Today I received a phone call from "Tiffany" at monster.com. Tiffany wanted to confirm an order I placed for a job listing. The bill for the order came to $425, to be billed to my debit card.
I had never heard of monster.com, and I have no job offerings, nor am I seeking a job, and I certainly never placed the order. The conversation proceeded with much confusion as I tried to figure out what Tiffany was talking about. Eventually I asked her to give me the last four digits of the debit card the order was to be billed to. Upon hearing the numbers I instantly knew the account in question was a commercial account at US Bank that I use for my publishing business. And because I buy a lot of printer parts and supplies on eBay, this is the bank account that my PayPal account is connected to. I have been using the same bank and PayPal/eBay arrangements for nearly ten years and have never had a problem. I have also used this debit account to buy other things for my printing business, including computer parts. I even used the account to pay tuition at PSU. Many of these transactions have been on the net, and many others have been in person using the actual card. Once Tiffany and I came to the conclusion that the order was bogus Tiffany quickly canceled it. And upon hanging up the phone I immediately called US Bank. It turns out that there was a charge for $1 to zero.com for internet services, and a charge to Lowe's for $2004.99. Both these charges had been immediately reversed by the merchants in question. Neither US Bank nor I have lost a penny. Whew! Of course, the US Bank employee I spoke to immediately canceled the card and entered it to be reissued with a new number. He also informed me that the bank would be sending me a Fraud Statement form that I must fill out in order to "save my credit rating." I don't know what this episode has to do with my personal credit rating, especially as I don't actually have a credit rating. But I will certainly do everything in my power to assist the bank and the authorities in bringing the malfeasor to justice. The interesting thing is not that someone acquired the card number, but that apparently they also have my name, address, and phone number. From the present evidence I don't know if they have other information - my social, my date of birth, the three digits on the back of the card, etc. But the fact that they have my address and telephone number suggests that the miscreant is an employee of an internet merchant. Local merchants never ask for that information because they merely rely on my presenting the card and entering the correct PIN into their terminal. Buying stuff on the net not only usually saves me money, it also saves me time. Just place the order and a few days later it shows up. I've even ordered computer parts from Fry's in Wilsonville over the net, just because it's a PITA to drive to Wilsonville. I'd hate to crawl into a shell and refuse to buy on the net just because of a close call. On the other hand, my question for the collective wisdom of the list is, what steps can a person take when buying on the net to maximize security? Like, is there a short list of signs that a site is safe that I can use without having to earn a degree in web security systems? As always when responding to my questions, assume you are talking to an idiot. _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug