So yesterday, I got a call from CapitalOne’s fraud unit. They discovered suspicious activity on my Mastercard and needed me to call them back ASAP.
Wow! Before I called, I went online to look at my balance and sure enough, there was $300 on it and it should have been $0.
I had a bit of a hard time getting out of the woman what the charge(s) were for because they had suspended my account and I couldn’t even get the details of the new transaction(s) from the website. Finally she read to me almost 20 charges in 2 days for just under $20 each. And the retailer was Vodafone GmbH. Yikes! That’s a European cell phone company, certainly not one I would be buying from.
Here’s my theory: since my card hasn’t been stolen, my card number must have been nabbed in one of those data breaches you hear about all too often. I think these charges are for pre-paid cell phones or gift cards or something like that. These charges in US dollars equate to just about 15 euros each. I’ve seen enough crime shows on TV to know that the Bad Guys like pre-paid cell phones because they aren’t trackable, like regular cell phones are. And I was just reading an article in the Washington Post the other day which said most of these cyber-criminal gangs responsible for hacking and stealing data are operating out of Eastern Europe and Russia.
So the lady accepted my statements that I did not authorize these charges and closed my account. Now I have to get a new account and card and make sure any retailers who charge my account automatically get the new number. That would be the YMCA and the Smart Tag people.
Here’s my advice to you: do not make online purchases* with a debit card. I used to, before these breaches were commonplace, but even though I haven’t used my debit card that way for a long time, the number is out there in who knows how many databases. It may already have been nabbed, just not used yet for evil purposes. I’m going to have to check with my bank to see if they can issue me a new debit card, suspend the card number I’ve got now but not close my account (my debit card number does not match my account number like my Mastercard does). That way I can avoid a bigger problem should the Bad Guys want to clean out my account.
Check your online balance frequently, between monthly statements. You may be able to spot something fraudulent before the credit card company does. I give CapitalOne props for suspending my account and rejecting even more of these charges as quickly as they did. I am not responsible for that $300.
*I know, I know, even in-person transactions with a debit card are susceptible because some of these companies that have been hacked are payment processing centers. That is a good argument to quit using debit cards and go back to check writing, although I don’t know if that is foolproof against the Bad Guys, either.