Sometime last week our sole credit card was compromised, and was used to make illicit purchases via the internet. Despite being what I'd call an extremely "heavy" credit card user, this is the first time this has happened to me. Luckily the credit card companies seem to be super on top of this type of fraud these days, and they noticed the aberrant charges immediately and notified me.
I got the call, in fact, while my phone was rolling through the x-ray machine at PDX this past Monday. Post-security, after donning my clothes and wiping away the excess petroleum jelly, I checked my voicemail and called the fraud detection department. The nice woman who answered the phone noted that they had detected some recent charges on my account which they considered "suspicious," and asked if she could review them with me to verify we'd made the charges. Now, I can only assume that the credit card company uses some fancy statistic-crunching learning algorithm to analyze my purchases and come up with what is "normal" spending for us. When any charges that appear as outliers to these patters appear, they must be flagged as "atypical" and alert the fraud crew. I find this awesome.
In my case, the crooks had also fit a pattern on their own by first trying to "authorize" a small charge with some online retailer. Not actually spend anything, but allocate dollars to check if the card was functional. After they got the thumbs-up from the authorized pre-charge, they spent successively larger amounts at some online health food store - and when totaled had dumped near $1,000 at that same place before the fraud folks preemptively shut down the card and called me. In fact, earlier that morning I'd tried to use the card to purchase our rail tickets to the airport and received an error message at the automated kiosk. However, from experience I knew those kiosks are broken about 35% of the time and I'd just used a different card and chalked it up to the crappiness of the card reader or machine. In reality, our card had already been disabled - and the charge really had been declined.
The agent walked me through the charges: A $12 authorization only from Online Florist X? I wasn't familiar with the charge, but Sharaun had left for the restroom and I supposed there was an outside chance she'd ordered flowers for someone. I asked to take a "maybe" on that one and hear what was next. $240 at healthfood.net? Followed by another $475 and then an immediate $390, both also at healthfood.net? Now, I know me, and I know I'm not going to ever spend close to a grand at healthfood.net. Chilidogs.net, maybe; pizzarolls.com, perhaps; healthfood.net - that junk is clear fraud. I told the fraud lady as much and she'd heard all she needed. She then pleasantly surprised me by telling me they'd killed the cards and that we should have brand new ones overnighted to us that day.
In the end it was a really painless happening. I know it's nothing like the frustration one might experience with a true or more widespread identity theft, but considering how "violating" it could be it really was a non-event. Good on the card companies for being on top of it, I suppose. I wonder what their annualized fraud "expected losses" are?