So last night I became a fully, fully-fledged adult because it turns out someone used my Debit card number and started swiping $30, $50, $130 at a Pizza Hut in Texas. I live in Wisconsin. I also have the card next to me on my sidetable, so it was most obviously a breach in security.

Needless to say, I called the bank and they marked it down as fraud and closed the number.

I've never given my number out to anyone but Amazon, Steam, and other "trusted" game retail sites. Consider me shook.

So have any of y'all gotten money or your identity stolen? How did they use it? What did they buy? How much did you lose? Did you get it sorted out? Please tell me I'm not the only one.

5 years ago

Comment has been collapsed.

Hasn't happened to me yet but is it possible they had physical access to your card? Like a skimmer installed in ATM or a shady store copying it while you pay.

5 years ago
Permalink

Comment has been collapsed.

^ The only options.

5 years ago
Permalink

Comment has been collapsed.

One of the sites could also have been hacked

5 years ago
Permalink

Comment has been collapsed.

Nope.

A good site/store keeps all user data like login and password not in one place and all data is salted plus they never keep CVV/CVC and most of the time even credit card info is not keept by store but by company that process payments and when you want to buy something it is loaded from that company servers to site/store with all the salt and security.

If someone would get hacked it would have to be some company that process payments and that would mean most of the world beaing hacked but only for online payments.

What is described in this post is typical physical access to card and creation of a physical copy of that card.

Skimmer installed in ATM is 99% for me as it creates the exact copy of a card plus PIN for card is stored when someone use the fake keypad in ATM.

5 years ago
Permalink

Comment has been collapsed.

Sounds convincing, one new thing learnded, thanks :)

5 years ago
Permalink

Comment has been collapsed.

Yeah I am a programmer, and the one thing we always stress to every client is that we do not under any circumstances store payment details for anything ever. Even if you have 'bulletproof' security, if you keep anything other than a hashed reference to your payment processor or something like that, you are an idiot.

I have not been cloned before, but my brother was, and it was a physical skimmer that cloned the mag strip on his credit card used by someone in a store where he bought something . Then someone on the other side of the country was using a fake card loaded with the details doing 'cardholder not present' transactions. The bank reversed the charges, but warned him that if the pin is compromised, it's a lot harder to prove it wasn't you. Luckily in his case it wasn't. So from what I understood, the pin isn't stored in plain text on the strip, which is why the ATM skimmers will have a pin hole camera to record the hand movements. I was always careful, but now I always cover my hand when I type my pin, even if there's no one around. But maybe bank cards work differently in other countries.

5 years ago*
Permalink

Comment has been collapsed.

^ This this this! Preach!

Everyone should read this.

5 years ago
Permalink

Comment has been collapsed.

The only ATMs I've used were in England when I traveled there over the summer and I never got frauded there. I also only shop at Walmart and other local places. >_<

5 years ago
Permalink

Comment has been collapsed.

Skimmer installed in ATM will store your data for a long time and if it is instaled in ATM it will be there for long time so they can collect a few thousands cards infos to use them later as each will be blocked by real owner with time.

You use a skimmer installed in ATM and later you live for a year from others people creditcards.

5 years ago
Permalink

Comment has been collapsed.

Walmart, at least the ones around where I live, do not have secure card scanners. No verification whatsoever, no pin, no chip, no nothing. If it's the same near you that may be how it happened.

Many of the "professional" skimmers will sell the stolen card info rather than use it themselves and risk being caught.

5 years ago
Permalink

Comment has been collapsed.

I hope you have run a full scan on your computer for malware and viruses. If you have ever torrented anything, downloaded "free games or software from a "giveaway" site, clicked a link in an email, ect., you may also have downloaded a keylogger, or similar program.

5 years ago
Permalink

Comment has been collapsed.

I don't have to worry about that. Because I don't even want to be me.

5 years ago
Permalink

Comment has been collapsed.

Oof. I would gladly be you though !

5 years ago
Permalink

Comment has been collapsed.

I had my debit card used for some uber fares in California. I live in Michigan, so it was no problem getting it sorted with my bank.

5 years ago
Permalink

Comment has been collapsed.

My wife got like 4 new cards in a one year span, due to various large retailers being compromised (think it was Target and others).

Generally I've seen it advised to use a credit card and not a debit card, as you have less risk with a credit card (not going to overdraft your bank account, etc).

I have 3 credit cards and I tend to use certain ones for certain things. For example I pay my online accounts with one card, use another for use in restaurants and retail stores (both a more likely source of card number theft). That way if the "Risky" card is compromised, I don't have to go in and change all of my online accounts.

If you use your phone to pay in stores, it sends a virtual credit card number so your real card number can't be stolen. Likewise online if you use Paypal or Amazon to pay, then the store isn't getting a chance to ever see your actual number.

There are services like privacy.com which can generate virtual card numbers with limits and locked to one retailer only, so even if it's stolen it won't work anywhere but the first place you ever used it. You'll need to trust privacy.com with your bank account info, though, which I don't, so I haven't used it.

Keeping a list of all of your accounts with saved cards/recurring payments is helpful so you can go in and update them all when your card expires or is replaced with a different number.

5 years ago
Permalink

Comment has been collapsed.

It is definitely less risky to use a credit card than a debit card because the money being fraudulently spent in an unauthorized transaction belongs to the credit card issuing bank, not you, and there are laws to prevent the bank passing on these losses to the cardholder.

5 years ago
Permalink

Comment has been collapsed.

Got a tax return that I hadn't filed. Cleared up with the IRS, and now get a private code mailed to me every year (why isn't this default?). Only places I used my tax info were on one or two tax return filing sites, and possibly the credit report companies (but this was before they got hacked). Personal identity security in the USA is a joke.

Haven't had credit info stolen (yet), but need to be on the lookout for that right now, since I had a bag of paperwork stolen from out of my car recently, and I'm not 100% certain that info wasn't in that bag.

Also, +1 to people suggesting a card skimmer is likely how your info was stolen. Gas stations are a prime target for that. I try to remember to check visually whenever I pump gas, but usually forget.

5 years ago
Permalink

Comment has been collapsed.

Never stole any ID/Debit Card, I'm usually only going for cash :)

Pls no blacklist, I'm just joking :d, never had something like that happen to me

5 years ago
Permalink

Comment has been collapsed.

PayPal, about 400 euro, but got it back, PayPal was helpful in that.

Dunno how, but if you google many accounts do get leaked. Since i removed my bank account from it and only deposit small amounts.

5 years ago
Permalink

Comment has been collapsed.

With the regular security breaches happening it's just a matter of time and on how many websites you have signed up. Personal examples: Adobe, Dungeons & Dragons Online, Dropbox, gamigo, gPotato ... the list goes on. Since it's still common to use weak passwords (some services force you to that) or even reuse them I am not surprised attackers get access to affected PayPal accounts.

5 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 5 years ago.

5 years ago
Permalink

Comment has been collapsed.

Let me tell you about the first time I stole someone's identity. I ended up with this debit card number from some bloke in Wisconsin. I started swiping $30, $50, $130 bucks at a Pizza Hut down in Texas...

5 years ago
Permalink

Comment has been collapsed.

You monster!

5 years ago
Permalink

Comment has been collapsed.

I waited for that comment :D

5 years ago
Permalink

Comment has been collapsed.

I know someone who's credit card info was stolen, probably due to using it at a gas station (it was an older gas station where they manually run your card, rather than just put it into the pump).

I used the same password at Newegg as I did at another merchant, the other merchant was compromised, and someone used that login info to go into Newegg and order $300 in gift cards. Newegg flagged it, halted the purchase, and called me to confirm, so I was able to avoid the charge. Unfortunately, that also resulted in my Newegg account being permanently disabled which means I can no longer sign into it, and can't shop at Newegg anymore or access my $40 in credit.

I now use a password manager and a unique password at every site - and with every security breach, I'm glad I do.

5 years ago
Permalink

Comment has been collapsed.

That sucks dude, but at least you didn't lose out on that $300 (O_O)

5 years ago
Permalink

Comment has been collapsed.

Yeah, but it's pretty stupid that Newegg has permanently locked my account. Sony had a breach, Adobe had a breach, Equifax had a massive breach - these things happen. Just let me change my password to a new unique one and let me move on. It makes no sense to permanently lock my account.

But it does serve to illustrate the importance of using a password manager and a unique password for every site. I only wish I had started doing that earlier.

5 years ago
Permalink

Comment has been collapsed.

Yeah it's a hard lesson to learn. Before password managers were a thing, I came up with a system that worked pretty well as well, which meant I could remember my password for each site but make it still unique. And that was to take the same basic password, but then add in unique letters from the specific URL to that password at points. And then if I need to login on a new computer, I still know the password, but if a site is compromised that email and password combination is unique to that site and the breach stops there.

5 years ago
Permalink

Comment has been collapsed.

Yeah, I started doing something like that, but a password manager makes each password much more secure and makes for dozens of things less to remember.

Prior to that hack, I had used a few different passwords, one for insecure sites, one for possibly secure sites, and one for secure sites. I had just assumed that something like a bank would have sufficient security to prevent them being hacked and having the passwords exposed. I was obviously very wrong. :)

5 years ago
Permalink

Comment has been collapsed.

Ever heard of RFID and smart paiement ? You know, those devices which allow you to pay with your card without contact. Well, shady people have access to those devices too, that's why there are wallets with RFID blocking cards nowadays, because they don't even need to have access to the card physically, they can access to your card informations with that specific device. Buy a RFID blocking card, that may have been the problem.

5 years ago
Permalink

Comment has been collapsed.

Pay cash for everything.

5 years ago
Permalink

Comment has been collapsed.

The other day in Japan they've arrested a cashier who stole credit card info of 1300 customers by memorizing all the data (cc's number, holder's name, expiration date, ccv2)

5 years ago
Permalink

Comment has been collapsed.

Like an evil Rain Man

5 years ago
Permalink

Comment has been collapsed.

sorry it was me. i was hungry

5 years ago
Permalink

Comment has been collapsed.

And you had lots of pineapple!

5 years ago
Permalink

Comment has been collapsed.

Opened a new business a while back. Within two weeks someone had used my newly-issued business card for a shopping spree at a luxury store in New York.

I'd only used the card 8 times, so the number of suspects is pretty small. Needless to say, nobody bothered investigating

5 years ago
Permalink

Comment has been collapsed.

Just yesterday we found out that my husband's paypal account had been stolen and someone bought 350 euros worth of games and game time. It probably happened when he went to this site to buy a windows 10 licence. He had checked ratings for this site and it seemed good, but I guess it was not. So far we have managed to get 80 euros back. We'll see if we ever see the rest since they were used to buy game keys.

Moral of the story: Don't try to be smart and save money or you might lose more.

5 years ago*
Permalink

Comment has been collapsed.

Or at least be smart and use eBay to buy the cheap licenses.

5 years ago
Permalink

Comment has been collapsed.

Share your ID theft story

"Sharing" is what gets people in this mess in the first place.

5 years ago
Permalink

Comment has been collapsed.

All on-the-earth data is “impossible to escape from human eyes”┐(´Θ`)┌
At least for all digitized data.
Electronic payment?
Human alchemy to amplify virtual money and deceive and exploit people.
The card company operates the exchange market by adjusting the timing of settlement.
Big money manages small money.(exploitation)

Aside from bad jokes.

The workarounds are "Contact immediately when no card is at hand", "Check the card usage history, and contact immediately when something is wrong".
It is the duty of humankind who has signed a contract with the card company (devil).
An acquaintance who had accidentally stolen a wallet left the card company's phone number only on the back of the card, forgetting contact.
Please take a look after that.

At least all users with a “card number” can be victims.
The real thing to worry about is "contact credit card company immediately" when you lose your card.
If you are neglected to contact your credit card company, a huge amount of misfortune will attack you.

There are many "unfair justice" and "lazy police" in the world.
You will be taken to a police station detention center as part of your fake card.
Perhaps you will go to jail for atonement.

His lesson was "Leave card company contact in car, home, company and wallet."

5 years ago
Permalink

Comment has been collapsed.

Not my story but one of my friends dad.

Not thoroughly checking his PayPay / bank only realized that from time to time different values charged for postal services and complaining from time to time to his wife she shouldn't shop that much online. Truthfully she stated shes not shopping that much. In the end no deeper look was done and the story repeated once or twice if I recall correctly.
But then he finally took a closer look.

On a daily basis, even multiple times a day. The PayPal account was charged with E-Stamps for package delivery. So someone was shipping or selling these E-Tickets massively via this PayPal account for months.
After counting everything together they were quite shocked as these small amounts accumulated to over 5000€ stolen.

When I heared the story I thought: Ohh that might not be so easy to get it back. But a week later it was already nearly done. Without any problems PayPal payed everything back.
I would guess these companies and banks have insurances for these kind of cases so it's not their loss either in the end.

5 years ago
Permalink

Comment has been collapsed.

Now that I think about it, actually yes. When I hit 18 (that's when you are legally considered adult in my country) I got stopped on the street by promoters for one of our cell providers offering a 'free' SIM card. There was some special offer included and according to them it was up to me whether I activate it or not, no strings attached. Turned out it was activated automatically which I found out month later when I got a bill.

So far it would have been all my fault for signing the deal without reading it properly, funnily enough though, apparently I loved the new service so much that I went out of my way to find those guys in another city (50 miles away) the day after the first signing and signed another 3 deals with them.

One call with the company's headquarters later I was free from all 4 contracts and the fee was pardoned. I did not even get an apology though and thinking back, I should have probably sued them since faking my signature, coming from a nation-wide provider seems like a pretty big deal (even though the issue originated from some part-timers who probably do not even work directly for the provider but rather some agency).

5 years ago
Permalink

Comment has been collapsed.

So far nothing to report, and hope it stays like that.

5 years ago
Permalink

Comment has been collapsed.

Some years back, someone managed to get hold of my debit card number. (I still don't know who or how, but it happened right after I used the shady gas station. They may have written down the number while I was filling up.) It didn't take long to notice as I have very little money and the bank contacted me for the overdraft as soon as the person tried to go shopping.

Not long after, I signed up with LifeLock and haven't had any problems since, thank God. Mostly, it's been my (old) passwords and personal information that have been floating around the Dark Web, and LifeLock helps me with that. What is more insidious is when you receive phishing attempts from people impersonating a family member.

Thus far, I have not had anyone attempt to buy a house in my name and/or steal the lease to a property I already own. This is partly due to the fact that I own no property, but you still want to watch out for it. You also want to keep an eye on your social security in case someone else is using your number.

5 years ago*
Permalink

Comment has been collapsed.

Sign in through Steam to add a comment.