<p>So I spoke too soon about looking forward to use Capital One overseas since there is no foreign exchange charge.</p>
<p>Yesterday I booked a Vatican Tour online. Make sure it’s a secured website htpps, got an instant confirmation from both the tour company and Capital One that everything is kosher. 3 hours later, Capital One sent another email that there is a charge on a Chile(!) airline for around $120 and they suspect fraudulent. Called my husband, the only other authorized user, to ask if he’s pulling a Mark Sanford on me and wonder how far he can go with his caliente GF for only $120! Not him so he said. Capital One stops the charge, closes down my account and will send me a new CC. Well, this does not help since we’re leaving for Europe soon! Sigh, back to paying 3% charge using the other cards…</p>
<p>Since this card so far has only been used a few times and exclusively for international purchases (both online and in person), I have to wonder: </p>
<p>Was the tour website hacked? I sent them an email to warn them and also made sure that their legit charge went through.</p>
<p>Was Capital One hacked? I woke up to news that Citigroup had a serious security breach.</p>
<p>I am glad I turned on the alert feature offered by all the credit cards and banks that we do business with. Have them sent you either an email or text to your phone!</p>
<p>What a shame, ccreader! I was worried about the Citigroup hack because we have accounts there, with bank cards. The news story I read implied that the problem was with bank cards, not credit cards.</p>
<p>What is the alert feature? Do they send a message each time a charge is made?</p>
<p>The merchant is often the weak link in credit card security.</p>
<p>When are you leaving - Capital One should be able to overnight mail your new card to you - call and ask them.</p>
<p>NYMomof2 - if you manage the account online, there is usually an alert feature buried somewhere in there. You can pick and choose all kinds of alert: transactions, balances, near your limit, etc. Every bank/credit card is different on how closely they let you monitor your account. I have mine sent for every transaction charged, but only over certain $ on the most frequently used card, otherwise I will be bombarded by emails. YMMV.</p>
<p>MomCat2 - they are expediting the process but it still takes 2 business days. We leave before then unfortunately. I thought about having my housesitter fedex it, but the cost is exorbitant and based on the hassle I dealt with Capital One in Canada the last time where I was not verifying my charges FROM my home number (long story), I’ll just eat the foreign charge. Here’s hoping not encountering problems with the other CCs. I am running out of cards to use!</p>
<p>Maybe if you called and spoke with a supervisor they could send the card to your first overseas hotel – they know that you are going to be abroad (and not trying to do anything fraudulent by having the card sent to an address different from your home address) since you charged the Vatican tour through them.</p>
<p>MomCat2 - you should have been me yesterday! I was so flustered since this is the first time it happened to me. That was a good idea - unfortunately, for security reason, Capital One will not send it outside the country. Oh well, it was worth a try.</p>
<p>Did you try asking a high-authority supervisor-type person? I know they don’t like sending new cards to anywhere but your home address, but in your situation they have proof that you’re going to be out of the country, so your request is legit.</p>
<p>It’s terrible that the timing on this couldn’t have been much worse. It’s also a good lesson as to why everyone should have more than one credit card.</p>
<p>Oh, well, in terms of getting stuck with the 3% foreign transaction fees (which are total BS, in this day and age), look at it this way: back when dinosaurs roamed the earth (and I went to Europe with a friend), first you got travelers’ checks, and were hit with a 3-5% surcharge. Then when you got over there, you had to change money at one of those exchange booths or a bank when you got to a new country (before the Euro, you had to do this in each country you traveled to). The exchange booths gave you a crappy exchange rate; the banks were a bit better but I’m sure that even there you were losing a few percent. At least when using a credit card you get a very good exchange rate to begin with, before they suck out the extra 3%. You’re still coming out ahead, compared to the scenario 30 years ago!</p>
<p>Have a great trip - I’m SOOOOO jealous. With 2 in college, it will be a LOOOOONNNGGG time before I make it to Europe again! :-(</p>
<p>
I doubt it was a problem with Capital One and you probably would have had the issue regardless of the CC used. </p>
<p>The fact that the website was using HTTPS only means the transmission of data from your PC to their website was encrypted and therefore couldn’t be easily snooped on which would actually be pretty unlikely anyway. If things are setup right and if you pay attention to it in your browser, there should have been an indication as to whether or not the HTTPS site was secured via a ‘Certificate Authority’ like Verisign. This is an independent company who makes sure that the HTTPS connection is going to the actual company purporting to be the company - i.e. that if you’re going to Acme corp you’re not really ending up at Hacker corp. However, even though the browser will usually give a warning if the destination doesn’t pass this check some people will ignore it and continue on.</p>
<p>However, even if there was no Capital One problem (and there likely wasn’t), the session was encrypted via HTTPS, and the company you connected to legit, you have no idea what happens after your info gets to the company. It could be held on a desktop in an unsecured file. It’s even possible that someone on the other end wrote down all your info on a pad of paper and left it sitting on a desk and some employee copied the info. This means that beyond making sure of all these other points one needs to try to make sure the company they’re dealing with isn’t just legit but also needs to have adequate security precautions in place. This isn’t so easy to determine but generally smaller companies have fewer security precautions in place and some have none at all in place.</p>
<p>It sounds like the Capital One worked well for you because the fraud alert worked as it should.</p>
<p>MomCat2 - thanks for putting things in perspective. I remembered the days before children when we backpacked through Asia and had to bring all cash, stuffed in our money belt, comparing rates among the exchanges. What pain! Of course, the guest houses were only $5/day and I may be more accustomed to nice bedding since those days. From what I understood, the 3% was always there, just factored into the lower exchange rate. The new consumer protection law forces the CC company to break out the fees and inform their customers. We just did not know any better.</p>
<p>UCSD_dad - Thanks for the detailed explanation. I also had an inkling that the website was compromised and that’s why I notified the tour company. I don’t remember any warning from the browser and I am usually pretty careful about those things. Do a little Google research and found out that the online fraud involving overseas airlines is a big problem worldwide since those small airlines manually review their bookings and by the time the fraud was reported, the flights have already been used. </p>
<p>That does not explain how my CC# was stolen but at least Capital One caught it fast. I wonder what triggered the warning since just 3 hours before, the legit transaction from Rome was OK’d. I tried to buy only from well known online vendors instead of trying to save a few bucks, but sometimes we have no choice but have to deal with smaller hotels and vendors. So much of our purchasing power is online now that it’s only a matter of time that we will get caught in some fraud ring.</p>
<p>MomCat2 - thanks for putting things in perspective. I remembered the days before children when we backpacked through Asia and had to bring all cash, stuffed in our money belt, comparing rates among the exchanges. What pain! Of course, the guest houses were only $5/day and I may be more accustomed to nice bedding since those days. From what I understood, the 3% was always there, just factored into the lower exchange rate. The new consumer protection law forces the CC company to break out the fees and inform their customers. We just did not know any better.</p>
<p>UCSD_dad - Thanks for the detailed explanation. I also had an inkling that the website was compromised and that’s why I notified the tour company. I don’t remember any warning from the browser and I am usually pretty careful about those things. Do a little Google research and found out that the online fraud involving overseas airlines is a big problem worldwide since those small airlines manually review their bookings and by the time the fraud was reported, the flights have already been used. </p>
<p>That does not explain how my CC# was stolen but at least Capital One caught it fast. I wonder what triggered the warning since just 3 hours before, the legit transaction from Rome was OK’d. I tried to buy only from well known online vendors instead of trying to save a few bucks, but sometimes we have no choice but have to deal with smaller hotels and vendors. So much of our purchasing power is online now that it’s only a matter of time that we will get caught in some fraud ring.</p>
<p>You can do this if you’re interested in checking on it further or for future use - </p>
<p>Point your browser back to that website with an HTTPS connection. You can then read the info about whether the site is registered with a certificate authority or not - i.e. that it’s really the company you intend to deal with and that they’ve bothered to register with a certificate authority (which costs them a fee). How you check varies with the browser. With Google Chrome you right click on the little lock symbol in the URL. Withe Internet Explorer you left click on the little lock symbol. On Firefox you left click on the little icon up in the URL address area. </p>
<p>Again, even if everything’s on the up and up it takes only one person at the company to do something careless to compromise the CC information. The same thing happens at stores and restaurants. think about it - at the restaurant you’re often handing your CC to a min wage person who heads off ‘into the back’ or someplace with it. They could easily write down the number, name, and security code, and then use that info to buy things online.</p>
<p>But anyway - I hope you have fun on your trip to Europe and can forget about this quickly (except for the precautions).</p>
<p>It’s interesting to see how companies deal with credit card information. My company is very particular about it - if a customer gives you a CC over the phone you are not allowed to write it on paper, in notepad, anywhere except into the computer where it goes and is instantly encrypted the moment you submit it. We aren’t even allowed to read the number back to you because they don’t want anyone else overhearing your numbers b/c there are always cleaning people, maintenance people, etc around the building. If you’re paying us for like three different things you have to give us your number three separate times because we’re not allowed to copy and paste it between things.</p>
<p>ccreader - have you scanned your computer to make sure you don’t have a keystroke logger or trojan installed?</p>
<p>Thought I will just wrap up this thread with some more info:</p>
<p>Capital One sent us a new card in the mail while we were gone so we were unable to use it during our vacation. When we got back, checked our account, lo and behold there was that charge posted again a week after we disputed it. Back and forth with Capital One, they reversed the charge and had us filled out their fraud report. The irony of the situation is that when we first got the card and traveled to Canada, they kept rejecting OUR charges, the legitimate card owners even though we have notified them of our travelling plan. But unauthorized user, no problem…</p>
<p>I am putting the card away for now and changed all our online passwords, just in case. Our computer is pretty well protected, my H is an IT professional and pretty fluent in computer security. We only do financial transactions on the one hard wired desktop at home, not even over our secured wireless network. But we will always play catch-up with the crooks, no matter how careful we are. I also suspect the fraud transaction is carried out at the vendors end since we had to hand out our CC# to make reservations at various small hotels.</p>
<p>On a happier note, the trip was wonderful. One last hurrah before the tuition bills come.</p>