On Sunday afternoon, August 23, 2015, I got a sudden text
from Bank of America about potential fraud on one of my Visa cards with the
bank. This was accompanied by emails and
a phone call, which I took, even as I had to leave for an event.
The card was cancelled immediately and replaced within two
days. But what was curious was the speed
with which fraudulent charges had accumulated, from merchants that had no
logical connection to one another.
I still had the card.
But I do recall that in the past, BoA has sometimes sent more than one
copy of a card (not a good idea).
There was some reason to think that some of the charges might
have come from Florida. I had visited
the Disney and Universal theme parks there in mid-July and gone to a street
celebration in downtown Orlando on a Saturday night. I never used this particular card while
there. But it is conceivable that
someone in one of the parks or on the street could have used a scanner capable
or reading cards in my wallet. Also, it
is conceivable that these particular entities don’t check card security code,
just name and expiration date.
It’s also conceivable that the scam could come from some
business that was hacked where this card has been used legitimately, but none
of the companies reported in the media would match.
But it’s hard to see how this kind of a scheme could make
the fraudster any money, as a practical matter.
The card will almost certainly get denied quickly. The charges themselves seemed to have been
generated by an automated script that might not have even required contacting
the merchants. Maybe the scam needs to
make money from only 1% or so of all the transactions if the scammer can
generate enough transactions. It seems
likely that the ultimate source of the scam comes from Russia or China.
