Volume 11: 03.05.2006:  Electronic Security Rant

This time 'round, I've got a rant for you.  These are my (and only my) two cents.  (See disclaimer on bottom left.)

Credit Card Security

My Hillyard business has a website. When I decided over 5 years ago to embark on giving my company a web-presence, I had no idea what we would be exposed to. In addition to tons of new customers, many new scammers were able to find us. Not only do spammers send unwanted e-mails to our e-mail address posted on our website, but a much more insidious villain was able to get our information.

On an otherwise normal day, my dad got a call from a hearing impaired phone service. They provide a service for the hearing impaired to make regular phone calls, buy speaking what the impaired person types on the other end. While this is a great use of today's fine technology, it can be used for more sinister means. In fact, the translation by the operator makes it really easy to change the subject and/or confuse the hearing person. The customer identified himself as a Reverend, and said he wanted to purchase a golf cart. He wasn't picky about which one, and he didn't mention where he was from, but Dad didn't suspect anything was awry. Dad gave him our e-mail address to continue the discussion, so as to not use up so many cell phone minutes (these hearing impaired translation calls tend to take a while.) After some clumsy e-mail communications, the Reverend said he wanted to buy a cart, but every time Dad asked where the cart was to go, the Reverend would change the subject again. I caught very little of this as we were pretty busy at the time, but one day I walked into the shop and Dad was again talking to this guy, trying to run his credit card. The first card didn't go through, the second card didn't go through, I emphatically told Dad to get this guy off the phone, he was trying to scam us and Dad did.

We did some searching for scams on the internet and found that the Secret Service had a few articles on their website about this sort of thing, so we called the Spokane field office (Who knew the SS had a Spokane field office?). They suggested we not talk to the guy and because the credit card numbers were probably stolen, we should contact our credit card merchant provider to report the credit cards. Thus began a two hour journey into the fallacy that is credit card fraud reporting.

As the Secret Service suggested, I called the number on the side of my credit card machine.  I pressed 1 for English.  I got an operator pretty quickly and she said I had to call the credit card's issuing company.  I said, "How am I supposed to know who the issuing company is?"  She told me to call MasterCard, after I read her the numbers.  I said okay, I figured I could find a fraud reporting number on the MasterCard website.  I figured wrong.  After a few minutes of searching their website I found a customer service number to call.  (I honestly can't remember how, I looked just now and couldn't find it again.)  When I called MC, I pressed 1 for English, and it asked for my credit card number.  Pause.  What the heck am I supposed to put in?  Not thinking quickly I typed in one of the numbers the crook had given me.  It asked for zip code, so I put in the one he gave us.  Luckily the zip didn't match which bounced me pretty quickly to an operator.  I tried to report the cards to her and she said I had to call the issuing bank.  "How the heck am I supposed to know who the issuing bank is?"  I read her the numbers and she told me Citibank.  At this point, I'm thinking two things, "Shouldn't MasterCard have a fraud reporting service I can work with?"  and "Citibank is a big bank, they must have a good fraud reporting service."  Ha Ha, yea right.

I got Citibank's number from the MC lady and called them.  Again with the pressing 1, again with the "enter your card number."  This time, I figure I'll just press 0 sixteen times for the card number and again for the zip.  This connects me to a very nice, but not very helpful young lady.  I explained to her my issue, and she promised to help me, though it took several holds and several, "I'm going to have to ask my manager," and eventually a confused conversation with what she thought was the fraud reporting department.  She transferred me after about 10 minutes and the guy she transferred me to laughed and gave me the right number for Citibank's fraud reporting department.

"Yes, I'm on the home stretch, I've almost done my duty to report this guy."  I dial up the number, again with the pressing 1, but no asking for credit card numbers, "we're making progress."  A rather unhelpful and uninterested woman asks if she can help me.  (The tone of her voice tells me she doesn't really want to.  Mind you this is the frickin' fraud department, the ones who are supposed to be keeping our electronic information safe.)   I tell her my story, like a hero recanting his tales of bravery.

"What are the card numbers."  She says, still bored.
I list them, my mood dampening, I'm pretty sure she's not impressed with me doing my duty.
"Are there any more?" She asks.
"No," I say, "just the two."
All I get is an, "Okay."

(No, "Thank you."  No, "Hey, good work, thanks for keeping our paying customers safe."  No, "We will look into it.")

So, me being me, I decide to try and make it better, "Hey, since I got you on the phone, is there a fraud reporting line that I just couldn't find that would have gotten me right to you?  You know, an easy way to report these kinds of things so you can better keep your card members safe."

Long pause, "I can give you the number to reach our department sir."

"No, no, no, no, you don't understand.  I'm saying if you don't, you should have an easy to find fraud reporting number."

Nothing, silence on the line.

"Could you pass that on to your superiors, please?"  I am defeated.

"Yes sir."

"Okay, thanks, bye."  And then I got out my Citibank credit card and cut it up into little bitty pieces and then burned them and then dropped them in battery acid. 

I DON'T GET IT!  With identity theft and the stealing of credit card numbers rampant, how can it be so incredibly difficult to report fraud?  How can it take SO long to find out how to report these things.  I gotta tell you, I've never been a paranoid double shredder who won't use his credit card if the numbers ever leave my control, but after this, I'm considering it.

More information about "Nigerian" scams:

• http://www.nigerianscams.org/

• http://www.secretservice.gov/alert419.shtml

• http://www.state.gov/www/regions/africa/naffpub.pdf