February 04, 2013

Breach

Last week, when I was traveling from my folks' home, I got to the parking garage to pay and the auto card reader wouldn't take my Visa. Immediately I thought either I didn't 'put my mag strip down and to the right' the way the automatic robot voice told me or something was wrong with the parking garage reader. I used my AMEX and was on my way.

But it niggled in my brain. I know after the crazy travel of that day that I felt like my brain was fried and I was tired, but I am not directionally challenged and felt certain I'd put my mag strip down and to the right, as I've done it so many times before.

I forgot about it when I got home and didn't check my messages.

The next day I was with Bones. He has one of his long performance days where he leaves school to go to a venue, I pick him up and take him to another vocal practice, with no time to stop home and eat. I promised him BK. (Blech.)

I thought to myself, "Perfect time to check my Visa..." and it rejected.

I called my CU immediately and they said, "We stopped your card on fraud alert. Have you been in Michigan buying computer equipment?" to which I replied, "No, I'm warm and in Florida..."

So they reissued me a new one.

This evening at dinner, my husband said, "Remember how your VISA was compromised last week? My MasterCard was compromised TODAY. In Utah... for $9.00. I got a call asking if I was in Utah..."

Interesting that someone was evidently just testing the waters with his card. If the $9 passed, onto bigger and better from there! With mine, it was a 'full court press, if I succeed... let's succeed BIG'.

This is what is crazy. My husband and I both have our own credit cards. The only card we have the same account on is our AMEX, and only because I didn't have one when we married so he got me one on his account.

After 21 years of marriage, we still have our own VISA and MC... not putting one on the other. He prefers MC, I prefer VISA, it worked. They both get paid off through the joint bank account and neither of us being real spendy people, it's not a problem. (Other than Christmas, our cards are used for things in our budget such as gas, groceries, haircuts and clothes we know have to be purchased. So having different cards is a non-issue. It's all about the budget.)

But what is interesting is that both these cards were compromised within a week of each other and both were compromised in the same way. Someone had the information required to CREATE a fake card.

Both were tagged as 'hard swiped'. It wasn't internet fraud.

My husband and I don't frequent the same places with those cards... at all. He rarely actually uses his MC. Yet, both were compromised within a week, sharing no information except the same last name.

Which leads us to believe that this was part of that MC/VISA breach last year; it's just taken this long to trickle down to us.

I could be wrong. But I personally think... it's a little crazy.

Posted by Boudicca at February 4, 2013 08:08 PM
Comments

Oh it very well could be. Or it could be from any number of other places. The thing is, we only know about the breaches that have been reported.

Anyhow, the credit card companies have really cracked down on uncharacteristic purchases. A couple of years ago I had my Amex card replaced because of a local grocery store breach. Someone tried to buy $99 worth of gas in Houston.

It's pretty much never ending. *sigh*

Posted by: Teresa at February 4, 2013 11:10 PM

It could totally be coincidence, but the fact remains, we have the same last name. It could have taken that long to use a card made in our names if they were pilfered from a clearing house breach.

Different banks, different type of card, not on each other's card, different places we frequent, different spending habits, different ADDRESSES on the billing (his goes to his office), different phone numbers... absolutely NOTHING ties them together, yet one week apart, nearly to the day.

So I think it was a clearing house breach and the last name thing kept it together.

Posted by: Bou at February 4, 2013 11:24 PM

It seems that every 6 months, we are told there were suspicions and our account is compromised. When we ask about specifics, we don't usually get any information. The pain is that we use our credit card to pay a variety of bills, so you have to go in and change everything...so I rage about it, actually because they don't have specifics. Maybe it was that breach you're speaking of.

We found out last week someone purchased an I Phone 5 on our cell phone account. We called the fraud area to have it investigated and it was removed, but the bill came yesterday and was still on there. Another call to fraud....which is only open like 9 to 5....ARRGHHH

Posted by: Trudy at February 5, 2013 07:07 AM

Trudy-

I was thinking about all the things I might pay by CC, that are pre-registered. What an absolute pain in the neck.

When they called me, immediately I thought, "Wait, did I purchase computer equipment on-line and they were located in Michigan?" The guy on the other line had to know what I was thinking because during the pregnant pause he said, "Mrs. L, are you in Michigan? This was a HARD swipe. Someone created a fake card."

Crazy times.

Posted by: Bou at February 5, 2013 07:46 AM

Ah, now it all makes sense. I agree that it probably is related to the breach last year. One of the things these miscreants have learned is to let this data sit for year and lull the credit card owners into a false sense of security. After about a year, when you think you don't have any problems, they start using the cards in the manner that you have seen.

We have had the same issues with having to change some of our bill payments after a compromise, it is a pain. And our debit cards as well, numerous times in the case of the debit cards. And health records, we were impacted by the SAIC loss of unencrypted backup tapes in Texas last year. And another breach of our health data prior to that.

We have monitoring on our credit and have for several years now. It's helped with big issues, but not so much with the payment cards.

Did you ever receive a notice that your card data might have been accessed? I'm not a big fan of California, but they do have a law that if there is a breach of a database that has the info of California state citizens, the company has to notify them of the incident. That is a good law. When they went to enact a similar one at the national level, it was watered down so that requirement was not implemented.

There are two issues here with the compromises. First, money. It costs a lot of money to keep things secure and the usual business decision is "it won't happen to us". Until proven otherwise and even then, it's a "one time occurrence". Second, even if you do have a bullet proof set of defenses, you have to let email in and there's always someone who just has to click that link. In the case of the RSA compromise, a secretary went into the spam folder to open an email and then click the link that infected her machine. Despite having filtered it out, the secretary went in after it anyway.

I've been involved with organizations where they train their employees and then test them by sending in phishing emails. Some of the employees will click on every one of those phishing emails. They just don't learn and in some cases you just can't get rid of them either (that's a whole other story). Suffice it to say that the computer security industry hasn't figured out how to prevent it.

Yet.

Posted by: marcus erroneous at February 5, 2013 09:18 AM

Sorry it was me ;P

I get calls every christmas when I am doing shopping asking if I am still in possesion of my card because so many purchases are going on it.

I use my CC for everything, I mean everything. If the CC company is going to pay me to use their card I am damn sure I am going to take advantage of it. Gets paid off at the end of every month so they are just paying me to use their card. Win-win for me!

Posted by: Quality Weenie at February 5, 2013 12:01 PM

Wow, that is weird. There's coincidental and then there's *too* coincidental, throwing an entirely different light on the subject. Not that I'm paranoid. ;)

Posted by: pam at February 5, 2013 01:44 PM

Remember when mine was used to buy over $200 in TWILIGHT tickets? The horror...the horror...

Posted by: Toluca Nole at February 5, 2013 04:05 PM

Are your cards from the same bank? Maybe it's a bank issue??

Posted by: Peggy K at February 10, 2013 10:28 AM