March 27, 2009

False Alarm on Credit Fraud Solved by My E-mail Hoarding

This evening, my wife handed me the phone, saying "It's Chase bank. They say there is suspicious activity on your account and to call them." Having never run into issues with fraud or identity theft, I've been lucky so far, despite liberally spreading my credit card details all over the Web, in a myriad of e-commerce sites and online services. With our recent travels, and my wife's own activity on the card, I thought there was a good chance this would be a false positive, which it was, but I came extremely close to canceling my card, and would have, had it not been for my often-mentioned e-mail pack rate behavior.

When I called into the fraud center, after identifying myself, the automated voice asked about some "odd" activities - one from a "record store" and another from an online eMarketing firm. Both sounded odd, so I ended up with an operator. As she explained to me, the "record store" was actually Apple's iTunes, to the tune of $.99. No problem. But the other one? It turned out it was based in South Africa, and had charged me $1.07. That was an odd number, but small, and I didn't recognize the firm. It sounded like "Quirky Marketing" or "Quirk iMarketing". Something...

When I said I didn't recognize the name of the service, the operator strongly advised me to cancel the card immediately. But I wasn't so sure. There was still the possibility I had made a mistake, and $1.07 didn't seem like a big deal. She again pushed me to cancel the card, saying if somebody in South Africa had my data, the next purchase could be a big one.

I asked her not to cancel the card, but after asking people on Twitter what they thought I should do, and seeing a near-unanimous response that I should follow the bank's advice, I was feeling like my smug naivete was going to catch up to me.

Searching Google for the firm name I thought she had mentioned found nothing memorable. And the South African connection sounded very weird. But there was one last place I could look - in my e-mail. As mentioned many times, I've saved practically all my useful e-mail going back more than a decade - making it an extremely deep personal database. So I searched for the term the woman had mentioned on the phone: "Quirk".

It turned up an e-mail confirmation from Quirk eMarketing from September 2008, for a product I had checked out called "BrandsEye". BrandsEye I would have remembered, but the "Quirk eMarketing" I'd largely forgotten. Their site left much to be desired, but my e-mail showed I'd signed up to a service that would charge 7 South African Rands a month to monitor online mentions. Depending on the exchange rate, one month's bill would be $1.01, and another would be $1.07. And while that didn't trigger any fraud alerts in September through February, today, it did. (Likely due to some other activity my wife initiated)

When I had gotten the online confirmation of my purchase back on September 28th of 2008, I moved the e-mail to my "Commerce" folder and saved it. I didn't know if I would ever need it again, but today, it came in extremely handy, and I won't be canceling my credit card. Phew!