Shocked that my credit card number was stolen

Wow, this is one of things you never expect to happen to you. Linode, where this blog is hosted, recently emailed me saying my monthly payment had been denied and I should contact my bank.

This morning I received a letter from the bank saying they had tried to call me and would I ring them which I did. After holding for what seems like an age I talked to a nice girl at the bank who told me there were suspicious transactions on the card:

  1. Aug 30: 1 Euro spent at the iTunes store. Never used it. Alarm bells ringing.
  2. Aug 31: 3 Euro at “Usenext”, whatever that is.
  3. Sep 3: Various amounts (168 Euro, 48 Euro..) spent at Virginmedia on subscriptions.

Ouch, thankfully the bank caught it and I’m not out of pocket, but it’s frightening when you’re the victim of credit card fraud. I presume it was skimmed by the same guys who had impersonated repair men and modified credit card machines around the country that was widely reported last week. The card hardly ever gets used online. Cutting it up now.

Author: Donncha

Donncha Γ“ Caoimh is a software developer at Automattic and WordPress plugin developer. He posts photos at In Photos and can also be found on Google+ and Twitter.

33 thoughts on “Shocked that my credit card number was stolen”

  1. Paul – To give credit where it’s due, AIB were even quicker. The iTunes payment went through but it’ll be refunded, and then they added a security check to the card which disabled all further payments!

  2. Donncha

    How awful for you and indeed for anyone it happens to. πŸ™ Will the AIB give you a new card without charging for it?

    Stories like this are enough to make me hanker after the old ‘money in the mattress’ idea!

  3. Grannymar – no charge for the card. I guess the cost of printing and mailing a new card is peanuts compared to the potential earnings from interest payments!

  4. I had one of mine stolen a few months ago. Someone bought McAfee anti-virus software. Big alarm bells, as I’m an OS X snob. πŸ˜‰ Credit card company (Bank of America) was very obliging.

  5. Ours was cloned in the local Jet garage along with a lot of others. First thing we knew was when I got home and the card company had left me a message and when I phoned them back they said “Ah, so you’re not in Malaysia then!”. Seems someone had tried to take £168 in cash out but I specifically do not allow cash to be drawn on my card so it got rejected.

    The main problem is that it then takes about 10 days to get a new card and number and when its your main credit card its a major hassle.

    BTW – I’m here because of your WPMU work… so thanks for all of that!

  6. This seems to happen to me every 3 months .. In my case, Its a mixture of paypal or audible genuinely tasting cards (.01 to .02c) to confirm the cards are valid. I had to put down the wrong country (France) to signup to (not fond of this doesn’t seem to help matters.

    ItÒ€ℒs a nice feature from AIB, but it has blocked some of my real transactions (normally web hosting / VPS renewals, doh!).

  7. Wow! That sucks, but it’s nice to see that the bank caught it and took action. There are times where I get annoyed when a legitimate transaction I made gets flagged and I have to call up the credit card company to confirm before I can continue to make purchases, but I guess it’s those little annoyances that prevent bigger headaches eh?

  8. Glad you and the bank caught it in time. We’re paranoid about this, especially living and traveling on the road so much. If ours is stolen, it’s harder to chase down the bugger from the road.

    So are you going to change how to use it and protect it in the future? I haven’t looked into updated techniques recently. SIGH. I should.

  9. I guess we both use our cards in very different circumstances.

    I always use my debit card in the real world (mainly since I can track it a lot better using Internet banking), and I only use my credit card online. Not sure how much of a security risk that is, although at least it means that if the worst does happen, and someone tries to use it in the real world it will hopefully look suspicious.

    BTW, AIB here as well πŸ˜›

  10. Lorelle – unfortunately it was probably in one of the gas stations I bought fuel in as I only used it online at, and, all reputable organisations, where I hope they don’t store the CC details in the clear ..

    A few weeks ago news broke that a gang impersonated repair men and added devices to the credit card machines in retail outlets. I presume that’s how they got my details.

    Chris – any cardis at risk I guess, but thankfully AIB seem to be on top of it and catch suspicious transactions quickly!

    Richard – I was testing the registration on the WordCamp SF site a few weeks back and set the price to 1 Dollar. After 3 or 4 attempts, I got a phone call from the bank!

  11. Pingback: I used to …
  12. @TheChrisD: actually, credit cards are _safer_ to use than debit cards for physical transactions, fraud-wise. The T&Cs are more consumer-friendly, and you have a leeway of 30 days before any fraudulent charges actually hit your current account, whereas with debit cards the money is instantly transferred.

    @Lorelle: best practices would be to use the old “sign the credit card slip” method if you can when using your card, and avoid using a keypad to enter a PIN — especially wireless keypads, if you can.

    alternatively — use cash! πŸ˜‰

  13. Sorry to hear your details got skimmed. I had the same happen to me a couple of months ago. Not sure where the details were picked up, but I suspect it was probably one of a few petrol stations I use.

    I got a call on a Sunday from HSBC’s fraud team, asking where I was, and did I have my card. When I explained I was at home, and the card was in my wallet, they told me that it had just been used twice at a cash machine in Germany less than an hour before.

    They stopped the card immediately, issued a replacement, and of course refunded the fraudulent transactions (after I completed their form to state that I had nothing to do with it and hadn’t acted negligently).

    I think this kind of thing will get worse with Chip & PIN, as there’s so many kinds of reader out there that nobody can tell what a legitimate reader looks like, and it’s trivial to add something to skim the card details and PIN number as they’re entered πŸ™

  14. I had my card used a few months ago for a one way flight from Canada to somewhere in Asia the day after it was used. Apparently it originated in a call centre in Canada. Somebody mentioned that call centres deal with multiple companies which makes it easier for them to push through illegal payments when details of credit cards are obtained. The full amount was repaid thankfully. I noticed it myself as I keep an eye online for such use.

  15. A bit strange/funny that credit card thieves seem to purchase things they could easily pirate online such as McAfee anti-virus and iTunes music.

  16. I know the feeling Donncha.

    I’ve had credit cards skimmed several times and the skimmers has bought everything from hardwood floors to plasma-TVs in India, UK and Sweden for a total of about $10,000.

    I’m pretty sure that I got skimmed at a travel agency in Phuket Town in Thailand on one occation, but for the others I don’t have a clue how they got my credit card information.

    Luckily my bank didn’t hold me responsible for those payments so I haven’t lost any money myself, but I think it’s scary to see how these kind of credit card frauds getting more common.

  17. I am glad no problems arose.
    Also,I am glad that at the moment someone uses my credit card I got a loud ringing SMS from the bank with the transaction details, place, time and amount, so if it was not me I can freeze it.

    I would check with your bank if you have a similar service.

  18. Just an FYI, I wouldn’t be so sure it’s a gas station or a travel agency. I only use my card online and it was nicked twice in the last 6 weeks. I also only used it with a few reputable e-tailers that I’ve done plenty of online purchases with in the past (the Gap, iTunes,, and t-mobile). I have a mac but I think I either have some kind of virus or somebody has managed to hack into my internet connection (don’t ask me how considering I don’t even use wireless). The second time, the first erroneous charge was a song from iTunes like someone described earlier. I think they’re just testing the card to see if it works with a transaction someone might not notice. Also, there were no common vendors used between when my first number was stolen and when my second number was stolen. I’m still trying to figure out what my leak is but it’s not from usage at a retail shop because I haven’t done that since I moved to Germany 6 months ago. My bank’s fraud detection has been great so I haven’t been on the line for any of the $3,500+ in charges that were racked up, but I’m not using my new card until I’m sure of where my exposure was. Don’t mean to sound all doom and gloom, but I just wanted to warn you to be aware of everything when you use a credit card.

    1. I had the same thing happened to me 5 times. One of the cards did not even last a month. I am a tech guy so I thought I secured everything I could. I use macs to. Any advice?

  19. Tens of thousands of stolen credit-card numbers are being offered for sale each week on the Internet in a handful of thriving, membership-only cyberbazaars, operated largely by residents of the former Soviet Union, who have become central players in credit-card and identity theft.

  20. Hello,
    Sorry to hear that your credit card was stolen, When I do anything online that needs a credit card I only use a pay as you go credit card you can buy them at any money mart. That gives you peace of mind.


  21. Yep. Exactly same here. iTunes transaction for 1.0 dollars on April 10 ’09 and eight days later a slew of online transactions that I don’t recognize. Blocked the card and starting the dispute process.

    Thankfully, the bank contacted me right away about this.

  22. In an effort to combat credit card fraud, Visa is testing a new card. The Emue generates and displays a new code each time it is used. A PIN number is used to generate the code that is displayed on an alpha-numeric screen built into the card. There will also be an account number, magnetic strip and 3 digit security code. A three year battery is used in the device so that the card will expire before another is needed. A pilot study to test the new card should be completed by the end of the year.

  23. Personally I use my debit card for online transaction. I know a credit card is safer than a debit card but if you live in Africa credit card fees are expensive.

    What I have done is I operate to bank accounts with two different banks. One account I use only for making online payments, when I need to pay for my hosting or any other online transaction I deposit the funds into the account. The account is a normal saving account and it can never be overdrawn.

    Good luck

  24. My credit card was stolen from itunes too! When I tried to contact them about it they gave me the run around. I just had to dispute all other charges and get a new debit card

Leave a Reply