Credit Card Theft Over and Over?
 

Okay,

We've had to change our business CC# four times in 2013 so far due to fraudulent charges. The last two have both been to Fry's.com

The bank said it's very unusual to have repeated "hacks" like this. Any ideas how we can go about tracking down where the "leak" is occurring? Can you hire a "detective" type to try to track it down? Are there some obvious places we should look? It's a complete pain in the ass, because everytime, we have to contact all of our vendors with the new card #, not to mention wait a while for the new card to arrive and basically not have a card to charge with for an extended period of time while we wait on our new card.

Do you happen to use this/these cards to pay for gasoline at the pump?

It's 90% of the time someone internal. Employee theft is crazy, and don't feel like a lone ranger on the theft score. I've got scars on top of scars.

Yes, we do.

Usually the same station?

Restaurants will also steal the numbers.

It only takes one asshole to get your CC info and run with it. It could be internal, or someone that works for a vendor that has access to your CC#.

We only have one employee, and she isn't the source.

No. Not necessarily.

Someone is misusing your credit card information, could be a vendor, could be someone skimming numbers at a gas station, restaurant, ATM or any retail store.

Change all your passwords. Make sure any computers you have ever used your banking website, commerce/ecommerce software or done any online purchasing with credit cards is adware/malware free, down to doing a complete wipe and reinstall of Windows. Four times with the same card provider reeks of a well concealed malware attack if you are using that card online.

Right. I'm worried about malware as well. We're in design, so we work with Macs, but it's still very possible that it's malware related.

Five Ways Thieves Steal Credit Card Data
Suspect: The Waitress at The Diner
Modus operandi: The waitress whisks away your credit card and swipes it through the restaurant's register. Then, she pulls out a small device, about the size of an ice cube, from her apron and swipes it through that, says Sergeant David Schultz of the Fort Bend County Sheriff's Office in Texas. While you're scraping the last of the chocolate frosting from your plate, your credit card information has been stored in the device, known as a skimmer. The waitress returns your card and performs the same magic trick on dozens of credit cards in a week.
Known whereabouts: The data-stealing waitress has been known to moonlight as a bartender, sales clerk or at any place where she can take your credit card out of sight.
Suspect: The Toy Store Trio
Modus operandi: Sally, Simon and Bud walk into a toy store. Sally and Simon roam the aisles, while Bud waits in line to check out. When Bud is at the register, Simon comes running up to the clerk, screaming that his wife has fainted. As Sally and Simon distract the sales clerk, Bud switches the credit card reader at the register with a modified one of his own, says FICO's Fraud Chief Mike Urban. For the next week, the sales clerk unwittingly collects credit card data on the modified reader until the trio returns, takes back the modified reader and restores the original terminal.
Known whereabouts: The trio will hit other retailers and restaurants, but sometimes the threesome will instead be a duo or a solo criminal.
Suspect: The Gas Lass
Modus operandi: The Gas Lass parks her car in front of a gasoline station off the turnpike. It's late. There's no one around except a sleepy attendant at the register inside. The Gas Lass attaches a skimmer over the credit card reader at the pump. It's a special skimmer: It emits a Bluetooth signal to a laptop close by, says Noonan. The Gas Lass pays, heads off to the motel next door and sets up her laptop to receive the data from the compromised pump over the next several days.
Known whereabouts: The Gas Lass installs skimmers over ATMs, parking meters, vending machines and any other places with unmanned credit card readers.
Suspects: Harry the Hacker and Phishing Phil
Modus operandi: Harry the Hacker installs malware -- a type of software that damages or infiltrates a computer or network -- onto a legitimate website with low security. The malware instantly downloads onto your computer when you visit the site and allows Harry to access your information. In another scenario, Harry puts malware on public computers and gathers the information you share with that computer, says Urban. Harry also infiltrates the computer system of banks, retailers and other businesses and extracts personal account information, Noonan says.
Phishing Phil uses malware to go after your laptop. He sends emails with attachments that promise dancing kittens or some other bait. When the user opens the attachment, malware instantly downloads onto the computer and leaves confidential information vulnerable. Phil also sends emails from a familiar sender with a link to a contaminated website that installs malware onto your computer. Some malware, called spyware, allows Phil to capture every keystroke including passwords to your financial accounts.
Suspect: The Rest of The Criminal Crew
Modus operandi: So what happens to these pieces of data when they're in no-good hands? They get sold.
The waitress, trio or Gas Lass sells each swipe for $20 to $40 a pop, says Urban. Harry the Hacker and Phishing Phil will get $5 to $10 a card and often sell the information online at the eBay of credit card activity. The person who buys the information verifies it and then sells it to a person who creates fraudulent credit cards with your account information attached to it. The card maker then sells it to other criminals who buy goods such as stereos or baby formula and sells them to regular consumers.
What You Can Do
1. Set up mobile alerts for your phone if your financial institution provides the feature. That way, you can be aware of unusual activity as quickly as possible.
2. Regularly monitor your accounts online, so you can identify fraudulent transactions faster, says Schultz.
3. Avoid public computers. Don't log onto your email if your bank corresponds with you there. Urban suggests setting up an email account just for your finances and checking it from safe locations.
4. Avoid doing business with unfamiliar online vendors, Noonan says. Stick to established merchants and websites.
5. If your information has been compromised, notify your financial institutions and local law enforcement, which will contact the Secret Service if necessary. Also notify any of the three major credit reporting agencies -- Experian, Equifax and TransUnion -- to set up a fraud alert on your credit reports.


Read more: http://www.foxbusiness.com/personal-...#ixzz2ZR0f7JCM

We use a LOT of vendors, though. We have probably 30 different companies who have our CC on file for ordering (which is one reason it's a huge pain in the ass when we have to change our card #).

I would take statements from each card and cross reference what vendor transactions they all have in common.

Have you made online purchases with each card? Couldn't hurt to run a malware/virus scan on your computer as well.

Will Fry's help you out at all? IP addresses, user info, email addresses?