Over the past three weeks, we’ve had three credit card compromised… all luckily detected quickly by the fraud department at the respective companies. The first was an Amex about 3 weeks ago, which was detected when it was used at a transit ticket machine in New Jersey, at the same time the card was used in Los Angeles. The second was a Visa; it was detected last week when it was used at a gas station—as a physical card, mind you—in Italy. The third on a different Visa occured Wednesday, when the card was used multiple times at a Victoria Secret and a JC Pennys in Westminster and a Target in Upland… while the card was in my possession in El Segundo.
We’ve done all the correct things: those cards have been cancelled and replacements ordered, and an annual credit report pulled (it was clean). But I’m worried about how the numbers got compromised in the first place. Operating on the theory that once is chance, twice is coincidence, but three times is enemy action, I rounded up the suspects.
The first was that a keylogger somehow got on my new laptop. There are numerous ways that could have happened: Best Buy could have installed it before purchase, or when it went to Geek Squad for service. Other installations might have prompted me, or might have piggy-backed on an infected installation. But there are two things working against that theory. The first is that the compromised Amex card is not normally used online—and may not have been even entered on the laptop (its only entry was when it was validated). The second is that the computer is scanning clean by multiple applications: Avira Free has found nothing; Windows Defender has done both deep and quick scans, and only found a low-risk adware (win32/OpenCandy); and Malwarebytes has consistently scanned clean. I added Spybot Search and Destroy to the mix last night, and it only found tracking cookies. (I would have tried Lavasoft Ad-aware as well, but although it installed, it hung on retrieving updates). Given all the clean scans, I think the odds of a keylogger is low; if there is one, it is a very stealthy one. I’m still open to additional scanner suggestions, though.
(Note: Before you ask: Yes, we do have wireless, but it is set up with WPA2 encryption, and I tend to check certificates of sites before entering credit card numbers. Hey, I don’t look as stupid as I am. No, that’s not right.)
The second notion was that some database had been stolen; after all, it pretty clearly looks like someone has been selling these card numbers. But looking at the transactions on these cards in the last four months, the only common usage is Trader Joes and Whole Foods, and those tend not to store numbers. There is also Borders use of all three, although one usage is a bit older. Still, Borders is in bankruptcy.
The third possibility would be physical theft of the numbers by someone in our house, but we just don’t have that many visitors, so that’s very low possibility.
So I’m left thinking this is coincidence, or perhaps a chance and a coincidence. Once the numbers get changed and the cards reissued, the problem should go away. If it reappears with the new cards, I’ll have to keep exploring the keylogger theory. I’m open to any other ideas, though…
