Journal damn_registrars's Journal: What Would A Smart Thief Do With A Stolen Credit Card?(LONG) 8
One of my credit cards - my check card, actually - tends to end up compromised about every 8-12 months. Thankfully I rarely go more than about 12 hours without checking my bank balance online so it is very rare that whoever got the info got very far before I called the bank to cancel the card. The executive summary of this long JE is that my card has been compromised again, and I postulate that it keeps getting stolen by idiots. I end by speculating on what a smart thief might do with a card instead...
This time, whoever got the info spent around $530 at Blizzard, apparently buying (lots of) time for World of Warcraft. I've never played WoW; the last Blizzard title I bought (which I bought at Target) was the first Starcraft. I honestly didn't even know Blizzard sold WoW time in increments that cost $149.90 each time (this person bought three at that price and several more for $14.99 each). Thankfully one quick call to Blizzard reversed all of that, and another call to my bank canceled the card so the numbers became useless. I don't consider that a very smart use of stolen CC data...
The most recent time before this, the person who had the info was a little more creative (I mentioned this one in a previous journal entry). They ordered some beauty and weight loss shit (some of which, for some reason, they shipped to me). They also ordered some online book on how to make money on eBay. I forget what else they ordered, but it did make a mess as I had to call quite a few different vendors to get charges reversed since my bank isn't as proactive as I would like them to be. This was perhaps a slightly smarter use, as it was more of a PITA for me; but in the end it was nothing more than an annoyance. Really, I would think they could still do better.
The time before that was perhaps even more interesting. That time the person who got my info used it to buy personal ads. I particularly enjoyed calling up JDate to tell them that I am neither single nor Jewish. Frankly it was a shame that the sites who sold the personal ads wouldn't give me the information on the personal ads that they were billing me for; I could have tried to arrange for someone to meet the idiot thief in person and give them what they deserve. The only thing that person got right was buying ads in a lot of different sites, which made my life difficult. There was one based in Minnesota who refused to refund my money, even though they wouldn't disclose the information of the ad (that they insisted on billing me for) to me either; that one my bank refunded to me and wrote off. Otherwise that idiot escaped only by the fact that the dating sites were so good and being tight-lipped for them.
But this leads me to wonder; what would an intelligent thief do with stolen credit card data? I would think that a smart thief would opt to make normal purchases, rather than unusual ones. Granted, as I said in the journal entry about the second thief some of those products are very commonly used but they are not ubiquitous enough to count on any random person needing them. I generally figured if I was of that persuasion and had a (physically) stolen card, I would start by putting gas in my car (and maybe all my friends' cars, too). Grocery stores might be a good place to go as well, many of them don't need signatures for totals under $50. For that matter a lot of retailers don't check signatures worth a damn anyways...
But of course online purchases are a little trickier. A smart thief would probably want to use merchants that are amongst the highest traffic (Amazon, eBay, etc...) but of course then where do you ship the stolen goods to? In the case of my idiot #2, the goods that weren't shipped to me were sent to a bogus address that would be not that far from where I live. Of course, if a thief is buying digital or intangible merchandise then shipping isn't an issue, although I don't know that Amazon sells many items that fall under that category.
This time, whoever got the info spent around $530 at Blizzard, apparently buying (lots of) time for World of Warcraft. I've never played WoW; the last Blizzard title I bought (which I bought at Target) was the first Starcraft. I honestly didn't even know Blizzard sold WoW time in increments that cost $149.90 each time (this person bought three at that price and several more for $14.99 each). Thankfully one quick call to Blizzard reversed all of that, and another call to my bank canceled the card so the numbers became useless. I don't consider that a very smart use of stolen CC data...
The most recent time before this, the person who had the info was a little more creative (I mentioned this one in a previous journal entry). They ordered some beauty and weight loss shit (some of which, for some reason, they shipped to me). They also ordered some online book on how to make money on eBay. I forget what else they ordered, but it did make a mess as I had to call quite a few different vendors to get charges reversed since my bank isn't as proactive as I would like them to be. This was perhaps a slightly smarter use, as it was more of a PITA for me; but in the end it was nothing more than an annoyance. Really, I would think they could still do better.
The time before that was perhaps even more interesting. That time the person who got my info used it to buy personal ads. I particularly enjoyed calling up JDate to tell them that I am neither single nor Jewish. Frankly it was a shame that the sites who sold the personal ads wouldn't give me the information on the personal ads that they were billing me for; I could have tried to arrange for someone to meet the idiot thief in person and give them what they deserve. The only thing that person got right was buying ads in a lot of different sites, which made my life difficult. There was one based in Minnesota who refused to refund my money, even though they wouldn't disclose the information of the ad (that they insisted on billing me for) to me either; that one my bank refunded to me and wrote off. Otherwise that idiot escaped only by the fact that the dating sites were so good and being tight-lipped for them.
But this leads me to wonder; what would an intelligent thief do with stolen credit card data? I would think that a smart thief would opt to make normal purchases, rather than unusual ones. Granted, as I said in the journal entry about the second thief some of those products are very commonly used but they are not ubiquitous enough to count on any random person needing them. I generally figured if I was of that persuasion and had a (physically) stolen card, I would start by putting gas in my car (and maybe all my friends' cars, too). Grocery stores might be a good place to go as well, many of them don't need signatures for totals under $50. For that matter a lot of retailers don't check signatures worth a damn anyways...
But of course online purchases are a little trickier. A smart thief would probably want to use merchants that are amongst the highest traffic (Amazon, eBay, etc...) but of course then where do you ship the stolen goods to? In the case of my idiot #2, the goods that weren't shipped to me were sent to a bogus address that would be not that far from where I live. Of course, if a thief is buying digital or intangible merchandise then shipping isn't an issue, although I don't know that Amazon sells many items that fall under that category.
compromised about every 8-12 months? (Score:1)
If your card is that easy, you oughta think about switching banks. Or suing this one.. Wouldn't surprise me to find out it's an inside job.
Then clean out all the key loggers on your machine :-)
Somewhere between you and your transactions there is a breach
A smart thief uses a card once.. for cash and contraband.. You're getting hit by pre-teens
Re: (Score:2)
Possibly. It's also possible that his card fell into the hands of some gold farmers.
Re: (Score:2)
I'd have to second this posting as my father works for a bank and I have a little knowledge about their inner workings with fraud. Switch your banks, this would never fly with a bank that knew what they were doing. Now for keyloggers, I know you know what you are doing damn_registrars but it wouldn't hurt to double check and clean your machine. Buying prepaid visas is also a smarter way to shop online, but it is a hassle...
On another note, I've only ever been "compromised" once and that was actually a st
Buy computing (Score:1)
"Of course, if a thief is buying digital or intangible merchandise then shipping isn't an issue, although I don't know that Amazon sells many items that fall under that category.
"
Amazon Cloud services - how much computing & bandwidth could you buy for $500. A lot of password cracking?
http://aws.amazon.com/ec2/#pricing [amazon.com]
Re: (Score:2)
In the past I've had work CC stolen; they bought tons of crap on iTunes *twice*, so apparently that is the place to spend your ill gotten cards.
Ebooks, music and movies (all instant download) would make the most sense I guess.
They *ARE* being smart (Score:2)
Whoever is stealing your info is being smart. They know that the instant they start using your card, the clock is running out. No matter what they buy, there is a chance you will notice. So, they can either
a) get as much value out of the card as possible as quickly, using your reaction time against you
or
b) try to be sneaky. They might get more money, or they might get less.
These people work on the principle of volume - they want to turn over as many cards as possible in as short a time as possible, to maxim
Re: (Score:2)
The gold farming WoW thief that bought it then moves to quickly make as much off it as he can, knowing the WoW accounts will be close relatively quickly - but in that time he turns the $50 he spent on your card into WoW "gold" and then turns that into $100. Don't think about the $500 he "spent" on the WoW time - *he* didn't spend $500, he spent $50.
I admit I hadn't considered that option. I have never played WoW so I don't know all that much about gold farming - would it be able to turn a profit in 48 hours or less? I figure if they started immediately after making the purchase, they would have had a window of time that long at the most; I saw the charge appear on my bank account during off-hours for Blizzard and couldn't call until the following morning - but of course it may have taken some time before it reached my bank anyways.
I've know people in the position to turn over to the credit card companies a significant fraud operation - hand it to them on a silver platter, all the CC company had to do was contact the police at the destination and they could have busted a group committing over $10K of fraud. The CC company wasn't interested - "Just don't send them the goods, or we will hold you accountable, bye [click]".
It is utterly ma
Re: (Score:2)
That would be almost all of them, now-a-days. I don't ever mail in checks, I just go online. Of my three, I've had the most issues with Bank of America and Chase, but Discover has always been easy. Indeed, I could download my transactions into Gnucash and have my Discover up to date automatica