While I was rehearsing in New York, my credit card was shopping in Arkansas

Q&AlisonLast Friday I opened my credit card statement and there in a row were 20 charges made in one day, April 22, at Walmart in Arkansas. I live in New York.

On April 22 I was at the first dress rehearsal for Need to Know in New York City. Someone hacked my credit card, went looking for “always low prices,” bought something on eBay for $4.99 and paid a bill through a third party. Of course, my mind raced to remember if there was a shady guy standing behind me at my local ATM that morning. Had I ordered something online using public Wi-Fi and exposed my plastic?

Feeling frustrated but knowing that I am not alone, (according to the FTC 26% of all ID theft is credit card fraud), I called a former colleague, an expert in online fraud. Bob Sullivan wrote The New York Times bestselling book, “Stop Getting Ripped Off” and writes the Red Tape blog for MSNBC.com. I called him at his Seattle office.

Alison Stewart: So Bob, there are 20 different charges, all at Walmart, for around 60 dollars, right in a row. What do you think they bought?

Bob Sullivan: Those are likely gift card purchases, very well done online. The trick for thieves is how to turn it into money. It is not as easy as it sounds. Going into and using a card is obvious, but there are video cameras and then you (the thief) have to fence the item. You’ve put yourself at great risk. Buy a stereo and sell it on the street is the way it used to be, now they get gift cards. Then you can sell the gift cards online, even on Craigslist. And they can be transferred. This could have happened years ago and has just made it through the system. Sometimes they don’t use them right away. A guy was arrested for hacking millions of cards from 2006 to ‘09 and he couldn’t use them all at once. I think his name was Albert Gonzalez. (Note: It was, and he stole 130 million cards)

Stewart: Does using Wi-Fi expose me when I use my credit card?

Sullivan: No, not really. It is technically possible to do endless snooping. It is very, very hard. But I have never heard of anyone doing theft. I’ve seen demos on TV news.

Stewart: So, am I right to suspect the guy who was standing a little too close to me when I used my local automated postal center? Does that happen?

Sullivan: Yeah. But that’s hard work. Standing over someone is doable but most go online and hack sites. Plenty of people don’t use their card online and think they are protecting themselves but it all ends up online. Stores input your information into computers. When you call someone on the phone to order, what do you think the operator is doing — typing your information into a computer and maybe the store’s website.

Stewart: They also charged something to a bill paying service, a third party.

Sullivan: Again they want to monetize. That’s the trick.

Stewart: Is there anything I could have done and can do so that this wouldn’t happen?

Sullivan: Well, you can use mainstream sites. Using porn (laughs) or going to the deep dark shadows of the Internet or even smaller stores can put you at risk.

What I do is I have one credit card for all my “risky” purchases online  (note: Bob is not referring to porn!). The card has a low limit. I check the bill extra carefully. What happens is, over time, someone (a thief) charges an extra 15 to 20 a month, and it goes unnoticed. That is realistic. I’d say, simply look more carefully [at the bill].

Stewart: So there’s nothing to do to really protect myself. Is it like walking across a New York street, you just might get hit by a car?

Sullivan: I’d say a better analogy would be parking on a New York City street. Some places you are more likely to get broken into. If you have $1,000 GPS on the dashboard, you are more likely to be broken into.

Stewart: Should law enforcement embrace hackers to learn from them how to stop this kind of crime?

Sullivan: A lot of law and order spend time in chat rooms. They are starting to crack down. But it is complicated to prosecute. You have to subpoena every Internet service provider. It is slow to grind through the system. For someone who stole a couple hundred dollars, it’s not likely to be prosecuted.

Stewart: After hearing about all the purchases made on my card, any thoughts on who it might be?

Sullivan: (Laughs) It used to be easy to say it was a 17-year-old kid in his parent’s basement buying video games. It’s bigger. Now it is lucrative. What I hear from cops is that ID thefts are safer [for thieves] and more lucrative.

P.S. In a bit of irony, Bob Sullivan recently has his own bank card “compromised.”

 
SUGGESTED STORIES
  • thumb
    Main Street: Findlay, Ohio
    Need to Know travels to Ohio to assess how workers are faring after the loss of millions of manufacturing jobs over the past 35 years.
  • thumb
    Following the money: Tax breaks
    New CBO report echoes the findings of Need to Know's "A tale or four tax returns."
  • thumb
      Certifiably employable
    Rick Karr recently visited Seattle to look at a program designed to give the unemployed the skills they need to find jobs in one of the country’s fastest-growing industries.

Comments

  • MacSmiley

    Hmm. 26% is credit card fraud? Does that include debit cards? If yes, than that means 74% of Identity Theft is NOT credit card fraud. That’s even scarier.

  • Lizz

    Mine got hacked last week too. Going through the motions of placing fraud alerts. For your bank accounts one thing you can do is have them put a fraud alert on your profile, which means when a transaction is made in the bank, they check i.d. and call the supervisor.

  • john fraser

    i’ve had unauthorized charges put on the same card twice. both charges occurred in places far away from my residence. each time the credit card company called me because the location of the charge was suspicious. the company then didn’t pay the charges, cancelled the card immediately and sent me a new one. i was without that card for a few days but that’s the only inconvenience from either bogus charge. that company seems very vigilant. they have also inactivated my card twice after i used it in geographical areas that i don’t usually shop. after one or two charges in a different area, the card would not work the next time i tried to charge something. i had to call the company to get it activated again.

  • Alison Stewart

    To Mac Smileyto your point…here’s the breakdown of other forms of ID theft.
    After credit card fraud….

    •Utilities fraud (18%): Utilities are opened using the name of a child or someone who does not live at the residence. Parents desperate for water, gas, and electricity will use their child’s clean credit report to be approved for utilities.

    •Bank fraud (17%): There are many forms of bank fraud, including check theft, changing the amount on a check, and ATM pass code theft.

    •Employment fraud (12%): Employment fraud occurs when someone without a valid Social Security number borrows someone else’s to obtain a job.

    •Loan fraud (5%): Loan fraud occurs when someone applies for a loan in your name. This can occur even if the Social Security number does not match the name exactly.

    •Government fraud (9%): This type of fraud includes tax, Social Security, and driver license fraud.

    •Other (13%)

  • norman krueger

    this is how i beat the theft vsystem . when i get my direct deposit i withdraw all of it except 80.00 then carry the remaing amount on me then store it in a secret place in my domain. end of prblem.it may prhistoric but it is proven fact it works. end of problem.