We recently published “How to Prevent Credit Card Fraud in New Normal“, and now this.
Last week, while I was checking my credit card transactions via the bank’s mobile app, I noticed a P999.00 transaction which did not look familiar. The merchant name is “Apple / Itunes” but I never used / owned an Apple product ever, not even in the family, much more purchase from Apple Store / iTunes. So I tried to recall if this transaction is really valid and whether I just forgot about it, but I cannot — this transaction really seemed bogus, fraudulent.
So I called the customer service of the bank and went straight to the “Report Lost Card” hotline. Note that technically, I did not lose my credit card, but I had a feeling someone was able to copy it (“skimming” or memorized the numbers) and used it for transactions without me knowing it — so more or less this is a similar case as a lost card with unauthorized transactions.
Customer Service Investigation
Sometimes, no matter how careful we are with online transactions, it is the offline physical transactions and fraudsters that can get past us.
Once the bank agent was able to establish my true identity through security questions, we went through the recent transactions (both valid and the suspected fraudulent transaction). Once we have both agreed that the last transaction is indeed not mine, and that the card has been compromised, they then promptly blocked the card to avoid future fraud transactions.
The bank will just send me a new card as replacement. The hassle though is that enrolled auto-debits on the card not coursed through the bank will have to be re-enrolled one by one with the merchant. As for the unauthorized transaction, I already filed a dispute report and subject to investigation, it should be charged back and not become part of my payables. But it will take time.
Good thing the amount is small enough. Had it gone unnoticed for long, bigger transactions might have been attempted.
Fraud Modus Operandi
Per the agent, the invalid transaction attempts via Apple / ITunes started in July 11, 13 days before I discovered the actual transaction amounting to P999.00 in July 24. Also, according to the agent, there were 5 transactions prior to July 24 with 2 to 3 days interval. However, the transactions did not appear in my mobile banking app because the transaction amounts we’re zero. It’s like they were testing the card first whether the transaction will get through. Talk about patience and strategy.
Then they waited for almost 2 weeks to use the card for an actual transaction “Apple / ITunes -P999”. Note, I’m not saying that it was Apple / Itunes (the actual company) that made the mistake, I’m just saying the culprit may be an IPhone / Mac user and s/he used my card for a purchase, or subscription. As for the 2 weeks gap, maybe they were trying to space out the transaction from copying to execution (July 11 to July 24) to give me a hard time locating where the possible compromise happened. Indeed it will be difficult to trace if my card had so many transactions.
I’m sure this can happen to any online purchase transaction, with any online merchant. Good thing though, we were on GCQ back then so I wasn’t really going out. There were very few transactions on my credit cards, and on that particular day, July 11, when the attempts using P0 transactions started, I just had two transactions — a periodic maintenance check for our car and then dine-in lunch (30% capacity, social distancing observed) in a resto in BGC. So it narrowed down our suspects from those 2 transactions. But then again, it could have been the card was already compromised as of July 4 or even earlier (the last transaction before July 11), it’s just that the invalid transaction attempts started July 11 and they had extreme patience to use it only by July 24.
So there, it seems my card was compromised when I used it recently. The culprit most likely got the card number, expiry and the CVV at the back of the card, that’s really all the information you need to do an online purchase. I’m still checking why there was no One Time Pin (OTP) that was sent to my phone for that online transaction because that’s added layer of security in online purchases. Either I did not enroll / activated such feature, or my mobile number in the Bank’s records is still my old number.
Tips for Fraud Prevention
- Make sure you visit trustworthy websites if you’re buying online.
- Enable / activate your OTP. Make sure your bank has your updated mobile number and email.
- Monitor your card purchases regularly. I keep track of my card purchases using bank mobile apps, and I have a separate record in the liabilities section of my personal SALN. So the balances in my SALN should more or less match the balances in my mobile apps. If they’re not equal, there’s a transaction that I forgot to record, or such transaction should not be there at all. This is what triggered me to see the fraud transaction.
- Ideally we see the credit card when it’s being swiped, ideally in front of us but some restos still swipe it near their POS machines. Also, at this day and age, it’s very easy now to take a picture of the front and back of the card. But we can try. Some merchants even bring the wireless terminal to the table so that the card swipes are done in front of you.
- Report immediately should there be suspicious transactions. If reported late, then it can become your liability due to failure to report asap.
- See more tips here: Prevent Credit Card Fraud in New Normal
Right now, every one is on survival mode, people are losing their jobs, and probably more people are becoming desperate. So let’s be more considerate but at the same time cautious. Let’s not fall victim to fraudsters.
#GrowYourMoney #BeFinanciallyFree #GYMBFF #InvestMoneyPH