Someone from KLM, probably, has stolen my card details

[Poem]

I have a card which has no virtual card behind it, and which had been used for 1-2 years in offline. Once I had to pay using the real details of a card. And that was the single and only time I used that card for an internet payment. It was for a flight with KLM, on the US version of the website, The whole process was done via https, therefore no one could intercept the data in between. I paid around $300 and several days later someone made a payment on some US website for a subscription of some s**t of around $30. I notified my bank and they, later, reembursed me it.

Therefore, someone working for KLM used my card details and sold them to someone, or used them to make a purchase on their own website, the one made to steel money from some of their customers who don't pay cloase attention to their transactions. $30 could have gone unnoticied, right?

No more unauthorized purchases have been since, during a year already

Your thoughst?

My question isn't how to protect yourself, but who else could have it been if not someone from KLM?

Last edited: Apr 26, 2021

 

[Marie Manila]

It is not necessarily the fault of KLM.
I have a debit card for a‌ few years and never used it. Neither online nor offline.
One day someone tried to‍ use my card details for an online purchase in Mexico with correct CVV2 and expiry⁠ date.
It is not clear, how the "theft" got the card details, but maybe there⁤ was a data breach at the card issuer.
I don't know. But since I kept⁣ the card in the envelope at my home from day 1 (and it is still⁢ there 😉), there must be a data breach somewhere else.

 

[Poem]

Is there another card that you have of the same issuer, linked to the same‌ account, that you use?

 

[Silvio]

"I have a card which has no virtual card behind it, and which had been‌ used for 1-2 years in offline"

It's possible that someone hacked a physical terminal and‍ used it to steal your card information, it is a well known MO of carders⁠ to hack into terminals of restaurants etc.

 

[Marie Manila]

No, it was the only debit‍ card from that bank.
I just needed the bank account and the debit card was⁠ included for free. So I left it in the envelope, when it arrived. And approx.⁤ 2 years later the card details were abused.

 

[Poem]

What physical terminal?

 

[Cetme308win]

sometimes people working in banks sell banks details of customers⁤ a.ka "fullz" in the carding argot

 

[NicolasMaduro]

Its highly unlikely a KLM employee stole your data. Usually Card details are encrypted and‌ employees only have access to for example last 4 digits and expiry date.

 

[Martin Everson]

Your browser is infected with malware perhaps.

 

[Poem]

All the employees in KLM? Before they get encrypted and stored, they⁠ must be seen in the plain text first, in order for a card to get⁤ charged.

 

[Poem]

It's not‌

 

[JohnLocke]

It's going to be impossible for anyone to tell you how this was possibly happen.‌ Fact is your card got misused and you need to get a new card, so‍ you need to file a dispute with your bank on any charge you didn't authorize,⁠ end of story or did I miss something here?

 

[Poem]

But I'm not asking anyone to tell me with 100% accuracy where the data got‌ leaked and what to do about it 🙂 It's a discussion - where could it have‍ been? Not what to do with it. I still possess the same card and keep⁠ using it. Why? Because of a way I use it

 

[NicolasMaduro]

No not necesarally

 

[Poem]

How do you charge a card which‌ number and all the data are encrypted at all the times, at all stages?

 

[Martin Everson]

How do you know its not?

 

[Poem]

Martin thinks he got me 🙂

By secondary signs that point to probable absense of it.‌ I'm a programmer.
Can stil it be there? Yes.

By what means a browser get‍ infected? Tell me.

 

[Martin Everson]

Rogue browser extensions for example.

 

[Poem]

What if I was using the incognito mode in which all the extenstions get disabled‌ by default? That's even assuming that I install shitty extentions which I don't.