Bah

[unixronin]

Strong circumstantial evidence indicates my debit card has been compromised.  The first clue was when I downloaded bank transactions to Moneydance, and there was a transaction purporting to be a debit to PayPal that didn't show up anywhere in my PayPal account.

It should go without saying that all appropriate steps have been taken.

Keep your eyes open, folks.  Read your bank statements carefully and question any transactions you can't identify.  There's a lot of thieves out there.

Comments

[cipherpunk.livejournal.com]

Good luck with this. If there's anything we can do to help, say the word. There probably won't be, but — I'm a big believer in the principle that says it's the moral obligation of the good to stand together for common defense from evil.

Theft is evil.

[unixronin.livejournal.com]

I appreciate the offer, but I think we're covered. There only appears to be the one fraudulent transaction so far, both PayPal and Citizens Bank have been alerted and are investigating, the compromised card has been killed and a replacement is on the way, the PayPal account is locked down, and I have dispute affidavits en-route from both.

I'm curious how it got compromised, though. Assuming the whole transaction wasn't forged from top to bottom, it appears someone (possibly someone with a Hungarian email address; PayPal wasn't entirely clear about that part and I was a little too rattled to question them more closely) used the card data to buy a RapidShare account.

[genuine-snark.livejournal.com]

That's a bit of a mystery. To my knowledge, there's no way -to- get a debit by PayPal that isn't deposited into your PayPal account.

I don't think PayPal has a way for account holders to take money from someone else's card directly. They dun your PayPal account, which refills itself from the card/CC as necessary to complete the transaction. And to initiate that, it's your PP account that would be stolen (happened to me a couple of years ago).

Wonder what PayPal will make of the transaction. Any chance one of the fambly opened up a new PayPal account agains your card and didn't think to tell you?

[unixronin.livejournal.com]

That's a bit of a mystery. To my knowledge, there's no way -to- get a debit by PayPal that isn't deposited into your PayPal account.

Which is why I wonder whether the whole transaction was forged. Yet, even though it didn't show up in my account, PayPal apparently had some data on it. This makes me curious, but I was a little too rattled to dig too deeply into it when I spoke to them.

Any chance one of the fambly opened up a new PayPal account against your card and didn't think to tell you?

Slim to none. I'm the only one who has that card.

[lizzibabe.livejournal.com]

There's a possibility that your number may have been skimmed from somewhere and used to fund someone else's Paypal account. It's wicked scary how easy it is to jack someone's card. One way is for an online retailer's machines to be hacked. that nice professional website you just bought your widget from may have had their server fall victim to some exploit. this means debit card number, CVV code, name and billing address. everything to fraudulently use a card online.

[genuine-snark.livejournal.com]

...or you're saying they took the card details and used them to open a PayPal account themselves? There's some level of verification on that, though, isn't there?

[unixronin.livejournal.com]

I hadn't thought of that possibility. I should probably call them back and see if I can get some more information.

I'm glad you caught that.

[dakiwiboid.livejournal.com]

Scary! Things like this are why I check my account online at least four times a week.

[lebo-superman.livejournal.com]

You might want to check out my blog from this morning - I found a "new" database online that is selling personal info on anyone in it's database, SSN's included for the right price. When I did a search for me - I found info on me at 7 different addresses I've lived at.