We got an email from Chase.com earlier this evening, alerting us to fraudulent charges on our credit card. Someone has apparently programmed our credit card number onto another card and gone on a shopping spree.
It began with a swipe in a food vending machine owned by Berkshire Food, Inc. somewhere in Connecticut. Berkshire is in Danbury but there’s no way of knowing whether the transaction was there or the payment was processed there. The first tranaction was $1.60. I’ve heard that thieves will usually start off their spree with a small amount and increase as they gain confidence in their card.
Our thieves then began to get hungry, so they stopped into L.C. Chen’s, a Chinese restaurant in Fairfield, CT, at 6:19 PM. The two women bought Pad Thai and a drink, one signing the receipt as “Vanessa Smith,” according to Linda, the nice lady I spoke with.
At this point, fraud party continued up Bridgeport, CT and to Modell’s, a sporting goods store. Two transactions for $200 were declined here, Chase’s fraud alert was triggered, and the card was canceled soon afterward. Thus, the spree is over. I’ve got a call in to Modell’s security to get their information, including surveillance video if any.
How can someone spend money with a credit card they do not have? It’s amazingly easy, actually. The magnetic stripe on the back of the card is just like a cassette tape, easily re-recorded. Someone, somewhere either got my credit card number or randomly generated it, then applied it to another card. Perhaps one belonging to Vanessa Smith. At the Chinese restaurant, the thief never had to provide the three-digit security code since the bank (wrongly) assumes that swiping a card in person is somehow more secure than using one online.
The fact that Chase has begun issuing credit cards with chips in them is a step in the right direction, but it does not help unless merchants upgrade their payment machine to read the chips.
What’s really needed is to require PINs with cards, the way the Europeans secure their card transactions. I ran into this with my last business trip to the Netherlands, where I could not use my credit card because I couldn’t remember my PIN. Banks think their customers are too dumb to use card + PIN, so it seems we’re stuck with getting new cards every 6-9 months as they get compromised. Sheesh.