A different kind of credit card fraud

I closed my Discover account yesterday due to fraudulent activity. I’m waiting on a new card with a new account number and I cut up the old one. Once I get my new card, I’ll also be changing the username and password to access that account online.

This isn’t my first experience with credit card fraud. I’ve had both a Diners Club and an American Express account compromised in the past. Those were corporate credit cards and the fraudulent activity was pretty standard: odd charges showing up on the statements. It’s pretty easy to spot fraud when your account shows evidence of a shopping spree in Virginia while you’re at home in Chicago.

But this recent fraud I encountered was something completely new to me. My first clue that something odd was going on happened earlier in the week when I opened a piece of mail and found a new Visa debit card inside, waiting to be activated. All the material inside was in Spanish, a language that I don’t read or write competently. However, it was clearly a valid card and not one of those fake plastic or cardboard cards that are sometimes sent with credit card applications.

I was very suspicious of the mailing and carefully looked it over trying to find a phone number for customer service that I could call to ask why I had received it. I spotted a website in small print at the bottom of the mailer, so I visited it (the site was all in English, at least) and found a customer service number there. The number matched the one on the activation sticker, and since it was the only option I reluctantly called it.

After calling the number I was given two choices: activating an account or reporting a card as lost or stolen. I wasn’t able to get an agent on the line by waiting or pressing 0, so I eventually chose the option to report a card as lost or stolen. The customer service agent who answered said she couldn’t help me unless I gave her the account number, but I declined because I thought that would activate the card.

At this point I thought that I was encountering a sort of mail phishing scheme where I would be on the hook for all sorts of account maintenance fees if I activated the card. I was incensed at what seemed like a dirty, under-handed way to get money out of less financially savvy people or lead to a blemish on their credit report. I actually visited the Illinois Attorney General’s website and downloaded a form so I could file a report to alert them to this scam.

Visa card and forms

The mailer with the Visa debit card that seemed so suspicious.

But yesterday as I sat down to pay my monthly bills online, I looked over my Discover card statement online and saw something very odd. I had $100 missing from my cashback bonus award. I looked up the redemption history, and found a $100 cash deposit to a company called MetaBank on January 14, 2013. That’s when it fell into place: I had seen MetaBank listed in the materials that came with the Visa debit card received in the mail.

I’m still trying to figure out how my account was compromised, and likely I’ll never know for sure. After calling Discover, the fraud protection department asked me if I my online account information could have been used by anyone else. I told the agent  that I only access my account from two computers: my personal laptop at home, and my work laptop which is always in my possession. (In fact, I’m obligated by my employer to carry the laptop between home and office.) I also don’t have my login or password information for any of my financial accounts automatically saved in my browser settings.

Discover’s fraud detection department did tell me that they saw some suspicious activity on my account on January 11, 2013, just one business day before the redemption from my cashback bonus account to Metabank. A charge for $5 had been made to Rio Hotels, and then credited back to my account on the same day. Very suspicious, indeed. It didn’t show up in my statement at all, but the fraud protection department could see the activity. I hadn’t been visiting any hotel websites that day, although I had been visiting travel insurance sites to compare rates for a trip I’m taking this fall. I’d also made a purchase through Amazon.com using my Discover cashback bonus funds right around that time.

Thankfully, Discover will refund my cashback bonus funds. While I use my Discover card for most purchases because I like their cashback bonus, I have other options for payment until my replacement card comes in the mail. And this entire experience has opened my eyes to a new type of fraud that I can be vigilant against.

In addition to cutting up my card yesterday, I also cleaned the cookies and history from the two browsers I use on my home laptop (Firefox and Chrome) and started looking into software to detect viruses on Macs. (I’m not worried about my work laptop which is stringently protected by remote software monitoring and enterprise-level virus software.) I haven’t accessed my free credit reports at annualcreditreport.com in a while, either, so I’m going to make some time to visit at least one credit reporting agency today to see if there is any suspicious looking activity.

I’d be interested to hear if anyone else has experienced something like this. Is theft of cash rewards common in the credit card world? If you have an account with cash rewards, do you monitor the rewards closely? If not, perhaps it’s time you started.


6 thoughts on “A different kind of credit card fraud

  1. Oh that’s terrible!! I have heard of it once before as a deliberate fraud thing, and another time where it was an accident (the airline itself had given someone else an extra infusion of miles because they had mixed up the mileage reward number with another member’s), but I had known that it was something of a problem. I used to pay very close attention to my rewards points and miles because of that but I’d been paying slightly less lately…

    I’m glad they’re reimbursing you but I hate that it happened at all. Very unsettling. Outside of electronic stuff do you shred all your paperwork that contains any CC information? I don’t like to leave anything financial with name and address unshredded.


      • Paper mail is the most secure communication. You want to DELETE ALL WEB ACCOUNTS associated with your card(s). THAT GIVES SECURITY. Nobody can log in, not even you.

        Yes, you should also shred the paper if you toss it, but keep at least 1 year of back statements in your home files. You can still pay your bills by telephone. You really do not need web services at all. They are dangerous.


        • Interesting points. I have made a choice to reduce the amount of paper in my life and switched to mostly online statements and payments. I need to do this because I’m occupying a much smaller space now and storing lots of paper is difficult for me. I have heard of mail problems, too. In Chicago there were zip codes with notoriously bad mail delivery. Pay a bill by telephone? I didn’t realize anyone did that anymore!


  2. Hmmm this is interesting, someone did get a hold of your information and logged in to your account. Can you check on the discover account if there any new bank accounts added? also look at your address, profile, see if there have been any changes, even make sure your email is correct.

    NOW ASAP! Get a credit report and check things, with Trans union you can pay for one and set up alerts for a year, anything new that gets added you get alerted right away, if you notice any fraud, immediately put alert with all 3 credit agencies.

    Next thing to worry about is your taxes, have you filed yet? if someone has access to your information they could also file taxes in your name, your probably ok but just double check on things.

    I’ve been a long time discover card user but I’ve never seen anything like that- sorry that happened.



  3. I am glad to have found your post. The fraud department for my Visa card called me today, with a charge of 4.97 (USD or Swiss Francs) for Rio Hotels in Ferndale. The fraud department told me my card was compromised. I live in Switzerland. I do use a lot of US services online, so I wonder if during one of those transactions if the card was compromised. I have a Mac computer and use Safari.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s