Stolen Credit Cards

I left out an important piece of info on the scenerio ... I tried to process the transaction. My merchant account transferred me to the card holder's bank. They suspect the card is stolen but the person placing the order has all the required information. However, they have not ruled out this person somehow plucked the credit card info off the Internet somehow. My guess is they are right especially since I saw with my own eyes the hacker site and through all my research expected this before I even tried to process the transaction.

My concern now is a retaliation by the idiot. It's way too early in the a.m. and I haven't had enough coffee yet. Argh.

Where do they want the merchandise shipped? If it's out of the country I'd pass on it.

On my E-tail site there's someone from Eastern Europe (Bosnia area) who keeps trying to order. Each time using a different CC and mailing address but the idiot uses the same email address!!

Normally I'd take a chance but the items he's ordering just don't "make sense" for that part of the world.

When he tries to order I just email him back politely that our CC processor is unable to process transactions from his issuing bank. I tell him to use the BidPay system to send a MO if he still wants to order, which he never does.

The first idiot who tried to use the stolen card wanted something I would normally deliver via email to Indonesia. Uhha ... sure. There was no way I would do it anyway.

The second bozo wanted it delivered via email. LOL ... to his domain. A quick ref of the whois and uhm ... hello?

The bank advised I not respond at all to the transaction for my own personal safety. I don't want this person to have my IP number. Sheesh ... I really don't need this kind of crap, ya know.

Good point though about the CC processor unable to processor transactions from their issuing bank.

Most merchants will only ship to an address that is on record with the credit card bank for this reason. Verifying based on ZIP code or telephone number is a good step, but usually not enough when you’re dealing with a sophisticated criminal.

You may also want to request the bank name and telephone number for each credit card. This information will make it a lot easier for you to verify the credit card with the credit card issuer directly.

International can be tough to verify.

One on attempt by the guy I mentioned above I tried to verify if the CC has the same address as the address he gave me. It took several calls to my CC processor and then the CC company itself just to find out the card wasn't (as yet anyway) listed as stolen or restricted. The CC company gave me the name of the issuing foreign bank so I called thier NYC number.

Maybe it's just a French/American thing but they were about as helpful as a bubble gum machine in a lock jaw hospital!!

I simply could not get to speak to anyone at the branch who would or could verify the address on the card.

I ultimiately gave up and cancelled the order.

Sorry I have not replied back to you good folks. It has been a busy few weeks. Anyway, thanks for the advice on the bank name and phone number.

Since I posted last it has happened again or at least I suspect so. I own a membership based website and at the end of June a fellow outside of the US purchased a membership. This week he posted his username and password on a private forum of what I would consider wannabe hackers to have-at-it quickly before his membership was pulled.

Why he waited for over a month to do the dirty deed, I don't know. Where he is truly from and his true identity is debateable. Whether the credit card was stolen and just not yet reported, I don't know. Anyway, I do have a name and address if I need to pursue anything but at this point we simply deleted his account.

The scary part .... this private BB is housed by a popular site that is visited by unsuspecting folks who download their freebies and purchase their software. THAT is scary. I wonder about the privacy of these unsuspecting people and the possibility of trojan and/or spyware which these folks may be installing on their systems. Nothing would surprise me after what I saw there.

A friend suggested I contact the owner of the main site, but a quick check in the Whois makes me suspicious that the owner may be one in the same person or a friend of the person who did the dirty deed. At any rate the post has not been deleted from the BB and people are still trying to crack into the site using his ID/password and also using dink cracking software. Security is tight at my site and my domain host is watching careful. They are NOT happy about this attack at all. And they are a MUCH bigger corporation than the aforementioned website. My attorny has been notified and is on standby should I decide to pursue anything, ISPs and raw data logs are being collected and analyzed. Idiots! Some people are simply one brick short of a truckload.

Personaly, I wouldn't give out my issuing bank's name and number. You might as well as for their SS# too (which I wouldn't give either).

For any substantial purchase (by phone, internet, or in person) merchants will often ask for this information. It's routine and safe. It's also common to ask for the number(s) located on the signature strip (last set of numbers on the right). The whole idea behind this is more data to verify. If the numbers are stolen or generated somehow the chances that they will have the information on the back of the card is less likely.

Keep in mind that the bank information can be located easily if you have connections. You can usually get it in one quick call to your merchant account provider.

Still... Shipping to a verified address is still the safest precaution.

Adam,

Not sure what you mean by "substantial purchase." I've bought lots of things via 800# in a catalog and never been asked for my bank or SS info. And I wouldn't give it even if I was. No one I know has ever been asked either.

I can see the merchant's POV but as a consumer I'd walk away rather than give it out.

Not sure what you mean by "substantial purchase." >> Whatever the company policy says. Some companies may not request the information while others may request it on all orders. There's no set amount.

The numbers on the back of the card is the most common request. There's a special name for them but I can't think of it. For example I was asked for this information when I bought my notebook from zones.com. PayPal also requires this information on all credit cards.

Usually merchants (stores) will simply make a copy of the card, which if done correctly includes the issuing bank information. So you don't always know if they got the bank information or not.

There's no real danger in giving the information away. If you trust a merchant with your credit card number then they already have your bank information. It's simply for verification. Now your social security number is a completely different story – I would not give it away or ask for it unless it had to do with tax purposes.

I'm looking at one of my CC's now. The number on the back is the same as the front plus an extra 3 digits. I think those are some kind of check digit/verification/authentication number. But I have no clue how a merchant would use it to verify a charge.

I know in the few cases I tried to verify account info for some orders on my e-tail site, trying to get card holder info out of the issuing bank was like pulling teeth!!