August 24, 2010 by Leah
I tried to order something online on Sunday and discovered my credit card was being declined. I only use one of my seventeen million (okay, I think we have seven to eleven between us, most of which we keep open so as to not adversely affect our credit – we only use a couple for their specific rewards) cards, and the one I use has the best rewards (cash back) and the lowest limit, $2000. I knew I must be getting close to that limit, having not paid the grocery bill (haha) in a month, and because I’ve been using the card for veterinary bills and for new clothes. (I promised myself that if I got a second interview for a job I’m currently up for, I’d buy a new suit. I couldn’t re-wear my only suit, besides which, that suit is medium-gray and had pumpkin stains on it courtesy of Duke. I know, I’m not doing a good job of being frugal.) Even so, the card being declined surprised me, so I logged on to the bank’s website to see if I’d forgotten any recent transactions.
I had not forgotten any recent transactions. I have also never been to the Home Depot in Signal Hill. (Signal Hill is a city that is entirely surrounded by Long Beach.) Apparently my card made some purchases there last Monday, the 16th. Funny, because we flew home on Monday morning and I spent the day going for a run, doing laundry, and sitting quietly with our very sick dog. Intrigued, I examined the transactions further. There were quite a lot of them over the past few weeks, an overwhelming number of which were made at gas stations, several for $40 and over. Aaron and I have one car. It’s a Prius. Even if the tank were completely empty, filling it wouldn’t cost over $38, and we certainly wouldn’t do that more than once every couple of weeks. My credit card was compromised.
I called Capital One and kicked myself for not using the LucyPhone app I recently downloaded as I navigated the automated system. Part of me felt kind of bad pressing the number for “report fraud,” because it sounded like such a big deal. Yet when a nice woman answered the phone, I told her that there were several transactions on my most recent statement that I had not made and asked if she had suggestions for how to proceed. She was very concerned and professional, and asked if we knew where both our cards were (we said yes). I explained that some of the charges had been made while we were out of town and she said that the timing and recurrence of the gas station charges was enough to make them very suspicious. She investigated some of the fraudulent charges and said that they had been made with an actual card, so we could be victims of card cloning (where they manage to electronically impart your credit card data into the magnetic strip of a false card).
After a thorough search, we realized we couldn’t find Aaron’s card for this account anywhere. We also hadn’t seen it since we left Alaska and all the false charges were made in the Long Beach area (well, one was in Orange County, which is like a mile away). The woman at Capital One said it didn’t matter, the account was closed and she was filing a fraud report and sending me various things by mail and email that I would need to return. She also assured me we would not be responsible for the fraudulent charges.
I’m left feeling slightly uneasy but happy that there seems to have been a resolution. Aaron would like to find the thief and remove his or her hand from its arm. He has a point – the total amount in question was $582.83 (10 trips to a gas station since August 6th and two trips to Home Depot), which, while it would be a big deal to us, is so negligible to Capital One it will be written off the books with no real investigation. I’m worried about how our information got out there – is it worse to think someone might have been able to get enough information to clone a card from wireless online transactions or to think that someone somehow found Aaron’s card? Perhaps even got into our house? That would definitely be worse than electronic espionage, but seems extremely unlikely. And yet, apparently it was that easy for the thief, however he or she stole the information. Tthere will be no action taken, and thus there’s no deterrent to keep it from happening again.
I’ve always thought I keep a close eye on all my accounts, but the first fraudulent charges were made on August 6th (we were in Oregon, btw) and posted on the 9th and it took me until the 22nd to notice them, by which point over $500 and a clear pattern were racked up. Aaron is right – in a way, I’m quite lucky I spent so much this month and was within sight of my limit. I would hope the thief was embarrassed when the false or stolen card was declined, but that, too, is highly unlikely.