**Warning** Credit Card Fraud

[DocDis]

I don't have any recent stats, but for years, New York was #1 in the world for credit card fraud and Florida and London fought it out for #2, with California being #4. Virtually all of the credit card fraud in Florida is done in either the Orlando area or the Miami-Ft Lauderdale area.


The most common way to obtain credit card info today is "skimming," and the most common venue for skimming is restaurants and clubs. Waitstaff carry small battery-powered card readers that look like the part of a POS teminal you swipe your card through. They usually carry them in those stylish little aprons they wear.

They swipe the card, it reads the magnetic stripe, and copies all of the info on the stripe to a storage chip. At the end of the shift, they sell the skimmer to a credit card fraud person, who gives them a new skimmer for the next shift.

You still have the card, so you have no idea your card has been compromised until you get your bill (or if you carry a GOOD credit card, like Citibank, they call you to check some transactions).

The credit card fraudster downloads the info from the skimmer onto a laptop. Then, they take a pile of stolen credit cards (which are probably useless because the owner has already canceled them) and copy the skimmed info onto the mag stripe of the stolen cards. They essentially create an electronic twin of your credit card. Typically, they'll go to a gas station and try a $1 charge to be sure the card works. Then they sell the cards to "runners" who will actually use the cards.

The numbers embossed on the card won't match the info on the mag stripe, which is why many merchants enter the last four digits of the embossed number. It's a detection strategy against skimming.

Often, if you see numerous purchases at the same store -- or different stores in the same mall -- that's because an employee of the store bought the card and is the person actually purchasing with the card. In malls, the kids trade stolen cards like we used to trade baseball cards, each committing a little fraud in their own store or being allowed to commit fraud in a friend's store.

In other situations, there may be multiple copies of the same card, and/or multiple people using many cards for a big shopping spree. Sometimes the rings involve dozens of people.

How do you protect yourself? You can't. You just pay attention to your monthly statements and hope your issuing bank has good security in place.

WOW! What great information! I never knew any of this. Are you in law enforcement?

 

[Crissup]

However since it was a debit and not a cc we had to wait 3 days to see if it actually went through and then dispute. Finally got the paperwork to process credit and now they have 10 days to credit our account! Big pain in the neck!

This is one of the major reasons I do not use debit cards for purchases. At least if they steal my credit card, they haven't got my money yet and the credit card issuer will handle it for me if I alert them soon enough. With a debit card, they've already tied up my money and if I'm relying on that money to pay a bill, I could be screwed!

I do information security for a living. If most people only knew how easy it is to steal most of this information, they would be very afraid. It's not that it's so difficult to do the right thing, it's that your information passes through so many different hands and many companies (particularly small companies) aren't willing to spend the money necessary to secure it properly. In many cases, the company executives do not understand the level of risk and are convinced that they're doing "enough".

 

[Crissup]

Network hacking is riskier because the hacker has to be close enough to the signal to hack it - and it Disney's case with all the camera's around -- you will eventually be seen, even if you can crack WEP in less than 4 minutes (see DEFCON)

You need to be pretty close to associate with the wireless. However, you can sniff the wireless from a much further distance away. In my family room, when I look at the wireless networks detected by my laptop, I find one. But when I put my wireless card into promiscuous mode and sniff the air, I can find at least 8 other wireless networks that I can sniff traffic on. I can tell you that many of my neighbors are still using WEP. When they manage their banking online, it would be trivial to capture that date for malicious purposes. Lucky for them, I'm one of the good guys.

Your advice to switch off Bluetooth and only use WPA or WPA2 is good advice. When I'm not using the Bluetooth on my Blackberry, I switch off the Bluetooth for security and to increase battery life.

 

[2infinityandbeyond]

I was on the jury for a credit card fraud trial last year. I learned that your cards aren't safe anywhere.

Here's what the crooks did--someone (my guess is a hotel employee with access to the computer, but it could have been obtained via dumpster diving) stole a document from a well known hotel chain which contained a long list of cc #'s of the hotel guests. Those cc #'s were used to create phony cc's (they looked really fake, and if any of the store clerks were paying attention they would have declined to accept the fake cards), which were then used to go on a shopping spree. The bad guys were caught after a smart convenience store clerk recognized that the cards were fake, and called the police.

What made it a bit more difficult on the store clearks was that the crooks used their own names on the cc's (so their backup ID matched the name on the card), but the cc # itsel belonged to someone else.

 

[Peepster]

Thanks for the heads up. I will be checking our bill from our recent trip. and we will use our room card for charging next time down.

Yes, I think we do get complacent about being in the land of the Mouse and being trusting. Kinda makes me sad.

 

[Crissup]

Yes, I think we do get complacent about being in the land of the Mouse and being trusting. Kinda makes me sad.

Years ago, back in the early to mid-nineties, when people were just beginning to learn how to put their own web sites up on the Internet, there was a guy who worked for WDW security and posted on RAD (this was before the big split) frequently. Anyway, he ended up putting up a web site of his own for a couple of years and one of his most memorable articles in my mind was one he wrote titled "Your Brain, Don't Leave Home Without It!". He went on to talk about how people get off the airplane in Orlando and immediately feel that because they are in this wonderful carefree vacation paradise, that they can immediately stop worrying about things like crime. How they would leave thier stroller unattended for a few minutes with their purses sitting in it while they grabbed a photo op, or would not pay attention to their surroundings while walking in dark areas.

He mentioned how he would frequently see people who had just been subjects of crime and were now crying because their vacation was ruined. His point was, WDW does a lot to try and keep these occurances as infrequent as possible, but it's still a large area that attracts a *lot* of people who want to be able to leave the worries of everyday life behind them for a week. And, this is *very* attractive to criminals who see a lot of opportunity for petty theft (and sometimes not so petty).

So, everyone should always be very careful, *especially* at WDW or any other major attraction that crowds a lot of people into an area or causes people to let down their guards. Personally, I feel it's a credit to WDW security that the incidents they do have are as few as they are. When you compare that to many other large vacation destinations, I think they do a tremendous job. But, we can't just expect them to handle it 100%. We still have to do our part to help avoid this type of stuff and alert them promptly when it does occur.

 

[merryweather20]

1) I don't think it came from the Front Desk.
2) They run the credit card right in front of you.
3) It is not out of your sight, thus, there is no time to run through a skimmer.
4) Once processed, the full card number does not appear anywhere.
5) Just the last four digits.
6) If you only used the card a check-in, you need to look elsewhere.7) The number did not get stolen from the Front Desk or Concierge Desk.

If you only used it at check-in where else are you going to look

I've eard from far too many people who had cc fraud after only using their cc at check in. Where else do you suggest these people look?