Victim of "sequencing" credit card fraud

[WackyTomato]

Hi all,

I was wondering if any of you guys have been victim of "sequencing" credit card fraud? ("sequencing" fraud refers to when hackers or whoever else figure out your card number and expiration date using computers and applications generating millions and millions of possibilies...).  When hackers figure it out, they might make a small purchase using an online retailer (they don't need your pin for that), hoping that you don't notice it... then most likely will follow with a massive purchase.

My wife and I have two separate CIBC (one of the big Canadian bank) Visa Aeroplan Infinite card.  We were both victim of that not only once but TWICE - EACH! - in the last couple of months.  This is ridiculous.  Apparently that type of fraud is on the rise.  The fraud department at the bank told us that we were not doing anything wrong and that we were just "unlucky".

If it happens a third time, I will consider changing financial institution.  It is unfortunate because I never had one single card compromised over the years.

Thoughts? Experiences?

Thanks! :)

[SoftwareGoddess]

Not a victim, but I read about sequencing fraud last year on the CBC website.

http://www.cbc.ca/news/canada/sequencing-fraud-on-9-cibc-visa-cards-like-groundhog-day-for-ottawa-man-1.2989611

Based on the article, it sounds like changing banks may or may not be helpful.

[Catbert]

I've had several credit cards hacked/compromised over the years.  In all cases I had the physical card and wasn't sure exactly how it got compromised.  In all but one situation the credit card companies caught the fraud when someone tried to make a suspicious purchase. 

Unfortunately, I think it's the price we pay for having credit cards.  I'm not sure that switching banks will help the situation.

[TOgirl]

I've had one of these situations recently. I caught it on the statment, luckily just after they processed the "small" charge - stuck out as it was $13.00 in tolls for a toll road in a different province. I notified the fraud department, and they took care of it from there. Interestingly, the credit card is with a smaller bank affiliated with CIBC.

[WackyTomato]

Not a victim, but I read about sequencing fraud last year on the CBC website.

http://www.cbc.ca/news/canada/sequencing-fraud-on-9-cibc-visa-cards-like-groundhog-day-for-ottawa-man-1.2989611

Based on the article, it sounds like changing banks may or may not be helpful.

I also read that article.  Poor guy.  I did not reach 9 cards yet.  Only the second in a couple of months - but still!! Very interesting that the guy was also holding a CIBC visa.  I wonder if it's the way CIBC chooses its credit card numbers (eg. too easy to sequence).

They told me and my wife on the phone that they will change the expiration dates.  Interestingly, most credit card numbers start with the same 4 numbers, even the first 8 numbers in some cases!! That's crazy.  I guess it makes it that much more easier for computers / apps to generate possibilities...  You'd think big banks with all their money would have figured out a way to counter this.

[steviesterno]

i've had this happen 2 or 3 times. In all cases, I've gotten a call from Capital One along the lines of "Hey, are you trying to buy flowers in Isreal?, no, ok, new card on the way".

They have caught it before I do each time.


I think it's a price you pay for using a card. It's also nice safety, because a credit card I'm not on the hook for, but a debit card they could get access to other money and I have to fight for a refund.

[markpst]

I am not sure if mine was due to sequencing, but I suspect it was. I had a card that had very limited activity, and I didn't even carry it in my wallet. My credit card company notified me of a strange purchase ($10 at some gaming site in England) and I told them it wasn't my transaction.

My current credit card that I use quite a bit flagged a fuel purchase as suspect, in the city I live in, about 3 miles from my house. I wonder if it was the specific gas station that caused the flag. It was in a somewhat sketchier area than I live.

[Spork]

  Interestingly, most credit card numbers start with the same 4 numbers, even the first 8 numbers in some cases!! That's crazy. 

It's not exactly this.  There are several formulas (that differ by CC company).  Usually the first digit is the CC company (MC/Visa/Amex/Diners/etc) and the following digits represent the issuing bank (or some particular combination of some of the following digits... varies by CC company).   There *is* a unique account id on there (and a checksum digit) but the account number is not the entire number.

[WackyTomato]

Good to know.  I did not know that.  Cheers

[PizzaSteve]

It's the price of convenience, sadly.  The industry is working in ways to increase security for card not present transactions.  If American consumers could be bothered to remember a PIN, the fraud would be dramatically reduced.   Any bank that requires a PIN would lose too many customers, so in some ways we only have ourselves to blame.

When biometrics are common in our phones and computers, this will likely become a solved problem.  But than again, the privacy worriers may reject that solution, so it is still up in the air.

[WackyTomato]

I have no idea what you are talking about.  Credit cards in Canada / US do have PINs.  However, you do not require a PIN for online transactions.  Some retailers will ask the 3 numbers at the back of a card, but not all of them.

[MilesTeg]

That we still don't use cryptographic authentication for online transactions is pretty sad. Of course, even rolling out crypto (chip+PIN) for in person transactions in the U.S. has been bungled horribly by banks, retailers and everyone else involved. Mostly because the regulators just won't man up and actually make it mandatory like in the EU.

[BTDretire]

I recently got a new card from my old company, I was surprised it was not a Chip Card.
I understand Europe has had them for 10+ years. They reduce fraud by 1/2 or more.
https://www.theguardian.com/commentisfree/2014/jan/27/target-credit-card-breach-chip-pin-technology-europe
 PDF about fraud reduction rates,
https://www.theguardian.com/commentisfree/2014/jan/27/target-credit-card-breach-chip-pin-technology-europe
They broke this down into so many catagories, there is no clear answer about the total fraud reduction, that I saw. Fraud reductions charts start at page 6.

[Papa Mustache]

I recently got a new card from my old company, I was surprised it was not a Chip Card.
I understand Europe has had them for 10+ years. They reduce fraud by 1/2 or more.
https://www.theguardian.com/commentisfree/2014/jan/27/target-credit-card-breach-chip-pin-technology-europe
 PDF about fraud reduction rates,
https://www.theguardian.com/commentisfree/2014/jan/27/target-credit-card-breach-chip-pin-technology-europe
They broke this down into so many catagories, there is no clear answer about the total fraud reduction, that I saw. Fraud reductions charts start at page 6.

Probably next time you get a new card it will be chipped. Both my new personal and work credit cards came with the chips. Just about all the local retailers here (except fuel pumps) now have chip readers. This is a small town in the south. 

[JLR]

Yes, we've had this happen twice now. Although I check our CC charges online regularly, each time the bank caught it before I did. They contacted us, arranged putting a stop on the account, refunded the charge, sent us a new card.

[RetiredAt63]

Kindle had a sale once on a bunch of books I wanted, so with the instant purchase I had about 10 $2.00 transactions.  About 1/2 hour later someone from BMO MasterCard called about some odd transactions on my card.  It was my Kindle books.  But I was very glad to see that an odd purchase triggered a check.

I also take advantage of travel notification on my CCs so that I don't have trouble using them while traveling and that someone isn't using my card number at home while I am gone.

I find the Tap technology convenient but am not at all sure I like it from the security viewpoint.  Anyone know how secure it is?