies and other online merchants, I know the bottom line is this: You, as a merchant, are the one who is going to get stiffed! The cardholder is not responsible for more than $50 of fraudulent purchases. The issuing bank of a stolen credit card really doesn't care because they will simply charge the merchant back for any fraudulent purchases, plus a $10-$15 charge back fee. In fact, the issuing banks actually make $50 on these situations. They get the $50 from the cardholder (the cardholder's obligation), then they charge back each and every merchant for all the fraudulent charges.
So why is this situation getting so bad? Technology! Yes, the very same technology that allows us to have a profitable online business also allows others to rip us off. The advent of free, web-based, non-ISP e-mail addresses such as @hotmail.com, @usa.net, @juno.com and the hundreds of e-mail forwarding addresses afford a credit card thief a perfect veil to hide behind. The free e-mail addresses can't be traced back to the real owner;it usually takes a court order to get an e-mail forwarding service to disclose customer information. For those of us in the software, subscription or membership business, the e-mail address is the only point of contact we have. That address is where our products are shipped.
To make matters worse, there are now underground software programs available that can generate an unlimited number of mathmaticaly valid, yet fictitious credit card numbers. Combine that with complete anonymity and it spells big trouble for any business conducting online commerce. In addition, there are newsgroups out there that actually post stolen credit card data. So someone picks your pocket now and ten minutes later all your data is available world-wide.
So, what can you, as a merchant, do to protect yourself -- short of not accepting online credit card orders? Over the last few month, my company has had to establish certain procedures for all online orders:
1. No order is accepted unless complete information is provided including full address and phone numbers.
2. We no longer accept any order originating from a free, web-based, or e-mail forwarding address -- the customer must provide an ISP or domain based address: one that can be traced back to a "real" person.
3. Since the list of these types of e-mail addresses is growing daily, we check every e-mail address by going to a browser and putting a www in front of the domain. Try this with joesmith@cyberdude.com -- you will see that www.cyberdude.com puts you on I-names' (150+ free e-mail domains) homepage. We don't accept orders unless the e-mail/domain is a legitimate website or ISP -- something that can provide definitive identification of the e-mail address in question. This method is not fool-proof. When in doubt, go to step number 4.
4. If in doubt, we call the phone number listed on the order. We have alerted many cardholders that their card information was being used by making this phone call. On the other hand, the party on the other end may have never heard of the "customer." This results in a call to the issuing bank of the credit card to alert their fraud department.
5. We use the HTTP_USER_AGENT and REMOTE_ADDR code on all our order forms. This line works with most form handlers such as FormMail, cgiemail and others. The exact syntax varies with the form handler, but it provides information about the computer used to send the order, including the IP address. The IP address can then be traced to its owner -- usually an ISP. You can then contact the ISP System Administrator and inform them of the illegal activity. Members of AntiFraud.com are provided an automatied way to do this. Check the documentation for your particular form handler or cgi script for implementation of this input field.
6. Virtual Checks -- we receive a great number of orders via online virtual checks. While this has greatly increased our sales, the same cautions prevail. Having been burnt a few times, we now call the account holder's bank and verify the account number, account holder's name and current funds to clear the check before processing the order.
The Front Line of Defense
Isn't the policy of rejecting orders from free, web-based, or e-mail forwarding services a little severe?
After receiving several dozen credit card charge backs resulting from fraudulent orders placed exclusively through free, web-based, or e-mail forwarding addresses, we established the policy of not accepting orders from any of the over 700 such e-mail domains.
We have NEVER had a fraudulent order placed through a standard, ISP-based e-mail address. Conversely, EVERY fraudulent order has come through the free, web-based, or e-mail forwarding services.
Although adding the HTTP_USER_AGENT, REMOTE_ADDR line to your form handler to capture a "customer's" IP address helps, sometimes this information really isn't very useful. There are several sites that a crook can log onto before proceeding to any of the web-based e-mail services that offer total protection of your identity -- when you log onto one of these sites -- you are reissued a random IP address and they keep absolutely no logs of this. Hence, I can log onto one of these sites, go to the hotmail site and send e-mail, or go to a site to buy something, with absolutely no possibility of being traced.
If someone places an order using a standard, ISP based e-mail address such as joe@ix.netcom.com, it is fairly easy to track this individual. However, it is very difficult to track the identity of someone using one of the free e-mail services -- and if they know what they are doing,it is absolutely impossible.
All we are asking for, as a merchant, is positive identification. Would you accept a check from someone using someone else's ID? Would you accept a credit card purchase if someone signed a different name to a charge slip than was listed on the card? Virtually everyone who has a free, web-based, or e-mail forwarding address also has a tracable ISP or domain based address. That is the address I accept for online orders -- nothing less.
Has the screening of all orders cut into your sales?
No. The vast majority of people using the free e-mail services use an ISP to access the Net. Every ISP I know of issues at least one e-mail address with every account. So onlinefraud@hotmail.com (which one of my employees, a Mr. John Smith of 111 main street) recently registered in about 30 seconds, also has a legitimate, more easily traceable ISP issued address. We simply inform our customers that we don't accept orders through free e-mail services and ask them to use their standard, ISP issued address. We do this by placing a link on our order forms to the redflag.htm. Members of AntiFraud.Com are provided an automated way to screen against this ever growing list. Granted, there are some honest folks out there who really, truly don't have anything but a Juno.com account -- so guess what - they can call us to place the order (yes, we have caller ID on our phones).
Are there problems with real-time ordering processing?
There are many services out there that offer (for a fee or percentage) to process your orders in real-time, while the customer is logged onto the site. The first question you need to answer is whether you need to use such a service. If you are selling any hard goods that are physically shipped to an address, the answer is no. Legally, you can not even charge the customer's card until the order has been shipped. However, the option of real-time processing is very attractive to software vendors or subscription services. This convenience does have its risk.
Many real-time order processors do absolutely no pre-screening of orders. If the credit card goes through verification, the order is processed and the "customer" is immediately given a serial number or subscription user name. You, as the merchant, won't ever find out about the fraudulent nature of the order until you receive the chargeback. Yes, these services will tell you they use the Address Verification Service to insure the address provided is what the credit card company has on record, but that does not mean that onlinefraud@hotmail.com is the actual owner of that card. I am currently working with a couple of real-time processing services that are installing the same fraud prevention measures that are available to members of AntiFraud.com
The last area of concern is shipping orders out of your own country. I can sum this up with a few short sentences. Make absolutely, positively sure that you have a legitimate order before shipping anything, including soft goods, across the border. Regardless of the circumstances, regardless of the proof you may have, regardless if you have a signed confession from the crook who stole your goods through a fraudulent order, if that order went across the border, you can basically kiss it good-bye. It's hard enough here in the states to get the proper authorities to do something about credit card fraud. Try getting the authorities in a foreign country to pursue such a matter!
To sum up the situation I believe fraud committed against merchants conducting online transactions is increasing dramatically, and will continue to do so. However, there is no need to panic. While many years ago it was safe in most places to leave your house with the doors unlocked, that is no longer true. While only six months ago is was safe to blindly accept any online order, that is no longer true. But, like locking the doors to your house, protecting yourself from online fraud is really not that big a deal. Some common sense, and a few specialized tools, policies and techniques usually will do the trick.
Thwarting More Advanced Thieves, and Those From Abroad
I have recently seen an increase in the number of fraudulent orders originating from European Educational Institute domains. This is probably being conducted by college student/hackers who gain access to the school's e-mail servers.
On these types of orders, call your credit card processor, give them the first 6 digits of the card number and ask for the name and phone number of the issuing bank. If you receive an order from Romania and the Card is issued by the "First National Bank of Chicago," I would think twice about processing the order.
Unfortunately, this type of fraud is ever-changing, ever-evolving. You circumvent one method and they discover a new one. I will post revelant news to AntiFraud.com as new trends become visible. To be instantly updated with this news, please consider becoming a member of AntiFraud.Com. On one front -- the site we have been working on is up and ready to assist you. But on the other front, it seems certain criminals out there are getting a little smarter when it comes to committing online fraud. If I didn't know better, I would swear these guys must have read my previous articles and have adjusted their methods to compensate.
However, there is no reason to panic. In any criminal activity there are usually three classes of perpetrators. First, you have you rank amateurs who are easily thwarted with simple precautions. Then you have "small-time hoods" who, while a little more proficient than the rank amateurs, are not much more of a threat. Then you have the professionals. These guys do this for a living and have enough smarts to outwit the precautions that deter the others. Fortunately, their numbers are few.
You may recall some of my previous suggestions for preventing the majority of online fraud. We no longer accept any orders from a free, or web-based, or e-mail forwarding address. This list is currently over 1500. Secondly, unless we recognize the e-mail domain as being from one of the large ISP's such as ibm.net, mci2000.com, earthlink.net, etc., we always go to a browser and put a "www." in front of the e-mail domain to look at the website associated with that domain. We make a determination from there where to check further. We also use coding on our order forms that captures the IP address of the sender.
So how has the game changed? We have encountered 3 different cases of this during the last two weeks. I am not making any accusations nor condemnations, nor am I suggesting that you refuse to accept orders from the individual cited in the example below. I am merely stating facts as we discovered them. You will have to draw you own conclusions. OK -- my lawyers say I can continue now:
On February 21, 1998 at 1:53a.m. EST, an individual placed an order for our Web Promotion Spider software using the name of Alex Williams from Nashville, Tennessee. "Alex" placed his order using a Master Card and the e-mail address of dknight@dknight.com. Since this is neither a free nor an ISP based e-mail address, I went to http://www.dknight.com. As of Sunday, March 01, 1998, the page had nothing more than an "under construction, come back later" notice.
This made me a little uneasy so I quickly went to http://antifraud.com/ipcheck.htm to do a WhoIs on the domain name of "dknight.com". I quickly found this domain is registered to a Mr. Fahad Al Blehed with both phone and fax numbers of 000-000-0000. This made me even more uneasy so I used the same form to WhoIs the IP address he was using at the time he placed the order. You know, it's funny, the IP address of 195.34.28.87 belongs to the PTTNET Dialup Network -- out of Moscow, Russia.
Now, you can call me paranoid or overly suspicious, but I sort of doubted that Mr. "Alex Williams" of Nashville, TN, was over in Russia placing an order for web promotion software for a site that barely existed. A quick call to VISA/Master Card security confirmed the card number provided belonged to neither "Alex Williams" nor "Fahad Blehed." The card was immediately put on hold while the actually card holder could be contacted and, needless to say, I did not process the order.
Had I processed the order, I would have been out not only the $100 software but also a $15 chargeback fee when the actual card holder disputed all the charges. So, was all the extra effort worth it? It took me less than 3 minutes to complete all the steps above, including the call to VISA. I saved a $115 plus a blemish on my merchant account record. Let's see, $115 for 3 minutes of work, that works out to $2,300 per hour. My corporate attorneys barely make that much :-)
In another case, we received an order from a shihwai@acsshell.net. This domain belongs to a Mr. Chong Shihwai of Shihwai Networks located in West Caldwell, NJ. Unfortunately, there is no such person. However, the individual that does live at the WhoIs-identified address for this domain has received over a half-dozen invoices from Internic for domains the real culprit has registered and is using as fronts to commit credit card fraud. In our case it was a stolen VISA card from Australia. The poor guy in West Caldwell has received hundreds of phone calls from merchants trying to track down Mr. Shihwai.
As a side note, I went the extra step in all these cases and contacted the System Administrators of both the hosting services and the ISPs to alert them to the illegal activity being conducted by these individuals. Hopefully, I stopped them from victimizing too many other merchants.
Review all the steps we use on our AntiFraud.Com site. Take an extra step or two if you are at all suspicious. You might save yourself and many others from getting burnt by these guys. If you would like additional tools and technology to automate these techniques, please consider becoming an active member of AntiFraud.Com. And, be careful out there.
CHICAGO -- A Boeing Co. laptop containing the names and Social Security numbers of 382,000 workers and retirees has been stolen, putting the employees at risk for identity theft and credit-card fraud.
The theft, which the company confirmed Tuesday, was the third such offense in over a year.
Files on the computer also contained home addresses, phone numbers and birth dates. Some of the files listed salary information.
"It's very disturbing to us when things like this happen, and there are certain steps you can take right away ... but we realize we need to go above and beyond those," said Tim Neale, a spokesman for Chicago-based Boeing.
The laptop was stolen earlier this month when an employee left it unattended, Neale said. He would not reveal where the theft happened, but said no proprietary, customer or supplier data were on the computer.
The computer was turned off when it was stolen and a password is needed to log on to its desktop, Neale said Wednesday.
"It's not necessarily an easy task to access the information there," he added.
Boeing began contacting current and former employees Tuesday night, Neale said.
Boeing will provide credit-monitoring services for three years for those affected by the latest theft, Neale said.
There is no evidence that any of the previous thefts have resulted in wrongdoing, he said.
A Boeing laptop containing information on roughly 160,000 current and former employees was stolen in November 2005. Then, in April, a laptop containing information on 3,600 employees and retirees was stolen.
Neale would not say whether any disciplinary action has been taken against the employee involved in the recent theft. However, he acknowledges that in each of the incidents company policy was violated.
"It's frustrating because obviously you don't want to see this happen," he said.
AUSTRALIA'S banks are positioning themselves for the final run to introduce smart credit cards after years of baulking at the cost of phasing out magnetic-stripe technology in favour of microchips.
The manoeuvring is being influenced by the federal Government's $1.1 billion welfare Access Card project, but fresh questions have arisen over whether or not smartcards will provide consumers with significantly improved protection from credit card fraud.
Banks have claimed major victories in cutting credit card fraud thanks to the implementation of crime busting computer systems that use neural networking technology to detect illicit transactions.
Visa Australia head of business development Vipin Kalra said computer systems enabled banks to almost halve the cost of credit card fraud over the past five years.
Credit card fraud rates had been cut from up to 0.05 per cent of total Australian credit card sales five years ago to less than 0.03 per cent, Mr Kalra said.
The most common forms of fraud were skimming and counterfeiting, he said.
The Australian Payments Clearing Association agrees that the highest card fraud losses by value stem from skimming and counterfeiting, but estimates 2006 credit card fraud at 0.039 per cent of card transactions, or $87.4 million.
"We've seen a big drop in fraud in Australia over the past couple of years," Mr Kalra said.
"(The drop is because of) the banks' ability to put a lot of monitoring systems in place so they can track activities on the card. Those systems are now starting to show their benefits."
ANZ Bank widely advertised its Falcon neural network as part of a campaign to establish its security credentials.
Falcon identifies anomalous credit card transactions and is one of three platforms the bank uses to manage credit card fraud.
The others - Eagle and Hunter - are merchant-oriented systems to track fraudulent credit card applications.
ANZ general manager of consumer cards Nick Reade said these systems had helped the bank cut credit card fraud by 60 per cent in the past five years.
He cited examples where Falcon detected the use of a stolen credit card before the cardholder knew his wallet had been purloined because of changes in the buying patterns detected by the bank's systems.
Systems such as Falcon were an important part of ANZ's drive to establish itself as the most security conscious Australian bank, he said.
"Pretty well everything we do nowadays we communicate that we take fraud very seriously," Mr Reade said. "A lot of our own internal research on what's important to customers - drivers of satisfaction, drivers of usage of credit cards - increasingly (show) what's coming out as number one is security."
Mr Kalra said the fraud-fighting capabilities of computer systems such as Falcon meant banks had not been under pressure to implement smart credit cards.
Microchip-enabled credit and debit cards have long been touted as an important tool in the fight against payment fraud by Visa.
Many Australian banks have argued that the costs of implementing smartcards was greater than the cost of fraud.
"We have to get (to smartcards) but because fraud is under control within the banking industry there isn't a huge urgency to just turn over all the cards over night," Mr Kalra said.
Commonwealth Bank general manager of product and market development Brian White said the success of crime-fighting technologies meant consumers were unlikely to notice big reductions in creditcard fraud following the introduction of smartcards.
"(With smartcards) the consumer on the street has the confidence that he's consistent with the current standard. Does that mean today he's at risk as a consequence? Well the data shows he's not measurably," Mr White said.
Mr Kalra's and Mr White's comments were made at the launch of the Australian Smartcard Users' Forum (ASUF) last week.
ASUF members include the big four banks. It was founded to pressure the federal Government to use private-sector payment networks to process transactions associated with the $1.1 billion welfare Access Card.
ASUF chair and NAB regional general manager for specialised businesses Bruce Munro said the group would work to manage any consumer concerns if banks were seen to be lagging behind the federal Government on using smartcards to protect consumers from fraud.
"One of the reasons we put the forum together was to try and manage perceptions like that," Mr Munro said.
"Another risk, I suppose, is that the use of a chipped Access Card may have some negative connotations that we have to manage for our own roll-outs,"
ANZ's Mr Reade declined to comment on the activities of his competitors but said smartcards would play an important role in protecting consumers from fraud such as credit card counterfeiting.
ANZ has issued 1 million smartcards and has a goal of converting all 3 million ANZ cards smartcards within a year.
The CBA, NAB and Westpac are yet to announce smartcard roll-out timetables.
The head of a Mumbai-based shipping company became the latest victim of online credit card fraud last month when miscreants used his account to buy thousands of rupees worth of airline tickets.
In a police complaint, Captain Ramesh Giridharilal Gulati, 67, chairman and managing director of Crystal Shipping Company Private Limited, said that “thieves” charged about Rs83,300 on his Standard Chartered card between November 8-11 when he was on an overseas trip to the Far East. The kicker is that the card was in his possession at the time of the “theft”!
Gulati, a Cuffe Parade resident, said, “I was shocked when I received my credit card statement for Rs83,296.40 on November 17. During my absence from India, someone had misused my card between November 8-10 to make 11 different transactions. The transactions were made to purchase airline tickets.” Gulati had gone on a business trip to Manila via Dubia on November 5. He returned to Mumbai on November 11.
“On November 10, I thought I had lost my card while checking out of the hotel in Manila,” he said. “I called my staff to call up Standard Chartered to report a lost card. However, during my transit period at Dubai airport on November 11, I found my card in my travel pouch. I informed the bank on November 13 that I had found the card. However, they had cancelled my card.”
Gulati received a statement for his old card on November 17. It listed 11 transactions - six on November 8, one on November 9 and four on November 10 - all for purchasing online tickets from various airlines.
The father of two then called the bank’s credit card division to report the “discrepancy”. The bank told him that they would investigate his complaint, and it would take a month’s time. On November 18, Gulati filed a complaint with the Azad Maidan police station. Prakash Khanvilkar, senior police inspector with the Azad Maidan police, said, “We have received a written complaint, but we cannot comment at this time. The case is under investigation.”
A spokesperson with Standard Chartered Bank on DN Road, also refused to comment, saying, “We cannot comment as it is under investigation.”
A thief goes through trash to find discarded receipts or carbons, and then uses your account numbers illegally.
A dishonest clerk makes an extra imprint from your credit or charge card and uses it to make personal charges.
You respond to a mailing asking you to call a long distance number for a free trip or bargain-priced travel package. You're told you must join a travel club first and you're asked for your account number so you can be billed. The catch! Charges you didn't make are added to your bill, and you never get your trip.
Credit and charge card fraud costs cardholders and issuers hundreds of millions of dollars each year. While theft is the most obvious form of fraud, it can occur in other ways. For example, someone may use your card number without your knowledge.
It's not always possible to prevent credit or charge card fraud from happening. But there are a few steps you can take to make it more difficult for a crook to capture your card or card numbers and minimize the possibility.
Guarding Against Fraud Here are some tips to help protect yourself from credit and charge card fraud.
Do:
Sign your cards as soon as they arrive.
Carry your cards separately from your wallet, in a zippered compartment, a business card holder, or another small pouch.
Keep a record of your account numbers, their expiration dates, and the phone number and address of each company in a secure place.
Keep an eye on your card during the transaction, and get it back as quickly as possible.
Void incorrect receipts.
Destroy carbons.
Save receipts to compare with billing statements.
Open bills promptly and reconcile accounts monthly, just as you would your checking account.
Report any questionable charges promptly and in writing to the card issuer.
Notify card companies in advance of a change in address.
Don't:
Lend your card(s) to anyone.
Leave cards or receipts lying around.
Sign a blank receipt. When you sign a receipt, draw a line through any blank spaces above the total.
Write your account number on a postcard or the outside of an envelope.
Give out your account number over the phone unless you're making the call to a company you know is reputable. If you have questions about a company, check it out with your local consumer protection office or Better Business Bureau.
Reporting Losses and Fraud If you lose your credit or charge cards or if you realize they've been lost or stolen, immediately call the issuer(s). Many companies have toll-free numbers and 24-hour service to deal with such emergencies. By law, once you report the loss or theft, you have no further responsibility for unauthorized charges. In any event, your maximum liability under federal law is $50 per card.
If you suspect fraud, you may be asked to sign a statement under oath that you did not make the purchase(s) in question.
For More Information
The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit www.ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.
Credit and debit card fraud is at a record low, despite growing volumes of transactions globally. A recent breach of security at a third-party card-processing plant in the US, which compromised up to 40-million card numbers globally, is unlikely to alter the statistics, says credit card company Visa.
Visa says industry efforts to combat fraud are paying off as card issuers tighten payment-processing security.
Jim Devlin of Visa's fraud department for central Europe, eastern Europe, the Middle East and Africa region (Cemea) says that last year only 6c of every $100 spent with credit cards was lost to fraud.
Counterfeit cards remain the highest contributors to fraud, at 47%, followed by lost and stolen cards at 29%, Devlin says.
Simon Dean of the same Visa fraud department says MasterCard, Visa and American Express, the three largest credit card companies, have aligned standards to which banks have to adhere to protect account holder information.
Despite this, the "phishing" of account holder information by the US card processor highlighted a flaw in the system.
Phishing is when customers' personal information, including account details and PIN number, is collected to conduct fraudulent transactions on internet and telephonic transactions.
About 22-million of all the account numbers at risk globally were of Visa cards, while about 14-million were of MasterCards.
Devlin says the effect of the US breach on customers was minimal, with about 20000 accounts compromised but not necessarily affected by fraud.
Last month, Visa said only 6000 of its South African account numbers had been compromised, and a number of those had expired.
MasterCard said 6000-7000 of the total number of MasterCards that had been exposed to risk were for South African accounts.
At the time only one South African account had been affected.
Standard Bank, SA's biggest credit card issuer, had identified about 1500 credit card customers who could potentially be affected, and all accounts were replaced with new ones as a security precaution.
"It was a highly unfortunate incident and one that hasn't done the industry any benefit," Dean says. He says while the financial loss from the card compromise in the US was small, the damage to the reputation of credit card companies was large.
"The last thing Visa would want is for the internet and e-commerce to be deemed insecure. The protection of data is most important," he says.
Dean says the US card compromise was still the subject of an FBI investigation in the US and it was still unclear how it happened.
Customer data that should not have been stored had been stored by the processor, he said.
Under an industry-wide security programme, banks, merchants and card processors have to adhere to certain security standards.
Dean says the move to chip-based cards will reduce fraud even further as it will take the responsibility away from merchants to ensure cards are authentic. Chip cards had successfully addressed this in France, where they were introduced in the 1990s.
Growth in card fraud between 1993 and 2003 had prompted the UK to move quickly to chip cards, Dean says.
But Devlin says it would be years before chip-based cards were rolled out world wide. Merchants would need special chip readers before the system was implemented.
