credit card fraud

[MargaretR]

Twice this year I have had phone calls from credit card fraud departments to query a particular dubious transaction on a card, and both times a fraudulent attempt was found, the card cancelled and replaced.

I rely on internet purchases for survival, so I need to continue to use my card in that way. I could use a debit card but I do actually make small sums of money by using cashback cards and always pay the card off in full at month end.

One of those fraudulent transaction attempts was on a card that had been locked in a safe for 6 months unused!!

I have a firewall. I have Spybot 'paid for' version and Avg free virus protection, -all are frequently updated and used daily. I have a paper shredder and shred everything that bears my name and address.

In fact I am obsessive about the security of my cards.

Please can somone explain how these 2 fraud attempts could have happened

[entwisi]

I can guess at Card numbers even down to Bank level. Basically teh first 6 digits of a card number tell me exactly what bank and type of account it is. (Its called a Bank Identification Number or BIN). The last digits of the card are coded versions of your expiry date.

So simple 'guessing' mechanism only has ~6 or 7 digits to guess for a valid card number.



Another option is simply when you use the card in a shop. Its not hard to memorise all the details of a card including the important 3 digits on the back.
You will often find that people hold these details for a while before using them so as to 'detach' the association from them

[MargaretR]

Thanks Entwisti for that info.
I rarely use a card in a shop - online buying is my thing.
The card which was compromised yesterday has only been in use for 2 months and had only been used (online only) 12 times. I never allow my card details to be 'stored for next time' by any retailer.
This card has additional security for online purchasing by providing an additional screen where more ID needs to be entered before the transaction is approved.
I never open an email from someone I dont know.
You already know that my connection is safe from piggy backers.
Could rogue employees of the retailers I have used, be accessing their employers database and obtaining my card details for their personal use?

[entwisi]

yes it could be unscrupulous employees although you are always at the mercy of retailers in this respect. The good ones actually use mechant services where they do not see your details at all. They just get a auth code to say you have paid XXX.

In your particular case its hard to say whether they had all the details that would be needed for an online transaction or they were trying a restricted access dealer who doesn't need to have all the same security checks in place. Out of interest what were they trying to buy from where?Was it overseas?

[MargaretR]

I rarely buy from overseas and if I do I use Paypal linked to my current account.

The twelve times this card was used-
Tesco online -groceries -3 times (all the rest just once)
Asda Accrington kiosk - (sorry forgot about that rare visit to a store) kept my till receipt!
Healthspan Guernsey (not really overseas is it?)-herb&vit pills
Dixons Electrical - new eco kettle
Amazon.co.uk - book
So Organic --toiletries
lamps2udirect.com- low energy bulbs
Farmway Online - cat litter
ChoiceBrand.co.uk--food processor
Safefoam-- large foam seat cushion pad


PS - the crooks who tried it on were some geneology search company (so I was told)