All the Perl that's Practical to Extract and Report

Recent (Fraud) Activity

Purdy on 2003-06-11T15:44:26

My wife woke up this morning to a call from our MasterCard (Chase Bank - lovely people), calling to confirm recent activity. I thought that was odd, but I have made several large purchases recently - plane tickets to Boca, two Axims and a server from a local computer store.

Anyway, the item that stuck out to them was a $367 charge to "Home Shopping Network." Come to find out, HSN had called our bank to confirm the account, shipping to a Scott Stevens in Alabama (huh?). Needless to say, we are not Scott Stevens nor did we buy anything on HSN for Scott Stevens (much less buy anything on HSN, period ;)). So Chase is re-issuing account #'s and FedEx'ing us new cards tomorrow before we take off for YAPC.

Couple of things to take away from this:

  • Do not use a check/debit card for online purchases. You do not want a hacked card to affect your checking account. It's also nice to use a regular credit card that is well-protected in terms of liability and fraud. I use that Chase card everywhere on the internet for online purchases - I wonder who got hacked recently [and didn't tell me].
  • I wonder what algorithms Chase (or whomever) use for fraud detection? Not that they were used in this case, as HSN prompted the query, but thought-provoking, nonetheless.
  • "Scott Stevens", whereever you are, I wouldn't be expecting a package from HSN anytime soon. Or rather, if you get a package, it's most likely an attempt to tie you physically to the virtual fraud. Perhaps I shouldn't be saying anything, but I highly doubt this blog is monitored.
Cheers,

Jason

possibly not even hacked

TeeJay on 2003-06-11T16:48:11

There are plenty of easier ways to get credit card details than hacking servers (although that is pretty easy with the number insecure ecommerce sites).

You credit card details will appear all over the shop - resturants, shops, train stations, etc.

Re:possibly not even hacked

Purdy on 2003-06-11T19:52:19

Hmm - I use my debit card for physical transactions ... now you're giving me some unease on that ... ;)

Before you tar and feather ...

derby on 2003-06-12T12:19:14

... remember Hanlon's Razor - Never attribute to malice that which can be adequately explained by stupidity. (Although, I like to substitute incompetence for stupidity). Employing phone slaves for $6.50 an hour can lead to lots of typos.

-derby

Re:Before you tar and feather ...

Purdy on 2003-06-13T01:50:37

True - but to get both the number AND expiration date ... and perhaps the operator prompted for the CVC # on the back, too?

Don't worry, though - my trust in humanity is far from shaken. Got my new card today and it looks pretty cool - different and sleeker design.