Consumers around the country are abuzz over a rash of incidents involving unauthorized charges to Visa and MasterCard accounts within the last thirty days, many appearing on statements for cards that haven't been used in months.
Cardholders have been flooding online forums with news of a $24.99 charge from a company called "Digital Age Cyprus" appearing on their account statements. Other mysterious charges include "Trouble Bubble LLC" and "Burdett Inc.", at $7.95 or $9.95.
Such charges are often referred to as "spam charges," based on the idea that the sheer number of charges, even in small amounts, can generate a profit for fraudsters and hackers. The amounts are small enough that many cardholders will pay them without thinking about it.
Criminal rings will often use names of legal businesses that don't accept credit card transactions as a front, and set up a fake 1-800 phone number in case customers call to verify or dispute the charges.
Brian Morris, a computer and networking consultant, first became aware of the scam when he noticed a charge for Digital Age Cyprus on his MBNA MasterCard on Sept. 28th.
"I keep a very close watch on my credit card activity and knew that I did not authorize that charge," said Morris, "so I used Google to find the forum on Broadbandreports.com where many others reported of being hit with this charge."
Morris believes victims of the fraud are at a disadvantage because of the lack of coverage the incidents are receiving in major media outlets.
Victims of the fraud have flooded bulletin boards and blogs with news of each incident, advice, and suggestions. Information regarding the source of the spam charges is still unclear, but speculation centers around a connection to the CardSystems data breach in June 2005.
Forty million cardholders' accounts were exposed to identity thieves, and of those cardholders, 263,000 actually had their information stolen.
Although it would seem like common sense for card companies to notify cardholders in the event of a crisis such as the CardSystems breach, a federal judge disagreed, ruling that it was the responsibility of the issuing bank to offer warnings. The ruling came as a setback to a class action lawsuit filed against Visa, MasterCard, and CardSystems for the potential damage from the theft.
Many of the affected cardholders expressed displeasure at how their banks have handled -- or not handled -- the incidents.
Cybersecurity expert Bruce Schneier recently penned a column for Wired magazine taking financial services companies to task for not shouldering the burden in cases of fraud or identity theft."Making financial institutions responsible for losses due to phishing and identity theft is the only way to deal with the problem. And not just the direct financial losses -- they need to make it less painful to resolve identity theft issues, enabling people to truly clear their names and credit histories," he wrote.
What You Can Do
If you've found your credit card bill contains these mysterious transactions, or others like them, the following steps can help minimize the damage:
Contact your bank immediately: Let them know you are a victim of fraud, and tell the bank to cancel the card and issue you another one. Keeping the card active, even if the charges are reversed, still leaves you open to more fraudulent transactions in the future.
Update your information with the credit bureaus: Make sure to send letters in writing to each of the three major bureaus if you have fraudulent charges on a card, or choose to cancel it. Otherwise, you may end up paying for bills that aren't yours, or having your credit score sink because of unpaid bills you never charged in the first place.
Be smart when shopping online: Don't save your credit card information on any Web site. Don't offer any more information than what is absolutely required for a purchase. Avoid using a debit card to make online transactions, as credit cards have liability limits of $50 for unauthorized charges, whereas debit card fraud can potentially drain your checking account.