Someone from KLM, probably, has stolen my card details

[Poem]

I have a card which has no virtual card behind it, and which had been used for 1-2 years in offline. Once I had to pay using the real details of a card. And that was the single and only time I used that card for an internet payment. It was for a flight with KLM, on the US version of the website, The whole process was done via https, therefore no one could intercept the data in between. I paid around $300 and several days later someone made a payment on some US website for a subscription of some s**t of around $30. I notified my bank and they, later, reembursed me it.

Therefore, someone working for KLM used my card details and sold them to someone, or used them to make a purchase on their own website, the one made to steel money from some of their customers who don't pay cloase attention to their transactions. $30 could have gone unnoticied, right?

No more unauthorized purchases have been since, during a year already

Your thoughst?

My question isn't how to protect yourself, but who else could have it been if not someone from KLM?

 

[Marie Manila]

It is not necessarily the fault of KLM.
I have a debit card for a few years and never used it. Neither online nor offline.
One day someone tried to use my card details for an online purchase in Mexico with correct CVV2 and expiry date.
It is not clear, how the "theft" got the card details, but maybe there was a data breach at the card issuer.
I don't know. But since I kept the card in the envelope at my home from day 1 (and it is still there ), there must be a data breach somewhere else.

 

[Poem]

Is there another card that you have of the same issuer, linked to the same account, that you use?

 

[Silvio]

"I have a card which has no virtual card behind it, and which had been used for 1-2 years in offline"

It's possible that someone hacked a physical terminal and used it to steal your card information, it is a well known MO of carders to hack into terminals of restaurants etc.

 

[Marie Manila]

Is there another card that you have of the same issuer, linked to the same account, that you use?

No, it was the only debit card from that bank.
I just needed the bank account and the debit card was included for free. So I left it in the envelope, when it arrived. And approx. 2 years later the card details were abused.

 

[Poem]

It's possible that someone hacked a physical terminal and used it to steal your card information, it is a well known MO of carders to hack into terminals of restaurants etc.

What physical terminal?

 

[Cetme308win]

No, it was the only debit card from that bank.
I just needed the bank account and the debit card was included for free. So I left it in the envelope, when it arrived. And approx. 2 years later the card details were abused.

sometimes people working in banks sell banks details of customers a.ka "fullz" in the carding argot

 

[NicolasMaduro]

Its highly unlikely a KLM employee stole your data. Usually Card details are encrypted and employees only have access to for example last 4 digits and expiry date.

 

[Martin Everson]

And that was the single and only time I used that card for an internet payment.

Your browser is infected with malware perhaps.

 

[Poem]

Its highly unlikely a KLM employee stole your data. Usually Card details are encrypted and employees only have access to for example last 4 digits and expiry date.

All the employees in KLM? Before they get encrypted and stored, they must be seen in the plain text first, in order for a card to get charged.

 

[Poem]

Your browser is infected with malware perhaps.

It's not

 

[JohnLocke]

It's going to be impossible for anyone to tell you how this was possibly happen. Fact is your card got misused and you need to get a new card, so you need to file a dispute with your bank on any charge you didn't authorize, end of story or did I miss something here?

 

[Poem]

But I'm not asking anyone to tell me with 100% accuracy where the data got leaked and what to do about it It's a discussion - where could it have been? Not what to do with it. I still possess the same card and keep using it. Why? Because of a way I use it

 

[NicolasMaduro]

All the employees in KLM? Before they get encrypted and stored, they must be seen in the plain text first, in order for a card to get charged.

No not necesarally

 

[Poem]

No not necesarally

How do you charge a card which number and all the data are encrypted at all the times, at all stages?

 

[Martin Everson]

It's not

How do you know its not?

 

[Poem]

Martin thinks he got me


By secondary signs that point to probable absense of it. I'm a programmer.
Can stil it be there? Yes.

By what means a browser get infected? Tell me.

 

[Martin Everson]

By what means a browser get infected? Tell me.

Rogue browser extensions for example.

 

[Poem]

What if I was using the incognito mode in which all the extenstions get disabled by default? That's even assuming that I install shitty extentions which I don't.