I discovered 14 fraudulent charges on our credit card a few weeks ago totaling over $7,000. Our credit cards were not stolen and the charges were all made at physical stores in the Seattle area, so someone is carrying a physical card that has had the magnetic strip changed to use our number. In 16+ years of using credit cards, I’ve never had this happen although “it’s apparently very common”:http://www.bankrate.com/brm/news/cc/20000927.asp.

I called all the stores where the purchases were made and they faxed me the receipts. Here’s their spending spree:

02/26/2008 8:25pm OFFICE DEPOT #907 SEATTLE WA $1,306.79 Laptop computer  
{background:#eee}. 02/26/2008 9:20pm WHOLEFDS WSL 10216 SWH SEATTLE WA $229.89 Groceries
02/27/2008 12:57pm THE HOME DEPOT 4702 SEATTLE WA $907.34 Chandelier, hardwood flooring  
{background:#eee}. 02/27/2008 1:07pm WAL-MART #2594 LYNNWOOD WA $1,000.00 2 $500 gift cards (register 18)
02/27/2008 1:23pm WAL-MART LYNNWOOD WA $1,792.41 2 laptops, X-box  
{background:#eee}. 02/27/2008 1:28pm NORDSTROM #0001 Q18 SEATTLE WA $119.74 Shoes
02/27/2008 1:49pm WAL-MART #5195 EVERETT (W) WA $1,000.00 ???  
{background:#eee}. 02/27/2008 2:33pm WAL-MART #5195 EVERETT (W) WA $1,587.34 ???
02/27/2008 2:49pm MANOR MARKET AND DELI LYNNWOOD WA $30.54 Lunch? Beer?  
{background:#eee}. 02/27/2008 3:53pm SHELL OIL SEATTLE WA $74.72 Gas?
02/27/2008 7:38pm SHELL OIL SEATTLE WA $17.81 Gas?  
{background:#eee}. 02/28/2008 11:38am WAL-MART #2594 LYNNWOOD WA $87.95 Camera w/ lens, camcorder
02/29/2008 3:53pm SHELL OIL SEATTLE WA $52.01 Gas?  
{background:#eee}. 02/29/2008 4:58pm SHELL OIL SEATTLE WA $74.64 Gas?

Unless it’s a coincidence that these purchases were made in the same city we live in, the person must have had access to our credit card recently and copied the number. We buy online almost exclusively so there are only three local transactions where that could have happened. And two of those are places we’ve used a lot without problem, so that left one merchant that is likely to have stolen our number.

I did some internet research about that merchant, a small “mom and pop” store that Gay visited days before the fraudulent charges began. Gay had a conversation with the owner while she was there. The owner mentioned that her husband is a policeman. He has a very unique name so it was easy to Google him. According to King County, he is no longer a policeman and was arrested in December 2007 for stalking and assault and is currently out on bail. Why would she claim her husband is a policeman when he’s not and hasn’t been for a while? Not that this means he or they did it, but I’ll be surprised if it turns out not to be them.

Fortunately, Wal-Mart and Home Depot videotapes all transactions so there should be a decent view of the person in one of the transactions made at these stores. If they can be identified as the people who own the store where we suspect it happened, it should be easy to catch them. But I don’t get the feeling the police care much about crimes like this since it’s not a violent crime and almost seems like a victim-less crime. We aren’t responsible for these charges and the credit card company or the bank aren’t responsible either. The stores where these charges occurred end up paying for it and they pass the charge on to their customers in the form of higher prices. The victim is the general public even though most people assume they aren’t harmed since they are not responsible for the charges.

The stores themselves are helpless to prevent this, though. The credit card companies should prevent it. I can think of some solutions:

  • The magnetic strip on the credit card stores the number only. If the card stored the name on the card too and the authorization system checked the number and the name on the account the charges could be declined. It’d be the responsibility of the cashier to check the ID of the person to see if it matches the name on the card. Fake IDs could be used, but the criminal would need to get a fake ID for every credit card they’ve stolen.
  • Require a PIN or password to be entered by the cardholder at the point of sale. Debit card transactions require this, so the infrastructure is in place already.
  • Don’t print card numbers on the card. Give cardholders the number that they can store elsewhere for use in online or mail-order transactions.
  • Print a different number on the card that is used only for online transactions. A transaction that is done in person would be declined (and vice versa).

But since the credit card companies aren’t responsible for fraudulent charges, they have little incentive to do anything.