Comments on: Check Your American Express Statement!

By: Michelle W.

Michelle W. — Thu, 09 Jul 2009 17:12:51 +0000

The same thing just happened to me with my AX card and True.com! I never use my AX card and it’s kept locked up in my desk so no one would be able to get ahold of it. I have charges from True.com from the last four months!! I called AX and they were able to credit some back and True.com was actually really helpful and was able to credit the outstanding balance that AX wasn’t able to credit back due to the fact that it was four months ago.

This is crazy! I’ve never had anything like this happen again and I will definetely be keeping closer tabs on my credit accounts. I just thought I didn’t have to worry about it because the card is always locked up, but I was wrong!

Thanks for posting this blog by the way! I used this as an example to both AX and True.com. True.com is admitting that many AX accounts have been compromised, but AX claimed they haven’t had any issues that they’re aware of with fradulent use of AX cards on True.com.

Thanks again!!

Michelle

By: Pmom

Pmom — Wed, 24 Jun 2009 18:50:30 +0000

Readers, I’m not sure who Chris is–the e-mail address he provided is fictitious. However, his logic makes sense to me. But, given the number of keyword searches (with words like true.com and American Express) that have led people to my site, it does appear that I’m not the only one coping with fraud issues. Perhaps the first twelve digits aren’t the same, but the first six are. Or perhaps Costco-issue American Express cards have quite similar numbers. I have no idea. But something is making it possible for scam artists to guess at valid numbers and that is disturbing.

By: Chris

Chris — Wed, 24 Jun 2009 15:24:57 +0000

What was said about the first 12 digits all being the same is completely incorrect. As the card number is only 15 digits long, if this were true, that would mean that there are only 1000 possible numbers, but due to Luhn (the algorithm that verifies a card number), this amount would be divided by 10, so that would mean only 100 Amex cards exist… Which is compeltely incorrect. Many also start with 3760, and some with 3778. These numbers, and the 2 that follow, depend on the country of issue and the currency of the card.

By: Kevin

Kevin — Wed, 27 May 2009 17:44:30 +0000

The same incident happened to me recently. I logged into my Amex account online and saw 3 fraudulent charges from True.com. Of course when I contacted Amex, they immediately credited the charges back to my account, but I think I will be canceling my Amex account. It seemed to easy for someone to charge my credit card, and there is no guarantee that it will happen again. I seldom use this card and it pains me to think I would have to keep monitoring it to make sure that no one else is using it.

By: Jim F.

Jim F. — Fri, 15 May 2009 04:14:19 +0000

They ship it to an empty house, watch for the delivery, and pick it up from the door step.

By: Pdad

Pdad — Fri, 15 May 2009 03:26:34 +0000

I’m still not getting the whole picture here.
a) Valid card number and expiration date is figure out at crummy site that doesn’t check the billing address
b) Crook can use this at other crummy sites that don’t check the billing address
That doesn’t seem like such a great deal…

Or maybe the idea is that the crook wants an account that cannot be traced so the goal of using your credit card isn’t to avoid the charge (though that’s nice too) but to not have a way to tie the account back to them. so then when they do HardDiscDriven’s suggested type of fraud it is harder to catch them.

By: Pmom

Pmom — Tue, 12 May 2009 05:35:02 +0000

I realize that, but my puzzle is how the collect the goods they buy. If they ship it to themselves can’t it be traced?

By: Jim F.

Jim F. — Mon, 11 May 2009 03:27:02 +0000

Once they have a valid number, they can charge things to it, more than Cooks Illustrated and WSJ.

Just ask Amex to issue a new number. Mastercard just did that for us because there was a suspicious charge on our account.

By: HardDiscDriven

HardDiscDriven — Mon, 11 May 2009 01:29:25 +0000

I can shed some light on this — keep in mind that these thoughts are my own.

#1, it is quite easy to generate a list of valid credit card numbers, as the numbering system is not a secret. I’ll spare you the algorithm, but essentially, the only security built in is to help prevent the wrong card from being charged if the numbers are transposed — meaning that if you accidently swap the position of the 7th and 8th digits in your card number when buying something online, the transaction will decline, because the transpostion made the card number invalid.

If a site utilizes little or no precautions for verifying the billing address (read between the lines as “shady”), it is possible to charge a card without having any clue who it belongs to. However, it is somewhat trivial for a savy criminal to do a reverse-lookup via a bit of marketing-database mining. But I digress.

#2: The reason for the false charges coming through online dating/matchmaking sites such as true.com is because this is a big money-maker for social-engineering adept criminals. The following articles illustrate a good example, and a bit more detail on the subject…
http://www.cbc.ca/canada/edmonton/story/2009/02/17/edm-dating-fraud.html?ref=rss
http://www.scamtypes.com/what-exactly-is-online-dating-fraud.html

If criminals like this can be likened to bacteria, and the internet to a body, the net is very sick.

By: Pmom

Pmom — Sat, 09 May 2009 05:51:41 +0000

Lis, that is terrible! But that explains a lot. I was wonderlng, like Robin was, what the fraudster was going to do with hundreds or thousands of matchmaking site memberships. I mean, once you pass ten . . . But this explains a lot.

However, I still wonder exactly how they make a profit at this (and I hope I don’t find out through personal experience). Because if they buy something and have it shipped to them, then their address is known. There would be no point in shipping it to me and they don’t have my address anyway, right? They could buy lots and lots of internet services, but how many Wall Street Journal and Cook’s Illustrated subscriptions do you need?

I am going to for sure keep an eye on my bill now.