Vtyjkyuk

I have had the same debit card for several years, and I've never had a problem with any fraudulent charges until yesterday. I am careful about where I use my debit card number online, and I am fairly vigilant about computer security, although certainly not perfect.

Yesterday, I checked my bank statement, and saw two strange charges, one in Wyoming and one in California, both of which are literally half a continent away from me. The charge in Wyoming was immediately refunded, but the other wasn't, so I called my bank to find out what was going on. The person with whom I spoke told me that the card had been used about 30 minutes ago, and that her system indicated it had been used in California physically. This in spite of the fact that the thing was in my wallet at the start of the day, and right before I called the bank. I did my due diligence with respect to the card, and the fraudulent charge, but I am curious: how could this have happened? I understanding stealing someone's card information and using it, but running a charge such that the bank's system 'thinks' it was physically swiped? Could anyone give some insight into what's behind this? Thank you.

Addendum: the card does not have a chip, and I didn't ask if the Wyoming charge was also supposedly made with the physical card.

EDIT: I should have stated originally, I have already canceled the card. Thanks to all who have replied so far.

It’s possible your card was skimmed. This works by the scammer getting a physical swipe of your card, for example from a bogus attachment to a legitimate card reader, then making a duplicate card. That duplicate card can then be sent anywhere, resulting in your card seemingly having been ‘scanned at a distance’.

Contact your bank and ask them to block your current card and to issue you a replacement card.

In comments below, Adonalsium shared a link with more information about technology used by skimmers: "Brian Krebs has a fantastic series on Skimmers. krebsonsecurity.com/all-about-skimmers"

Your card was either skimmed or cloned somehow. One of the problems with the "stripe" system is that it's so easy to hack/fake it. It is 1970s tech.

The Banking system is built on trust; a lot more than you would imagine. There was , and still is, a lotof resistance to switching to "chip" owing to the definite cost of doing so vs. the maybe savings of reduced fraud. The way this was finally handled is a Liability Shift: as of October 2015, merchants who still use stripe eat the liability for fraud. And so each business is left to "run the numbers" and see whether the cost of chip conversion is worth it to them.

Liability shifts like this are the stock-and-trade of how banks deal with risk. That's why you need to pay attention to credit vs debit card rules and the practices and case law which follow: Comerica v. Experi-Metals (EMI) comes to mind. Mind you, they don't write the case law, but they do write the rules.

Perhaps you did all that when you evaluated whether to use debit vs credit cards, but I for one reached a different conclusion. My impression is that you are likey to prevail on these new card-present-swipe charges eventually if you stick with it, but the money in dispute will not be available to you while the long process runs.

There are three possibilities here:

1. You flew to California, used the card, and flew back, and you've forgotten that you made this trip.




2. Invisible Martians teleported into your house, stole the credit card from your wallet, teleported to California where they used it to make a purchase, then teleported back and replaced it in your wallet before disappearing.




3. Someone made a fake card with your account number on it.

I'm going to go out on a limb and say it's probably #3.

Obviously the credit card company is capable of writing your account number and all onto a card. There's no reason why a scammer with the right equipment can't do the same. The trick is to get the necessary information. There are any number of ways to do this, from hacking into the credit card company's computer, to intercepting signals from a card reader where you used the card, etc.

Of course in 2018, once they get the data, transmitting it to a place 1000 miles away need not take more than a few seconds.

You will have to go through the normal procedures of this account being compromised. Contact the CC company and tell them so. You will likely have to fill out a form to dispute these charges. This account should be closed ASAP, and have new cards issued.

This is typically a bit of a hassle as many of us have a card saved for automatic transactions for things from Apple/Samsung pay to the water bill. These will all need to have the new account numbers entered.

Given that your card does not have a chip, a scammer could have made a new card, the merchant may be lying, or perhaps the CSR from the CC company gave you the wrong information.

Once fraud is detected on a credit or debit card, that card must be shut down ASAP.

Why would your bank want to investigate the erroneous transactions when they could just insist that the card had been physically scanned? There is no explanation. The actual truth doesn't matter. If you try to get any more information out of them you will be met with 2 hour + waiting times, scripted interactions (or worse, "AI" and a text-to-speech engine), and/or radio silence.