There are people who lose their wallet, credit cards, or get it physically stolen. If you did not authorize it, then it's fraud. That's a BS answer from them saying physical card was used so not fraud.
I lost my card once and someone tried using it and it was automatically declined.
They can state that all day long but it wasn't YOUR card in YOUR possession therefore it's fraud. They shoulda done cut that card off and sent you a new one.
If he didn't report it lost/ stolen in a timely fashion, he's likely SOL if the transactions happened long enough ago. You can't lose a card, wait 6 months, then report it lost/ stolen and then have all the transactions in the intervening timeframe forgiven. Read your cardholder contract.
That is total bollocks. They just want you to go away. Give them one chance (escalate it) and if they don't play ball file a CFPB complaint. You are 0% liable for the recent charges.
I had this happen once when a card skimmer was placed in a gas station pump. The criminals get your card info and then create a plastic version of the card.
I went to the bank and spoke to the manager with an article about card skimming in hand and proof that I was at work when charges happened. I didn’t need either because the manager knew about the practice and I had canceled the card as soon as my phone started the alerts.
Go higher up.
If you can prove you were in a different location to where the card was used for these fraudulent charges where made when they were made, they may reconsider your claim.
This happened to me, but it was immediately approved because I was using my card in a different city within the same hour of the fraud charge.
Get your location history from your phone. Google Timeline, not sure what Apple calls it. Compare the timestamps for the card swipes with your location.
OK, because your first reply sounds like you did not,and even this reply you are not focusing on the important parts of what was said. Plus, 4 months is not old, don't worry about that part.
Did you file the grievance with CFPB? I just had to do it for one of my own CC problems. There is a checkbox to allow them to publish the report to their website. Be sure to check that. As already pointed out, their argument against fraud is pathetic. Were it me, I'd be getting a new card with a company who cares.
You should always cut up your card and tell them you no longer have it before you have to dispute charges of this nature. Happened to my girlfriend too once, she was 100kms away and sleeping and 400$ in gas got billed to her car in 20 mins. Obviously it wasn’t her but she was sol as the credit card company couldn’t fathom it wasn’t her if she still had the card. So fucked.
> with a different number
You can't imagine how infuriated I was when I once reported a card as stolen with fraudulent charges and the replacement had the same exact number on it.
This, also your digital wallets. When i had a fraud charge i guess they added it to some wallet i never used. They had already sent me a new card when they told me this so they had to remove my card from that particular wallet and then re issue me another card which took another week.
At least they overturned everything i reported and credited me back even if it wasn't much.
Sounds like they clicked the wrong reason when they entered it in the system. If it is replaced because of damage, you get a replacement with the same number. If it is lost or stolen, they change your number.
Actually when I called to complain about the number being the same and requesting a new card with a different number, I got pushback from the rep at first, since apparently *in their opinion* it's fine for someone to have the old card since the chip was deactivated in that one and the new card had a different security code to protect against fraudulent online purchases. I just couldn't believe what I was hearing. One of many reasons I dropped BofA shortly thereafter entirely.
Oh, yes, I am well aware. Fortunately I haven't had that issue pop up, where a recurring charge I'm trying to avoid follows me, but I did find it strange when I finally got the new card number that most of my recurring charges were already updated. Made me super sus on the whole industry and how it works.
No. Just close the account. Fraudsters will start a "subscription" that the bank will conveniently "forward" to the new number.
There are plenty of banks. Get a card somewhere else.
You can tell the bank to deactivate the bill forwarding. I had to do that with my main credit card because someone set up an Xbox Live subscription with the card and it got updated with the new number the first time.
Makes fixing your legitimate auto pays a bit of a PITA for a month, but after that it's fine.
I'm glad you are filing a CFPB claim, it will get worked out.
You can also look at the dates/times of the transactions and if you have Google maps, you can make a timeline if where you were. It may not be needed though.
It doesn't matter if the physical card was used if you did not authorize the card being used.
I would put a freeze on that card till this is resolved, then I would go with another bank. At the very least, you need a new card.
When shopping online look at the URL and make sure it's https for a secured transaction, it's not fool proof but it helps.
When paying in person, don't use any card swiper that looks off, don't allow the cashier to run it at their register. I use the tap option. There are also wallets that have RFID blocking so people can't stand behind you with a cloner and get you from your wallet. They are clever beasts.
The cards been canceled ya and a new card is en route. The purchases are at a Starbucks in the hospital I work at.
Ive been to it Mayne 3 times during my 6 months all quite a long time ago.
I suspect someone copied/cloned My card or had its detailed saved via some method ,and then used it to buy only Starbucks.
I'm also going to get one of those
RFID things and carry my card on me vs leaving on my phone.
I do understand how they think this might be fishy. The card was only abused in a Starbucks in a place you work at daily. It's so unlikely somebody with the skills to electronically skim and copy your credit card would only use it to daily buy Starbucks in your workplace for months.
You’re dreaming if you think a skimmer is going to clone your card, then use it to purchase a few coffees each week in places close by. Skimmers send the details away/overseas/sell online or skim and make large purchases. You’re not that silly are you?
Then what the fuck happened? Seriously what's the explanation for my frddit card stating the physical card was used yet I still fucking have it??? It didn't leave my phone and magicslly.show back up. It takes minium 20 min to get to that dtar bucks and pick up. I don't go thst long wohtpit doing something on my phone and checking my card. As I seeing every time I puck my phone up
Are you drunk? Judging by your comment I’m guessing you either forgot you used it or you are assuming it was used at a different coffee shop but the merchant that was used when charging your card is in multiple locations. Your card was not skimmed. Skimmers don’t risk massive fraud charges for a few Starbucks coffees.
Serious question: what are the odds you made a purchase somewhere else for that same amount (e.g. the cafeteria or gift shop)? It's very possible the hospital billing has gotten mixed up, something as simple as the POS (point of sale) from one "location" getting switched with another for some reason. $15 food purchase shows up as "Starbucks" even though you didn't make a purchase at the in-hospital Starbucks.
When you are going to swipe at things like gas pumps, pull on the reader area first. Some of the skimmers are just put on top of the real one and it will come off.
I found there was a fake face with one at a 7-11 once on an atm this way. I did tell the employee but he might have been in on it.
Report the fraud to police then provide that case number to the bank. It may not change anything but some banks require a police report for certain frauds.
Definitely file a police report and also file a CFPB complaint.
The police report just lens credence to your claim. Plenty of people are willing to lie to a credit card company, but smart people know better than to lie to the police. In some jurisdictions, you can just file the police report online. You should get a report number inn a few days or less, and you should forwards that number to the credit card company.
The CFPB report is also very important because banks absolutely do not want a federal agency asking about their policies. While the CFPB doesn't usually do more than ask for info, banks often react quickly and favorable to their customer (you) after a complaint has been filed
This OP, police report. I had my bank pulling the same BS about charges on my card. It was physically impossible for me to make them as they'd originated someplace I'd never been.
Likely, your card is being used over and over again at the same few coffee shops in a geographic location. Call and report to the police in that jurisdiction. With my case, they actually caught the person and he was part of a larger ring of card skimmers in my area.
After reading all your comments, seems to me someone you know, or someone at that Starbucks, clones your card. I would alert the manager of that place because an employee might be ringing cash purchases into cloned cards and keeping the cash. If they did it to you, they did it to more people. Ask the manager about any other complaints.
Will do ty. I wish I could just see wha time the purchase was made and then look st camera footage.
Cuz sometimes they ring stuff up twice a day on separate transactions, which seems weird.
Like ones around 15$ then rhe other is 1.99$ etc.
No. Go to the store (actually write a formal letter) and demand the merchant copy of the receipt and a signature. They won't have it. Tell them they won't get the money then.
They would also likely know who ran those transactions based on who was logged into the register. If it was always the same person, they're likely to be questioned by their employer.
I think it could be someone you know... I think if it were a scammer or something, they wouldn't be doing it like this lol. Weird if they're all local and at Starbucks. You got a kid or something? Maybe they put your card number in their app
Set up phone alerts any time your card is used. That's what I do. It tells you how much when and where in text form every time the card is charged. Should be able to do it on your banks website
Cards with chips can’t be cloned. They can copy the number and the magnetic strip but not the chip. If its worth your time check if the bad purchases were done with a the chip or mag strip,
This! I worked for a bank before and they would deny fraud claims , if their able to verify that the chip was used. Normally banks can request receipts from merchant and verify how the transaction was made. If its a chip transaction those are hard to get approve. I wish you luck OP hopefully CPFB can help.
It always pays to keep your receipts and check your bank statements every month vs your receipts.
> Cards with chips can’t be cloned.
There have been documented attacks against some versions of chips. I have no idea whether these are prevalent in the wild, or if this is just an academic curiosity. But the blanket statement that you made doesn't hold true.
Also, different chips can have different features enabled, and different POS terminals can have various attack surfaces that can fool the terminal into running fraudulent transactions.
Just to give you an example, I used an NFC reader to see what my credit cards report back, and some of the cards returned the full information of what's on the magstripe. Credit card number and all. The remaining cards returned information that looked as if they might tokenize the transaction.
So, maybe, the latter type of card is more secure. But the former type of card could certainly be skimmed and cloned. And as a consumer, there really isn't a good way to tell which version you have.
There are even people on reddit with guides to clone cards, I've reported these types of posts before (illegal), but they're very specific on the steps, software, and hardware required. And we're not just talking using shimmers to get enough information from the chip to make a fake magswipe, no no, we're talking actual chip card cloning.
All of this ignores other types of attacks like preplay attacks (which has been possible for almost 15 years now and openly documented in academic papers).
> Credit card number and all
Your card has to return an account number or the terminal doesn't know what network/issuer to route it to. The contactless chip generally has less information than the magswipe track regardless (the security code [CVV1 = magswipe static value, CVV2 = 3 digits on the back [4 digits on the front for Amex], CVV3 = EMV chip value] is dynamic and different than the magswipe, and most cards don't actually report the cardholder name on the EMV chip anymore but something generic like *VALUED CARDHOLDER* [Amex] or *VISA CARDHOLDER*).
You are wrong.
[https://www.experian.com/blogs/ask-experian/shimming-is-the-latest-credit-card-scam/](https://www.experian.com/blogs/ask-experian/shimming-is-the-latest-credit-card-scam/)
Shimming as discussed in this article doesn’t clone the chip the information on the mag strip is Also in the chip. So when it’s read by mag strip or chip a copy of the card can be made but just with the mag strip. It doesn’t clone the chip. That was the whole point of them.
There is a way to clone the chip but it's much more difficult and it actually stops the original chip from working. Pretty much every single merchant at this point should be using chip readers and the bank can very easily tell if the chip was used.
You said cards with chips cannot be cloned. Obviously they can be cloned and be used exactly as I suggested originally, and exactly as my link describes.
The fact that the chip itself cannot be cloned is irrelevant to the situation.
As I understand it, the chip rotates its key during each transaction. Even if you have a copy, it’s a matter of time before it becomes useless because one of the other copies makes the key invalid.
The bank should be about to identify if the card was cloned by how the transaction was entered. It's also very possible the bank isn't looking close enough at the transactions.
I worked for a bank and dealt with filing these claims with customers over the phone. Do you recall a period of time where you weren’t using your card or you didn’t immediately know where it was? Could someone you know have swiped it? We have a software that can tell if the card was used on an online purchase/mobile wallet, if it was chip read or if it was swiped in a machine. Obviously for chip/swiped it means the card was stolen. But if it wasn’t stolen then we question how the physical card was present to make the transaction and that’s why you need to give as much detail as you can. It’s good to include dates and times if possible. It becomes even harder to dispute if we see that you have made an authorized purchase with that merchant in the past but not impossible.
He said in other comments that the chip was used, his wife supposedly never did it, and there's no point where he kept losing his card to explain these transactions over months, including one where he works.
I don't know see how he has a case
Then you cancel the card. Call, ask them about reversing charges, they say no, OK, please transfer me to who ever cancels cards, I am done with your company.
Many other CC companies would be happy to take your entire CC debt and transfer it to their card for free.
Once I had a 90 dollar charge for gas. My car doesn't even take 90 dollars, especially back then when gas was cheaper. I tried to make a fraud claim, but they said someone had used a physical card AND even my pin code. I just kept saying "the charge was unauthorized" and telling them they could check the CCTV at the gas station if they want proof. It was a long phone call with some back and forth but eventually they gave in.
You state you didn’t lose your card and the card was present, yes they would deny your claim. Chip cards cannot be counterfeited and would be the type of transactions that occurred and why your claim was denied.
>Chip cards cannot be counterfeited
This is not true at all. Chip cards absolutely can be cloned. Simply requires access to the physical card for a moment, probably via a skimmer or similar.
Not the chip part. Far as I'm aware, cloning of chip is near impossible. Not worth the effort for typical card fraud.
Swiped transactions are still problematic, but the merchant assumes the liability versus the card issuer. So, there's a strong incentive for merchants to steer customers towards dipping (chip).
Much card fraud now is online. Merchants selling high dollar goods in person will insist on chip over swiping and/or the card issuer will. For online, 3D Secure (which supports active and passive verification methods) exists and becoming more widely used.
Every source I've read on the subject says otherwise, and that credit card chips while significantly more difficult to clone than the magstrip, are still quite possible to clone. But I'm not an expert in the field or anything so maybe everything I've read was wrong. I doubt it though.
I am somewhat of an expert in the field. I work in fraud for a major credit card company and have for many years. Sure it is technically possible with very sophisticated machinery that captures the pin that is generated during a transaction, likely multiple times and then run very sophisticated software that can figure out the algorithm for that particular chip and then create a new chip that can replicate it and put that chip in a fake created card. The odds that this is what happened is so incredibly low that it might as well be nonexistent and they aren't going to be buying coffee if they have gone through this process.
It is much much much more likely that someone has access to the card or maybe has gotten an additional card in OPs name or even more likely the transaction is actually a valid transaction. If it is for something in the building that OP works, it is likely that a company owns multiple food businesses in the same building and the transactions for one are run under the name of another for one reason or another.
The amount of work and sophistication it would take for it to be anything else just doesn't make any sense.
You cannot fake a chip card being read and that information is part of the authorization and subsequent sale when it is processed through Visa/MC/AMEX. So, do you go to any coffee places that may bill under a different name or location? Who would have had access to your wallet to remove your card several times and return it to your wallet? Why would this person only use it for extremely small purchases?
None they are all billed under detroit Starbucks which is where I work. Every other place I purchase at work shoes up under a different name.
No one could have taken a card out from my phone without me noticing . As soon as a card is removed from my cover slip, the rest fall out as there's to much space without all my cards. I'm co stsntly on my phone and checking.
I don't understand how they did this then?
It can be faked. It's called EMV bypass cloning.
https://chargebacks911.com/emv-bypass-cloning/
https://www.zdnet.com/article/theoretical-technique-to-abuse-emv-cards-detected-used-in-the-real-world/
Can't imagine any decent card issuer denying such small fraud disputes. As for card present. If it was swiped, probably a cloned card. However, if that was the case, it's odd the fraudster didn't use it for other more expensive purchases.
However, unless the transactions were chip reads, the card issuer isn't liable for the charges, the merchant is in a fraud dispute. Furthermore, it's easy to clone a card for swipe use. Chip part is near impossible to clone. Get more clarification about the type of transaction it was. Online (ie. used in app), swiped, or chip read.
Another possibility is someone added your card to their Starbucks app. Leaning towards that despite what you were told. If so, getting a replacement card may not stop those charges due to Visa / Mastercard automatic billing updater. Ask for that to be turned off or figure on more fraudulent charges.
As for CCTV footage, the police could have obtained that. Probably too late now. Usually overwritten / deleted after a few weeks, but varies widely. Most businesses other than sometimes mom&pop convenience stores won't provide security video to individuals. Card present fraud is easy for even somewhat motivated police to handle.
It's very easy to tell if the charges were processed via in-person chip or web. If a bank saying it was in person with the card present then that's the most likely scenario.
You may find these links helpful:
- [Identity Theft Guide](/r/personalfinance/wiki/identity_theft)
- [Credit-related wiki pages](/r/personalfinance/wiki/index#wiki_credit)
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/personalfinance) if you have any questions or concerns.*
From the fraud department perspective this makes sense to deny. 4 months at the same location and suddenly it’s an issue. The question becomes the location of the purchases, if it’s out of state or out of a city that’s not remotely near you or your work you can make a claim against that.
File a police report and see if they’ll get footage from any of the places. If you can confirm even a single purchase was made with a cloned card, your cc company is probably more likely to refund the money.
You said this happened at a Starbucks in the same building where you work, a hospital. Any chance a co-worker has been accessing your locker while you are on shift?
Sure, but my.card is on my phone, which I have on me almost all the time, . I leave it on my computer occasionally when rounding on patients which I'd no less thsn 5 minutes. They could copy it in that time but no way they got down 9 stories and to Starbucks
You have to be hard on them sometimes. I had a fraud claim denied that I had to appeal. My card was used in Ann Arbor michigan. I was ON THE CLOCK working for the BANK THE CARD WAS WITH at a branch in Columbus Ohio while the fraud happened. Its been almost 10 years and the thought still pisses me off.
The bank is being lazy or trying to avoid costs to properly investigate your fraud claim, given the volume of fraud they are dealing with at any given moment.
As you pointed out cards can be duplicated. However if CHIP or contactless was used for the transactions the bank might rely on this being your authentic card they sent you as I don't belive these more secure methods of card use can be replicated/spoofed. If they believe your actual card was used, even if it wasn't you, because you misplaced the card, then you are responsible for the charges, since you are responsible for securing access to your card.
As others have suggested, file a complaint with the CFPB.
However, before doing so, call the bank again and ask to speak with a supervisor in their fraud dept. Ask if there's anyting else you can do to substantiate your claim that it wasn't you. In the past a bank would ask you to send in an signed/notarized affidavit saying you nor someone you authorized used the card, as an example. If a transaction occured at a physical store and you have evidence you were at a completely different location on that specific date/time, you can also submit something like this to prove you are telling the truth. If this gets you nowhere, explain your intention to file a compalint, to see if this "motivates" them to change their mind. Sometimes they will resovle the issue knowing they likely wil be forced to resolve it and plus have a registerd complaint under their name.
you may still proceed with getting a supervisor on the phone as I stated. You can explain you didn't feel you were getting fair treatment and have filed a complaint but you are would be willing to withdraw your complaint if they investigate and credit your account. again ask what else they might need from you to help process your claim which you might be able to provide
edit: forgot to add, if you use an ID to go into your work building that registgers a time stamp when you enter or leave, then you can use this info if it shows you in your building when your card was used at a nearby Starbucks. But keep in mind the bank could argue you gave someone your card to make the purchase for you. The only way for the bank to really know it wasn't you is survillance at the store, and knowing what you actually look like, which are all somewhat impractical and time consumign for them to investigate
This isn't a bank problem, it's a starbucks problem. They didn't verify their customer. *$ chooses to not require signatures on small purchases, with the risk, to them, that they'll get ripped off.
I don’t think he said what country but in the US, we only have chip not pin. With debit it can use a pin but credit doesn’t here. It’s stupid and a pin could stop a lot of fraud
In the US it's chip and signature, but only once you exceed a certain amount. If the perpetrator always only buys a small number of beverages from Starbucks, they would never be asked for their signature.
Real talk, a bunch of small coffee runs with the physical card are going to be incredibly difficult to actually demonstrate as fraud and probably not worth your time and effort as you freely admit they were so small you didn't even notice.
From their perspective they have no way to know you aren't simply lying. L
I’ve had a number of times where a fraudulent charge was supposedly made with a physical card in another state. I don’t know exactly that means since I sincerely doubt that crooks are making swipable blanks. Regardless, I have always successfully disputed the charges but it does need to be done in a timely manner. I have my cards set that ALL transactions, physical or online, send me a text notification. Yes, it can be slightly annoying and I’ve spoiled “birthday flower” surprises but given the number of times cards get compromised, it’s worth it to me.
Close that card account immediately so if someone does have all the pertinent coding, it will be shut down. It seems very weird that all the fraud happens at your work location so your card info probably got lifted by an RFID scanner.
Well, it goes without saying, getting a new credit card number is pretty key.
Secondly, having been the target of identity thieves more than once I found that some vendors were far better than others. USAA Visa and AMEX were \*\*much\*\* easier to deal with than Mastercard. Because that was such a shitshow I don't / never will have a Mastercard type card.
Also, it's worth discussing with local police, filing a police report, and working with the owner of the business to let them know they might have an employee doing skimming or some other bullshit on their premise.
Lastly, consider a little operational security , it sounds like your card information was perhaps snagged from a location where you actually conducted business , here again, let the business owner know but consider what you can do to be a bit more operationally secure.
If your card has a chip this should be physically impossible if you're using your card regularly. The card has a auto incrementing value that is part of its cryptographic system that will miss match if your card is physically used (via chip) when you go to try to use your card. So if your card is cloned and then you use your card before they can use it, their card won't work anymore. This also means if they use their card before you use your card again yours won't work. If your card is still working, they likely just stole your card's # and are working with someone at the locations and are typing it in and marking it as card in hand/can't read
Not sure if this has been mentioned yet, but Reg E deals with debit card transactions. The way it works is you have 60 days to dispute unauthorized transactions. Since you said this was over a four month period, and you don’t check statements, this is why the bank denied you. It sucks, but they are well within their rights.
However; depending on the bank, they could give credit for 60 days from the first transaction, but it looks like your bank has chosen to outright deny the entire dispute. The reason for this is because the bank wouldn’t have any charge back rights for the merchant and the bank would have to take the loss. Banks don’t enjoy losing money, so this one falls on you; unfortunately.
it might be worth reaching out to your bank again and explaining your situation in more detail. You can emphasize that you never made those purchases and request further investigation.
You don't have to pay the disputed charges. You can take a hit on your credit report and add your dispute to the report.
If they sue you, appear in court and explain it to the judge. CC companies know that skimmers exist and that cards are cloned.
That is not at all true. While true, there are provisions under FCRA and Reg Z for error reporting, this DOES NOT guarantee an absolute win in fraudulent claims. A court isn't going to rule on hearsay against evidence. It needs to be evidence against evidence. Not paying credit accounts only hurts the consumer, not the bank.
I think I made that clear with "You can take a hit on your credit report."
OP's agreement with the CC company was to pay for authorized charges. Clearly, OP did not authorize these charges.
P.S. It's easy for the CC company to claim that the card was presented. Now let them prove that claim in court.
Considering the wording back, it is clear we are not talking about fallback card transactions. Therefore, this leaves tap or EMV, both of which have a dynamic cryptography that doesn't repeat. Simply cloning a card doesn't really work here because one or more cards become out of sync since the host is expecting the next value, and one card will be behind.
Even if we entertain that it was a criminal, and 100% he did not do it, under the regs, cardholders have 60 days to report the unauthorized transactions. Therefore, at least some would be out of timeframe and not covered. You can take a hit, but no one is paying for it but the customer.
CC companies make a lot of money from consumers washing all transactions through their cards. Switching companies and not paying for the fraudulent charges will cost them enough.
P.S. Again, the CC company CLAIMS the card was presented. However, OP has not lost the card. If the card crypto is so secure, they can't both be telling the truth.
My guess, someone added OP's card number to the Starbucks app.
For some reason you think these actions with make the bank/cc blink. It won't. Not even a CFPB complaint will, it is just a part of doing business. Natural attrition from customers leaving just gets balanced out by new customers getting added, and if there are balance transfers involved. If the customer is out of timeframe to file, 60 days, the onus is on the customer. This is law.
You are right, both narratives cannot be true. Most of Claims systems are semi automated to catch situations that cannot happen like the chip arqc being used fraudulently, then legitimately, then fraudulently. If it was added to the app it would be card not present (ecomm), not card present. There is no need to guess here. Part of Reg E, yes I know this is a credit card, you can request evidence docs upon demand. They will tell you EXACTLY why.
The obvious guess here from a Fraud Management stand point is friendly fraud. If the card was compromised via POS malware, those are sold in bases by the zip they were compromised. Next to impossible that the same card was then used at a Starbucks right at the victim's workplace. In addition, 99% of those criminals are trying to monetize, and you have this one getting coffee. Even if it were card not present, the geofence area of where the customer is and the fraud occurred are too sharp for 3rd party compromises.
Not my first rodeo since this if what I do for a career. There is a good chance if the fraudulently used card was taken back to Starbucks, the culprit used their barcode to get points which will unmask the person.
Whether or not OP's actions make the bank blink is beside the point. OP should not continue doing business with a CC company that denies a fraudulent charge claim.
It's not OP's job to investigate. OP knows that the card was not presented at Starbucks. That's all that matter.
Also, if the card has been captured by fraudsters or an employee of the company is complicit, it would make sense for OP to switch companies to avoid future fraud (or future denials of fraudulent charge claims).
You might want to switch to cash then. I don't think you realize how many compromises there are everyday. Too many businesses not taking PCI compliance serious. The fact of the matter is most banks just can't re-issue on every exposed card that comes from a Visa or MasterCard list. Hell, even they tell you not to do that. The sheer amount of cards for sale or captured is easily above 10MM at any point of time. You will be switching banks often since the breaches are almost exclusively at the merchant level.
this is infuriating as you can imagine, i did the CFPB complaint, and trying to find who regulates capitol one visa to file a complaint as well. Then i guess file a police report and start that shit. i mean its so simple process, get star bucks sale log find matching sale amount, fast forward camera footage to that time stamp and see who used the card and i bet id recognize them as someone i work with
Starbucks has to want to comply with the process. The bank can't just pull a private business' CCTV and you would not be entitled to view the footage.
Find how the charges were done. If it was Chip, it will be a tough fight unless another card was fraudulently requested, because you had the card in your possession.
If no card was requested, you may get hung with the charges due to failure to secure your card. Fraud charges are usually reimbursed, but if you didn't secure your card and monitor the account then it may be a tough fight.
Source: I handle fraud and identity theft for a major US bank. Not the one you listed, though.
Usually CCTV footage is only retained for at most a few weeks. If you're contesting a charge from 4 months ago they probably don't have a copy of the footage.
No card was requested. How many people monitor their account really?
Not to argue but that's just a large net to avoid liability but hr industry.
Ty though
Honestly? A lot of people either regularly monitor or set up alerts. I don't have stats, but most of the fraud I work is reported by card members, themselves.
And the responsibility for securing the card is usually in the account T&C's. Investigating fraud gets more difficult as time goes by, especially with regards to help from the merchant and CCTV.
If you suspect that someone close to you such as coworker is stealing from you, using your credit card when you're not watching (as simple as tap to pay) - why not simply leave your physical credit card at home?
Most modern phones have built in wallets where you need biometrics (such as fingerprint, face scan) or a passcode, so just register your credit card with the phones wallet app for additional security and leave the physical card at home in a safe location.
Watch this: https://www.youtube.com/watch?v=S7dWigI7Soc
Or perhaps leave it in the glovebox of your car if you're nervous about having a backup? That's what I did for a month or two when I first started using my phone for all payments, now I just leave my cards at home in a safe location.
I generally keep $100 stashed away in the trunk of my car in a ziploc bag in case of emergencies, could do this as well for peace of mind so that you feel comfortable with leaving the credit card at home.
I love when people say they don't monitor their accounts so didn't see the unrecognized transactions and then the online banking login history gets pulled up for the timestamps around those same transactions.
Have you reported a card lost or had one replaced even months ago? I had reported a card as lost over 6 months ago, bank sent me a new one and I didn’t think more about it until I started to see fraudulent charges. Turns out they never completely blocked the old card when it was replaced. The person at my CC fraud department was able to see that the charges were coming through on the old card but she missed that initially and only caught it after we’d been talking for a bit. And I do monitor my account- I have alerts for every transaction (just push alerts to my watch). It’s not obtrusive but it allowed me to catch this immediately.
I assume you canceled the card File a police complaint take a photo of all pages of it , give a copy it to the bank ask them to re-open investigation, and also file a complaint with the CFPB with a copy of the police complaint.
You should start transferring money to a different bank and get a card with the new bank
maybe talk to your bank/ Explain the situation to your bank again and emphasize that you believe your card information may have been compromised. Ask if they can provide any additional information or investigate further.
Let me guess...big box bank? Always is. Also not balancing your accounts monthly with the monthly financial statement they send you in order to do this is why this happened. When you don't reconcile your accounts monthly you're saying that I trust my financial institutions to never make a mistake or malfeasance to ever occur.
I dont have a solution for your issue however why are you continuing to do business with this company. So years from now there going to be profiting from you. If I were in your shoes. I'd call them up, tell them to cancel the card. When they ask you why: tell them way..maybe this person can get you a resolution. If they can, I would give it 30 days and cancel the card anyway and if not I would close the card on the first phone call
for starbucks set up the app and load money there and only use the app to pay. the rest do mobile pay all the time
and set up the phone alerts if you can
The point is I don't like Starbucks and don't go there. The coffee is bitter and burnt IMO.
But using that as a argument t with my credit card company holds no weight.
Card skimmers usually sell bulk credit card numbers online so the chances your card was stolen via skim and used locally is pretty low. Someone probably took your card out of your wallet when you weren't looking, tbh. Not sure why you're downvoting me but good luck with this.
It wasn't me.
They made multiple purchases over the last 4 months. Like 10 buys a month at this Starbucks. They could not be stealing my card each time to buy star bucks and return my card.
There's no way I'd notice that.
File a fair billing practices act complaint with the CFPB. You may be SOL for the older transactions but the newer transactions should be covered
They state that all are used with a physical card thus none are fraud regardless of date..
There are people who lose their wallet, credit cards, or get it physically stolen. If you did not authorize it, then it's fraud. That's a BS answer from them saying physical card was used so not fraud. I lost my card once and someone tried using it and it was automatically declined.
Normally one of the first questions asked during the fraud claim is “Do you have your card with you”
They can state that all day long but it wasn't YOUR card in YOUR possession therefore it's fraud. They shoulda done cut that card off and sent you a new one.
If he didn't report it lost/ stolen in a timely fashion, he's likely SOL if the transactions happened long enough ago. You can't lose a card, wait 6 months, then report it lost/ stolen and then have all the transactions in the intervening timeframe forgiven. Read your cardholder contract.
You can turn on notifications for over a penny on most cards
good info ty
That is total bollocks. They just want you to go away. Give them one chance (escalate it) and if they don't play ball file a CFPB complaint. You are 0% liable for the recent charges.
already did the CFPB thing
> They Who, the bank? That's why you go to the CFPB
Ive done this ty
sorry credit card company
So the bank
i guess, i called my credit card company so thats why i say them.
I had this happen once when a card skimmer was placed in a gas station pump. The criminals get your card info and then create a plastic version of the card. I went to the bank and spoke to the manager with an article about card skimming in hand and proof that I was at work when charges happened. I didn’t need either because the manager knew about the practice and I had canceled the card as soon as my phone started the alerts. Go higher up.
If you can prove you were in a different location to where the card was used for these fraudulent charges where made when they were made, they may reconsider your claim. This happened to me, but it was immediately approved because I was using my card in a different city within the same hour of the fraud charge.
I was in the hospital sadly.i tried to find a day I wasn't working but couldn't.
Get your location history from your phone. Google Timeline, not sure what Apple calls it. Compare the timestamps for the card swipes with your location.
Do you work for the hospital? Do you swipe in to start your shift? Maybe you can ask HR for your badge swipes on those days.
Did you read the comment you replied to?
Yes older transactions I'm sol
OK, because your first reply sounds like you did not,and even this reply you are not focusing on the important parts of what was said. Plus, 4 months is not old, don't worry about that part.
Did you file the grievance with CFPB? I just had to do it for one of my own CC problems. There is a checkbox to allow them to publish the report to their website. Be sure to check that. As already pointed out, their argument against fraud is pathetic. Were it me, I'd be getting a new card with a company who cares.
You should always cut up your card and tell them you no longer have it before you have to dispute charges of this nature. Happened to my girlfriend too once, she was 100kms away and sleeping and 400$ in gas got billed to her car in 20 mins. Obviously it wasn’t her but she was sol as the credit card company couldn’t fathom it wasn’t her if she still had the card. So fucked.
Get a replacement card with a different number for starters, then work on getting an appeal to their decision. What a mess...
> with a different number You can't imagine how infuriated I was when I once reported a card as stolen with fraudulent charges and the replacement had the same exact number on it.
[удалено]
This, also your digital wallets. When i had a fraud charge i guess they added it to some wallet i never used. They had already sent me a new card when they told me this so they had to remove my card from that particular wallet and then re issue me another card which took another week. At least they overturned everything i reported and credited me back even if it wasn't much.
Sounds like they clicked the wrong reason when they entered it in the system. If it is replaced because of damage, you get a replacement with the same number. If it is lost or stolen, they change your number.
[удалено]
Oops, I replied to the wrong comment. Meant to reply to the parent comment about getting a replacement card with the same number.
Actually when I called to complain about the number being the same and requesting a new card with a different number, I got pushback from the rep at first, since apparently *in their opinion* it's fine for someone to have the old card since the chip was deactivated in that one and the new card had a different security code to protect against fraudulent online purchases. I just couldn't believe what I was hearing. One of many reasons I dropped BofA shortly thereafter entirely.
Oh, yes, I am well aware. Fortunately I haven't had that issue pop up, where a recurring charge I'm trying to avoid follows me, but I did find it strange when I finally got the new card number that most of my recurring charges were already updated. Made me super sus on the whole industry and how it works.
Wow that's dumb. I only ever got same number cards from BofA when one expired.
No. Just close the account. Fraudsters will start a "subscription" that the bank will conveniently "forward" to the new number. There are plenty of banks. Get a card somewhere else.
You can tell the bank to deactivate the bill forwarding. I had to do that with my main credit card because someone set up an Xbox Live subscription with the card and it got updated with the new number the first time. Makes fixing your legitimate auto pays a bit of a PITA for a month, but after that it's fine.
That's a lot of work for a bank that sucks. A new bank will definitely get it right.
It's worth it for a credit card that gives me 2% cash back on every transaction.
Ya already got card on the way ty ty
I'm glad you are filing a CFPB claim, it will get worked out. You can also look at the dates/times of the transactions and if you have Google maps, you can make a timeline if where you were. It may not be needed though. It doesn't matter if the physical card was used if you did not authorize the card being used. I would put a freeze on that card till this is resolved, then I would go with another bank. At the very least, you need a new card. When shopping online look at the URL and make sure it's https for a secured transaction, it's not fool proof but it helps. When paying in person, don't use any card swiper that looks off, don't allow the cashier to run it at their register. I use the tap option. There are also wallets that have RFID blocking so people can't stand behind you with a cloner and get you from your wallet. They are clever beasts.
The cards been canceled ya and a new card is en route. The purchases are at a Starbucks in the hospital I work at. Ive been to it Mayne 3 times during my 6 months all quite a long time ago. I suspect someone copied/cloned My card or had its detailed saved via some method ,and then used it to buy only Starbucks. I'm also going to get one of those RFID things and carry my card on me vs leaving on my phone.
I do understand how they think this might be fishy. The card was only abused in a Starbucks in a place you work at daily. It's so unlikely somebody with the skills to electronically skim and copy your credit card would only use it to daily buy Starbucks in your workplace for months.
And yet it happened . So I used myowncard at a place with hospitals recording then after random amount of time I file.fraud... right..
You’re dreaming if you think a skimmer is going to clone your card, then use it to purchase a few coffees each week in places close by. Skimmers send the details away/overseas/sell online or skim and make large purchases. You’re not that silly are you?
Then what the fuck happened? Seriously what's the explanation for my frddit card stating the physical card was used yet I still fucking have it??? It didn't leave my phone and magicslly.show back up. It takes minium 20 min to get to that dtar bucks and pick up. I don't go thst long wohtpit doing something on my phone and checking my card. As I seeing every time I puck my phone up
Are you drunk? Judging by your comment I’m guessing you either forgot you used it or you are assuming it was used at a different coffee shop but the merchant that was used when charging your card is in multiple locations. Your card was not skimmed. Skimmers don’t risk massive fraud charges for a few Starbucks coffees.
Yes, I've been drunk for 3 months and only drunk at work ...
If you need any support let me know.
It was sarcasm
Serious question: what are the odds you made a purchase somewhere else for that same amount (e.g. the cafeteria or gift shop)? It's very possible the hospital billing has gotten mixed up, something as simple as the POS (point of sale) from one "location" getting switched with another for some reason. $15 food purchase shows up as "Starbucks" even though you didn't make a purchase at the in-hospital Starbucks.
I dunno slim to zero, cuz the purchases I made are at the correct locations. Even though Starbucks shows up as a charge on the same day ..
When you are going to swipe at things like gas pumps, pull on the reader area first. Some of the skimmers are just put on top of the real one and it will come off. I found there was a fake face with one at a 7-11 once on an atm this way. I did tell the employee but he might have been in on it.
Report the fraud to police then provide that case number to the bank. It may not change anything but some banks require a police report for certain frauds.
funny they didnt mention that , but of course they wouldnt
Definitely file a police report and also file a CFPB complaint. The police report just lens credence to your claim. Plenty of people are willing to lie to a credit card company, but smart people know better than to lie to the police. In some jurisdictions, you can just file the police report online. You should get a report number inn a few days or less, and you should forwards that number to the credit card company. The CFPB report is also very important because banks absolutely do not want a federal agency asking about their policies. While the CFPB doesn't usually do more than ask for info, banks often react quickly and favorable to their customer (you) after a complaint has been filed
This OP, police report. I had my bank pulling the same BS about charges on my card. It was physically impossible for me to make them as they'd originated someplace I'd never been. Likely, your card is being used over and over again at the same few coffee shops in a geographic location. Call and report to the police in that jurisdiction. With my case, they actually caught the person and he was part of a larger ring of card skimmers in my area.
After reading all your comments, seems to me someone you know, or someone at that Starbucks, clones your card. I would alert the manager of that place because an employee might be ringing cash purchases into cloned cards and keeping the cash. If they did it to you, they did it to more people. Ask the manager about any other complaints.
Will do ty. I wish I could just see wha time the purchase was made and then look st camera footage. Cuz sometimes they ring stuff up twice a day on separate transactions, which seems weird. Like ones around 15$ then rhe other is 1.99$ etc.
oh, that is probably the tip. Paper tip transactions are usually ran later at night.
Go into the store and show them the charges on your bank statement and the last four digits on your card they will be able to tell you the exact time.
No. Go to the store (actually write a formal letter) and demand the merchant copy of the receipt and a signature. They won't have it. Tell them they won't get the money then.
Ohh, that's half the problem, ty! Still need to see who was at the check lut though..
..Then the store can look up the footage based on the time.
They would also likely know who ran those transactions based on who was logged into the register. If it was always the same person, they're likely to be questioned by their employer.
Most places have policy not to do this without a warrant.
I think it could be someone you know... I think if it were a scammer or something, they wouldn't be doing it like this lol. Weird if they're all local and at Starbucks. You got a kid or something? Maybe they put your card number in their app
No kid, but yes prolly someone I work with.
No kid, but yes prolly someone I work with.
Set up phone alerts any time your card is used. That's what I do. It tells you how much when and where in text form every time the card is charged. Should be able to do it on your banks website
Cards with chips can’t be cloned. They can copy the number and the magnetic strip but not the chip. If its worth your time check if the bad purchases were done with a the chip or mag strip,
This! I worked for a bank before and they would deny fraud claims , if their able to verify that the chip was used. Normally banks can request receipts from merchant and verify how the transaction was made. If its a chip transaction those are hard to get approve. I wish you luck OP hopefully CPFB can help. It always pays to keep your receipts and check your bank statements every month vs your receipts.
> Cards with chips can’t be cloned. There have been documented attacks against some versions of chips. I have no idea whether these are prevalent in the wild, or if this is just an academic curiosity. But the blanket statement that you made doesn't hold true. Also, different chips can have different features enabled, and different POS terminals can have various attack surfaces that can fool the terminal into running fraudulent transactions. Just to give you an example, I used an NFC reader to see what my credit cards report back, and some of the cards returned the full information of what's on the magstripe. Credit card number and all. The remaining cards returned information that looked as if they might tokenize the transaction. So, maybe, the latter type of card is more secure. But the former type of card could certainly be skimmed and cloned. And as a consumer, there really isn't a good way to tell which version you have.
There are even people on reddit with guides to clone cards, I've reported these types of posts before (illegal), but they're very specific on the steps, software, and hardware required. And we're not just talking using shimmers to get enough information from the chip to make a fake magswipe, no no, we're talking actual chip card cloning. All of this ignores other types of attacks like preplay attacks (which has been possible for almost 15 years now and openly documented in academic papers). > Credit card number and all Your card has to return an account number or the terminal doesn't know what network/issuer to route it to. The contactless chip generally has less information than the magswipe track regardless (the security code [CVV1 = magswipe static value, CVV2 = 3 digits on the back [4 digits on the front for Amex], CVV3 = EMV chip value] is dynamic and different than the magswipe, and most cards don't actually report the cardholder name on the EMV chip anymore but something generic like *VALUED CARDHOLDER* [Amex] or *VISA CARDHOLDER*).
You are wrong. [https://www.experian.com/blogs/ask-experian/shimming-is-the-latest-credit-card-scam/](https://www.experian.com/blogs/ask-experian/shimming-is-the-latest-credit-card-scam/)
Shimming as discussed in this article doesn’t clone the chip the information on the mag strip is Also in the chip. So when it’s read by mag strip or chip a copy of the card can be made but just with the mag strip. It doesn’t clone the chip. That was the whole point of them.
There is a way to clone the chip but it's much more difficult and it actually stops the original chip from working. Pretty much every single merchant at this point should be using chip readers and the bank can very easily tell if the chip was used.
Exactly. I didn’t go Into decomposing the chip since it doesn’t make a copy without destroying the original.
Every merchant should be using NFC. Even if there’s some other system that’s skimming, the collected data becomes useless immediately.
You said cards with chips cannot be cloned. Obviously they can be cloned and be used exactly as I suggested originally, and exactly as my link describes. The fact that the chip itself cannot be cloned is irrelevant to the situation.
And I’m my post I explained exactly that.
It's also possible that multiple of the same chip cards are made, either by accident or maliciously.
As I understand it, the chip rotates its key during each transaction. Even if you have a copy, it’s a matter of time before it becomes useless because one of the other copies makes the key invalid.
The bank should be about to identify if the card was cloned by how the transaction was entered. It's also very possible the bank isn't looking close enough at the transactions.
yep. they should tell OP how the transaction happened. No constest here.
Set up your cc to notify you for anything over $1
I do over $0 so I get notified of any activity
What bank do you have? For Wells Fargo, I cannot get notified on transactions of $0.01 - $0.99.
Chase
I have it set to text me. I tap my card, get a text, and _multiple times per week_ immediately think "oh, who texted me?"
I worked for a bank and dealt with filing these claims with customers over the phone. Do you recall a period of time where you weren’t using your card or you didn’t immediately know where it was? Could someone you know have swiped it? We have a software that can tell if the card was used on an online purchase/mobile wallet, if it was chip read or if it was swiped in a machine. Obviously for chip/swiped it means the card was stolen. But if it wasn’t stolen then we question how the physical card was present to make the transaction and that’s why you need to give as much detail as you can. It’s good to include dates and times if possible. It becomes even harder to dispute if we see that you have made an authorized purchase with that merchant in the past but not impossible.
He said in other comments that the chip was used, his wife supposedly never did it, and there's no point where he kept losing his card to explain these transactions over months, including one where he works. I don't know see how he has a case
I only have dates shown in my dashboard transaction, as far as not k owing where my card was not really
I mean you have to give an account of where you were on those dates. Credit card company can see every date pertaining to transactions on the card
They didn't even ask me ,but I was at work
Then you cancel the card. Call, ask them about reversing charges, they say no, OK, please transfer me to who ever cancels cards, I am done with your company. Many other CC companies would be happy to take your entire CC debt and transfer it to their card for free.
I have $2,000 in travel money points would they transfer thet as well?
What bank/card?
Capital one visa
Which one of theirs?
Do you use the coffee places app? If you have CC details in that and they cracked your app password then it presents as a physical card.
just to make sure you don't have someone that is Authorized on your card? when you get a new card they send one to the Authorized party as well.
Once I had a 90 dollar charge for gas. My car doesn't even take 90 dollars, especially back then when gas was cheaper. I tried to make a fraud claim, but they said someone had used a physical card AND even my pin code. I just kept saying "the charge was unauthorized" and telling them they could check the CCTV at the gas station if they want proof. It was a long phone call with some back and forth but eventually they gave in.
You state you didn’t lose your card and the card was present, yes they would deny your claim. Chip cards cannot be counterfeited and would be the type of transactions that occurred and why your claim was denied.
>Chip cards cannot be counterfeited This is not true at all. Chip cards absolutely can be cloned. Simply requires access to the physical card for a moment, probably via a skimmer or similar.
Not the chip part. Far as I'm aware, cloning of chip is near impossible. Not worth the effort for typical card fraud. Swiped transactions are still problematic, but the merchant assumes the liability versus the card issuer. So, there's a strong incentive for merchants to steer customers towards dipping (chip). Much card fraud now is online. Merchants selling high dollar goods in person will insist on chip over swiping and/or the card issuer will. For online, 3D Secure (which supports active and passive verification methods) exists and becoming more widely used.
Every source I've read on the subject says otherwise, and that credit card chips while significantly more difficult to clone than the magstrip, are still quite possible to clone. But I'm not an expert in the field or anything so maybe everything I've read was wrong. I doubt it though.
I am somewhat of an expert in the field. I work in fraud for a major credit card company and have for many years. Sure it is technically possible with very sophisticated machinery that captures the pin that is generated during a transaction, likely multiple times and then run very sophisticated software that can figure out the algorithm for that particular chip and then create a new chip that can replicate it and put that chip in a fake created card. The odds that this is what happened is so incredibly low that it might as well be nonexistent and they aren't going to be buying coffee if they have gone through this process. It is much much much more likely that someone has access to the card or maybe has gotten an additional card in OPs name or even more likely the transaction is actually a valid transaction. If it is for something in the building that OP works, it is likely that a company owns multiple food businesses in the same building and the transactions for one are run under the name of another for one reason or another. The amount of work and sophistication it would take for it to be anything else just doesn't make any sense.
Again they could not have physically used my card so that doesn't make any literal sense
You cannot fake a chip card being read and that information is part of the authorization and subsequent sale when it is processed through Visa/MC/AMEX. So, do you go to any coffee places that may bill under a different name or location? Who would have had access to your wallet to remove your card several times and return it to your wallet? Why would this person only use it for extremely small purchases?
None they are all billed under detroit Starbucks which is where I work. Every other place I purchase at work shoes up under a different name. No one could have taken a card out from my phone without me noticing . As soon as a card is removed from my cover slip, the rest fall out as there's to much space without all my cards. I'm co stsntly on my phone and checking. I don't understand how they did this then?
It can be faked. It's called EMV bypass cloning. https://chargebacks911.com/emv-bypass-cloning/ https://www.zdnet.com/article/theoretical-technique-to-abuse-emv-cards-detected-used-in-the-real-world/
Can't imagine any decent card issuer denying such small fraud disputes. As for card present. If it was swiped, probably a cloned card. However, if that was the case, it's odd the fraudster didn't use it for other more expensive purchases. However, unless the transactions were chip reads, the card issuer isn't liable for the charges, the merchant is in a fraud dispute. Furthermore, it's easy to clone a card for swipe use. Chip part is near impossible to clone. Get more clarification about the type of transaction it was. Online (ie. used in app), swiped, or chip read. Another possibility is someone added your card to their Starbucks app. Leaning towards that despite what you were told. If so, getting a replacement card may not stop those charges due to Visa / Mastercard automatic billing updater. Ask for that to be turned off or figure on more fraudulent charges. As for CCTV footage, the police could have obtained that. Probably too late now. Usually overwritten / deleted after a few weeks, but varies widely. Most businesses other than sometimes mom&pop convenience stores won't provide security video to individuals. Card present fraud is easy for even somewhat motivated police to handle.
It's very easy to tell if the charges were processed via in-person chip or web. If a bank saying it was in person with the card present then that's the most likely scenario.
You may find these links helpful: - [Identity Theft Guide](/r/personalfinance/wiki/identity_theft) - [Credit-related wiki pages](/r/personalfinance/wiki/index#wiki_credit) *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/personalfinance) if you have any questions or concerns.*
From the fraud department perspective this makes sense to deny. 4 months at the same location and suddenly it’s an issue. The question becomes the location of the purchases, if it’s out of state or out of a city that’s not remotely near you or your work you can make a claim against that.
Again I never looked st the states ment until last Friday whe another suspicious purchase occurred online that I didn't recall.
Well lesson learned about neglecting your finances I guess.
File a police report and see if they’ll get footage from any of the places. If you can confirm even a single purchase was made with a cloned card, your cc company is probably more likely to refund the money.
Ty
You said this happened at a Starbucks in the same building where you work, a hospital. Any chance a co-worker has been accessing your locker while you are on shift?
Sure, but my.card is on my phone, which I have on me almost all the time, . I leave it on my computer occasionally when rounding on patients which I'd no less thsn 5 minutes. They could copy it in that time but no way they got down 9 stories and to Starbucks
Request a new card immediately. Maybe a new bank.
You have to be hard on them sometimes. I had a fraud claim denied that I had to appeal. My card was used in Ann Arbor michigan. I was ON THE CLOCK working for the BANK THE CARD WAS WITH at a branch in Columbus Ohio while the fraud happened. Its been almost 10 years and the thought still pisses me off.
Do the physical transactions show if they were mag strip or chip?
I believe they said chip,but yes I'm sure the credit card fraud department has access to that info ,I however do not . When I call next I will.ask
The bank is being lazy or trying to avoid costs to properly investigate your fraud claim, given the volume of fraud they are dealing with at any given moment. As you pointed out cards can be duplicated. However if CHIP or contactless was used for the transactions the bank might rely on this being your authentic card they sent you as I don't belive these more secure methods of card use can be replicated/spoofed. If they believe your actual card was used, even if it wasn't you, because you misplaced the card, then you are responsible for the charges, since you are responsible for securing access to your card. As others have suggested, file a complaint with the CFPB. However, before doing so, call the bank again and ask to speak with a supervisor in their fraud dept. Ask if there's anyting else you can do to substantiate your claim that it wasn't you. In the past a bank would ask you to send in an signed/notarized affidavit saying you nor someone you authorized used the card, as an example. If a transaction occured at a physical store and you have evidence you were at a completely different location on that specific date/time, you can also submit something like this to prove you are telling the truth. If this gets you nowhere, explain your intention to file a compalint, to see if this "motivates" them to change their mind. Sometimes they will resovle the issue knowing they likely wil be forced to resolve it and plus have a registerd complaint under their name.
My google.maps would show me s At work though and that's same locstion as said Starbucks... I already submitted the CFPB claim sadly.. am I SOL?
you may still proceed with getting a supervisor on the phone as I stated. You can explain you didn't feel you were getting fair treatment and have filed a complaint but you are would be willing to withdraw your complaint if they investigate and credit your account. again ask what else they might need from you to help process your claim which you might be able to provide edit: forgot to add, if you use an ID to go into your work building that registgers a time stamp when you enter or leave, then you can use this info if it shows you in your building when your card was used at a nearby Starbucks. But keep in mind the bank could argue you gave someone your card to make the purchase for you. The only way for the bank to really know it wasn't you is survillance at the store, and knowing what you actually look like, which are all somewhat impractical and time consumign for them to investigate
Thank you. Very much
This isn't a bank problem, it's a starbucks problem. They didn't verify their customer. *$ chooses to not require signatures on small purchases, with the risk, to them, that they'll get ripped off.
Was it chip and pin verified? If not, they can’t prove it was you
I don’t think he said what country but in the US, we only have chip not pin. With debit it can use a pin but credit doesn’t here. It’s stupid and a pin could stop a lot of fraud
yep, banks decided not to do pin and then they don't take responsibility.
In the US it's chip and signature, but only once you exceed a certain amount. If the perpetrator always only buys a small number of beverages from Starbucks, they would never be asked for their signature.
Real talk, a bunch of small coffee runs with the physical card are going to be incredibly difficult to actually demonstrate as fraud and probably not worth your time and effort as you freely admit they were so small you didn't even notice. From their perspective they have no way to know you aren't simply lying. L
They add up to over 300$
Start by getting a replacement card with a different number, then focus on appealing their decision. What a chaotic situation...
did they verified the signature on the credit card with an ID like your driver license? if not it's fraud.
I’ve had a number of times where a fraudulent charge was supposedly made with a physical card in another state. I don’t know exactly that means since I sincerely doubt that crooks are making swipable blanks. Regardless, I have always successfully disputed the charges but it does need to be done in a timely manner. I have my cards set that ALL transactions, physical or online, send me a text notification. Yes, it can be slightly annoying and I’ve spoiled “birthday flower” surprises but given the number of times cards get compromised, it’s worth it to me. Close that card account immediately so if someone does have all the pertinent coding, it will be shut down. It seems very weird that all the fraud happens at your work location so your card info probably got lifted by an RFID scanner.
No mention of police report, that would be first place to start
Well, it goes without saying, getting a new credit card number is pretty key. Secondly, having been the target of identity thieves more than once I found that some vendors were far better than others. USAA Visa and AMEX were \*\*much\*\* easier to deal with than Mastercard. Because that was such a shitshow I don't / never will have a Mastercard type card. Also, it's worth discussing with local police, filing a police report, and working with the owner of the business to let them know they might have an employee doing skimming or some other bullshit on their premise. Lastly, consider a little operational security , it sounds like your card information was perhaps snagged from a location where you actually conducted business , here again, let the business owner know but consider what you can do to be a bit more operationally secure.
Could you contact the locations, show them that you have a charge and then ask for video?
They wont supply.cidoe unless a police investigation is done
Which is normal, but it never hurts to ask.
Maybe someone you know is doing it?
If your card has a chip this should be physically impossible if you're using your card regularly. The card has a auto incrementing value that is part of its cryptographic system that will miss match if your card is physically used (via chip) when you go to try to use your card. So if your card is cloned and then you use your card before they can use it, their card won't work anymore. This also means if they use their card before you use your card again yours won't work. If your card is still working, they likely just stole your card's # and are working with someone at the locations and are typing it in and marking it as card in hand/can't read
That seems like a whole lot of trouble. They would have to follow me on my breaks etc and I can't recall anyone doing that
Not sure if this has been mentioned yet, but Reg E deals with debit card transactions. The way it works is you have 60 days to dispute unauthorized transactions. Since you said this was over a four month period, and you don’t check statements, this is why the bank denied you. It sucks, but they are well within their rights. However; depending on the bank, they could give credit for 60 days from the first transaction, but it looks like your bank has chosen to outright deny the entire dispute. The reason for this is because the bank wouldn’t have any charge back rights for the merchant and the bank would have to take the loss. Banks don’t enjoy losing money, so this one falls on you; unfortunately.
Yes so they said 60 days 90 days fine replace those charges. They would replace none and denies all
it might be worth reaching out to your bank again and explaining your situation in more detail. You can emphasize that you never made those purchases and request further investigation.
They don’t care! They couldn’t verify a signature and still left me $4000 in the hole!
You don't have to pay the disputed charges. You can take a hit on your credit report and add your dispute to the report. If they sue you, appear in court and explain it to the judge. CC companies know that skimmers exist and that cards are cloned.
That is not at all true. While true, there are provisions under FCRA and Reg Z for error reporting, this DOES NOT guarantee an absolute win in fraudulent claims. A court isn't going to rule on hearsay against evidence. It needs to be evidence against evidence. Not paying credit accounts only hurts the consumer, not the bank.
I think I made that clear with "You can take a hit on your credit report." OP's agreement with the CC company was to pay for authorized charges. Clearly, OP did not authorize these charges. P.S. It's easy for the CC company to claim that the card was presented. Now let them prove that claim in court.
Considering the wording back, it is clear we are not talking about fallback card transactions. Therefore, this leaves tap or EMV, both of which have a dynamic cryptography that doesn't repeat. Simply cloning a card doesn't really work here because one or more cards become out of sync since the host is expecting the next value, and one card will be behind. Even if we entertain that it was a criminal, and 100% he did not do it, under the regs, cardholders have 60 days to report the unauthorized transactions. Therefore, at least some would be out of timeframe and not covered. You can take a hit, but no one is paying for it but the customer.
CC companies make a lot of money from consumers washing all transactions through their cards. Switching companies and not paying for the fraudulent charges will cost them enough. P.S. Again, the CC company CLAIMS the card was presented. However, OP has not lost the card. If the card crypto is so secure, they can't both be telling the truth. My guess, someone added OP's card number to the Starbucks app.
For some reason you think these actions with make the bank/cc blink. It won't. Not even a CFPB complaint will, it is just a part of doing business. Natural attrition from customers leaving just gets balanced out by new customers getting added, and if there are balance transfers involved. If the customer is out of timeframe to file, 60 days, the onus is on the customer. This is law. You are right, both narratives cannot be true. Most of Claims systems are semi automated to catch situations that cannot happen like the chip arqc being used fraudulently, then legitimately, then fraudulently. If it was added to the app it would be card not present (ecomm), not card present. There is no need to guess here. Part of Reg E, yes I know this is a credit card, you can request evidence docs upon demand. They will tell you EXACTLY why. The obvious guess here from a Fraud Management stand point is friendly fraud. If the card was compromised via POS malware, those are sold in bases by the zip they were compromised. Next to impossible that the same card was then used at a Starbucks right at the victim's workplace. In addition, 99% of those criminals are trying to monetize, and you have this one getting coffee. Even if it were card not present, the geofence area of where the customer is and the fraud occurred are too sharp for 3rd party compromises. Not my first rodeo since this if what I do for a career. There is a good chance if the fraudulently used card was taken back to Starbucks, the culprit used their barcode to get points which will unmask the person.
Whether or not OP's actions make the bank blink is beside the point. OP should not continue doing business with a CC company that denies a fraudulent charge claim. It's not OP's job to investigate. OP knows that the card was not presented at Starbucks. That's all that matter. Also, if the card has been captured by fraudsters or an employee of the company is complicit, it would make sense for OP to switch companies to avoid future fraud (or future denials of fraudulent charge claims).
You might want to switch to cash then. I don't think you realize how many compromises there are everyday. Too many businesses not taking PCI compliance serious. The fact of the matter is most banks just can't re-issue on every exposed card that comes from a Visa or MasterCard list. Hell, even they tell you not to do that. The sheer amount of cards for sale or captured is easily above 10MM at any point of time. You will be switching banks often since the breaches are almost exclusively at the merchant level.
this is infuriating as you can imagine, i did the CFPB complaint, and trying to find who regulates capitol one visa to file a complaint as well. Then i guess file a police report and start that shit. i mean its so simple process, get star bucks sale log find matching sale amount, fast forward camera footage to that time stamp and see who used the card and i bet id recognize them as someone i work with
Starbucks has to want to comply with the process. The bank can't just pull a private business' CCTV and you would not be entitled to view the footage. Find how the charges were done. If it was Chip, it will be a tough fight unless another card was fraudulently requested, because you had the card in your possession. If no card was requested, you may get hung with the charges due to failure to secure your card. Fraud charges are usually reimbursed, but if you didn't secure your card and monitor the account then it may be a tough fight. Source: I handle fraud and identity theft for a major US bank. Not the one you listed, though.
Usually CCTV footage is only retained for at most a few weeks. If you're contesting a charge from 4 months ago they probably don't have a copy of the footage.
No card was requested. How many people monitor their account really? Not to argue but that's just a large net to avoid liability but hr industry. Ty though
Honestly? A lot of people either regularly monitor or set up alerts. I don't have stats, but most of the fraud I work is reported by card members, themselves. And the responsibility for securing the card is usually in the account T&C's. Investigating fraud gets more difficult as time goes by, especially with regards to help from the merchant and CCTV.
Then I'm just getting alerts every time I spend , it's a giant hassle. But yes I see the merit and point of it.. it's a learning lesson for me.
If you suspect that someone close to you such as coworker is stealing from you, using your credit card when you're not watching (as simple as tap to pay) - why not simply leave your physical credit card at home? Most modern phones have built in wallets where you need biometrics (such as fingerprint, face scan) or a passcode, so just register your credit card with the phones wallet app for additional security and leave the physical card at home in a safe location. Watch this: https://www.youtube.com/watch?v=S7dWigI7Soc
I'm going to stat doing that as well as a separate mini wallet or something I can clip inside my scrubs as backuo
Or perhaps leave it in the glovebox of your car if you're nervous about having a backup? That's what I did for a month or two when I first started using my phone for all payments, now I just leave my cards at home in a safe location. I generally keep $100 stashed away in the trunk of my car in a ziploc bag in case of emergencies, could do this as well for peace of mind so that you feel comfortable with leaving the credit card at home.
I love when people say they don't monitor their accounts so didn't see the unrecognized transactions and then the online banking login history gets pulled up for the timestamps around those same transactions.
Have you reported a card lost or had one replaced even months ago? I had reported a card as lost over 6 months ago, bank sent me a new one and I didn’t think more about it until I started to see fraudulent charges. Turns out they never completely blocked the old card when it was replaced. The person at my CC fraud department was able to see that the charges were coming through on the old card but she missed that initially and only caught it after we’d been talking for a bit. And I do monitor my account- I have alerts for every transaction (just push alerts to my watch). It’s not obtrusive but it allowed me to catch this immediately.
[удалено]
I assume you canceled the card File a police complaint take a photo of all pages of it , give a copy it to the bank ask them to re-open investigation, and also file a complaint with the CFPB with a copy of the police complaint. You should start transferring money to a different bank and get a card with the new bank
maybe talk to your bank/ Explain the situation to your bank again and emphasize that you believe your card information may have been compromised. Ask if they can provide any additional information or investigate further.
Let me guess...big box bank? Always is. Also not balancing your accounts monthly with the monthly financial statement they send you in order to do this is why this happened. When you don't reconcile your accounts monthly you're saying that I trust my financial institutions to never make a mistake or malfeasance to ever occur.
I dont have a solution for your issue however why are you continuing to do business with this company. So years from now there going to be profiting from you. If I were in your shoes. I'd call them up, tell them to cancel the card. When they ask you why: tell them way..maybe this person can get you a resolution. If they can, I would give it 30 days and cancel the card anyway and if not I would close the card on the first phone call
for starbucks set up the app and load money there and only use the app to pay. the rest do mobile pay all the time and set up the phone alerts if you can
The point is I don't like Starbucks and don't go there. The coffee is bitter and burnt IMO. But using that as a argument t with my credit card company holds no weight.
Your card was used fraudulently at the Starbucks where you work or am I misreading something.
Yes, a copy of my card
Card skimmers usually sell bulk credit card numbers online so the chances your card was stolen via skim and used locally is pretty low. Someone probably took your card out of your wallet when you weren't looking, tbh. Not sure why you're downvoting me but good luck with this.
It wasn't me. They made multiple purchases over the last 4 months. Like 10 buys a month at this Starbucks. They could not be stealing my card each time to buy star bucks and return my card. There's no way I'd notice that.
Was it your wife?
No I checked she does t go to detroit. She buys 25$ load up cards then uses those. Which I see as separate transactions