We’ve been “hacked.”
Opened up my Amazon Visa statement the other day, the one I use mostly for internet book purchases, and discovered a bogus $599 charge from a heating and air conditioning company in Illinois in December.
Of course we immediately called the number for the company, only to discover that the Verizon number for the firm was “unavailable.”
Next step? Called the credit card company with the information that I did not make any purchase from this company at any time. They are crediting the charge while they “try” to get a refund from the Illinois company, that I would never use in the first place since my son-in-law Terry owns Accu Air Heating and Cooling right here in town…
I’m not sure what that [try to get a refund] means, but I hope I don’t end up paying for something I didn’t buy from a company I’ve never heard of, for that much money. I’m still not sure why our credit card provider didn’t call me to verify the charge at the time. The “purchase” date was December 5th.
We have made an occasional in-store charge with that card, and that may be how this all happened. In going back through statements, we found our only “in-store” purchase was to pay for some bathroom items from Bed, Bath and Beyond in Midland in late November.
Information from the “National Cyber Awareness System” from Emergency Preparedness Director Jerry Becker explained a system being used lately where “cyber criminals” have been collecting and using the data processed from the magnetic stripe on a credit card – “Track 1 data,” which is the information about an account. This includes the name on the account, the account number and expiration date, and the cardholder’s name.
They get the information by attaching a physical devce to the POS system to collect the data as it passes through the software system. This scam is called “Skimming.”
Another way to steal credit card information is by purchases made on-line when links or attachments in emails and malicious websites are accessed by the “malware” and downloaded. That might also be what caused our “problem,” since I used that card to make an on-line purchase of pet supplies – also in late November…
The whole scam or “malware,” targeting “Point of Sale” or POS systems, which processes purchases goes by several names: Dexter and Stardust are two.
How do these criminals get access to the POS systems? Installers sometimes use “default” passwords for simplicity, which can be easily obtained by cyber criminals. Business owners are urged to change passwords to their POS systems on a regular basis, and make them unique and complex.
Another access to the businesses system can be gained by malware when updates to the system are not made regularly. Firewalls can protect their systems from unauthorized access, and antivirus programs should also be updated regularly. Remote access to the POS networks should not be allowed.
But, what about us, the credit card holders? The information Jerry sent said “fraudulent changes to a credit card can often (that’s the key word here I think) be remediated [fixed] quickly by the issuing financial institution with little or no impact to the consumer.”
I certainly hope this is the case for us.
If your debit card is accessed it could be more serious and lead to unauthorized withdrawals, bounced checks and late payment fees.
If you believe your credit or debit card has been hacked, change online passwords and PINs used at ATMs and POS systems; request a replacement card or cards; monitor your account carefully; and place a security freeze on all three national credit reports (Equifax, Experian and TransUnion). This move will block access to your credit file by lenders you do not already do business with.
You can also contact the Federal Trade Commission (FTC) at 1-877-438-4338 or at their website at www.consumer.gov/idtheft, or contact your law enforcement to report incidents of identity theft.
Fraud liability protection programs may be a good move too.
I think we will be doing “all of the above.”