User Panel
User Panel
User Panel
|
Posted: 11/20/2023 5:15:12 PM EST
A few months ago my PayPal Business debit card had over $6000 in fraudulent charges. PayPal sucks as everyone knows and the hoops they made me jump through and the way they held $3000 of my dollars for 90 days while they "investigated" really sucked. I made a thread then and the smart and very helpful folks of Arfcom told me to not use debit cards so when PayPal sent me another I never activated it I just transferred funds over to my bank from them when needed and the problem was solved.
Now, I exclusively only use credit cards for everything and just pay off before the month is up and that seems to be working well. I was paying bills this morning and paid one of them $1200 and assumed I must have bought shop supplies but did not remember. I just reconciled to see what it was that I purchased and came to find out the very last thing I purchased on that card was gas at Walmart for $70 then after that from 10-26 to 11-16 someone ran up about $1200 in charges to WalMart.ca and the Meta Store and the Pokemon store. So I can only deduce the Wal-Mart gas pump had a skimmer. I always look closely before getting gas but I guess I did not see it. Oh, and the credit card company is a lot more helpful than PayPal was btw, they refunded the payment while the investigation is ongoing. So how can I make 100% sure this does not happen again? |
|
|
|
|
Posted: 11/20/2023 5:16:38 PM EST
[#1]
dont use paypal
|
|
|
|
|
Posted: 11/20/2023 5:17:16 PM EST
[#2]
Why does it have to be the last use of your card? Lots of different ways for your card info to be compromised.
|
|
|
|
|
Posted: 11/20/2023 5:19:54 PM EST
[#3]
Quote HistoryOriginally Posted By centroid: Why does it have to be the last use of your card? Lots of different ways for your card info to be compromised. |
|
|
|
|
Posted: 11/20/2023 5:20:03 PM EST
[Last Edit: 1245xx]
[#4]
Quote HistoryOriginally Posted By centroid: Why does it have to be the last use of your card? Lots of different ways for your card info to be compromised. I think he’s asking how to avoid this in the future. At least that’s what the last sentence reads. |
|
|
|
|
Posted: 11/20/2023 5:21:31 PM EST
[#5]
There’s almost zero way to prevent this unfortunately.
But, some key things to help are RFID wallet, never use your debit card, never sign into email or especially use banking apps on public WiFi, get cards with no visible numbers (people in drive throughs stream and pick up numbers that way), use Apple Pay where able, and set up alerts for all transactions. There’s often a test run with things like vending machines to see if it works and then a week later they go nuts. |
|
|
|
|
Posted: 11/20/2023 5:22:37 PM EST
[#6]
if using online utilize a CC that offers virtual numbers only good for a single site.
|
|
|
|
|
Posted: 11/20/2023 5:23:27 PM EST
[#7]
We've gotten nailed a couple of times at the gas pump. I only use the tap feature now.
|
|
|
|
|
Posted: 11/20/2023 5:26:14 PM EST
[#8]
I use my Apple Watch now as much as I can to avoid this
|
|
|
|
|
Posted: 11/20/2023 5:26:44 PM EST
[#9]
Quote HistoryOriginally Posted By JesseCJC: There's almost zero way to prevent this unfortunately. But, some key things to help are RFID wallet, never use your debit card, never sign into email or especially use banking apps on public WiFi, get cards with no visible numbers (people in drive throughs stream and pick up numbers that way), use Apple Pay where able, and set up alerts for all transactions. There's often a test run with things like vending machines to see if it works and then a week later they go nuts. |
|
|
|
GA, USA
|
Posted: 11/20/2023 5:27:03 PM EST
[#10]
Be more selective where you buy gas, some places check daily and some don’t care.
|
|
|
|
Posted: 11/20/2023 5:28:27 PM EST
[#11]
PayPal has literally the absolute worst customer service. I am convinced they have about 5 employees and all of them are functioning retards
|
|
|
|
|
Posted: 11/20/2023 5:28:27 PM EST
[#12]
www.krebsonsecurity.com for all your card skimmer news.
 Brain Krebs has specialized in card skimmers and publishes stories on them fairly often. I only use the physical plastic when I have to preferring to use "tap-to-pay" from my phone instead. The old skimmers used to have two parts, one in the machine inserted through the slot to capture the card number and a hidden camera to catch the user PIN. I have more confidence in the phone's encrypted communications with the machine, I'm at least holding the part doing the encryption whereas with the card in the slot it's plain text. Restaurants, bars, and gas pumps are common locations for card number thefts, a good place to pay with cash. Only a low budget thief would use an externally mounted skimmer now. The internal ones have been out for 4-5 years now and are amazing - builtin Bluetooth so the thief only has to park near the skimmer ever few days to off-load the date. I haven't followed in the last three years since I retired but that's about a generation of skimmer improvement based on past developments. |
|
|
|
|
Posted: 11/20/2023 5:35:17 PM EST
[#13]
Quote HistoryOriginally Posted By Paul: www.krebsonsecurity.com for all your card skimmer news. Brain Krebs has specialized in card skimmers and publishes stories on them fairly often. I only use the physical plastic when I have to preferring to use "tap-to-pay" from my phone instead. The old skimmers used to have two parts, one in the machine inserted through the slot to capture the card number and a hidden camera to catch the user PIN. I have more confidence in the phone's encrypted communications with the machine, I'm at least holding the part doing the encryption whereas with the card in the slot it's plain text. Restaurants, bars, and gas pumps are common locations for card number thefts, a good place to pay with cash. Only a low budget thief would use an externally mounted skimmer now. The internal ones have been out for 4-5 years now and are amazing - builtin Bluetooth so the thief only has to park near the skimmer ever few days to off-load the date. I haven't followed in the last three years since I retired but that's about a generation of skimmer improvement based on past developments. https://krebsonsecurity.com/2022/09/say-hello-to-crazy-thin-deep-insert-atm-skimmers/  |
|
|
|
NC, USA
|
Posted: 11/20/2023 5:37:19 PM EST
[#14]
Quote HistoryOriginally Posted By BSOG1: dont use paypal fpni |
|
|
|
Posted: 11/20/2023 5:38:36 PM EST
[Last Edit: Matthew_Q]
[#15]
So what you're saying is that from 10-26 to 11-16, you didn't pay any attention to charges against your card?
I used Mint for this, but Mint is trying to push everyone to Credit Karma... so I've jumped ship and have started using Monarch Money. I monitor my transactions daily. You should do something like this, too. Some tips: Never use a debit card. If it get skimmed or compromised, they are taking money you HAVE, and you might have to fight to get it back. In the meantime, shit can bounce, overdraft and cause you headaches. Never stick your card into a pump at a gas station if you can avoid it. I got skimmed at one of those about 5 years ago. Use contactless via your phone (Apple Pay or Google Pay) if at all possible. It will be the most secure. Even if you link it to a debit card. The actual card information is completely obfuscated from the transaction, so an attacker couldn't gain any useful information if they somehow sniffed data from the terminal or your device. |
|
|
|
|
Posted: 11/20/2023 5:40:55 PM EST
[#16]
If I pay at the pump I always use the gas companies card. Never a Visa card. You're right that they're a smart bunch. There's an app you can download to your phone that somehow picks up the skimmer in the pump if one is there.
|
|
|
|
|
Posted: 11/20/2023 5:41:59 PM EST
[#17]
Quote HistoryOriginally Posted By tc556guy: If I pay at the pump I always use the gas companies card. Never a Visa card. You're right that they're a smart bunch. There's an app you can download to your phone that somehow picks up the skimmer in the pump if one is there. Most have a bluetooth radio so the attackers can just get close and read the data from it, then clone your cards. They don't have to go back to retrieve their hardware. It's pretty much sacrificial anyway. |
|
|
|
FL, USA
|
Posted: 11/20/2023 5:42:57 PM EST
[#18]
Quote HistoryOriginally Posted By OG1: Thank you. I have been doing all of those except Apple Pay (no clue what that even is lol) that's where you pay using apples. fresh, canned, dried, whatever. just no granny smiths. nobody accepts them. |
|
|
WV, USA
|
Posted: 11/20/2023 5:45:05 PM EST
[Last Edit: big_aug]
[#19]
I have had credit cards get used fraudulently that have never been used anywhere, ever.
Setup phone notifications for every account for any charge. You'll know when there is fraud immediately. |
|
|
|
Posted: 11/20/2023 5:46:22 PM EST
[#20]
Good PSA.
|
|
|
|
|
Posted: 11/20/2023 5:50:07 PM EST
[#21]
Quote HistoryOriginally Posted By OG1: Thanks! Man I see why you cannot see it now! I had no idea they were that advance and this even has a camera on it. https://krebsonsecurity.com/2022/09/say-hello-to-crazy-thin-deep-insert-atm-skimmers/ https://krebsonsecurity.com/wp-content/uploads/2022/09/nyinsertskimmer.png That deep insert doesn't have a camera. A camera is separate and often placed in a fixture that already exists on the machine. For the OP... SKimming is unlikely. Likely a breach of card data and it was roulette to get one that works. A lot of processors overseas do not ask for zip code or billing. Or even a CVV. Then all they need are digits and the ability to guess the expiration. With that, there are numerous compromised sites that allow criminals to run scripts to ID cards. If it was a skim at gas, they would target only gas. Unless it is the Armenians, then they will buy electronics. A small percentage of them still do fuel. They prefer ATMs. Gypsies and Armenians are the rulers in the ATM skimmers. A lot of Romanians flow through the US making the circuit in these schemes. Pokemon also sounds like a hack of data. The ca site is interesting and I am curious what the transactions actually were. |
|
|
|
|
Posted: 11/20/2023 5:55:52 PM EST
[#22]
I had a debit card get hacked and I hadn’t even used it one single time. Opened the account, threw the card in my desk drawer and got notified a few months later someone from across the country had tried to use the card to buy wine.
How the hell does that even happen? |
|
|
|
|
Posted: 11/20/2023 5:57:34 PM EST
[#23]
When my card was compromised I was told it probably wasn't a skimmer but that someone probably got my number off a list and they made a new physical card. They're bastards, the lot of em.
|
|
|
|
LA, USA
|
Posted: 11/20/2023 6:02:31 PM EST
[#24]
This nifty little device allows you to test card readers to see if they're compromised.
https://shop.spycraft101.com/products/hunter-cat-magnetic-stripe-reader |
|
|
|
Posted: 11/20/2023 6:02:36 PM EST
[#25]
Originally Posted By OG1: So how can I make 100% sure this does not happen again? The only way to make 100% sure is to unbank and only use cash. That or take off and nuke the site from orbit. However, with a credit card it's the banks money at risk from fraud, so long as you report it timely. That's why they're so helpful. For you it's an inconvenience but only you can decide if the convenience of a credit card outweighs the occasional inconvenience. |
|
|
|
|
Posted: 11/20/2023 6:07:18 PM EST
[#26]
Quote HistoryOriginally Posted By UV18: That deep insert doesn't have a camera. A camera is separate and often placed in a fixture that already exists on the machine. For the OP... SKimming is unlikely. Likely a breach of card data and it was roulette to get one that works. A lot of processors overseas do not ask for zip code or billing. Or even a CVV. Then all they need are digits and the ability to guess the expiration. With that, there are numerous compromised sites that allow criminals to run scripts to ID cards. If it was a skim at gas, they would target only gas. Unless it is the Armenians, then they will buy electronics. A small percentage of them still do fuel. They prefer ATMs. Gypsies and Armenians are the rulers in the ATM skimmers. A lot of Romanians flow through the US making the circuit in these schemes. Pokemon also sounds like a hack of data. The ca site is interesting and I am curious what the transactions actually were. The charges were: THE POKEMON COMPANY IN 425-229-6000 WA WalMart.Ca WalMart.Ca Sephora EgiftCard Sephora EgiftCard Sephora EgiftCard Sephora EgiftCard Meta Store |
|
|
|
|
Posted: 11/20/2023 6:08:37 PM EST
[#27]
Originally Posted By OG1: So how can I make 100% sure this does not happen again? Well, for one, only use machines that allow you to tap, not swipe. And keep your chip card in an RFID blocking sleeve. |
|
|
|
|
Posted: 11/20/2023 6:12:40 PM EST
[#28]
Quote HistoryOriginally Posted By big_aug: I have had credit cards get used fraudulently that have never been used anywhere, ever. Setup phone notifications for every account for any charge. You'll know when there is fraud immediately. Best way |
|
|
|
|
Posted: 11/20/2023 6:17:26 PM EST
[Last Edit: scotchymcdrinkerbean]
[#29]
Skimmers are everywhere and getting more sophisticated. I use CCs online at trusted websites, the vet, and at certain grocery stores. Neither I, nor anyone I know who works white colar crimes *ever* uses them at gas pumps. Gas stations are so bad for those things I am cash only for gas.
ETA: Walmart in general is bad for skimmers, at least around here. A lot of folks will take a couple hundred to look the other way when they are installed at the self checkouts. |
|
|
|
|
Posted: 11/20/2023 6:17:37 PM EST
[#30]
Quote HistoryOriginally Posted By CouchCommando22: PayPal has literally the absolute worst customer service. I am convinced they have about 5 employees and all of them are functioning retards When I was investigating how I got compromised on PayPal it came up that they are one of the most compromised services out there. I've never used it since, and wow, no problems. |
|
|
|
|
Posted: 11/20/2023 6:22:11 PM EST
[#31]
Quote HistoryOriginally Posted By pocketpkn: This nifty little device allows you to test card readers to see if they're compromised. https://shop.spycraft101.com/products/hunter-cat-magnetic-stripe-reader Don't get caught sticking that thing into a companies equipment. They are NOT going to understand and would likely think that thing is doing something wrong to their stuff and trespass you. IDK maybe your experience with minimum wage security employees is different than mine. 
|
|
|
|
TX, USA
|
Posted: 11/20/2023 6:24:42 PM EST
[#32]
I had my HSA card fraudulently charged back in March this year to just under $200. I called the card manager and they cancelled our cards and sent us new ones. Over the next few weeks, there were about twenty more attempts to fraudulently charge the account, of which all of them were luckily denied, so I lost no more money. We again cancelled the new cards and got a 3rd set of cards, and it finally stopped. But the HSA card manager refused to refund our original $200, stating it was a valid charge (which is total BS). I wound up having to file a claim with my ID theft insurance company, and they eventually got me my money back, but it took months. Add it to the long list of crap that has happened to us this year.
|
|
|
|
Posted: 11/20/2023 6:39:51 PM EST
[Last Edit: seek2]
[#33]
Quote HistoryOriginally Posted By metalsaber: if using online utilize a CC that offers virtual numbers only good for a single site. This is what I do (privacy.com.) That also lets me learn who's store/card processor is compromised. There's one store I use that scammers have tried 3 different card numbers from 3 different transactions, so it's obvious it's connected to them (pretty sure it's their CC processor.) There's always a healthy delay between using a one-time number with them and it getting used elsewhere, I'm assuming this is so the CC companies can't connect the store to the compromise. Interestingly, just one of those numbers gets re-tried about every 4 months and has been for a couple years. |
|
|
|
|
Posted: 11/20/2023 6:46:07 PM EST
[#34]
Quote HistoryOriginally Posted By Tobysi: I had a debit card get hacked and I hadn’t even used it one single time. Opened the account, threw the card in my desk drawer and got notified a few months later someone from across the country had tried to use the card to buy wine. How the hell does that even happen? Card issuer got compromised, card was intercepted and copied in the mail, or hackers simply tried a bunch of combinations until one worked. Yours was probably guessed/hacked, one tell is if they try using a physical card instead of online it's because they don't know the validation address for the card, and without that online purchases can't happen. |
|
|
|
|
Posted: 11/20/2023 6:47:29 PM EST
[#35]
Quote HistoryOriginally Posted By big_aug: Setup phone notifications for every account for any charge. You'll know when there is fraud immediately. This is the most important thing you can do. Set up notifications with every lending institution you have so that you get a text and/or email ANYTIME a charge is made to your account. You'll know instantly that someone has compromised that account and you'll be able to take actions to stop it, dispute the charge, close that card out, and get a new one. It's free, the lending agencies do it all the time, and it's one of the best ways to protect yourself. |
|
|
|
|
Posted: 11/20/2023 6:50:21 PM EST
[#36]
Originally Posted By OG1: A few months ago my PayPal Business debit card had over $6000 in fraudulent charges. PayPal sucks as everyone knows and the hoops they made me jump through and the way they held $3000 of my dollars for 90 days while they "investigated" really sucked. I made a thread then and the smart and very helpful folks of Arfcom told me to not use debit cards so when PayPal sent me another I never activated it I just transferred funds over to my bank from them when needed and the problem was solved. Now, I exclusively only use credit cards for everything and just pay off before the month is up and that seems to be working well. I was paying bills this morning and paid one of them $1200 and assumed I must have bought shop supplies but did not remember. I just reconciled to see what it was that I purchased and came to find out the very last thing I purchased on that card was gas at Walmart for $70 then after that from 10-26 to 11-16 someone ran up about $1200 in charges to WalMart.ca and the Meta Store and the Pokemon store. So I can only deduce the Wal-Mart gas pump had a skimmer. I always look closely before getting gas but I guess I did not see it. Oh, and the credit card company is a lot more helpful than PayPal was btw, they refunded the payment while the investigation is ongoing. So how can I make 100% sure this does not happen again? You won’t see them, particularly if they’re placed in a reader intended for chip cards. They’re usually a very thin panel placed deep inside the card reader. |
|
|
|
|
Posted: 11/20/2023 6:55:40 PM EST
[Last Edit: UTex86]
[#37]
Various cards of mine have been hijacked multiple times.
I’ve accepted it as a fact of life. I’ve set every card up where I get a text for every transaction so I can shut them down immediately. The CC companies have never given me any trouble about reversing charges right away. The biggest pain in the ass is changing everything that auto-pays on that card. But oh well. The everyday convenience of credit cards outweighs the occasional annoyance of one being compromised. |
|
|
|
|
Posted: 11/20/2023 6:57:07 PM EST
[#38]
Quote HistoryOriginally Posted By scotchymcdrinkerbean: Skimmers are everywhere and getting more sophisticated. I use CCs online at trusted websites, the vet, and at certain grocery stores. Neither I, nor anyone I know who works white colar crimes *ever* uses them at gas pumps. Gas stations are so bad for those things I am cash only for gas. ETA: Walmart in general is bad for skimmers, at least around here. A lot of folks will take a couple hundred to look the other way when they are installed at the self checkouts. It's annoying that Walmarts all seem to have old credit card readers without any tap functionality. |
|
|
|
|
Posted: 11/20/2023 7:00:58 PM EST
[#39]
Most skimmers today are Bluetooth and once installed they just stop in range and download the info. Mostly used on older gas pumps. Newer pumps are supposed to automatically disable if the card reader is unplugged.
That's why requirements have changed here at least to require nonfactory keys, etc to reduce the ability to place them. |
|
|
|
|
Posted: 11/20/2023 7:16:33 PM EST
[#40]
2 "ARABIC" gents put a card-skimmer in my jurisdiction over the weekend...GOOGLE Sidney Police credit-card skimmer--pics are up. It was a crew and the damn fake front looked better than the one it was attached to.....
|
|
|
|
|
Posted: 11/20/2023 8:27:50 PM EST
[#41]
You can never totally eliminate it. I have a card I rarely use that was attempted to make a purchase I'm Italy and Greece back to back. The card gets about 3-4 transactions a year.
|
|
|
|
|
Posted: 11/20/2023 8:43:50 PM EST
[#42]
Quote HistoryOriginally Posted By zeekh: We've gotten nailed a couple of times at the gas pump. I only use the tap feature now. You can also suck it up and just know how many gallons you need and go pay inside. |
|
|
|
|
Posted: 11/20/2023 8:45:19 PM EST
[Last Edit: AKFF]
[#43]
I turned on the text notification for every single credit card authorization on every card I have. I have caught fraudulent charges 2 times since and they were very very easy to manage because I called immediately.
ETA: the moment I or my wife use the card, we get a text. And I don’t use PayPal |
|
|
|
|
Posted: 11/20/2023 8:45:51 PM EST
[#44]
|
|
|
|
|
Posted: 11/20/2023 8:50:51 PM EST
[#45]
If a charge is made on any of my credit cards I get an immediate text on the charge with option to deny charge. I never ever ever use my debit cards except at the bank. I also locked all of the credit reporting agencies. So no credit reports can be run on me. I check my credit report once a month to see if anyone tried to open an account.
Go to credit card security settings and set it up. Nothing can be charged without you knowing it. I've bought gas and paid. By the time I'm back in truck I get a text and email on the charge I just made. If you hit deny charge it does not get charged. |
|
|
|
|
Posted: 11/20/2023 8:52:16 PM EST
[#46]
But they said this whole chip thing they implemented a few years ago was going to solve this
|
|
|
|
|
Posted: 11/20/2023 8:53:55 PM EST
[#47]
I use the apps to pay for gas now.
You roll up to the pump, open the app, tell the app which pump to authorize, pump fuel. Gas pumps are probably the #1 place cards get skimmed. #2 is servers at restaurants. I pay cash if I go out. |
|
|
|
|
Posted: 11/20/2023 8:54:36 PM EST
[#48]
Quote HistoryOriginally Posted By JackRebney: But they said this whole chip thing they implemented a few years ago was going to solve this If simple inputs were turned off then it would work. Chip & PIN is very effective. |
|
|
|
GA, USA
|
Posted: 11/20/2023 9:02:45 PM EST
[#49]
Quote HistoryOriginally Posted By FlashMan-7k: You can also suck it up and just know how many gallons you need and go pay inside. Quote HistoryOriginally Posted By FlashMan-7k: Originally Posted By zeekh: We've gotten nailed a couple of times at the gas pump. I only use the tap feature now. You can also suck it up and just know how many gallons you need and go pay inside. Why waste the time going inside and waiting in line? |
|
|
|
Posted: 11/20/2023 9:12:59 PM EST
[#50]
Paypal isn’t a bank
Assume zero protection with any of their products. |
|
|
|
Win a FREE Membership!
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2023 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.
Attached File
