UPDATED:Credit card fraud – N3 Toll Plazas are a new hot spot: beware

 Have just gotten off the phone with the Discovery Card call centre. For the second time in the past year, a syndicate stole my credit card number and has started plundering the account.

After the last time, you'd forgive me for thinking that was the end of it. The new card has a chip and before it can be used to buy anything, merchants ask for a PIN number. But that only seems to be necessary if you're doing it in person.

This morning, Comair – owners of kulula.com – processed a R1 359 transaction on my account. Fortunately, Discovery sent an SMS notifying me of the transaction which, this time, I accessed immediately. There was also another SMS from the card company, sent yesterday, which stated there's been a deduction for R1176.85 from LL Bean Catalogue, a reputable online clothing store.

My fervent hope is that Comair and LL Bean pull their fingers out and help to track down the miscreants. Airline tickets are booked for a physical person. Clothing is sent to a physical address. That establishes a trail, surely, that can be followed. At the very least investigated. And someone nailed.

Sadly, it's more likely that doing so will too much "hassle" for the companies concerned. And that they've never heard of, nor care about the Broken Windows Theory. So we'll just keep on Drifting, the subject of my recent Rational Alternative column.  I'll send both companies a link to this piece. And hope to be pleasantly surprised.

Failing that, the good news is that I know where the card was "skimmed".

During our time as owners of the Rosebank Health Shop, one of the employees got caught up in a crime syndicate who gave her a "skimming" machine. It's a piece of equipment small enough to conceal under the till. When a customer hands over their credit card, a simple swipe through the skimming machine captures mag tape details for the syndicate which uses it to buy online or create duplicate credit cards. 

Given the way I've used this card over the past couple weeks, there is absolutely no doubt my card was skimmed by one of the N3 Toll Plaza operators. And it was done on Sunday afternoon between Mooi River and Johannesburg, as we returned from a weekend in the KZN Midlands. Once again, I will be sending a link for this story to the N3 Toll Plaza company. This time I'm more hopeful of a positive response. If skimming is to become a part-time earner for their operators, it would have a terrible impact on the company's reputation. There could only be, at most, 30 people manning the Mooi River to Jhb toll booths during this period. So tracking down the criminal won't be terribly difficult.

After the recent media coverage about malwear hitting fast food outlets, it's easy to believe credit card fraud is out of control. It isn't. But it remains an attractive way for syndicates to tap into the savings of the honest majority. The problem is many companies (like the one in the story below) take little interest. Fraud is written off to an expense account. Responsibility is abdicated to the banks. And these institutions are flooded with so many inquiries that they can only investigate some. 

If there were ever an instance where collaborative action were demanded, this is it. So I'll send those emails. And hope to be proven wrong.  – AH

A forex trader zapped R14k from my Visa Card – but how did he do it?

My suspicious side suggests I've uncovered serious white-collar fraud. The left-brain, though, is holding off jumping to conclusions. Either way, a fascinating story is emerging in the wake of $1 500 being fraudulently docked from my credit card last weekend.

It started on Friday night. We were enjoying a family dinner when my cell phone buzzed, signaling the arrival of an SMS. Something made me take a quick look. It was a note from Discovery card that R14 347.09 had been "reserved for purchase" by Gain Capital Meta.

As I've been making online bookings ahead of our trip to the Berkshire Hathaway AGM in Omaha, reality began to register. Soon the mind had drifted from the chatter. Gain Capital who? Fourteen grand?

I'd been defrauded. Become a statistic in the global credit card scam.

It took an hour on my mobile before rejoining the family. Reporting a credit card fraud is cumbersome. Find the right number to contact. Then tolerate the elevator music and pass "security questions". Plus the long wait as you struggle to beat a dodgy cell phone signal, being transferred to more muzak, then swallow your impatience with a tired fraud clerk and his even more fatigued computer system (it was Friday …)

To Discovery's credit, voices on the other side of the line were helpful. And full marks to the replacement process. It only took four days to get the new card into my hands. But these things are rarely smooth. The new PIN didn't work the first time I used the card. I also had to transfer R14k to keep the card account current while bankers investigated. And it took time to work through which hotels and airlines (it's a long way to Omaha) had been paid and change the info for those about to do so.

But all of that happens to thousands of people every day. It was only after digging deeper that story stared getting interesting.

At the risk of throwing good time after wasted, I took a closer look at the beneficiary of my fraudster's action. Google's results were unexpected. Gain Capital, it turns out, is a New York Stock Exchange listed company. Its website boasts of a business with 300 000 customers, founded in 1999 and employing over 400. Gain Capital also has nine global offices, including the London branch where my fraudster got busy.

I'm no fan of the company's business model. Gain Capital makes money out of telling guys like you and me – the "retail" market – that we can beat the system playing complex and highly volatile foreign exchange markets. Its business model is to convince enthusiastic amateurs with little market insight that they can make money off the insiders with million dollar pay packets and massive balance sheets. Forex trading is a zero sum game. For every winner there's a loser. It's not hard to work out who usually ends up with the cash.

My suspicious mind really kicked in after discovering the vested interest Gain Capital now to drive up it short-term profits. Because right now Gain is the subject of a takeover bid from another NYSE-listed forex trading business, FXCM. In takeovers, each extra dollar of profit can be multiplied many times through the eventual purchase price. So even the suggestion that that it might be artificially stimulating profit should get red phones ringing at Gain's PR consultancy Edelman's. In the online business, credibility rises and falls on the way it handles its financial transactions.

Given these circumstances, the last thing I expected was being kicked into touch. I emailed the Gain Investor Relations department disclosing my interest and asking how it was possible for the company to accept funds from a credit card that isn't theirs. When I use my card online, Visa insists on first SMSing me a security clearance code, even for small amounts. Yet here was $1 500 credited to a trader's account when the "house" had no idea whether the currency being offered (my credit card) was valid. Strikes me that it's like a the casino cashing a gambler's cheque at the blackjack table.

Given the circumstances, surely Gain would be concerned about this obvious dysfunction in its core financial systems? If not, who blames one for jumping to the conclusion that this is a conspiracy where fraud was condoned or at the least, given a blind eye? Because the primary purpose for now is boosting numbers ahead of the takeover?

Judging by the response I received, Gain either has terribly naïve Investor Relations executives (unlikely) or a team instructed to boot queries like mine into touch. Or, worse, to "client services " (erm, since when was I a client?) who are "reaching out" by telling me to spend 99c a minute to "provide some more information." More information? Given the experience, doing so would be standing next to the ATM in a dodgy area and shouting out my PIN. Rather dangerous.