you steal... ...nussink from me.

[substitute]

Someone broke into one of my credit card accounts online. I discovered this because I got email confirming my mailing address change. My... what? I signed on and had to reset the password, which had been changed. This can't be good. Hey! I have an address in New York City now?

I called them up and after some confusion we confirmed that I do not live in New York, nor did I buy anything from eBay today. They're sending me a new card. More unfortunately, the rep told me that whoever changed my address had the security code from the back of the card, indicating that they'd either had physical possession of the card at one time, had sold me something online, or had cracked some database at Chase (he didn't mention that last possibility).

Punchline: The account that was compromised only had $160 in credit available on it.

Comments

[p0tat0es.livejournal.com]

I'd suggest having a fraud watch put on your credit report - any one of the three credit bureaus can do it. If anyone were to attempt to open an account in your name, the credit issuer would have to contact you to see if it's really you. Dunno if it works on account takeovers though.

Anyone that you shop with online shouldn't be storing the CVV2 data (the 3 digit thinger on the back), since it's a security risk - someone internally can harvest that shit.

Another thing - usually they make you verify your SSN when you make changes to your account. Hopefully whoever did this doesn't have that too :(

[substitute.livejournal.com]

Yeah, good call on all counts. And the CVV thing, if they had it right that it was used, was disturbing.