alright first let me start off with a little background
ever since ive been around 7 or 8 ive been interested in the dark side of things

hacking , phreaking , telecom in general. Ive read tons of books, been to Defcon and read several books on security.

so i like to consider myself a little more savvy than the average joe when it comes to security.

now im still pretty young, 24.
Got my first credit card 2 years ago, I use the credit card for EVERYTHING and then pay it off instantly when stuff posts with my checking to help build my credit
since i got my credit card 2 years ago, i have never used my debit card it has acctually been locked up in my gun safe.


which brings me to my next question, the card being new when issued to me 2 years ago and never been used how could my number become compromised?
I could possibly understand if the card relied on RFID but to my knowledge they dont.

I spoke with the lady from my bank and she said most likely it was someone with a number generator who just kept trying until a number went through.
typical setup
authorization runs through for 1 dollar to see if the card works
then minutes later the big charge is ran through


the only people who have my financial information are me and my workplace, which only has my routing number for direct deposit.
even if my online account were to be compromised it only shows the last 4 digits of the card

any idea's?

It has happened to me twice, they ended up getting a few people from my bank each time. I guess the banks get a Block of numbers, so they may get a few from teh same bank when they try. They hit my account for $0.43 then tried to get it for $100 four times in a row. My bank caught the transaction as possibly fradulant and called me to check, I said that it was bogus and they canceled my card. It happened the same way last year, both times it was a charge from Malta.

this time mine was from sprint wireless


a couple years ago they did the same thing from "bubbles car wash" in california

and i live in kentucky

my bank failed to call me today, last time they promptly called me minutes after the charge was attempted


the only thing i can think of would be number generators. same type of thing uest to happen back in the old school days of trying to generate windows activation keys until newer technology generators were developed using reverse engineering that used an algorithm to be more reliable at generating valid keys

just kinda has me puzzled as i never use the card

Generally, when you get a new card the only thing that changes are the expiration date and CVV number. The account number remains the same. It is doubtful that they are using a generator as CC companies monitor that closely, if a terminal is banging away at invalid numbers very large flags are thrown and the terminal removed from service. More than likely what happened is that the card number was captured some way and it found it's way into a database somewhere and just now found itself in the hands of a fraudster.
Have your bank deactivate the card and re-issue you a new account number for it. Or, if you are not using it at all, just keep it deactivated.

Not with suntrust....

Seems like every year or so they reissue every card because somewhere gets hacked. This time they switched to mastercard.

Anyway OP random number generator or a hack on the bank/visa's end. Usually this shit happens when you use the card. Someone pulls the atm records, steals card numbers from the store they work for, etc.

When I worked in retail I could go into the back and pull piles of tickets with card numbers on them if I had wanted. Hell I had access to the pos system though, I could just print off pages of them. A lot of systems are insecure.

rainbow tables how do they work

They probably extrapolated your card using the cc algorithm from another good card from your bank that they got from skimming or whatever. Pretty much what the bank lady said.

MORAL: If you don't use it, have the bank lock it. You can always call and have it unlocked. ATM cards, even ones you don't use, are a bad idea on your primary bank account.



Also: Have your employer issue a check, direct deposit is a stupid idea. Past threads on this issue back me up. If you absolutely must have it, start a different account and don't get "overdraft protection" linking it to your primary account.