[UPDATED] Woohoo! I am excited. I was checking my e-mail and got an email from Bank of America that there was another fraud alert on my credit card (as you might imagine I am very careful but for some reason I get hit at least once or twice a year). My card was locked out until I verified some transactions.
I tried to use their online service but it said my number couldn’t be processed online so I had to call.
So I called and gave my secret information to them, and they cited some of the transactions that was attempted to be charged including:
- World friends – people who like to travel ? Or maybe the upscale dating service?
- Al shop – online electronics store in DUBAI
- Payless shoe stores – yeah they don’t carry my size unless I wear their shoe boxes as shoes
- Paypal authorization attempt
All of the charges were declined – because – the number they attempted to use is a ShopSafe number, a service that BofA offers that I have written about in the past, where I generate single use credit cards for either single purchases or recurring subscriptions. These cards are only good for a single merchant, once charged nobody else can use them.
In this case it was a recurring payment number, which on top of the single merchant has a defined monthly credit limit.
Naturally of course since they are only valid for a single merchant I only give the number out to a single merchant.
Apparently it was my local CABLE COMPANY that had this recurring credit card number assigned to them. I gave this number to them over the phone a couple of months ago after my credit card was re-issued again. So either they had a security breach or some employee tried to snag it. They don’t appear to be a high tech organization given they are a local cable company that only serves the city I am in. They have no online billing or anything like that which I am aware of. In any case it made it really easy to determine the source of the breach since this number was only ever given to one organization. The fraud attempts were made less than 24 hours after the cable company charged my bill.
Unlike the last credit card fraud alert – which was also on a ShopSafe card, this time the customer service rep said she did not have to cancel my main card – which makes total sense since only the ShopSafe card was compromised. I believe the last time only the ShopSafe card was compromised as well, but the customer service rep insisted the entire card be canceled. I think that original rep didn’t fully understand what ShopSafe was.
You could even say there is not a real need to cancel the ShopSafe card – it is compromised but it is not usable by anyone other than the cable company, but they canceled it anyways. Not a big deal it takes me two minutes to generate a new one, though I have to call them and give them the new number. Or go see them in person I guess. I tried calling a short time ago but the office wasn’t open yet.
The BofA customer service rep I spoke to this morning said I was one of only a few customers over the years that she has talked to that used ShopSafe (I use it ALL the time).
Of all the fraud activity on my card over the years(and other times where merchants reported they had been compromised but there was no fraudulent charges on my card), this is the first time that I know with certainty who dun it, so I’m excited. I wonder what the cable company will say…
One of the downsides to ShopSafe is because it is single merchant I do have to pay attention when buying stuff from market places, I frequently buy from buy.com (long time customer), who is a pretty big merchant site. I have to make sure my orders come from only a single merchant, which on big orders can sometimes mean going through checkout 3-4 times and issuing different credit card #s for each round. I try to keep the list of numbers saved on their site fairly pruned though at the moment they have 38 cards stored for me. There was one time about a year ago that buy.com contacted me about a purchase I made that they forgot to charge me for about 4 months. The card I issued was only valid for two months so it was expired when they found the missing transaction in their system. Apparently someone I know who is well versed in the credit card area said that technically they can’t force me to pay for it at that point (I think 60 or maybe 90 days is the limit, I forgot exactly what he said). But I did get the product and I am a happy customer so had no issue paying for it.
Yay Shopsafe, I wish more companies had such a service, it’s very surprising to me how rare it seems to be.
UPDATE – I spoke to one of the managers at the cable company and he was obviously surprised, and said they will start an investigation. I think that manager may end up signing up for BofA credit cards, he sounded very impressed with ShopSafe.