CreditCards.com

Protecting yourself

Identity theft on the Oregon Trail

Tyler Metzger

For the first time ever, my identity was stolen. And all I was doing was shopping with a small dog. Well, more accurately, shopping on a Web site named after a small dog.

They tricked to get 'ol Tyler Metzger; it didn't work.

It was Jan. 8, 2010, and my MacBook Pro was hurting. The laptop, or as I named her “MacieMcGees,” was struggling to open even the smallest of programs. So I traveled over to the Small Dog Electronics Web site off a recommendation from a friend. I found what I needed — 2 gigabytes of RAM — and made the $51.49 purchase with my debit card.

I got the memory within a week, and MacieMcGees was happily running the classic game “Oregon Trail” at full speed.

I was so thrilled with my newfound computer speed that I didn’t check my bank account for about a week and a half. But when I was finally pried away from directing my wagon from Independence, Missouri, to Oregon’s Willamette Valley, I noticed something strange had happened to my account. For some reason, I was $200 short.

Upon closer inspection, I saw that $200.99 was deducted from someplace called Xoom Corporation. I sat for several minutes thinking if I had spent two bills on something fast, misspelled and corporate, but nothing came to mind. So I Googled them and got in touch with a customer service representative.

The rep told me Xoom Corporation is a money transfer service, much like Western Union — which has had its own fair share of payment card fraud. The company allows you to send money worldwide on any Internet-enabled computer to more than 46 countries using PayPal, credit cards or a regular old bank account.

Anyway, I told them the situation and they transferred me to their fraud department. A fellow there told me $200.99 had been deducted from my account and sent to the Philippines. If I wanted the money back, I had to fill out some forms and wait to hear back and blah bla bla.

The Philippines, huh? I found that odd until I checked out Xoom’s homepage. The lead banner at that time on the top of the site promoted sending money to that country, and guess what the default amount to send is? $200. Great.

After that wonderful piece of news, I called my bank of choice, Bank of America, and told them the same story. They “advised me” that I cancel my card and get a new one in case the thief decided to use my information again. Yep, went ahead and did that. And on Jan. 20, 2010, I got my $200 back.

Why this little punk thief didn’t steal more from me is a mystery. He could have got away with every penny in my checking and savings account, which could have bought him a few sodas, some used DVDs and some Taco Cabana. So why didn’t he or she rob me blind?

My guess is this schmuck thought I wouldn’t notice a mere $200 missing. This is somewhat true; I always quickly scan my online statements, only worrying if I have enough to pay bills and such. But that day was different for some reason. I read over the last couple of week’s purchases with careful purpose, and when my eyes read XOOM, a little question mark bubble appeared above my head.

Also, I didn’t have a reason to suspect I would be a victim of identity theft. I’m no sucker. Ya, sure, 9.9 million people were victims of identity theft in 2008, according to a 2009 report by Javelin Strategy and Research. But I was straight ballin’ in 2008. No identity theft for me. Yep, I watch where I spend my money online, I check for skimmers when I use an ATM and plus, I WORK AT CREDITCARDS.COM son! No one can fool me.

My unnecessary high confidence remains to this day. Why? Because nine days after I got my cash back from Xoom Corporation, I got an e-mail from Small Dog Electronics stating that their database had been breached. See! It wasn’t my fault. Go me!

Here’s what the company said:

NOTICE OF POTENTIAL CREDIT CARD INFORMATION BREACH


Dear Tyler Metzger,


Thank you for your recent order to Small Dog Electronics. We greatly appreciate your business and hope that you will come back again. Small Dog Electronics strives to protect your privacy in placing orders at our web site.


I am very sorry to report that we have had a security breach in our database during the period of time that your order was placed. As a result, it is possible that your credit card information has fallen into the hands of those making this unauthorized intrusion into our order system.


The security breach has been corrected and our database is now fully secure.


Please examine your credit card statement as soon as possible and contact your credit card’s issuing bank to dispute any unauthorized charges and have your credit card replaced.


Monitoring of your credit report can be obtained at http://www.privacyguard.com. Note, you can also check your credit report at the official site required by The Fair Credit Reporting Act: https://www.annualcreditreport.com.


Please accept our most sincere apologies. We take your privacy and your trust very seriously. We are committed to making customers for life and while I do not like to have to inform you of this temporary security breach, we know that it is the right thing to do.


Sincerely,


Don Mayer
CEO

I thought it very noble of Small Dog Electronics to suck it up and admit fault, even though it was after the fact. You know, they could have not said anything and I would never have known how my debit card information was stolen.

I’m not entirely sure if I’ll use their Web site again, though. I know it was most likely out of their control; there are a lot of chumps out there looking to steal your money, and I think Small Dog was just a victim. That said, fool me once … shame on you … you fool me, you can’t get fooled again.

What’s a consumer to do, then? If you can’t trust your favorite electronics Web site, who can you trust? Well, the short is answer is I don’t know, but if you follow the following steps, which follow this sentence in following order, you’ll be on the right track to staying identify-theft free:

  1. Prevention: Shred your paper statements, old cards, convenience checks and any other confidential information. The first defense against identity theft is you, so be sure to keep track of anything you wouldn’t want getting in the hands of strangers.
  2. Don’t get phished: A common way people become victims of identity theft is by falling for fake solicitations for sensitive information. This is called phishing. These scams commonly take the form of fake e-mails, phone calls or pop-up ads that ask you for precious details, such as your Social Security or your bank account number. The best way to avoid getting phished is to never give out any information unless you have initiated the conversation.
  3. Web security: Before entering any personal data, check the URL of the site you are visiting. If it doesn’t read “https” at the beginning of the address, it’s not a secure Web site. You should also see a little padlock somewhere in your browser that tells you if it’s a secure connection. Secure Web sites encrypt your session with a digital certificate, making it safe to enter your down low info.

Obviously, even if you do follow all these steps, your bank account can still be hacked and $200 of your hard-earned cash can still be stolen and sent to the Philippines. So your best bet, as I have learned, is to keep a close eye on your account. Check your bank account daily to ensure nothing is going on before it’s too late.

And with a little luck, I might see you on the Oregon Trail someday. Good luck cardholders!

See related: 10 ways to protect yourself from data breaches, Williams George: I owes yous serious monies, Master Ginger Peter: I need your debit card, How to check for, fix ID theft or fraud

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, we ask that you do not disclose confidential or personal information such as your bank account numbers, social security numbers, etc. Keep in mind that anything you post may be disclosed, published, transmitted or reused.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.

  • Peter

    I bought a MacBook Air at Smalldog Electronics and two days ago I was surprised by my bank statement that I had spend $950 (!) in a store in California. The same day I used the Visa card in my home town in New England. But the bank did not do anything. Now I have to wait until all the payments will be coming through until I can file a claim to Visa…
    I received the same email and I was really surprised and kind of angry that Small Dog did not do anything for their customers. At least I was hoping for some kind of compensation for the loss. But nothing only this useless email. I think I am not going to use their website again. Thank you Small Dog for this great shopping experience!

  • Most of us may think that fraudsters can access our information through our medical or credit card billings but what we do not readily accept is that even social networking sites such as facebook and twitter can be used to trick people into giving their private information. It is not like paper receipts or documents that we can have shredded so that no one else can use them. What we upload on the Internet stays there even if we assume that we have deleted them. So let us be more careful. This investigation reminds us that we have to be more vigilant in making use of our credit cards and other kinds of cards for we do not know if there are ‘skimmers’ installed on the swiping machines. I do hope that more people will become of this modus operandi so that the number of fraud victims will lessen.