Always beware

Terry, I'd be interested to know whether your friend's Credit Card is one of the RFID models? That may be how the "evil doers" obtained his number and expiry date? I've been doing some research on the subject lately, and it's amazingly easy to capture information from "PayPass" cards using only a Netbook and an $8 Reader. Cheers!

Ken, would you clarify what an RFID model is and what "PayPass" is? Are you talking Canadian? Terry, sorry to hear about your friend's troubles. It's amazing how many people get their credit card info stolen every day.

Which is one of the reasons we tend to be 100% cash. Also credit card numbers can be obtain many other ways so it may look like it was taken in France when it may have been pulled from an old internet transaction.

The bad guys have more ways to get our info than we have ways to stop them. A week or so ago, I used my local debit card at a store and a couple of restaurants (fast food-type) where I have used it many times before. The next day I had a fraudulent transaction on my account, saying I had purchased something in Melbourne, Australia. And when I went to the credit union to report it, there had also been another attempt on my card the same day from Beijing, China, but that one was declined because the Australia one had emptied my account. The credit union immediately gave the money back and I signed some forms and that was that - for now. Sometimes it doesn't matter how careful or aware you are, things can still happen.

Maryam, RFID is radio frequency ID, a kind of technology that makes things like PayPass possible. Your info is embedded, and to make a purchase with such a card, all you have to do is tap the card on (or pass it in close proximity to) a reader to register your payment. A good description of RFID can be found here: http://electronics.howstuffworks.com/gadgets/high-tech-gadgets/rfid.htm

This was a standard bank issued card..... nothing high tech. I always wonder why people smart enough to perform the crime are not smart enough to get a great paying job using those same skills. And how does a card used in Bloomington also get charges in Australia and China? Technology is amazing.

Maryam, Perhaps "Pay Pass" is more of a Canadian term, but the same technology is used in the U.S. (there are different "brands", so the name will vary). Regarding Radio Frequency I.D. (RFID), this is a technology that's being used more these days. These operate on a "proximity" basis, where the card doesn't have to be ed into a Reader, but only has to be close. RFID cards always have a small "signal strength" logo on the front. For a description of the theft possibilities, have a look at www.youtube.com/watch?v=vmajlKJlT3U www.youtube.com/watch?v=JVerEMooek8 Cheers!

You know, these charges should not have even been approved. There are systems out there that alert the card issuer if it looks like it is coming from somewhere unusual. I went to another part of the county where I rarely shop and bought a lot of groceries. On the way home, my cell phone rang, asking if I had made the purchase. If I had said no, the card would have blocked immediately. That is why you should always let your card issuer know when you are travelingthey may not approve transactions in England, if you usually are in Iowa. So, if your card is used fraudlently in China or somewhere, I would look for a different card issuer.

Mine was a debit card, not a credit card, issued by my local credit union. They have a service that monitors their cards for unusual use, but I discovered the fraudulent activity before they could notify the credit union. I saw it on my account when it was still "pending", and it didn't actually post until after the credit union had closed for the night (on a Friday - so that it would presumably be the maximum amount of time before someone noticed).

The standard in US restaurants is to give the server your card. They run it and bring you back the receipt to sign. An unscrupulous server can pad their income by also running your card through something that looks like a pager. At the end of their shift they sell the information to someone who knows how to conduct fraud on a large scale. I'm not sure what the most common fraud is in Europe but keeping your card in sight may be your best defense. Here's a piece from Savvy Backpacker website: http://thesavvybackpacker.com/670/how-to-stay-safe-avoid-common-scams-in-europe/

Good advice, Brad, but in my case, my card never left my sight or my possession. And I could not have been in Bloomington, IL, Melbourne, Australia, and Beijing, China on the same day.

Terry, My son is a software engineer. I ask him the same question. Why these guys find a good pay job? His answer was. They make a lot money by stealing your CC info and sell it to the oversea organizations. They are not interested in working for a job may play 100K to 200K a yr. It is now a big international business. It does not matter where you use you CC. People in Asia and Europe have the same problem. The CC companies keep charging the merchants higher and higher fees for this reason. There are no solution to this problem yet.
Have a Good Day!

Rick...i would love to make $100,000 a year, but I understand what you are saying. Crime can pay well. Sue, he (and I also) notified the card company about our travels. What surprised me was he told them he would return May 24, and the charges were made June 2. I know my cc company would have blocked the charges....I was dumbfounded that his did not, even though they were told of his return date. Another thing...he has never bought camera equipment in his life, and an $8,000 charge for cameras did not raise a red flag? No wonder people keep doing it! And at no time did the card leave his possession . so either the businesses got hacked or an employee helped himself to the information.
Thanks everyone for your responses.....always a good group to learn from!

We have always told our card issuing financial institutions where we are going and when. Then one time Chase shut down their debit card in Ireland, saying later that we had not told them that we were going to be in that country. That year, Ireland was the only country we were going to and my wife had told them over the phone. Thank goodness that we always carry a second debit card from another financial institution. From then on, we notify our financial institutions of our plans and then request that they repeat them back to us as well as asking for the name of the person we are talking to and make a written record of the exchange.

Belts and suspenders. I take 2 debit cards, but use only 1 as the primary. These debit cards are linked so that if the primary one is eaten by a machine, I can go online and transfer funds to the other institution within 1 day. I also take 2 credit cards: an American Express and a Visa card. I figure I can always find an American Express office, even though it might not be convenient if something untoward happens. Don't keep these cards together. Give one set to your traveling companion (if you have one), or keep it separately on your person or in a safe. I also try to have some local currency as walking around money on me when I land. Finally, give your passport info and credit card info to someone staying behind in the US, in case anything awful happens. In fact, it's best if someone has a photocopy of your passport back home.

To say there are many ways your credit card number can be stolen and used is an understatement. If you did not see the documentary (can't recall if it was on 60 Minutes or another similar show) that showed how the company T.J.Max (and many other merchants) used for credit card processing was hacked, there is no way I can summarize that in this space. But, it was hacked by a ring of folks who are really good at what they do. Yes a waiter can keep a credit card number or a hotel worker, but the instances of that are far fewer than folks who actually hack into processing systems and quickly sell the numbers (in great volumes) overseas before a company realizes they have been hacked. Skimmers....little hidden readers put on machines by bad guys can also pick up a credit card (or debit card) number at a ticket machine. Then your number is often quickly and frequently used until you find out and report it. One reason you want to use an ATM at a bank location when possible. While it does not guarantee completely safety, it is a little less likely they will have skimmers. This is one of MANY reasons I will not own a debit card (only a pure ATM card...different). If a credit card is compromised, you see a bill first, but with a debit card often the first clue someone has your # is the NSF on a check or rejection of a debit card transaction. In the meantime, bad guys can clean out your checking/savings accounts before you know its been done and then you have to report it to the bank and get your account restored. But, I digress.....this posting was a warning about credit cards. Yep, caution. The more electronic our society gets, the faster the fraud happens.

Dick, AFAIK, no U.S. Banks are currently issuing EMV (ie: chip & PIN) credit or debit cards. I'm surprised to hear that CitiBank is "testing" these, as the U.S. Banks have already stated that this technology is too expensive and they have no intention of adopting it. CitiBank can "test" these as much as they want, but until the POS Terminals are changed over at all the merchants, and the data infrastructure is uppdated, they won't be of much use in the U.S. I also experienced a "fraud problem" with my Citi MasterCard during a trip to Las Vegas (not sure how they detected it so quickly?). They promptly replaced the card. I've just learned that the Citi MasterCard portfolio in Canada has been purchased by CIBC, so it's likely that the new card that is issued will have "chip & PIN". The EMV cards have also worked all over Canada for a couple of years now. Good luck!

Since we're on the subject, does anyone know of a US-issued credit card using "chip and pin" technology? Widely used in Europe, these cards require you to enter a PIN when you do a transaction, making it harder to steal from you. My US cards (Bank of America, Citi) use the "swipe" technology commonly used here. Most European businesses take them and we haven't had a problem (except at one restaurant), but Citi has just replaced my card (almost an annual event) due to a security breach affecting lots of people. When I asked them when they have a chip-and-pin card, or where I could get one, they said the technology was still being "tested" here. Don't know why it needs testing since it's worked all over Europe for years. In general, the tradeoff for convenience is insecurity, and the tradeoff for greater security is a little incovenience (entering a PIN). I'll take the security, here or overseas.

Ken and Nancy, Concerning the type of credit card skimming you were talking about, here is a catalog that sells a paper thin metal "Wallet" or case that prevents thieves from pilfering your identity by RFID scanning. This is from the Herrington Catalog that I get by mail. They have travel accessories, clothing, etc. Phone: (866) 558-7467 to request a catalog. Here's the item: http://www.herringtoncatalog.com/es466.html I understand the evil doers have a "reader"; they can just walk by you in a department store, or on a bus or subway, and pick up your info. This item blocks their signal.

@ Rebecca, The RFID Blocking wallets and other products seem to be more commonly available now at a variety of retailers. Magellans also lists a number of these products in their catalogue. Consumer Reports recently tested some of these and found them "somewhat" effective. One of their staff members created a "homemade" RFID blocker using aluminium foil and Duct tape, and that was apparently more effective than some of the commercial products. Cheers!

Ken, Thanks for the details of the " homemade" RFID blocker. I must make one of these before my next trip overseas!

I just had an experience attempting to use my American Express card for Trenitalia tickets for our Sept trip. The purchase was declined by AX. Within seconds I received an email from American Express notifying me that they suspected a fraudelent transaction and blocked my card until I contacted them. Once I called and confirmed that I had attempted to use the card and the card was in my possession, it was released for use immediately. Since I was using my card from home, I didn't think to call and notify AX of an Italian transaction. Conversly, I've used our Visa multiple times for our trip with no issues. We also opened up a Capital One account to use as our primary ATM card in Europe. Since our primary local bank account will be set up to pay bills and receive automatic payroll deposits, and has a overdraft protection, what a mess it would be if this account was drained while out of the country for two weeks.

Two days ago, Sony report that they got hacked in. Yesterday, Citi report that they got hacked in. Maybe these international hacking company is bigger than IBM. I ask my wife to close out all the CC which we do not use. I don't want to deal with the ID problem.

Unfortunately, closing out accounts that you are not using is going to negatively affect your credit rating. I know it doesn't make sense, but it lowers your "available" credit, so your current balances are a greater percentage of your available credit.

Nancy, Yes, you are right. By closing out your CC, it will lower your credit rating. ( for short period of time until you rebuild ) Also, if you borrow money, this might increase the rate of interest.
For me, I am a retired person and not planning to borrow money in the future. So it don't not matter to me.

Like Pam, my wife and I carry a debit card and credit card each. Each card is tied to different accounts (two checking accounts and two credit accounts) so we have a backup in case we run into difficulty. The other good piece of advice here is to bring your banks' non-800 phone numbers with you. If there is a problem, your card will be frozen until you contact them personally and the 800 number on the card won't work from Europe. If there is any fraud on the account, you might as well throw the card away (cut it up first). The account will be closed and you won't have access until you receive a card for a new account (in the mail to your home address or express mailed to your location). As far as I know there is no way a bank can/will sort through every transaction in real time and disallow some transactions but allow others on an account.

Just throwing in my story because I'm very very careful - I've gone to Europe the past 4 years in a row every Spring. In 2010, we went to eastern Europe (Latvia, Lithuania, Estonia) with an additional week in Russia. During that trip we used my Bank of America visa to pay at all the hotels, except The National in Moscow (we used cash for everything else - food, etc) as well as pre-booked car service in Moscow (that didn't work out well - they didn't show up when we arrived, etc - kind of sketchy). This past March 2011 I tried to get gas and my card was locked. I called the bank and they had apparently JUST locked it and were about to call me because someone tried to make 3 fraudulent charges to my credit card. They were large charges - starting with $1000. They didn't even try to start with a small charge... Anyway, they issued me a new card. (annoying as it was just before my trip to France). Coincidentally, they were able to give me the name of the company the charges were coming through as - a Russian company. So, you can be very careful - as we always have - but sometimes things just happen.