Ask HN: What to do about potential credit card fraud.

[kindly]

I received an email saying that I have bought something from store X. I did not buy it of course.

I have contacted company X about the potential fraud (they have not got back to me yet). I also asked for the password to be resent from X even though I did not make the account. I know, but probably shouldn't know, where they are sending the item.

It's getting sent to some dodgy looking unit in the US. I am from the UK by the way.

Should I do anything more about this?

Was it wrong for me to get access to the account on X?

Are there any good resources where you can find clear information about dealing with such issues?

I hope this appropriate here, I could not think of a community that would be as well informed.

PS I have checked my email account to see if anyone has logged in that was not me(they hadn't). I changed my password anyway. The security on X was bad so you did not need to confirm email.

[patio11]

It probably isn't credit card fraud if they didn't actually use your credit card. The most likely issue is

a) The merchant doesn't verify email addresses and

b) the customer put their email address in incorrectly

Just with a minute of checking I found a hundred accounts in my system going to yaho.com, aol.co, gmal.com, etc etc. Imagine the possibilities for fumble-fingering or misremembering the part before the at-sign.

I also asked for the password to be resent from X even though I did not make the account.

This is the very definition of "accessing a computer system without authorization", which you do not want to be caught doing.

[kindly]

>This is the very definition of "accessing a computer system without authorization", which you do not want to be caught doing.

I realised this after the fact. I do not know if there is anything I can do to make amends for this.

[_b8r0]

Not really. Under the Computer Misuse Act you're effectively breaking the law. However there may be a potential defence that you were responding to a query and that your actions would be reasonable. That's a problem to worry about if you were ever to go to court though.

[anigbrowl]

The retailer is not much wiser than you, all they do is enter the number to find out whether it's valid or not. Talk to your bank/card issuer, by calling the phone number printed on the back. They deal with this sort of thing all the time, and will probably straighten it out very quickly. If you run into difficulties, find a solicitor; investigating it yourself is likely to be a monumental waste of your time.

[kindly]

It has nothing to do with my bank card. It was only the use of my email for some account. I had no account on X before this point. I imagine if they used my bank card they would use another email for the account on X and not inform me of what they have done.

I already checked with my bank to make sure no money has come out. That was the first thing I did.

[anigbrowl]

Then why did your title say 'credit card fraud'? Where does the credit card come into the story?

[kindly]

I said "potential credit card fraud". Sorry for the confusion. The potential fraud is not being done to me. I just wanted to know what I should do if I suspected it.

[anigbrowl]

OK, that makes more sense. I guess it's hard to fully explain a situation in an Ask HN post.

[_b8r0]

Check your bank and card statements for entries that you can't identify or that match up to the value of the item they claimed you bought. If you haven't bought anything then they haven't got a leg to stand on. I'd politely offer to help them with their enquiries but wouldn't take any crap from them.

If you have had something taken out of your account then you need to contact your bank/card provider.

[Scott_MacGregor]

Call the bank that issued your card immediately, and tell them what happened. They will probably cancel the card number and send you new card. Give them all of the information you found out about the illicit user too. If you wait, the user may max out your credit limit and it will stay maxed out until the bank settles the disputed items.

[kindly]

That was the first thing I did. I do not think they have my card details. The bank thought that too. They just used my email address.