Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to detect credit card theft in the early moments

Steve Ragan | Sept. 15, 2015
A single email helped avoid serious losses.

chip and pin credit card

It's 5:30 am on a Monday and the world is dead silent. I'm not a fan of early mornings or Mondays for that matter, but I'm used to the silence of a sleeping world.

I have a lot of trouble sleeping. Insomnia is a major problem in my life, but I've learned to adjust to it over the years. It's not that I don't sleep. I do sleep; it just comes at odd hours and for various lengths of time.

Oddly, this jacked-up sleep cycle has been useful to my work and personal life; today is a good example of that.

So, here I am at the desk, bright and early, bleary-eyed and in desperate need of coffee. Part of my morning routine is to scan headlines and check my email.

Today's a typical day really, aside from a series of messages from Capital One, the company responsible for one of my credit cards.

The company, known for their "What's in your wallet?" commercials, has a number of security measures that customers can take advantage of, including transaction notifications.

One message was sent at 4:35 am, just an hour before I sat down at the desk, so the transactions that are being reported happened within the last 12 hours. I've got three messages total. One is reporting a transaction at Carapace Clothing, followed by a refunded charge at the same store for the amount charged previously. The third email details an Uber transaction.

I'm in Indianapolis, so three charges in Los Angeles, CA are an immediate red flag.

However, I rarely use this card, so if it wasn't for these emails, it's possible that whoever obtained my number could have sold it and drained the account in short order before my statement arrived.

The email is below:


Capitol One Transaction Alert


The transactions are small, suggesting that the criminals were testing the card.

These little transactions, one for $5.99 and the other for $2.05, are proof that the card is active. Later, the criminal with access to the card account will use it to purchase tangible items that can be cashed-out for goods, such as gift cards or easily moved items like MP3 players, games, etc.

Still, I'm a security reporter, so I didn't click any of the links in the email. Instead, I went to my account directly and checked the card online. As it turns out, the notifications were legitimate and the transactions appeared as reported. At that stage, I contacted customer support and they deactivated the card.

Now I get to wait for its replacement. It's a bit of a hassle, given that I can't use the card, but worth it considering the alternative.


1  2  Next Page 

Sign up for Computerworld eNewsletters.