Two credit cards compromised in quick succession

I've just been the victim of card fraud on 4 different cards on two separate occasions over the last two months. The bank say that either my card details have been swiped from a card scanner at a bank machine / dodgy retailer or from my computer. There is almost no chance whatsoever that I have used all four cards though at the same retailer or bank machine, and the fact that this has now happened twice in the space of two months, seems to indicate my computer (Macbook Pro 10.8.3) is compromised. At least the bank fraud team seem pretty convinced....

Other than clearing cookies, history etc - if this in fact does anything (?) - and assuming scanning software does nothing (as discussed above), there appears there is nothing that can be done?? I very much doubt i've used two different cards on the same retailers site so I find it hard to imagine details have been taken in this way. It seems there must be some spyware therefore scanning my card details....

You're right VikingOSX but it's got to be a pretty big concerted effort when you have fraudulent activity across all four debit cards. It would mean there would have to be a considerable number of compromised ATMs and retailers in my local area for every single card to have been compromised as for instance one card is only ever used for building supplies and perhaps only at one store locally and one card is a business card and only ever used at the local Post Office. My current account card is though used frequently so I could understand that falling foul. Alternatively I guess it could just have been someone going through my wallet and copying all the cards..... so nothing to do with computers, malware or local retailers / bank machines.

Going back to the beginning though, just to confuse matters more, the initial poster rjpattison stated that he / she had only used the cards online and not on the same websites so either:

1. They were unlucky and two separate sites visited using the different cards, were dodgy.

2. Someone physically got hold of the card numbers (i.e. gained access to the cards).

3. Someone hacked their wifi network (if that's possible).

4. It was indeed malware, although that seems unlikely going on thomas_r's responses.

Good luck to anyone else who has their card details stolen!

Hopefully you reported the fraud to your credit or debit card company already.

Not a virus, more likely the issue is the websites where you use those cards.

If you have not done so, visit those websites and look for a support or contact links for assistance.

You can report online credit card fraud > How to Report Credit Card Fraud

It is extremely unlikely that this was due to any malware on your Mac. It is far more likely that there is some other explanation, and it may not even involve anything electronic.

You can try doing a scan with something like Sophos or ClamXav, but you need to be aware that no anti-virus software can give you a guaranteed "clean bill of health."

Did you use the same password for both accounts?

The answer to your question about virus scanning is that it's a waste of time. There is no "anti-virus" software that is in any way useful.

The answer to your question about virus scanning is that it's a waste of time.

It may be a waste of time. It may not if, for example, a known keylogger has been installed by someone with physical access, in which case that would be concrete information to tell you the machine has been compromised and needs to be wiped clean. That's not a very likely scenario, and neither are most other "for examples," but it does happen.

Clearing your browser's cookies and history would be absolutely worthless for this purpose. There is no malware whatsoever that would be affected in any way by those actions.

I'd repeat the things that have been said already. It's extremely unlikely that this is due to malware on your Mac. It's far more likely that there is a gang of credit card thieves operating in your area, pulling card numbers from multiple locations (using hacked POS terminals, skimmers, etc), or that you're using these cards with a site online that has been compromised.

If it were malware on your Mac, possibilities would include something new and not yet discovered by the security community and something malicious installed by someone with access to your Mac (either remote access or physical access). In all of these cases, the only way to ensure a clean system is to erase the hard drive and reinstall everything from scratch. I do not think this is likely to be necessary, but if this is what is required to give you peace of mind, then follow these instructions:

How to reinstall Mac OS X from scratch

(Fair disclosure: The Safe Mac is my site, and contains a Donate button, so I may receive compensation for providing links to The Safe Mac. Donations are not required.)

Thanks for the speedy response thomas_r. Re malware presumably all i'd need to have done though is inadvertently click on a dodgy link or download? For instance the other day I was looking for a font and tried a free font site first where you often click on the wrong "download" link as it's craftily placed above the real link and is in fact a download for something else entirely.... I can't remember whether I did in fact do this but it could be a possibility. I was just wondering too whether access to my Wifi network (at home) could lead to someone obtaining card details when I entered them into a retailers site?? I have a wifi password although admittedly it's pretty week and so I understand gaining access would be fairly easy. Obviously updating the password now just in case.

Credit card compromise is not exclusive to online purchases. Any time your credit card is out of your line of sight during local purchases, it is not impossible that an employee may subscribe to another compensation plan — skimming customer credit cards. This can occur months before the card is fraudulently used. There are bluetooth credit card skimmers that fit in the palm of your hand, and are readily concealable.

You're right VikingOSX but it's got to be a pretty big concerted effort when you have fraudulent activity across all four debit cards. It would mean there would have to be a considerable number of compromised ATMs and retailers in my local area for every single card to have been compromised as for instance one card is only ever used for building supplies and perhaps only at one store locally and one card is a business card and only ever used at the local Post Office. My current account card is though used frequently so I could understand that falling foul. Alternatively I guess it could just have been someone going through my wallet and copying all the cards..... so nothing to do with computers, malware or local retailers / bank machines.

Going back to the beginning though, just to confuse matters more, the initial poster rjpattison stated that he / she had only used the cards online and not on the same websites so either:

1. They were unlucky and two separate sites visited using the different cards, were dodgy.

2. Someone physically got hold of the card numbers (i.e. gained access to the cards).

3. Someone hacked their wifi network (if that's possible).

4. It was indeed malware, although that seems unlikely going on thomas_r's responses.

Good luck to anyone else who has their card details stolen!

woody_82 wrote:

Re malware presumably all i'd need to have done though is inadvertently click on a dodgy link or download?

Not quite. Clicking a link is not sufficient to infect you at this time. You would have to first download something from a dodgy site, then open the downloaded file. However, for all known malware, that would still fail - Mac OS X would prevent the malicious file from opening. It is not outside the realms of possibility that you have been infected by something that is brand new and never before seen by the security community. However, this is pretty unlikely. The last new Mac malware that appeared did so back in February.

I was just wondering too whether access to my Wifi network (at home) could lead to someone obtaining card details when I entered them into a retailers site??

This is also unlikely. An insecure wifi network can be dangerous, but any site dealing with credit card details will use encryption to protect the data. That would prevent a snoop on the same network from being able to intercept a credit card number directly. Of course, that might make it possible for someone to intercept other data, which could give them access to some of your online accounts. That could indirectly expose your cards... for example, if someone managed to hack your Apple ID, they could use it to make purchases without actually having access to the credit card on your Apple ID account.

Note that the only way an insecure network is a danger is if someone malicious is within range and can connect to that network. If you live in a rural area, or even a suburban area where the houses aren't too close, you probably don't have anyone within signal range, so a hacker on your wifi network would be an almost impossible scenario.

So malware seems highly unlikely and access to the wifi network unlikely too as all card details have been copied and used on multiple sites for online purchases (not via something like itunes as mentioned above) so I guess it can only be someone scanning card details at the point of sale / atm or physically gaining access to bank cards.

So the moral of the story is:

1. Don't let your cards go out of your site (I guess it makes much more sense for someone to copy your card details and use them later rather than stealing your card as you'll know to cancel it).

2. Try to avoid having your cards scanned at ATMs or by retailers..... which unfortunately is pretty much impossible to avoid 100%.

* Note though for 1. to work surely they still need to find out the address your card is registered to make a purchase online....

Regarding #2, you don't really have to avoid ATMs. Just try to use ATMs that are inside a bank, rather than outside where people can access them without causing someone to wonder what that guy is sticking on the ATM. If you have to use a drive-up ATM, examine it closely for anything suspicious. You can find more information about skimmers here:

http://krebsonsecurity.com/all-about-skimmers/

Also, note that the things you mention may have no effect. Keep in mind that the recent Target breach involved a hack of Target's internal systems, and thus was able to capture card numbers from all stores. There have been numerous other similar cases, such as Michael's, Sally Beauty and PF Chang. There have also been plenty of recent cases where someone will sneak a small device onto the wire from a POS (point-of-sale) device to capture credit card data.

It's becoming much more difficult to keep credit cards safe these days. I've had my own compromised several times in the last few years.