I have never had an issue with my credit cards, and I purchase a lot of things online. My mother did have her card maxed out. It was easy to determine where they acquire the number (someone at a restaurant did it), she rarely used the card (it was for travel emergencies only). My former boss also had his card number "stolen" at a restaurant.

We had our credit card number stolen at a restaurant in South Africa by a process called "skimming", I think, using a device that reads the information on the magnetic strip of your card after it has been taken to process your bill. I don't believe we've ever had trouble with online purchases.

I've had my credit card # stolen twice - one was someone hacked into School House Electric's site - we noticed something funny - the credit card company took care of it after a few nice threats and School House Electric backed us up and all their customer's (they handled things very well) and another time where someone from Africa was trying to buy an AC unit from some shop in another state - the shop caught on and contacted the credit card company to verify and then called me - the shop was very nice about it too.

Cancel the credit card and ask them to put a restriction on your credit cards so no one can open new accounts for a while. It happens, and it wouldn't stop me from ordering online, but do be careful.

I think it's weird that the credit card company emailed you about the issue. What if you don't check your email regularly? I made a few rather expensive purchases in one day using the same credit card, which was unusual for me. For one of the purchases, the store had to call the card company to get the credit ok, and I had to talk to the credit card person directly to prove it was me. While it was a bit of an inconvenience, I was glad to see that they were being careful with my credit.

I have ordered a lot of things on-line, and have never had a problem with ID theft.

I am surprised you only received e-mail notification. We had a phone call asking if the charge was legit for someone purchasing electronics or a computer from overseas. Since I was screening the call, I called the credit card company back (you never know these days if it is someone pretending to be the company), and explained that the charge wasn't from us etc. We use the card all the time it is hard to know if it was from online purchasing or restaurant or brick and mortar purchases. Anyway one of my credit cards allows us to create a temporary number that links back to our credit card. I like to use that for some of my online purchases, especially if it from a small place I have never heard of. I only had one issue doing that and that was when I ordered software from a larger chain and had to pick up the item in the store - they checked the CC number. Luckily I had written the temporary number down that I used for the order near the computer and had to call my husband to get it.

Did the email ask you to call the credit card company about the charge or did it provide a link for you to respond?

It's strange to me that they contacted you by email and I know that there are a lot of scams out there from people posing as various banks, etc. claiming there's a problem with your account and asking you to click on a link to verify your information - of course you are then inadvertantly giving all your info to the scam artists.

If you did respond via a link, please call your credit card company ASAP to make sure your card is really cancelled.

ALWAYS call the credit card company at the number listed on your card, not the number in an email or phone message. I received a fake call one time. "This is Citi card. We are calling about an issue with your account. Please call us at xxx-xxx-xxxx as soon as possible". They then ask for your card number, etc., so they can look up your account. They are actually stealing your card number and possibly other information.

Also, financial services companies will never ask you to email personal information (name, card number, ssn) to them. Fake emails are a HUGE problem.

I just recently had american express call me, I barely use that card and hadn't used it in 3 months, apparently someone was trying to use my number to buy airplane tickets in India (I have never been to india and not used the amex outside of the US) so either some webpage was hacked or I've heard that people try random numbers on some less scrupulous websites based in other countries.

what sue36 says is always the truth.. I never call, respond to email, fill out mail forms etc without calling the number on the card to find out if its legit.

I think the email you received is the suspicious thing. Call the credit card company, if you haven't already, and find out what' going on. And let them know you received the email - if it's not legit, they may want you to forward it to them and they'll handle.

I am usually suspicious of emails as well which is why I ignored an email from Amazon back in December saying someone tried to open an account with our card. The next month when I saw the strange charge, I contacted the credit card company and they took care of it.

It's happened to us a few times even before we started purchasing online. My mother does nothing online because she is so worried about stuff like this. The beauty of the internet is being able to monitor your own accounts and catch things quickly.

I actually have a credit card that I reserve only for online purchases, and I probably use it once or twice a month. I've usually not had a problem. Once I ordered something online that came to $53. I got a call from my credit card company asking me if the charge of $5300 was legit!! I'm not sure if the company I made the purchase with made an honest mistake when entering the charge amount, but I told the credit card company it wasn't legit. The amount of $53 showed up on my credit card along with a double shipment of the item.

I've had my credit card company call me a few other times when the dollar amount for an online purchase was high. All of those times it was legit. But the point is, they've never sent an email, they've called.

Little bit of knowledge - hth.

Anyplace you use your credit card has a record of the charge and your credit card number. With computers, most of these are placed in a database somewhere - but records also exist on paper. This information persists for years.

When you use your card, even if the card reader is on your side of the transaction, you are trusting the entire accounting staff and information systems staff of whatever company is accepting your card. In a place like a large chain grocery store or a big box store, you're trusting a huge number of people - including a bunch of former employees and third parties that maintain their web sites, their equipment and their software. In the case of Joe Blow, Internet Vendor - it may just be Joe.

All credit transactions pass through a credit card network and there are hundreds of transaction processors who route your purchase to your card issurer for approval and approvals back to the point of purchase. Add all those people to your trusted friends too. They tend to be a bit better than the average company at safegarding, but they can have your credit card information clearly in front of too many people.

The credit card companies do not impose standards for information security - they make suggestions, but they do not require a company to do anything in particular.

The vast majority of "hacks" are because an inside person compromised security. They sold information or were conned into disclosing a password. Sometimes, the procedures surrounding the handling of credit card information are so poor that third parties are allowed to walk out of the building with copies of it. Rarely is credit card information encrypted or protected in the manner in which it should be.

And do pray the company you purchased from never goes bankrupt. In bankruptcy, the information is considered an asset and can be auctioned off like any other company asset.

The credit card companies (except for the temporary number scheme above) do not have meaningful protections on the cards. Places that ask for id, ask for zip codes or the stupid three digit "security code" on the back of the card or other validation information are asking because they get a better fee on the transaction. Don't you wonder how much training that 18 year old running the cash register has had in identity theft and signature matching?

I call the security code stupid because it was supposed to prove the presence of the physical card. But they offered a better fee to online only companies as well as bricks and mortar stores. So everyone started asking for (or reading) and saving the security code in their databases. SHOCK. So it simply became a longer credit card number and means nothing.

My favorite validation information is zip code from places like bed, bath and beyond. What's amusing is that after you use a card in some large chains, you'll be added to their mailing list. Potentially, at least some of their employees and vendors have access to your name, address, credit card number complete with stupid security code, expiration date and your purchase history. They can "read" your name off the card and you supply your zip code but I've often wondered where they get the addresses?

The only problem I've had with my credit card recently is restaurants adding on a tip to takeout orders on which I didn't leave a tip. Both places apologized and said it was a mistake and reversed the charge but I've heard on the news that adding on larger tips is big business since the individual amounts are small and most people don't check carefully.

Recently I was hit with a scam on my phone bill. I was charged $15 by netwatch.com for ISP services I didn't sign up for. This turns out to be a big scam - I found hundreds of complaints online about them.

I'll agree with the others about being suspicious about the email unless the credit card company had tried unsuccessfully to get hold of you via phone. I've had several incidences with different cards and have always received prompt calls from the company. Usually, the charges are legitimate but don't follow our typical pattern. Like mysterymachine, we had a call several months ago from our credit card company about someone trying to use our card for an online purchase. It's a card that is rarely used and has never been used for online purchases and hasn't been used in restaurants.

The only time I wasn't called was when a credit card company charged my card by mistake for a $2000 computer. I had a 6 month fight on my hands and was told by their customer service rep to get a lawyer. The situation was resolved only because I happened upon a customer service agent who happened to know about a customer that notified them that they were never charged for their computer. Yikes!

When purchasing online, I believe that "https" should show up in the address when you start the purchasing process (instead of "http" starting the address.) The https shows that the site is using secure encrypted software. The site will originally show "http" and will only switch to "https" when the purchase is initiated.

I got a voice mail from my credit card company about a suspicious charge. The guy could barely speak English so I ignored his call back number and called the number on the back of the card. Turns out that it was a legitimate concern and the warning call was from an Indian call center. You have to be a detective to figure this stuff out. I feel sorry for folks who aren't too savvy about these things.

I am a bit confused. Let's say I have someones Credit Card # and I want to make a purchase. Isn't the holder's home address necessary in order to complete the transaction online or over the phone? Provided the card isn't stolen there isn't much anybody can do with a credit card #.

mangotoo - no you don't need a home address to make a purchase - usually only the number and expiration date are required - sometimes places will ask for the 3 digit number on the back or your zip code as an additional security check.

"https" doesn't say beans about the receiver's software security - it only means that your card number is encrypted during the transmission from the computer you're seated in front of to the web server.

Indirectly, it can mean that the web server is owned by someone verified to be "real", but that's not a requirement or guaranteed. The owner of the encryption certificate doesn't even have to be the particular entity you are doing business with.

Having had serious issues of identity theft in our family, we are extremely cautious, even though we do a lot of online shopping nowadays. (In our case, as was suggested above, someone at a former employer compromised SSNs and sold them on).

I never, ever, reply to any emails (our bank never uses emails to alert a security issue anyway). If I receive a call from the bank, I tell them that since I cannot verify that the person I'm speaking to actually IS from the bank, I will call back, using the number on my card. They ALWAYS understand that this is for security and are never offended. Anyone who does get offended - they're fronting a scam.

Then I call back, as the other poster did, using the number on my card.

And always, always, check your bills for transactions that aren't yours.

Once bitten (mauled, more like), twice shy.

I have had my identity stolen but they never touched any credit cards. I also do a ton of on-line purchases and have never had a problem. But, I was forced to change a cc# after being called by the company, seems they had thousands of numbers compromised.

Have to agree that there is no way I would respond to an email, except to call them on a known phone number. When a CC security division has ever questioned my activity, it has always been with a phone call.

I'm home! Wow! Thanks for the responses and your concern.

My DH got the e-mail, and did not call the number on the e-mail, he called the number on the back of our credit card. He found out that the 2,600 dollar charge was to the Apple Store. They cancelled our card, and are going to investigate.

Well, that wasn't enought for me. I wanted to know more. Since we just have one Apple Store nearby, I called them. They said that they couldn't check that but gave me the number for the main internet store. I decided to call the credit card company first, to see if they knew if the purchase had been made at a store or online. (I wanted to know if it was local, then I would check local restaurants that I had been to, etc.) They told me that it had been on that had either been done online or through a phone call. Then I called Apple. They told me that the sale had been made in my name, and that they had one Ipod Touch being sent to my home, and another to another person's name in a different state. I asked what state. They then told me that they couldn't release that information. I was ticked. I said, "Wait. This person can use my card and try to steal my identity but I can't have their name?" Can you believe that? I then just tried to tell them that I was trying to pinpoint where it was because I could tie it into a past purchase...perhaps my sink or faucet that I bought online from another state. He continued to say no, and said that my credit card company or the law would have to look into it. I asked how that particular purchase had caught their attention when the previous month we had charged 4,000 for a car downpayment (we get cash back for every purchase) and didn't hear a thing. They said that they used a foreign name (????). I suspect that Apple talked to them, heard an accent and the two address thing, and questioned the purchase. I think they try to throw them off by ordering one for the address that goes along with the card, and then sending the other one elsewhere.

I watch Law and Order and CSI! I know what I'm doing, and I know I can pin this down. I just don't understand why they don't see my TV credentials as enough to give me the information!

As I thought, I remembered that on Christmas, I had burned my hand on the metal handle of my roaster, and I was out of my Foille burn spray (if you don't have this...it's the best!!! Hurts like you know what for a couple of minutes and then the sting is all but gone). After a search, I order some from an online company. After a month, I didn't get it so I called. They then sent me a similiar generic product but not what I had ordered. I called again, and they were going to credit my card for shipping costs to send it back. They didn't. I suspect them.

The other reason I posted here, I chose my sink and faucet sites from recommendations here. I figured if it was one of them, others may have had trouble, too.

Again, thanks for your help.

I watch Law and Order and CSI! I know what I'm doing, and I know I can pin this down. I just don't understand why they don't see my TV credentials as enough to give me the information!

HaHaHaHaHaHa!!!!!!! You made my day with that one!!!!

"My favorite validation information is zip code from places like bed, bath and beyond."

I've noticed the validation questions are getting ridiculously complex. It used to be mother's maiden name. or something definite like that. Now it's "what was your maid of honor's name" (which wedding!), "what is your favorite food?" (that changes daily!), "what was your childhood pet's name?" (which one!), "what is your favorite color?" (it'll be differnt tomorrow!). Argh.

Amazing, isn't it, that they won't release that information!

My PayPal account was repeatedly compromised by someone in Florida who tried to charge on it. Although they did tell me the state, they refused to tell me dollar amount(s). They did suggest that my computer had been compromised somehow, perhaps with a key-stroke capture program, and to clean it up. I did, and haven't had a problem since, but have 'fired' McAfee security!

Very scary to think that someone, states away, is 'watching' you!

If you make online purchases, I highly recommend you see if your credit card company offers one time use numbers with a set limit / expiration date which you can generate online when needed.

A lot of companies do (they call them different things). Just go to your credit card companies web site and look into it.

We charge pretty much everything (get the 2% cash back and pay it in full each month so no interest)- and do lots of online purchases. I always use a one time use virtual number online. That way, even if their system is hacked, your card number is worthless

osswb, seriously, I'm not kidding. I've learned a lot. OK, I'm kidding.

Pecanpie, doesn't it stink that they can let this guy or girl use my name, but I can't have theirs? It seems like they should report the name to the police since they know that they are the ones that did it. It seems like it would be their responsibility to follow this through.

Berryberry, That sounds like a great idea. I didn't know about the one time use number. That sounds like the way to go! I'll definitely look into it.

The last time we renovated, a clerk at the home store (not a HD or Lowes--a real lumber yard) copied the information off my credit card. He then rented a U-Haul in my name with my credit card and stole it. I got a call from the police in another county asking about the truck. It's grand theft auto!

Apparently, this guy was going to HD, stealing mulch and plants at night using the U-Haul, and paying homeless people and teenagers to return the mulch a bag at a time. Sounds like a tough way to make money. I really think it would be easier to just get a job.

Anyway, the police had seen this done before (really?) and just wanted to confirm that the guy had stolen my number and I still had the card in my possession. My credit card company also credited me for the rental.

On another occasion, my husband's card was charged for items at Nordstroms and LLBean. He had the card in his posession the entire time, and some of these were purchases made in the stores. Both companies gave him information about the products purchased, and LLBean gave him the person's address. Since the clothes ordered were a men's XXL, he decided to turn all the info over to the police. I think if it had been men's small, he might have tried to confront the guy!

It is common to have something sent to you, but NOT really you (to avoid suspicion) and then to another address, as well. The second address will most likely NOT be their address. It will be a residence where they will pick up the package they (the scammer) wants, while the true resident is off to work. The scammer will track the package and know what the day delivery will be made. The name on the package will most likely be the resident's name of the second address BUT NOT ordered by them. These people know what they are doing.

I had a neighbor WHO WAS the second address in the same kind of mess you might be dealing with. She was clueless when they contacted her. And would you believe this went on for a while before it was discovered? The crook was using cards belonging to different people and ordering from everywhere. UPS had delivered many packages to her, all to be grabbed before she got home. Some items even required a signature, and according to UPS the "so called" addressee (HER, but not her) would conveniently be pulling up as the truck arrived and sign using her name. These people plan it all out. They know approximately when a truck hits a neighborhood.

HUGE scam and happens all the time.

This is kind of OT (not credit card related) but around the holidays, I remember hearing about the police arresting a "soccer mom" in a station wagon loaded with stolen packages. She simply followed the UPS and FedEx trucks. When the homeowner wasn't home, she swooped in and stole the packages that had been left on the door step.

berryberry,

Neither of the companies with whom we have credit cards have any provision for generating unique numbers. Could you tell me what company you do business with?

I had this happen twice recently. A few months ago, someone charged my Macy's card, which I havent used in 1-2 yrs. approximately $500. Macy's happily told me what they had ordered...mostly small toddler clothes, a guess jacket, a wallet, and stupid "star" ear rings. I had my card in my possession.

Second time, someone got ahold of checks from my checkbook. I think I had them in the car and they somehow gained access. "Yolanda Brown" wrote a total of $1250 checks to herself for "domestic services." What I learned from the bank was that she was an old hat at this. They fingerprinted her as procedure for teller cashing a check, but it didnt take, because these people either put tape or glue on the finger to mask the print. I learned what bank (poor hispanic part of town) and that she was likely on video camera. What disturbed me is that neither the police or the bank seemed especially interested in catching her. I got my money back, but the lack of interest in her really irked me. I got the feeling that it is not worth the effort or money for either to pursue it. She could go on forever, stealing money in this fashion.

I would be upset that the credit co. did not call you. Macy's called me right away. What if you had changed emails since you signed up for the card?

I am just shocked at how prevalent this sort of thing is.

Sail-Away

My main card was issued initially by MBNA which was acquired by Bank of America in 2006 and was renamed to FIA Card Services.

I don't know if all Bank of America cards offer their "shopsafe" online virtual card feature or just the ones from Fiacard services. Ours is a Fidelity branded card offered thru Fiacard services with 2% cash back. Alas, that one is no longer available - they have a new Fidelity branded card with 1% cash back.

Also, Discover Card also offers this same service and we used to use it all the time before getting the 2% cash back card and switching most of our purchases to it

https://www.discovercard.com/customer-service/security/create-soan.html

Also, while I haven't used it I know Citiback also offers a virtual card number service

https://www.citicards.com/cards/wv/detail.do?screenID=700

Here is a link that might be useful: Fia Card services cards

Yes, this happened to us. I used a MasterCard to purchase items (for the first time) from 3 websites for Christmas gifts. One of those sites obviously wasn't secure. I had no idea there was a problem until the bank sent us a notice that we were over our credit limit and I also received a call from a suspicious vendor of computer services who said something didn't check out with an order using our credit card. Thank goodness for those two things. Charges were over $3000. The bank said it was great we discovered it right away because some people don't open their credit card statements for months! It took some time to finally clear up but we didn't owe anything.

You're never responsible for fraudulent charges although you obviously have to deal with the hassle. Some merchants won't ship to a different address than the one on the credit card without first calling you to confirm - a bit of a hassle for sending gifts. I believe some cards allow you to register alternate shipping addresses with them to ease this process.

JENNYE,

I was thinking about you the other day when your name came up in some olds threads I was reading. Are you finished with your remodel? Do you have pics?

It happened to DW with our Debit credit card. We bank on line and pay 95% of our bills using on line banking. She notice a $20.00 purchase that we didn't make and notified the bank. The bank representitave told her that it was a good thing that we don't leave money in our checking account and that our over draft was maxed (Thanks to remodeling) They tried to make large pruchases from on line sites like Target, QVC, JC Penney's and Best Buy. Had we not picked up on this when we did they could have cleaned us out because the next day both our pay checks would have been directly deposited into the checking account. The bank credited our account $20 that day. Since then we now have our pay checks deposited into the saving account and tranfer it to checking as we need it. The odd thing about this is that we never use this account for online shopping. I think you stand bigger chance of fraud when using the credit card in a store rather then on line. DW set up our account so that we are alerted to any purchase made over $15. The alert message goes directly to her Blackberry so no matter where we are we are protected.

iamnodiy - that's the main reason I don't carry debit cards and advise other people not to either. With a credit card you can dispute erroneous charges and you're not out any money. With a debit card, the money is already taken out of your account and you have the hassle of getting it back. Also, although you need a PIN to use a debit card as a debit card, you can use it as a credit card without a PIN and that's what causes problems. Banks push debit cards on you as a convenience but unless your credit rating is so bad that you can't qualify for a credit card or you have a problem of charging more than you can afford, there's absolutely no reason to get a debit card. By default, my bank tries to make my ATM card a debit card but I make them change it to a straight ATM card.

I actually prefer the e-mail alert better than a phone call. I check my e-mail way more than I answer my phone. A lot of cards give you a choice in how you would like to be contacted: phone, e-mail, text message, etc.

Someone actually hacked into our Yahoo mail account and our Ebay sellers account...couldn't access the paypal account, thankfully. They made some online purchases of computer equipment through our Ebay account and locked us out of the Yahoo email account so we couldn't see what they were attempting to do. Fortunately I monitor all accounts frequently, so I caught them in the act almost as it happened. Ebay was great in rectifying the problem. It was more difficult to get Yahoo's attention, but they did respond after a very pointed email to them from the DW.

On recommendation of Ebay, I disabled the autocomplete feature in internet explorer. They assumed that the hackers used a program to exploit a security flaw in IE and harvest passwords.

As others have said...watch out for those phising schemes...they are all over the place.

Auto-complete only works on the computer it's enabled to work on, and will only auto complete if a name has been typed in before. Passwords are handled differently, but again, if you ask it to remember your password, it will only do it on that computer. "They" can't get that information from their remote computer unless they can actually "see" your desktop from their computer.

Passwords are frequently stored at a remote site. Some sites will give you your password if you forget, others give you a temporary password and then you can change it once you've logged back in. I'm not sure which one is safer (or if either one is).

If someone hacks the remote site and gets your user name and password, they assume you use it for other sites too, and just have to run a program that searches sites and puts in your log-in name and if it pops up, they type in the password and they are in.

Good point, Glenn, about disabling autocomplete. I've been thinking about doing that anyway.

Weissman made a great point too about debit cards. I work for a bank. If you need to challenge a charge with your credit card, you can usually get something done asap. But at our bank, we have you file a claim, and we have 10 business days to investigate. In the meantime, you may be out of money. My own branch is very good about helping people out with reversing fees, watching their accounts, etc., but that is not the case with every office.

Red

I forgot to make a point of saying that DW did not loose her debit card. It never left her wallet. I think what may have happened is that while she was using it to make a purchase or withdrawering money someone may have taken a picture of the card with a cell phone or perhaps a dishonest cashier copied it and it was sold. The purchase was made online in Boston and we live in New York. I could never be without a debit card I only carry enough cash for small purchases like lunch or coffee. If the card is lost or stolen I at least have a fighting chance of a refund. If my wallet is lost or stolen the money is gone forever.

iamnodiy - I was suggesting that you use a credit card instead of a debit card, not that you carry a lot of cash.

Weissman
I use the debit card at atm machines to get cash plus I hate to carry a checkbook. If I used a credit card everytime I made a purchase I would more then likely spend more than I could afford. Plus it is harder to monitor a credit card account daily because the purchases do not always appear on the same day of purchase. I can check my checking account anytime of day for activity because purchases are held against the account at point of sale. I was able to recover my money quickly because the $20.00 purchase was only being held against my account the bank didn't pay it yet. Now that I am being alerted everytime a purchase or withdrawal is made I feel protected against theft.

I've had 2 cards used, one for electronic equipment and I'm not sure of the other. Glad the credit card companies called to alert me. One of the cards I hadn't used in 2 years and then used it for a very small charge and then the invalid charges showed up. I notified this company that they had a possible breach in company security and they wouldn't even consider taking responsibility. Just told me that all the information is incripted in the computer. I just found it strange that the illegal charges showed up right after I dealt with that company. Both times my CC companies covered the charges. Whew, thank goodness.