I received an email from Discover Card’s Fraud Prevention Team asking me to call them ASAP regarding some suspicious or unusual activity on my account. I immediately thought, “I know what this is,” and understandably, it DOES look suspicious. I had placed three custom orders online for gifts through a friend-of-a-friend business I’d never dealt with before, and the friend-of-a-friend’s website’s credit card payment function wasn’t working properly. I’d run my card through maybe 3-4 times, only to have it kicked back saying I didn’t provide all the information necessary, so I’d re-entered it repeatedly until I finally gave up and paid as a “guest” through PayPal instead. I never make payments through PayPal.

I called Discover Card this morning as requested so I could verify the unusual activity and get my card un-frozen. After identifying me as the legitimate owner of the card, the Discover Card security person asked, “Did you make a purchase on 9/22 at Keurig?”
That caught me by surprise. “I don’t think so,” I said unsurely, my mind racing through what that may have been. “Keurig? Was it online? What day is that?”
“That was Saturday, and it was an internet purchase.”
Mr. W, who was sitting next to me driving, piped in, “Was that a coffee maker? Was it pods? Maybe I accidentally bought some pods under your Amazon account, but I THINK I’d used my account…”
The security person continued, “What about a purchase at Rhapsody?”
“I KNOW I didn’t make that purchase, I don’t know anything about them, and I’ve never done business with them. I’m not even sure what they are, are they a music company?”
“Yes, they’re kind of like iTunes.” (So Apple is now the standard with which other companies are compared? But it works, I understood the reference. =P)
“Definitely not an authorized purchase,” I said, understanding now that the security of my card has indeed been compromised.
She went on to verify a few other purchases not made in person that were legitimate, the PayPal payments, medication for Dodo, then advised me that they were going to close the account and mail me a new card, and that I would not be responsible for the Keurig purchase, which had been made after the account was already frozen so it did not go through, and I would be refunded the one cent that Rhapsody charged.

Mr. W’s theory is that the friend-of-a-friend’s website’s credit card payment function was hacked, and that’s why the direct credit card payments would not go through. Each time I entered my credit card info, it went somewhere else, and the people at Somewhere Else used my card info to sign up for automatic payments on Rhapsody for music downloads (hence the $0.01 “test” charge from Rhapsody before they started auto-billing the card), which froze the account possibly because the IP address from the purchase was out-of-state when I’m still making other purchases on the card close in time from California, so it raised a red flag. Then when they tried to buy something from Keurig next, the card was already frozen so it did not authorize the out-of-state IP purchase. He figures mom-and-pop type online businesses don’t have the best security for their websites, because they may not know how to get it, and because it would cost more. That’s why payments through a secondary specialized, secured company like PayPal makes sense, he said. I guess that’s why small private sellers on companies like eBay use PayPal when dealing directly with a consumer.

Well, no harm done, except for the small nuisance of making one phone call and having to re-enter a new card for anything I have currently set up for auto-billing to Discover. Good catch, Discover! And I’m not sure if this could somehow be a lesson to anyone out there, cuz I’m not sure what the lesson would be. Use Discover Card? Use PayPal? Only order from big corporations who could afford a secured connection when you make credit card payments unless you use something like PayPal for the transaction?

And now I shall go email the very talented owner of the website I suspect has been hacked. I know it’s not HER because we’ve been communicating often and reliably via email regarding my customized purchases, and she’s put in a lot of work on them and I’ve already received the products. It sucks that small businesses like hers are targeted for internet fraud.