Thieves living it up on my vacation

We were on the second day of our two week trip and went out to dinner. The waiter told us our card was DECLINED, BOFA Platinum, which was a surpsrise to us because it seems like we had about $9k of available credit.

We called BOFA the next morning, and it turns out someone had placed two orders for about $7k in internet charges using our card number, a place called CANON EAST. BOFA froze the account when the orders were first placed, suspicious activity. About three days later, the same online company tried to run another charge through for about $3k,

BOFA said they would FEDEX a new card, but someone **messed** up, because we didn't get the card until about 10 days later....long story.

I **think** it might be related to an employee at expedia.com. It was definetely someone who knew our CC#, knew we would be on vacation, and knew our home address. Within 36 hours of our trip, the charges came up and our home address was the ship to address. It seems someone who had access to this information sold/gave it over to this phony internet company to dink our cc, collect from BOFA, and, we would not have known anything if BOFA hadn't froze the account, until we returned home.

DH and I hardly brought any $$ with us on our trip, we planned on using the BOFA for most of our purchases, we thought it would be the safest...HA HA HA. I was lucky I brought my two other cc's from my subprime hell days, Cap1 and Orchard (which I almost cancelled last month), which all had zero balances. Cap1 gave me a whopping increase from $600 to $900. I really couldn't access my savings for cash because as a security feature, I have them completely separated from my checking accounts, only DH can do withdrawals from savings....IN PERSON at our branch. I only keep enough in my checking for bills and have dh do personal withdrawals from saving into checkings once or twice a month.

I was lucky I had paid for the hotels in advance. But, I didn't count on HAWAIIAN AIRLINES stranding us on Oahu, with No Notice they had stopped service to American Samoa. Dh and I managed to get a vacation rental on the North Shore, but had to convince the managers we were good for the money since our BOFA cc was in limbo.

On the upside, United bumped us into first class on the way home))

 

Maybe I didn't explain it enough, but I don't think there was anything to ship!

The online store really isn't an online store as you might you think it to be. Rather, just a set-up to look like an online store, to collect the $ from the CC company. Who cares if nothing arrives at my house in a week, the merchant (thief) would have collected almost $10K from BOFA had they not stopped the charges, and by the time I got around to complain, they would be long gone. In any case, my available credit was used up untill BOFA credited my account back for the pending charges, which took about 8 days and 10 to recieve the new CC.

I have my reasons for Expedia.com......like I said I **think** it is an employee within Expedia.com selling the information out. But I definetely believe it is an employee working for an employer within the travel industry selling out the info. crooks, in this case one who ran a bogus "E" stores. If BOFA hadn't frozen my account, they would have been out $10k in fraudulent charges, because by the time I got home from my trip, the "online" store would have already collected.

We'll see, I am keeping up with BOFA's investigation into this one.

 

BTW Geoge, thanks to you and another cnetter, I did have some backup credit on my trip. I almost canceled my Orchard last month, but decided not to based on you and another Cnetter's posts. The night before my vacation, I activated my new Orchard bank card that I had received about a month earlier after my first was lost.

I use my card all the time, both online and off. But I have pretty much ruled out most other businesses. Here is why:

1) The fraudulent purchases used my home addy as the ship to address
a) this would bypass the most basic security of online purchases with your CC. Making the billing address/ship to address the same as your CC billing/ship to address. Most purchases online paid with CC's have to match up to your CC address on file. Different ship to addy's and CC addy's are usually a red flag for online purchases. Especially at over $3k a pop.
b) When does a merchant EVER receive your home address? Almost never, except for online purchases.

-----> the thief not only had my CC# but my home address, this rules out most retail merchants ...leaving only online retailers who knew both the CC# and home address.

2) the purchases occured within about 30 hours of the start of my two week vacation, perfect timing to get away with it.
a) I check my cc purchases every few days online while at home, but not on VACATION. Other than you guys, who really would check their cc purchases while on vacation? If you were going to steal, this would be the opportune time to do it, as most people are not going to be checking the CC statements out online while on vacation. By the time they figure it out when they return home, the $$ has already been credited to the merchant.
b) This was no piddly amount they went for, they went for it all. Greed will get you every time, they probably could of got away with it for dinking me somewhere under $1k, but OH NO, they wanted the full nubby, all $10k of it. They did three separate transactions for over $3k each, until they realized they hit my limit. Dinking a CC for $10k is a lot of money, these guys weren't going to be around 30 days later when BOFA came looking for them. They were going for all or nothing.

3) Why do I know this isn't my family/friends/neighbors
a) My in-laws moved in with me several years ago. Everyone knows this. They rarely leave the house, they are there every day to "snag" the mail before me (usually to hide their exorbitant phone bill). Really, the mail is their "big thing" of the day. No way would somebody be mail snagging at my house, my MIL is there every day to greet our mail carrier.
b) Nobody but the merchant stood to benefit from the "purchase." Using my address as the ship to address, just like everything else, my in-laws would be there to pick it up. Really, everyone in my neighborhood, all my family, and friends know my in-laws live with me and dh and rarely leave the house. Assuming there was a "product" actually being delivered to our house, (which there wasn't) the in-laws would have been there.
c) anyone who knows me also knows I am hopeless lover of animals, I always have someone checking in a few times a day on my cat and dog when I am away (I love my in-laws, but I don't trust them with my "kids.") So the idea of an empty vacant house just waiting for a thief that knows me to come and snag a package (even though nothing would have shipped) at an empty house while dh and I are away is shot, my house is NEVER EMPTY!

4) This is an unknown "E" store.
a) Nothing comes up on a search on the net
b) Nobody I talk to recognizes this store

5) Nobody stood to benefit but the merchant

6) Why Expedia
a)Nothing 100% solid, just some arrows leading to there, there really are only a few companies that I have dealt with that knew certain information---->
but I am pretty sure it was an employee within a company that had access to certain information and relayed it over outside of the company to the thief with the bogus "E" store.

I understand that there are security measures to be taken for a merchant to do business with the major CC companies, VISA-AMEX--MASTERCARD--DISCOVER. But really, is anything 100% safety proof? A clever thief can figure out a way to bypass these precautions. And just as soon as the major CC's are figuring ways out to combat this type of fraud, there is always an entrepreneurial thief waiting in the shadows calculating a new way to circumvent these measures.