I probably made some random person mad today...Follow

True. It was more intended for debit cards.

They gather that information in one place, then they sell/provide that information to vendors. This opens up the circle of people who have access to that information *and* creates a single convenient location where your credit card number, address, phone number, email, and even possibly your social security number are all held together. This creates a target for identity thieves who otherwise would have had to break into multiple information sources to gain that much information about you.


Why do you suppose identity theft became such a big deal right about the same time that vendors started collecting that data? The idea that your identity can be stolen because someone hacks into some podunk chain store that you've never even done business with because they purchased your information from another party who gathered it from various credit agencies and vendors is scary at the least. Everything you do to minimize the amount of information you put out there minimizes the likelihood that your data will be included on one of those lists that gets passed around and thus minimizes the likelihood that it'll be stolen by an identity thief.

They don't hack the local gas station though. They don't have to, since you used the credit card to buy your stuff, right? The credit card company then sells that information, usually to a middle man organization, which collects information from a number of sources. Then, they sell the combined information they've collected to advertisers and retailers (usually just broader market trends though) in the areas you live, or at the stores you frequent.


It's those information gathering services which you've likely never heard of that are a risk exactly because the fact that they gather everything they can about everyone they can means that it's a high value target for all sorts of identity theft. Anything you can do to minimize your odds of ending out on their systems is a good thing to do. The kinds of people they are most likely to focus on, and share/sell that information about are those (like you) who think there's no harm in your CC company knowing what flavor of gum you like, or that you fill up your tank on fridays at the same location, or that you eat Italian more often than Indian.




Why? What part of my positions on individual liberty combined with individual responsibility would make you think I would not be cautious about handing out information about myself to someone who might use it in ways I don't want? You make the mistake of assuming that one is either pro-business or anti-business. It's not about that. It's about freedom to make your own choices.


I make the choice not to hand out personal information to anyone who asks. That's all it's about.

You said it was the most likely possibility. I'm not arguing that it's not possible, just that it's strange to assume that it must have been a stolen card, or even that it was likely to be a stolen card. Heck. I'm still not sure how whether it was a stolen card has any affect on anything anyway.

I just saw a statement that I saw as being in complete opposition to what I think is "most likely" to have happened, and wanted to know why you'd think that.



If you're going to buy something else inside. The pump doesn't vend energy drinks, or chips, or cans of Arizona Tea, or whatever else you might want to go inside the store to buy. And if you're already going inside the store to buy stuff, and you're going to buy gas, doesn't it make sense to pay for your items, and then charge the gas at your pump to your card all at one time?

All it takes is someone getting distracted after that point to forget that he paid for gas to create the situation the OP encountered. Maybe something happens after he pays. Perhaps someone nearly runs over him as he's walking back to his car and he gets into a fist fight? Perhaps he's got his kids with him and one of them has an accident and needs to be taken care of. Maybe his boss calls him on the phone and tells him that if the Floogleheim report isn't on his desk in 1 hour to not bother coming back to work... ever. Maybe his wife calls him in a panic saying that someone just broke into the house? Maybe the hospital called him to inform him that his wife just got into an accident?

I could literally sit here and list off thousands of different things which might cause someone to forget that they put money on the pump and drive away. Like I said before, this happens all the time.


And, as you say. Most of the time, if all someone's doing is buying gas, they swipe right at the pump and put the gas in the car right then. But what happens to someone who's used to doing that every time, and for some reason this time needs to go into the store? That person might be in the habit of getting the gas right there and isn't in the habit of walking out of the store and then pumping gas. He might easily forget to do this. Doubly so if something distracts him between the time he pays and the time he actually gets to his car.


I can even see a case for someone who swipes his card at the pump as usual, but before actually starting to pump gas realizes he needs to go inside the store for something, goes inside and gets what he needs, thinking "I'll just pump the gas when I get back to the car", but then by the time he stands in line and gets what he went in for, he forgets that he already swiped his card at the pump and drives off?

Or... He activates the pump with his credit card, intending to have the gas pump while in the store, but doesn't squeeze the handle properly or something, or forgets to pick a gas type, and ends out with the nozzle sticking out of his car, but not pumping any gas. He gets what he needs out of the store, puts it in the car, takes the nozzle out of the gas tank, puts it on the pump without looking and realizing that it didn't pump any gas, and then drives off.


Like I said, there's like no limit to the possible things that might cause this to happen accidentally. I just think that in comparison to the incredibly small chance that someone with a stolen credit card has decided to test it on a pump by activating it, but then decides to not actually pump any of the free gas he has access to into his car, it's far far far far far more likely to be one of the more mundane and normal every day things.

Edited, Aug 19th 2011 8:08pm by gbaji

They do though. In the past 5 years I've had two potentially compromised debit card numbers, all caused by the companies using my card number, and not the company (VISA) issuing me the card.

About 3-4 years ago the local chain of gas stations had their database compromised and every bank/credit union in the area issued its customers new debit/credit cards because it was discovered that the main HQ for the company was storing the number information in a relatively insecure way.

Then just recently with the Playstation Network scare, I got a new card issued by my bank just in case (When the first bits of info about the hacking came out, before they said no card info was taken).

So far in the 16 years I've been a member at my credit union, 11 of which I've had my checking account with an attached VISA Debit Card, they have never caused a security issue with my information. I'd imagine that the real danger of potential stolen information is with the small people using your information with your permission, not the big guy in the end storing it.

That's not identity theft though. That's just stealing a bunch of CC numbers so they can buy a bunch of stuff. I'm talking about the guys who actually steal your ID and do things like sign up for loans, and take out new credit cards, and buy houses, and cars, using your identity and pretending to be you, so that when the unpaid bills eventually track back to you, you end out stuck with the bill (and/or having to spend a ton of time getting them cleared).

Just having a credit card number stolen is minor in comparison to the damage that can be done if someone gets a hold of sufficient amounts of information about you to do things like that. And they aren't going to get that by hacking the POS systems. Those only hold the information on the cards they used. You can get a name, card number, expiration date, and that's about it. That's enough to make duplicate fake cards and make some bogus charges, but they can't get more than that.

The vendor you swipe your card at doesn't know your address, or phone number, or social security number, or any other information needed to do real identity theft.



Yup. Again, not what I was talking about.



This is a bit closer actually. Since you have an actual account with that network, they likely to have your name, address, credit card number(s), paypal, bank routing, and/or whatever else you gave them when you signed up. Probably still not enough for full ID theft, but enough to get something potentially from you.




Again, that depends what you're worried about. While there's certainly a concern about using a credit/debit card and having the POS guy steal the number and rack up some bills on it, that really is small potatoes compared to what happens when people get their hands on more complete information about you. And much of that comes from a volume of handing out information to a number of different places. You sign up for a rewards program, and apply for some credit cards, maybe mistakenly fill out an application for one of those debt mitigation thingies, who knows. The point is that much of that information is available for purchase. All it takes is a guy with a black hat to get the one piece of information you normally don't regularly hand out (social security is the biggie), and they can tie all that other stuff together.


And unfortunately, most of that "other stuff" is readily available for purchase. Or is available to multiple vendors where someone with said black hat might pay someone to get it for them. Most ID theft is a combination of social and engineering factors. And it's greatly facilitated by the number of places that gather together significant amounts of data about each person/customer they interact with. Probably far more than you think they should care about in fact.

If you avoid using cards to make those regular purchases you are less likely to end out in those databases. They are most valuable when they have more data in them. So the people who constantly use their credit cards to buy lots of sundries are likely to end out in many times more databases than someone who doesn't. And that means more collated data on that "account", meaning your data is more valuable to a third party to buy/sell (and steal). Minimizing the amount of such traceable activity really is the best way to minimize your odds of any form of ID theft at all.


And lets be honest. If you use your credit card everywhere you randomly wander in to buy something, you also increase the odds that someone will just hijack that credit card number, right? If I only use mine to make largish purchases like furniture, appliances, and electronics, and you use yours for those things plus every time you buy a coffee, or a snickers bar, who do you think is running the greater odds of getting ripped off? I'll give you a hint: It's not me.

...Oi.

I have heard card disputes where the gas charges could not have been made by the same person filling up at each gas station along the way. In those cases, the gas stations are too far away from each other for someone to have stopped at a gas station to fill up for how much was charged (unless you can fill an empty tank to full in 1 minute), and then drive to the next station to fill up for just as much in the time allotted, but they are barely close enough to be reached if you were simply driving the whole way through. The ones where this is very obvious are when the card is physically stolen and the charges show up very shortly after that.

However, you clearly do not feel that my experience is significant enough compared to yours gbaji, or you would not be constantly trying to change my opinion. You don't think the card being stolen is likely and I do. That's the bottom line. So let's just leave it at that at this point.