I was surprised to find a huge package sitting on my front porch last week. I hadn’t ordered anything, so I figured it must be a gift, even though it was too late for my birthday and too early for Christmas.
Inside was an assortment of coffee, a travel mug, a stainless steel carafe and a fancy 12-cup coffee maker, all from a company called Gevalia. Whoever sent this, I thought, doesn’t know me very well. I like coffee, but I’m not the kind of gourmet who would appreciate this sort of high-end beverage. (I’m more the Dunkin’ Donuts type.) Then I looked at the packing slip, which said that I had ordered it and paid with my Visa card.
Uh-oh. I sat for a couple of minutes, trying to figure out if there was any way that I could’ve inadvertently placed such an order. Then I called the company and explained what happened. Mysteriously, someone had used my name, address and Visa number (she verified it by reading me the last four digits) to place the order. But they had a different phone and different e-mail address, which she gave to me. She also noted the exact time of the order, which was while I was driving to see my son at college. She said she’d put a fraud alert on the order and told me to keep the goods for my trouble.
I then called the phone number that was associated with the order. It was a non-profit organization a couple of miles away from me. When I told the receptionist that someone was using their phone number in a case of credit-card fraud, she mentioned that she’d had several calls like this. She didn’t know what was going on.
I was tempted to send an e-mail to the address I had, but I thought that then the thief would have my e-mail address.
My next call was to Visa to find out what else might have been charged to the card. Luckily, there were no other charges. We immediately cancelled the card, Visa placed a fraud alert on the number, and I was issued a new one.
The whole incident baffled me. Although I was concerned that someone somehow got hold of my credit card information, I was not that surprised. I take reasonable precautions, both online and off (I shred all my mail), but I’ve done enough reporting on Internet security to know how easy it is for thieves to get your number. And even if you never use a credit card online, your financial institution keeps all that information on a computer somewhere, a computer that can often be just as easily hacked.
What baffled me the most: who was this person who would use my credit card to order coffee and send it to my house? I imagined some teenage hacker-in-training, just trying out his skills to see if he could get away with it. Or maybe it was someone in my neighborhood who pulled my information off my WiFi network, ordered coffee and hoped to pick it up from my doorstep before I noticed?
Then I did a little research online and found that this has been an ongoing problem with Gevalia, dating back to 2008. There is a formal complaint lodged with the Justice Department in the state of Delaware, where Gevalia is located.
Now I’m doubly baffled. Why would a merchant do this? Are they hoping that some of us actually think we ordered the coffee but forgot? And how did Gevalia, with whom I’ve never done business, get my credit card information? I’ll never know. But I consider myself exceedingly lucky that my only experience with credit card fraud (so far) cost me nothing but a couple of phone calls and gained me some cool coffee paraphernalia.