alt Hacker NewsRelated story and wondering if the OP may have been chasing red herrings. I recently noticed an unauthorized charge for a small amount on my credit card (something about FB/Meta). Likely someone probing the card to see if anyone would notice. I called the CC company, had them removed the charge, canceled the card and had them send me a new card (5-7 business days). With the brand new unused card (new CC number, new expiration date, new CVV), the fraudulent payments resumed (again FB/Meta). How is this possible? The reason: digital wallets. Your credit card number, etc. transfers via digital wallets even when you cancel the card. I again called the credit card company and this time, told them to cancel all the digital wallets (there were 99 of them!). There is no way to do this online. You have to speak to a human in a call center. You then have to sit through a lecture about how all your renewing payments are going to reset and you will have to re-establish them will all merchants. "Yes, I understand that. Please cancel the card and all digital wallets!" Then you have to hold for twenty minutes (why? what are they doing? manually canceling all the digital wallets?). The lesson I learned here is that canceling your credit card may not be what you think. Also recurring payments must be incredibly lucrative and canceling them must amount to a big loss in revenue. (Edited for grammar.)
Replies
It's a shame that a disputed charge doesn't result in the credit card company reviewing how the charge was processed, invalidating only the single saved token with a single merchant. That would save everyone a lot of time and money.
Check out privacy.com, you can make your own cards. One per service if you want.
> I again called the credit card company and this time, told them to cancel all the digital wallets (there were 99 of them!). There is no way to do this online.
This is highly dependent on your bank. For example, Bank of America lets you view and delete any cards that have been added to a digital wallet right on their website.
For my case, it was almost certain. As it happened single day, the card i use was a virtual card only used in couple big ecommerce websites etc.
If it was leaked somewhere else, i think they wouldn't bother logging in some unrelated account of mine in an ecommerce website.
Digital wallets as in Apple/Google Pay? I had a similar thing happen and I am wondering what did you make of this double charge, what did the attackers do in your opinion?
if it was a 0 or 1 dollar auth, its likely a fraud check done by said company to make sure you still exist.
one or more of those digital wallets are some subscription supporting thing, and if that auth failed or had an address mismatch or wrong kind of card, they will disable your account until you update your card.
Same here, had a 200 EUR charge from Meta / FB - still waiting for my new card.
I’m not sure about “digital wallets”, but the concept of updating credit card details after a new card is issued does exist, and it’s a service offered by credit card companies.
Blog post from Stripe:
https://stripe.com/resources/more/what-is-a-card-account-upd...