At 3:54 PM on 9/8/08, I received an incoming call saying that, because I had made my credit card payments on time for 6 months, the company could negotiate lower interest rates on my existing credit card accounts. But first, to "qualify" to speak with an account exec, I would have meet certain criteria:
1. Have at least $3,000 in credit card debt.
2. Be paying at least 8% or 9% in interest.
3. Prove that I was in "good standing" with my "bank." To do that, I would have to give Shandra (the girl on the phone) my 16-digit bank account number and the 800# off the back of the "card."
Of course I realized this was a randomly dialed phishing call, so I began to ask questions. Did she mean my debit card? My bank account only has 10 digits, I explained. No, she replied, my CREDIT card (as if I were too illiterate to know what she meant by bank account number).
When I explained that I wasn't prepared to give any credit card number to a stranger on the phone, she said that her company was called Financial Services and that this was the Visa and Mastercard division. She worked in the call center, she said, so she didn't know the company's website address, although she knew it had one. She gave the company's phone number as 800-741-3283.
I next asked where she got my phone number, and she said from "the list." We verified it, then I asked what name showed on the list next to my number. She said the list only showed phone numbers. When I asked how her company knew my payment history if they didn't even know my name, she said she would check, then came back on and said my name was Sandra Wagner, which, of course, it is not.
Today, 9/10, I took the time to call 800-741-3283, which led me to Riverside National Bank in Florida. I reported the incident to a customer service representative, who said she would let her supervisor know that a company engaged in stealing credit card numbers was giving out their phone number.
I don't have a caller ID display on my ancient 4-line office phone, so I have no idea where the call originated. I'm posting this in case someone else can use the information to track these criminals down and stop them.
My elderly mother would have given out her "bank" number in a heartbeat, as would many people who are paying high credit card interest rates.
How could someone use a credit card number to commit fraud without an expiration date, much less the V-code on the back?
Many companies don't ask for the code, and even I, who learned programming back in the days of COBOL and punch cards, could write a quick program to generate expiration dates. Owning a few merchant accounts to try the cards and expiration dates on would give criminals the opportunity to ascertain correct expiration dates in-house. From there, it would be easy to print credit cards that could be used for in-person purchases. Beyond that, perhaps they could get the victim's name by calling the 800# on the back of the card. If so, they could sell the info to someone who could run up a lot of charges with vendors who don't require V-codes.
P martin
San Jose, California
U.S.A.