Everything was reported and changed, fairly quickly to our luck. Another charge was denied the next day.

  • Patches@sh.itjust.works
    link
    fedilink
    arrow-up
    37
    arrow-down
    1
    ·
    edit-2
    11 months ago

    Credit Card Numbers by themselves are technically worthless because you have no guarantee they aren’t just randomly generated.

    Verified Credit Cards are worth significantly more on the black market. There is no reason to set off fraud detection by using a fake address. Those resellers do not want the goods - they want good credit card numbers.

    Significantly less risk in reselling numbers compared to goods and no logistics, or fencing, to speak of.

    • Darkassassin07@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 months ago

      But sending the goods to the actual cardholder informs them of the fraudulent use, pretty much ensuring they deactivate the card number. Talk about burning the bridge you’re standing on…

      • Patches@sh.itjust.works
        link
        fedilink
        arrow-up
        1
        ·
        10 months ago

        There are a significant number of people who won’t put it together, and call the bank.

        The person who’s name is on the card - might not even have access to cancel the card. My mother’s identity was stolen like this - they opened many many credit cards, and she got a lot of absolute garbage in the mail for months. There was no one for her to call. She didn’t open them.

        She locked her identify but it means about fuck all cause people kept opening cards anyways.

  • hope@lemmy.world
    link
    fedilink
    arrow-up
    18
    arrow-down
    1
    ·
    edit-2
    11 months ago

    I believe sometimes bad actors will purchase goods from themselves using illegally obtained payment information and then actually send the goods to the victim to try to argue against the chargeback and/or make the victim think “hmm maybe I did order this…”. Or they could be trying to make their devices less likely to trip fraud detection systems for a larger haul. Not sure how well this all works though. With more expensive things (phones, TVs, etc.) I’d think they’re planning on swiping the package before you get it, but with coffee I’d be shocked if that was the plan.

    • Patches@sh.itjust.works
      link
      fedilink
      arrow-up
      6
      ·
      edit-2
      11 months ago

      Planning on swiping the package requires you to be local to the victim, and willing to assume a high level of risk and time - this is not often close to the truth. These people are often not even within the United State.

      What you are describing exists but it would be far more likely that you would know them - and it’s a sloppy drunk family member/friend/coworker. They would not be in the game for long doing this.

      • Coldgoron@lemmy.worldOP
        link
        fedilink
        arrow-up
        4
        ·
        11 months ago

        We are leaning toward an online vendor at the moment. The card has no numbers and we have zero locale with knowledge of sniffing card numbers.

  • jtk@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    2
    ·
    11 months ago

    Is your address tied directly to the virtual card? If it is, terrible idea on the CC company’s part. If it’s not, how did they know it? I’d assume they have a lot more than just the virtual card info.

    • Coldgoron@lemmy.worldOP
      link
      fedilink
      arrow-up
      2
      ·
      11 months ago

      To my knowledge its not, it was an apple card too which would be a mountain size leak for a large group. Im thinking it was most likely an online vendor for the moment.

      • jtk@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        11 months ago

        Is the virtual card number single use? I’ve never used one before. If not, maybe another site it was used on just leaked it along with the shipping address. Edit: Oh, that’s basically what you assumed. I tend to reply before I read more than one sentence :)