Credit card fraud

While we were in the UK we were using a particular credit card (provided by Chase and linked to our Amazon account, such that purchases on it got us free Amazon gift cards) in order to simplify the handling of British currency and to help me make the costs of the trip fit into our budget (by spreading out paying for it a little). We don't use the card very often; most of the year it's only used for Amazon purchases and paid off immediately, just to get those gift certificates, so many months go by without it being used at all. But in the last couple of weeks it's been used a lot -- first, to cover some unexpected expenses associated with the car damage and repair, and then for the trip. Those latter ones were unusual in that, since we couldn't tell the currency conversion rate that would be in effect at any given moment, nor the foreign transaction fees, I couldn't record the transactions as I went; I just had estimates, and intended to transcribe from the online activity into my register on getting home.

When we went through the mail, we found a curious thing. Apple sent us an invoice for iPhone 3GS repair, already paid. Note that we don't own an iPhone and never have. On closer examination we noticed that the invoice showed our address (but with a different name) on the Bill To, but a different address, of a woman in Massachusetts, on the Ship To. The transaction was for $29 and was dated the day before we left. And sure enough, there was a $29 item in my activity on that very same credit card.

Normally a transaction like that would jump out at me since there wouldn't be anything else there, or just one or two. But due to the fantastic coincidence of the timing, it was buried in scores of transactions, and even the total balance being a number I didn't expect wasn't a sign of anything wrong since I had no idea what balance to expect.

There are many puzzling things about this. First, how did this woman manage to get our credit card number and address. Second, even though this is a transaction for a repair, it must have been done online (she didn't have the physical card!), so shouldn't she also have needed the CCV code? Third, is there anything to the coincidental timing of this happening when it did? (If it had happened after we left, everyone would assume the card got lifted while travelling, even if that assumption wasn't true.) And fourth, perhaps biggest of all, this woman got our credit card number and address, but all she could think to do with it is a $29 charge on something where we would then get an invoice... an invoice that has her home address on it?

Apple was little help. One hopes that, while they wouldn't tell us anything, they're at least flagging the woman's account. If the iPhone is in their repair center, presumably she won't get it back. If not, maybe they can disable it remotely.

The police have been even less help. They're supposed to call us back. A day later they haven't yet. You'd think that, given we have the woman's name and address, this would be something to jump on. Maybe that it's only $29 makes them less interested.

Chase was quite helpful in their way. They credited us the $29 immediately and without question, though they warned us the vendor might try to resubmit it and we might have to re-dispute it. However, they seemed little concerned about the fact that not only did this person have our credit card number but also our address and possibly CCV. They made it out like this was probably a "transposed digits" problem, and we had nothing to worry about. I insisted, and they closed the account and issued new cards which we should get in a few days.

Unfortunately this meant I could no longer access the account activity since the web site no longer shows me the now-closed account. So I had no way to get all those transactions settled up in my records. Eventually we were able to get Chase to fax (not email, they wouldn't do that) the transactions, and I had to do a lot of squinting and cross-referencing to get the dollar amounts and match everything up. But I have only estimates on a few of the transactions that hadn't finished clearing. (I wonder if those transactions will carry through, as they were authorized before the closure, or if they'll get stopped, and we'll have to re-pay those people eventually.)

I also have to muse about the coincidence that the last time we travelled, we returned home and spent a lot of the day we intended to spend recovering from our travel dealing with a fraudulent transaction -- that time it was on PayPal, and in both cases, the fraud had nothing to do with the travel, the timing was just coincidental. But I'm going to be superstitious about it next time we travel.