Credit card fraud leaves WNC instructor on the hook for thousands
WLOS Hendersonville —
Despite efforts to fight credit card fraud, including those new card chips, 15.4 million Americans were the victims of fraud last year.
It happened to a Henderson County finance instructor who was on the hook for thousands until News 13 got involved.
“So, by the November 15th pay day, not all of her total pay would be taxable,” said Paul Edwards as he spoke to his class at Blue Ridge Community College.
Edwards teaches students to be wary of financial dangers, but even he's not immune to having his credit compromised.
“It makes me feel like I've been taken advantage of,” Edwards said as he sat down with News 13.
His bind was $2,265 he claims in fraudulent charges made February 11, 12 and 13 of 2016. They were charges Paul didn't catch until recently, and despite trying to work with the credit company, a letter revealed he wouldn't be reimbursed.
“It says this is the final letter, we consider this matter closed. We will not respond to any additional inquires related to this issue,” Edwards said.
Paul's credit card's financial protections bureau claimed the card was present at the point of sale and the embedded chip and/or magnetic strip were read, making Paul liable.
“They say you used the card before these charges and you used the card after these charges. So, the card must have been in your possession,” Edwards said.
It was, but the charges were made through online companies, according John Bumgarner, with more than 18 years in special operations and cyber intelligence experience.
“There's no doubt that these charges are fraud,” Bumgarner said.
Edwards is unsure where he was compromised.
“I don't have any clue,” he said.
When he checked his statement, Bumgarner found the following.
“I found one website in the victim's history that has a questionable payment method that I was able to look at and figure out that it did not accept credit cards correctly, and it’s a possibility that that website that was used just a few days before these transactions," Bumgarner said.
In this case, two cards in Paul's possession were duplicated. His information, was read and re-loaded onto the magnetic strip on anything from a gift card to an old hotel key. With his information on those cards, the criminals had access to his accounts and to get around being detected when they swiped.
“Criminals have started using these credit cards near the geographical location of the victim,” Bumgarner explained.
The charges appear to be made in Charlotte, close enough to where Paul works in Henderson County and lives in Greenville, S.C.
There are plenty of retailers who don't require anything more than swiping your card, making it easy for criminals to make-off with your cash.
In Paul's case, the cyber trail runs through PayPal. When News 13 tried to locate the companies online, they don't exist. When Edwards asked PayPal to check the card number, they showed no record of charges to his card.
“So, it looks like the criminal element likely compromised a PayPal reader, which you can attach to a phone, and they modified that reader in some way," Bumgarner said. "It looks like they went through PayPal, but they didn't."
Instead, the criminals cashed out. While BB&T caught the fraud to his prepaid card at ABC stores and credited his account, Bumgarner says Citibank should have caught what he calls a suspicious pattern.
“On the second day, there were four transactions totaling $1,690, and three of those transactions were for the same organization,” he said.
News 13 reached out to Citibank about why the charges weren't caught, and what made them so insistent the charges weren't fraud when these businesses didn't appear to exist. They couldn't comment on a specific account and said the customer's issues had been resolved.
So, News 13 checked back with Paul Edwards.
“Then I got a phone call, and said they were going to refund the fraud,” Edwards said.
It's a different tone than the letter that seemed so final.
It's a lesson Edwards isn't taking lightly and one that has him warning others to be vigilant about checking your account.
“I want other people to be careful and watch their statements and not get into a situation like I did,” he said.
There are other things you can do to protect yourself, including setting up a text alert every time you make a purchase.
The Federal Trade Commission recommends the following:
“Incorporating a few practices into your daily routine can help keep your cards and account numbers safe. For example, keep a record of your account numbers, their expiration dates and the phone number to report fraud for each company in a secure place. Don’t lend your card to anyone — even your kids or roommates — and don’t leave your cards, receipts, or statements around your home or office. When you no longer need them, shred them before throwing them away.
Other fraud protection practices include:
- Don’t give your account number to anyone on the phone unless you’ve made the call to a company you know to be reputable. If you’ve never done business with them before, do an online search first for reviews or complaints.
- Carry your cards separately from your wallet. It can minimize your losses if someone steals your wallet or purse. And carry only the card you need for that outing.
- During a transaction, keep your eye on your card. Make sure you get it back before you walk away.
- Never sign a blank receipt. Draw a line through any blank spaces above the total.
- Save your receipts to compare with your statement.
- Open your bills promptly — or check them online often — and reconcile them with the purchases you’ve made.
- Report any questionable charges to the card issuer.
- Notify your card issuer if your address changes or if you will be traveling.
- Don’t write your account number on the outside of an envelope.
In Paul Edwards case, he’d reached out to the South Carolina Department of Consumer Affairs and the Consumer Financial Protection Bureau who both reached out to the company on his behalf, but they can only act as an arbitrator. North Carolina’s Attorney General also has a Consumer Protection Division. According to the FTC:
“The two most popular types of dispute resolution are mediation and arbitration. In mediation, a neutral third party — a mediator — helps you and the other party try to resolve the problem through facilitated dialogue. However, it's up to you and the other party to reach an agreement.
Arbitration is less formal than court, though you and the other party may appear at hearings, present evidence, or call and question each other's witnesses. Unlike mediation, an arbitrator or panel makes a decision or award once you've presented your case. The decision may be legally binding.”
News 13 also spoke with the Secret Service in Charlotte, here's some of what they warn consumers about.
They told News 13 they're finding more skimming of credit cards in the Western North Carolina area. It's difficult, according to them, to track the numbers since these crimes aren't just reported to one law enforcement agency. They've seen criminals be so bold as to create their own fraudulent security tape that they can use to secure gas pumps once putting a skimming device inside, one you'll never see and the station may not realize is there. They can then use Bluetooth to ride by and download your information to their phone and sell your credit card information on the dark web. The Secret Service told News 13 criminals get their own key to unlock pumps and install the devices. They also target stand alone ATM, which is why they recommend only using your bank card at an ATM inside a financial institution.
If you've got a tip for the I-team email us at Iteam@wlos.com.