Somehow, someway my credit card information found its way into the hands of evil. I heard from eCost.com, an online computer shop that someone ordered a computer and verified my home address as the deliver to address. What that evil person did not expect was that the eCost would double check the IP geography of the ordered from computer and the geography of my published home address IP location. The evil doer was using an IP from an upper western state and my published home address just happens to be in a mid-west state. Alarm bells went off for eCost and they called me using the telephone number verified with my credit card account. I denied the purchase and they canceled the order. I called my credit card company and reported the incident.
Another situation arose with another credit card; this one involved Dell. There was a $3000.00 computer purchase that was denied by Dell, another purchase of $49.00 and yet another for $99.00. When the fourth purchase was attempted, Dell contacted me and asked if I authorized these purchases. I denied the purchases and contacted that credit card company to report that one too.
Here is the process from what I can discover:
· A credit card number is captured and used to make a purchase
· The evil doer uses an email address other than the credit card holder for information on the purchase order
· The evil doer confirms the credit card holders delivery address
· When shipping conformation is delivered to the evil doers email a redirect, delivery intercept or reroute is ordered from the shipping carrier to cause the delivery of goods to another address (the evil doers)
Solutions to the aforementioned fraud
· Credit Card Company validates customer email address verification anything other than the email of the credit card holder will cause the charge to be denied
· Shipper to maintain an Opt-out of redirect or reroute capability
· Merchant checks the IP address of the order to validate the geography of the order placer and the card holder.
One of the problems that I have encountered is the lack of information that I have gotten from the merchants or credit card companies. I would like to be able to report this to my states attorney general and Sheriffs Office, but do not have the necessary details.
What can be done to protect credit card holders and businesses from this kind of identity theft and credit card fraud? Feedback and comments requested.