you steal... ...nussink from me.

[substitute]

Someone broke into one of my credit card accounts online. I discovered this because I got email confirming my mailing address change. My... what? I signed on and had to reset the password, which had been changed. This can't be good. Hey! I have an address in New York City now?

I called them up and after some confusion we confirmed that I do not live in New York, nor did I buy anything from eBay today. They're sending me a new card. More unfortunately, the rep told me that whoever changed my address had the security code from the back of the card, indicating that they'd either had physical possession of the card at one time, had sold me something online, or had cracked some database at Chase (he didn't mention that last possibility).

Punchline: The account that was compromised only had $160 in credit available on it.

Comments

[hersheyjumper.livejournal.com]

That's awful!! Can they track them through their delivery address?? I mean, can't da coppers march right over to the deliver address and knock some heads??

Well...

[leolo.livejournal.com]

For this to happen, the cops would actually, you know, be interested in catching the culprit. Which they aren't.

Re: Well...

[substitute.livejournal.com]

More to the point, it would have to be known that the address has any significance at all other than a stopgap.

[gutbloom.livejournal.com]

Yikes. Yikes. Yikes.

I need some kind of peasant talisman against this stuff. Where's the superstition when you need it? I want a doodad I can hang on my computer that will make me think it can't happen to me.

[fattmike.livejournal.com]

Man, that's a major WTF :(

At least they did the right thing and confirmed the address change. Just wow.

::off to check my Chase account::

[p0tat0es.livejournal.com]

I'd suggest having a fraud watch put on your credit report - any one of the three credit bureaus can do it. If anyone were to attempt to open an account in your name, the credit issuer would have to contact you to see if it's really you. Dunno if it works on account takeovers though.

Anyone that you shop with online shouldn't be storing the CVV2 data (the 3 digit thinger on the back), since it's a security risk - someone internally can harvest that shit.

Another thing - usually they make you verify your SSN when you make changes to your account. Hopefully whoever did this doesn't have that too :(

[substitute.livejournal.com]

Yeah, good call on all counts. And the CVV thing, if they had it right that it was used, was disturbing.

Check THIS out

[fattmike.livejournal.com]

So,

I decided to look at my Chase credit card statement online and lo and behold, there are two charges of $19.95 each on 1/12 and 1/13 to MSN Hotmail.

The statement just closed yesterday, so I found it online, called up Microsoft, and someone used my card to buy extra storage for 2 different Hotmail accounts. I don't USE Hotmail. The very nice lady confirmed I don't use Hotmail, and canceled the subscriptions, and now tomorrow I get to call Chase and find out WTF happened and what to do about it.

At least they didn't have my address, or at least it doesn't appear they did, but still, WTF????? :x

Hrmmm....

[friendly-bandit.livejournal.com]

Doesn't Kenn live in New York?
Didn't Kenn live here and have access to your wallet?
Doesn't Kenn like ebay?

I think you should consider these facts.

Re: Some Day She Will Call My Name

[substitute.livejournal.com]

Nah, not screening you. I just flipped on the bit that says "only friends can comment without screening". I'll fix that for ya. Have a good trip.

[ganatronic.livejournal.com]

I logged into Amazon the other day and received a "Plog" (http://www.amazon.com/gp/plog/about.html/ref=cm_plog_learn/002-8873275-3520842) (link might not work) from an author thanking me for buying a book that I never bought. For a moment I became worried that someone was buying stuff on my account. But the invoices show it wasn't charged to me. I'm thinking it is either an error, or someone bought it for me for my upcoming b-day (maybe I had it on my wishlist) and they just haven't worked out all the kinks yet in their plog system.

Anyway, sucks that you got hacked.

[wholesomedick.livejournal.com]

YEAH! MY CHASE CARD HAS A $400 DOLLAR CREDIT LIMIT! BOO-YA!!! :)

[substitute.livejournal.com]

I know! I just bought some really nice shoes with it! PWNED!!!!

[cascadefailure.livejournal.com]

I JUST got my first actual credit card (well first one, THIS round)...and it's not through Chase. I've never actually used it...because I remember what happened LAST time I had a credit card...or 7. It just sits in my wallet...in CASE I go somewhere that doesn't want my debit card...like some silly car rental place. I'm sorry you got your info stolen...I'll try to be more conspicuous next time. :P

[halfjack.livejournal.com]

I've had my credit card number stolen on several occasions and in each case the very first illegal purchase was successfully red-flagged by my credit card company. I receive a phone call out of the blue from someone asking if I just made a $100 donation to Some Amusing Charity in San Francisco, which they say is well outside my buying pattern. I say no, they say okay we'll cancel your card and get a new one out. No cost to me.

Of course, the fact that they know my buying patterns well enough to successfully flag every fraud attempt so far is kind of scary.