PDA

View Full Version : New Credit Card Scam: Beware


Frankie
07-16-2005, 06:37 AM
I have not done snopes on this one. But it makes sense:



My husband was called on Wednesday from "VISA", and I was called on Thursday from "MasterCard".

The scam works like this: Person calling says, "this is (name) and I'm calling from the Security and Fraud Department at VISA. My Badge number is 12460. Your card has been flagged for an unusual purchase pattern, and I'm calling to verify. This would be on your VISA card, which was issued by (name of bank). Did you purchase an Anti-Telemarketing Device for $497.99 from a Marketing company based in Arizona?"

When you say "No", the caller continues with, "Then we will be issuing a credit to your account. This is a company we have been watching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address), is that correct?"

You say "yes". The caller continues - "I will be starting a Fraud investigation. If you have any questions, you should call the 1-800 number listed on the back of your card (1-800-VISA) and ask for Security. You will need to refer to this Control Number. The caller then gives you a 6-digit number. "Do you need me to read it again?"

Here's the IMPORTANT part on how the scam works. The caller then says, "he needs to verify you are in possession of your card". He'll ask you to "turn your card over and look for some numbers". There are 7 numbers; the first 4 are part of your card number, the next 3 digits are the security numbers that verify you are the possessor of the < BR> card. These are the numbers you sometimes use to make Internet purchases to prove you have the card.

The caller will ask you to read him the 3 numbers. After you tell the caller the 3 numbers, he'll say, "That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?" After you say No, the caller then thanks you and states, "Don't hesitate to call back if you do", and hangs up.

You actually say very little, and they never ask for or tell you the Card number. But after we were called on Wednesday, we called back within 20 minutes to ask a question. Are we glad we did! The REAL VISA Security Department told us it was a scam and in the last 15 minutes a new purchase of $497.99 was charged to our card.

Long story made short - we made a real fraud report and closed the VISA account.. VISA is reissuing us a new number. What the scammers want is the 3-digit PIN number on the back of the card. Don't give it to them. Instead, tell them you'll call VISA or Master card directly for verification of the conversation.

The real VISA told us that they would never ask for anything on the card, as they already know the information since they issued the card!

If you give the scammers your 3 Digit PIN Number you think you're receiving a credit. However, by the time you get your statement you'll see charges for purchases you didn't make, and by then it's almost to late and/or more difficult to actually file a fraud report.

What makes this more remarkable is that on Thursday, I got a call from a "Jason Richardson of MasterCard" with a word-for-word repeat of the VISA scam. This time I didn't let him finish. I hung up! We filed a police report, as instructed by VISA . The police said they are taking several of these reports daily! They also urged us to tell everybody we know that this scam is happening.

Please pass this on to all your family and friends. By informing each other, we protect each other.

Rausch
07-16-2005, 06:39 AM
Nah. The biggest scam ever is finding people dumb enough to give me a credit card...

Bowser
07-16-2005, 07:47 AM
This is the reason I don't use credit cards.

And besides, no credit card company needs you to verify anything. They should have all your info. And if they don't, they're not competent enough to handle your business.

Hydrae
07-16-2005, 09:20 AM
This story has been around for a while. Although technically possible there is no word on any actual occurrances of this specific scam.

Snopes (http://www.snopes.com/crime/warnings/creditcard.asp)

Origins: There are five points we generally try to apply in evaluating warnings about possible criminal schemes or activities:

1) Is the phenomenon outlined in the warning technically possible as described?

2) Is the phenomenon outlined in the warning plausible? (That is, some criminal schemes are technically possible, but they're too difficult, cumbersome, or expensive to plausibly enact on anything more than a very limited basis.)

3) Are there any verifiable instances of people having been victimized in the manner described by the warning?

4) Is there evidence that the criminal activity described in the warning is widespread?

5) Is the criminal activity described in the warning something the average person might fall victim to?

The scheme outlined in the message quoted above might be categorized as a "social engineering" scam a technique which preys upon people's unquestioning acceptance of authority and willingness to cooperate in order to extract from them sensitive information (such as computer passwords or credit card numbers). In this case the scammers' target data are the three-digit security codes found on the back of MasterCard and Visa cards.

Just as the Internet and other technologies have greatly expanded the possibilities for making credit card purchases without the need to physically present a card to the seller, so have they created additional opportunities for identity thieves to make profitable use of purloined credit card numbers. After getting their hands on credit card numbers (often through such simple expedients as rummaging through trash to find discarded receipts or statements), crooks can then employ a variety of means (e.g., mail order, phone order, Internet purchases, posing as merchants) in order to obtain money and merchandise by charging against the cardholder's account even though the credit card itself remains snugly inside the cardholder's wallet. The victim may not even know anything is amiss until he receives his next statement in the mail several weeks later.

Although safeguards have been enacted to catch most of these types of fraud, they're often defeated by a combination of lax security and clever crooks who know how to work around them. One of the more recent safeguards is the addition of three-digit security codes (known as CVC2 or CVV2 codes) to every MasterCard and Visa card, codes which are indent-printed in the signature panels on the backs of the cards but are not encoded in the magnetic stripes and do not print on sales receipts. Many vendors cannot process credit card transactions without obtaining these security codes from their customers, thereby ensuring that persons placing orders have physical possession of the cards being used (and haven't simply scammed the sixteen-digit account numbers imprinted on the front of cards somehow). Thus the scheme described above might be used by identity thieves who have managed to collect credit card numbers but need to obtain the associated security codes in order to process charges against the accounts.

So, back to our five points:

1) Is this possible? Yes, it's possible that scammers might get ahold of credit card numbers and then use the technique described above to obtain security codes and process phony transactions against the accounts.

2) Is this plausible? The scam as described above is not extraordinarily difficult or expensive to pull off; all it requires is access to a telephone and the establishment of a merchant account for processing credit card transactions. It also assumes the scammer already has the names, addresses, phone numbers, and credit card numbers (plus expiration dates) of his victims, but that information might be obtained in a variety of ways (such as breaking into and stealing customer data from merchant web sites). Whether the same scammer could process more than a handful of phony charges before complaints caused his merchant account to be shut down is problematic, though.

3) Are there known instances of this occurring? We talked with a representative of MasterCard, who told us that although she couldn't verify the specific details of the message reproduced above, this type of scam does occur and isn't new; it's been going on ever since MasterCard started putting CVC2 security codes on all its cards back in 1997. (Visa put CVV2 codes on all its credit cards until 2001.) She also reiterated that MasterCard would not ask a cardholder to disclose security codes or provide any information verifying physical possession of a card; any such inquiries regarding security matters would come from the financial institution that issued the credit card, not from MasterCard itself.

4) Is this a widespread phenomenon? Unfortunately, MasterCard was unable to provide us with any statistics regarding the specific scam described here, other than to note that using the telephone to trick cardholders into divulging their security codes is a type of fraud that has been occurring for several years and is ongoing.

5) Is this something that might affect the average person? Yes, anyone who holds a credit card is a potential victim of this type of fraud.

The best protection against these types of telephone schemes for obtaining sensitive credit card information is to always verify the identities of the people with whom you speak. If you have security questions or concerns about your credit card, call the financial institution who issued your card directly. If someone contacts you by phone about your credit card, ask the caller to provide his name, department, and extension, then hang up and call him back through the phone number listed on your credit card or billing statement.

Additional information:
Preventing Credit Card Fraud
(Consumer @ction)

Last updated: 23 December 2003

DTLB58
07-16-2005, 11:11 AM
This is the reason I don't use credit cards. :clap:

And besides, no credit card company needs you to verify anything. They should have all your info. And if they don't, they're not competent enough to handle your business.

You and me both. But we are very much the minority in America today where everyone feels they MUST have a CC.

Ari Chi3fs
07-16-2005, 12:57 PM
so wait... Frankie has a husband? You are a woman? Whoa.

KCChiefsMan
07-16-2005, 01:13 PM
I keep getting calls from these people with foreign accents:

"HI I'm calling because your application has been approved for a $5K gov't grant"

and then I usually just mess with them. The first time I said
"Oh WOW! great, I'd love that do you need my checking routing number?" and they say yes, I'll take that now. And then I told them it's a weird routing number because it has letters in it. I read it off.
0-0-1-F-U-C-K-Y-O-U

and then I tell them that I hope they burn in hell and hang up

Frazod
07-16-2005, 01:38 PM
The police said they are taking several of these reports daily! They also urged us to tell everybody we know that this scam is happening.
Oh, I'm sure they'll get right on it. :rolleyes:

THREE YEARS AGO, the card number for my Visa debit card was stolen after I bought some concert tickets on line (the last time I ever used or will ever use my bank card for an on-line purchase). Since I am extremely anal about checking my account balance, I realized it within a couple of days and got all the money back. The thief was some scumbag in Orlando, Florida - I know that because my card was used to pay his f#cking phone bill. The prick was actually using internet service I paid for when I called the ISP - at least I got the satisfaction of being on the phone with the person who killed his access while he was using it. Sadly, that's the only satisfaction I got.

I attempted to provide the thief's information to the Orlando police. They told me to call the police where I live in Naperville. Somehow I think Naperville's jurisdiction might not extend into Florida, but I figured that wouldn't be a problem, since I also reported it to the national fraud agency (cant' remember the exact name, but I filed a full report including the thief's name and address).

That was THREE YEARS AGO. If they ever did anything, I sure as hell never heard about it, and there is no way for me to request a status from the national agency - it's a "we'll contact you" type of thing.

So my basic opinion is that the cops and the feds don't do a f#cking thing to these people. I didn't lose any cash, but I did lose several hours of work dealing with the problem, which didn't make my bosses very happy. In a perfect world, these pricks would get their fingers chopped off - let them try to use a computer to rob people while typing with bloody stumps.

All you can do is keep tabs on your account and protect yourself, because no one else will.

KChiefsQT
07-16-2005, 01:49 PM
Anytime those idiots call me I tell my 2 year old neice the phone's for her. She just loves chatting it up, and they get a lot of info. out of her too bad it's info. that they don't want....hahahha. Usually don't call back for awhile. I hate scammers.

Mr. Flopnuts
07-17-2005, 12:52 AM
I keep getting calls from these people with foreign accents:

"HI I'm calling because your application has been approved for a $5K gov't grant"

and then I usually just mess with them. The first time I said
"Oh WOW! great, I'd love that do you need my checking routing number?" and they say yes, I'll take that now. And then I told them it's a weird routing number because it has letters in it. I read it off.
0-0-1-F-U-C-K-Y-O-U

and then I tell them that I hope they burn in hell and hang up


Those guys called my wife a couple of weeks ago, she being the younger, more naive member of the relationship did the most natural thing she could. She gave the phone to me. I started grilling them on the grant and how I got it, and THEY hung up on ME. It was a good time. I should've asked them if I sounded like a 74 yr old woman from California.

WebGem
07-17-2005, 01:23 AM
If someone calls my home phone and asks for the last 4 digits of my credit card number and the 3 digit security code, I am sure as hell not giving it to them. Oh yeah, anyone who does give it to them is a retard.

Coach
07-17-2005, 01:25 AM
If someone calls my home phone and asks for the last 4 digits of my credit card number and the 3 digit security code, I am sure as hell not giving it to them. Oh yeah, anyone who does give it to them is a retard.

Heh, or you can just make up a line like "You do know that you're calling one of the undercovers for the FBI? Oh, and we have this line tapped and we're recording the conversation."

ROFL Works all the time on the telemarkers.

Taco John
07-17-2005, 02:07 AM
so wait... Frankie has a husband? You are a woman? Whoa.


:eek:

Logical
07-17-2005, 02:13 AM
so wait... Frankie has a husband? You are a woman? Whoa.Suprised me as well.

Taco John
07-17-2005, 02:17 AM
I had always pictured something not too far from this... (http://geog-www.sbs.ohio-state.edu/images/people%202003/Ahmed.jpg)

Logical
07-17-2005, 02:26 AM
I had always pictured something not too far from this... (http://geog-www.sbs.ohio-state.edu/images/people%202003/Ahmed.jpg)

Me too, I bet Big Daddy will be shocked.

Mojo Rising
07-17-2005, 02:46 AM
Oh, I'm sure they'll get right on it. :rolleyes:

THREE YEARS AGO, the card number for my Visa debit card was stolen after I bought some concert tickets on line (the last time I ever used or will ever use my bank card for an on-line purchase). Since I am extremely anal about checking my account balance, I realized it within a couple of days and got all the money back. The thief was some scumbag in Orlando, Florida - I know that because my card was used to pay his f#cking phone bill. The prick was actually using internet service I paid for when I called the ISP - at least I got the satisfaction of being on the phone with the person who killed his access while he was using it. Sadly, that's the only satisfaction I got.

I attempted to provide the thief's information to the Orlando police. They told me to call the police where I live in Naperville. Somehow I think Naperville's jurisdiction might not extend into Florida, but I figured that wouldn't be a problem, since I also reported it to the national fraud agency (cant' remember the exact name, but I filed a full report including the thief's name and address).

That was THREE YEARS AGO. If they ever did anything, I sure as hell never heard about it, and there is no way for me to request a status from the national agency - it's a "we'll contact you" type of thing.

So my basic opinion is that the cops and the feds don't do a f#cking thing to these people. I didn't lose any cash, but I did lose several hours of work dealing with the problem, which didn't make my bosses very happy. In a perfect world, these pricks would get their fingers chopped off - let them try to use a computer to rob people while typing with bloody stumps.

All you can do is keep tabs on your account and protect yourself, because no one else will.

I think it is the banks that need to step up the "Due Dillegence". My buddy had his ATM card stolen. After all was said and done the bank credited the $400 Home Depot charge back to his account after his cash was un-attainable because his account was closed for a week. In the end the bank didn't pursue the crime because it was under $500.

There is a math computation somewhere that determines the cost of prosecuting, and not sending every American 3 credit card offers per day. Somehow fees are so high they can afford to write off the fraud and put the administrative burden off on us.

htismaqe
07-17-2005, 05:16 AM
This is a pretty elaborate and organized scheme for a criminal who is dumb enough to CALL YOU ON THE PHONE.

Stealing CC numbers over the Internet works because it is passive and silent -- "man in the middle" eavesdropping on your transaction.

This type of aggressive fraud would take less than 5 minutes to track down, because of the phone call itself.

While technically possible, this is a hoax.

And frazod, did you report your case of identity theft to the IFCC (http://www.ifccfbi.gov/index.asp)? I've worked with them several times over the last few years to successfully track down and nail these idiots...

Frankie
07-17-2005, 07:51 AM
Suprised me as well.

No, he left me with 6 snot-nosed little ones and no financial support.... :crybaby: DAMN BASTARD!!

gblowfish
07-17-2005, 08:45 AM
You and me both. But we are very much the minority in America today where everyone feels they MUST have a CC. That's cool, unless you ever have to make a plane or hotel reservation, or rent a car. Without a CC, you're pretty much hosed.

I only have three cards, Discover for about 95% -cash back plan is smart as long as you don't charge over what you can pay in 30 days- and MC for the 5% of places that don't take discover.

I use Amex for work stuff I get re-imbursed for.