Stolen Credit Cards

[doctorgonzo]

CardCops.com has just put their database of stolen credit cards online for people to check. If you are looking for some peace of mind, you may want to check it out:

https://cardtest.cardcops.com/index.cgi

[SARGE]

Doc, thanks for the link. Just so happens DL either lost one of hers or was stolen.

**wait a minute - seems unsecured to me. It wants a credit card card # naturally but I ain't biting.

[glc]

Yeah - I got a certificate chain incomplete and signer not registered warning trying to load the page.

[Trent Steel]

I wouldn't enter my credit card into it. Seems awfully close to the "Wallet Inspecter" scam. If you suspect your card is stolen simply contact your credit card company directly, most have 24 hour 1-800 numbers. I can smell the spam, ahem, scam here.

[homer15]

but all it's getting is a card number. it has no idea what kind of card it is, whose name is on the card, and all that vital stuff.

and what's wrong with the wallet inspector. he seemed nice.

[DrZaius]

Quote:

and what's wrong with the wallet inspector. he seemed nice.

LOL You crack me up homer.

[troysvihl]

Quote:

it has no idea what kind of card it is, whose name is on the card, and all that vital stuff

The type of card can be gotten by looking at the first number the card starts with. If it's a 4, it's Visa; 5 is MC; and I think 6 is Discover. American Express cards are easy to tell because they don't have less than the standard 16 digits.

The name on the card isn't needed to make a charge. Neither is the exp date or billing address. (although legit merchants routinely get this info as a type of security check)

This site seems like a scam to me. It just makes no sense. If your card numbers are checked to be valid, what's the point? Who cares if someone does check? All you're going to get back is the list of merchants that you've used the card with. The same info is on your statement, and most credit card companies have online databases where you can check your statement in real time. (well, almost real time, there's a day or two delay)

I also don't see any evidence on that page that they have a database of stolen card numbers. And if they do, what's the pont of that? If the card numbers are known to be stollen, the numbers are already cancelled and you won't be able to use the card anyway.

And if your credit card is stollen, you're not liable for the charges. Well, technically you're liable for up to $50 per unauthorized transaction, but credit card companies rarely enforce that. (unless it's a debit card, in which case you're liable for the entire amount. For that reason you should never, ever use a debit card. Just use a credit card and pay the bill each month.) Just check your statement each month, and if there's unauthorized charges call them up and have them send you a new card and credit you for the charges.

[mbossman2]

Card Cops is a legitimate site put up primarily to help small businesses protect themselves against fraud.

This database and its search has been documented on several national consumer protection news programs (Clark Howard is the one that I heard this on www.clarkhoward.com)

[doctorgonzo]

Hmm, this has created more of a controvery than I anticipated.

As mbossman said, this is not a scam. From what I have read, this is a database of credit card numbers that have been put into a bot on IRC that checks to see if they are valid. CardCops harvests these numbers as well, with the assumption that if some script kiddie uses that bot to check a credit card number to see if it is valid, it has probably been gotten by illegitimate means. They have also created bogus websites with fake stores and intentional security flaws to see how people attack them.

Your credit card company isn't going to be able to tell you if somebody has hacked into a credit card database at some web store and taken your credit card info. That's what this database is for.

Troysvihl is correct: liability is limited to $50 as long as you inform your bank immediately. However, it is not that easy. unfortunately. The cost of fixing these charges, as well as fixing your credit report, is extremely high. My father was a victim of identity theft, and while he was not liable for any of the charges incurred in his name, it took quite a while to fix everything.

[Lord Prism]

That's a great site. I'm still going to wait before I take the leap and put my number in though....

[mbossman2]

and to add to the good doctor's comments:

Before I was in tech, I was in banking and one of the sub-departments I was responsible for was the retail fraud team. Many banks have now add some sophisticated software that tracks your credit card transactions and flags for review activity that is "out of the norm" (For example, if all of a sudden, you are making big dollar purchases in Hong Kong and you never bought a plane ticket to Hong Kong, those transactions would pop up and after closer review, may generate a call to you to see if they were in fact yours).

The bank I worked at implemented a very crude version of this software 10 years ago and we caught many fraudulent charges (an increase of 40%) and were able to limit the liability of bank (and make life easier for the customer) extremely quickly.

Credit card fraud and identity theft are a multi-billion dollar businesses and you need to closely guard all of your personal information.

Key pieces, that if they get into the wrong hands can ruin your life are:
Name
Address
Social Security number
Date of Birth
Credit card numbers
Bank Account Numbers

With any 3 of these pieces, a bad guy can, in less than 2 days, obtain your complete credit history, contact you banks, arrange for new cards to be issued, and sent to your "new address", and then move on to bigger and better rip offs (creating bogus bank accounts, wiriting hot checks, obtaining car loans, etc) and you will spend approximately 2-3 years chasing and repairing all the damage that the crook has caused (this is the average length of time it takes).

The steps that you can proactively take to limit a bad guy's opportunity (besides holding the above info tightly) are:

Get your credit reports every year (6 months is better) and review closely
Review all statements (bank and credit card) closely each and every month
Mark you credit cards with "Ask for ID" with an indelible marker.
Never, ever ignore a collections call when you pay all your bills on time, this will probably be your 1st tip that you have a big problem.

And if you do get stung, file a police report (even though the local police may not want to take one, ask for the frauds division, that MUST accept one from you), contact all 3 credit bureaus, talk to their frauds division, they will slap a code on your report that stop any future activity and help you thru resolving the mess that your credit will become, call your bank and have them place on your checking account a "Check signature card order" on your account so that every check that comes is has to be manually reviewed and make sure that any checks they catch are stamped with the fraud stamp NOT the non-sufficient funds stamp.

I know this is wordy, but it may help it you get ripped off.

Matt

[HAL9000]

Quote:

Originally posted by troysvihl The name on the card isn't needed to make a charge. Neither is the exp date or billing address. (although legit merchants routinely get this info as a type of security check)

I agree that I don't need the name to do a manual transaction at work, but I do need the expirey date or it will not be processed. Run through the Interac machine without the date, it rejects. If I manually fill out an imprint card without the date, they will reject it during processing.

[troysvihl]

Sometimes I've accidently punched in the wrong exp date, and the transaction goes through just fine.