Credit Cards Hacked in Columbia Heights


“Dear PoPville,

While my boyfriend and I were delaying our New Years resolutions and drowning our hungover sorrows in greasy food last week at Ihop, we split the bill with our credit cards. Then proceeded to Target to buy vegetables to make up for the Ihop where we both used our cards again. Both cards were hacked and used around DC today [Tuesday]. Has anyone else experienced this lately in Columbia Heights or at either of these places? Just trying to narrow down the culprit.”

70 Comment

  • Although Target has had problems with hacked credit cards in the past, the source of the problem is almost certainly IHOP. Your credit card is never out of sight at Target. It is very easy for unscrupulous waitstaff to steal your credit card numbers with a pocket card swiper.

    • +1. This happens ALL the time. In just about every other part of the world, the server brings a portable card reader out to scan your card, but not surprisingly, the US is far behind for a number of reasons. The best thing you can do is to never let your card out of your sight. I’ve gotten into the practice of using cash at restaurants.

      • Ya credit card culture in this country is mind boggling. Even our neighbors to the north in Canada follow the simple best practices of having all CC transactions in front of the cardholder etc.

      • I was in Paris in 1999 and they brought out a credit card reader to our table and we thought it was the coolest thing. 1999!!!

  • Likely the server or someone who had access to your card at the IHOP. I’ve had this happen to me at restaurants in DC in the past.

  • Yes!!!! This same thing happened to me over Thanksgiving. Same area! They did not have my card but they still pulled money out of an ATM on M St. My bank refunded me… That day I think the only place I used my card was CAVA but I can check!

    I hate this!

    • If they pulled money out of an acct, they have your pin which is unlikely to be given at a restaurant. Maybe a website was hacked.

  • Accountering

    Possible it wasn’t “hacked” but that someone just stole your numbers/bar code at the IHOP.

    • People tend to use “hack” to mean any kind of malicious activity involving technology. Just like how people use “troll” to just mean teasing, rather than deliberately adopting a controversial position in order to trigger outrage in others.

  • This happened to me last week. I bought some things at Target on Tuesday and bought a sandwich at Potbelly on Wednesday – a few hours later my card information was used at Safeway and CVS. When I talked with the bank, they said that apparently people have a way of getting your card info from you using some sort of scanner or something (even if it is in your wallet).

    • Allison

      My dad in law asked for an RFID blocker wallet for xmas a few years ago for this reason. Prevents people from scanning the chip through your pocket.

      • They can only remotely steal the info if the card has a RFID chip, which most do not. The CHIP & PIN/CHIP & signature cards don’t have RFID and do not broadcast info, they have to be directly inserted into a machine to be read. Stuff like PayWave/PayPass/ExpressPay where you simply put the card in proximity with the reader use RFID and are susceptible.

        • Yeah, that was my understanding.
          Oh, also the chip on your work badge, if you’re a fed and your badge has a chip. My previous government agency gave us RFID-blocking badge holders, but many others don’t seem to tell employees that there’s a risk.

  • I’ve had two debit cards hacked in the past 3 weeks from shopping in Columbia Heights. I’m glad someone is pointing out this problem because my banks fraud department has no idea how it’s happening.

  • HaileUnlikely

    I believe there is a good chance that your number was stolen weeks or months ago, whether manually by a person who you were aware had access to your card (e.g., server at restaurant) or by a cybercriminal who got thousands or millions of credit card numbers by hacking into some business’s computer system and stealing card numbers that theoretically should not have been stored there but alas they were. I’ve had it happen to me three times in ten years. All three times, it was trivially easy for me to have the unauthorized charges removed from my account and a new card issued. I basically regard this as a minor inconvenience associated with having a credit card. On a related note, this is why I never, ever, ever use a debit card to pay for stuff. I greatly prefer to still have my money in my account while I argue with my financial institution about bogus charges that appear on a bill that I can probably avoid paying, rather than having the money already gone while I argue with my financial institution about getting it back.

    • Yep. Not to mention that if you pay off your credit card balance in full every month, a charge is like a 30-day, interest-free loan.

    • I had that happen to me a couple of years ago. My bank called me and told me there were some suspicious charges on my card. It was used in England, where I haven’t been to in decades. They removed the charges and sent me a new card. They told me that cards can easily be cloned overseas, and that’s probably what happened. One of the reasons I love USAA (for insurance and banking) is they’re very good at detecting things like this.

  • @ a reasonable person — I’m certainly not ruling that out either.

    @ play nice — thanks for having my back!

    lesson learned – no debit card use especially at restaurants. thanks friends!

  • Emmaleigh504

    Rant: I lost my credit card yesterday. Probably not stolen b/c it hasn’t been used, I just can’t find the damn thing.

    • tonyr

      Can you let me know the number so that I can keep an eye out for it? Oh, and your SSN and mother’s maiden name. Much appreciated.

    • Me too! I called to get a new one and there were no charges on it, so I *know* that it’s got to be in my apartment somewhere. Having to change all of the auto-pay accounts I use it for is my punishment…

      • Most credit card companies will give you another option. When I haven’t been able to find a credit card, and I’m not sure if it’s lost or stolen, I call my credit card company and ask them to put a “Hold” on my credit card for a week. As I understand it, this stops all charges from going thru. If I find the card later (this has happened), I call the credit card company back and they lift the hold. It’s like nothing happened. The only problem is that while the hold is on, valid monthly charges that I’ve authorized (e.g. Netflix, etc.) will be bounced. This can be fixed later. But you don’t have to get a brand new card and start from scratch with everyone. On the other hand if you can’t find the card that week, you call the credit card company up and cancel the card.

      • Emmaleigh504

        I finally cancelled it. I can’t find it and no charges have posted, so I think I lost it out in the wild and a good person found it and destroyed it, or it fell on metro tracks or something. It’s not at work or my apartment. Redoing all the auto pays is going to suck, but should teach me to be less careless with my card!

  • I am pretty sure this is all happening locally. Multiple times here it is mentioned that the shopper is in Columbia Heights and then within 24 hours or so the card is used by someone besides the owner IN DC. There is someone walking around in that area swiping info and it can be done through your wallet or purse depending on what device they are using.

  • Get a credit card with chip technology. Ideally chip+pin like they have everywhere else in the world.

    • No US CC companies offer chip+pin. It is all chip+signature. There are reports on the internet of them being available but whenever you ask they say no. If anyone here has one and can tell me where to get it I will buy them drinks at the next PoP happy hour.

    • It doesn’t matter if you have a credit card with a chip – as long as cards still have the magnetic barcode on back (which all cards still have), your card can be skimmed & cloned onto another card.

      Having a chip/signature or chip/PIN wouldn’t have changed anything in this case.

      • If someone steals the magnetic barcode they still wouldn’t have the pin, so they wouldn’t be able to use it. This is one of the problems with chip+signature since they don’t solve the main vulnerability.

    • If you know of any US card issuers offering chip + PIN, please share. All of my cards are chip + signature (even my card from Barclays, which is a UK-based bank) and it’s a hassle when you’re traveling abroad and want to buy something at an unattended kiosk.

      • Diner’s Club, of all things, is the only chip and pin so far that I am aware of. Chase has been promising it for a while, but has not delivered yet.

      • Wells Fargo offers chip + PIN on some of their cards — I have it on an otherwise fairly basic card. It has both the chip and a magnetic strip, so still vulnerable to certain kinds of cloning, but you at least you can use it more easily abroad.

      • Barclays Arrival+ Mastercard is chip+pin. It won’t do a ton of good until retailers start to have the technology at checkout, but this is one of the cards that does work with a pin (it also works as a swipe card).

      • djdc

        My Visa from State Dept. Federal Credit Union is chip and PIN, and the PIN worked fine in Europe for things like ticket kiosks and ATMs. But 9 times out of 10 at other establishments I had to sign instead of use PIN. I have no idea why.

      • Thanks, all. I have a Marriott card from Chase that’s chip + signature, and hopefully they’ll get their act together on chip + PIN. Interestingly enough, my US Airways card from Barclays is chip + signature and they’ve acted like they’ve never heard of chip + PIN when I’ve called to ask about it.

  • hispanicandproud

    This has happened to me twice with my debit card and once with my Discover card at Target in Columbia Heights.

  • This happened to me about two years ago because of the Columbia Heights Target. The fraudulent charges took place in Atlanta over the next few days, mostly on large gift cards.

  • on the flip side, part of the theft detection problem is the fact that a lot of places are hands off. you slide the card yourself and it rarely touches the hand of an employee. i was always surprised that the cards with your photos never caught on…seems to me that could stop someone from using a card fraudulently. yes, you can still do online orders, but i think most thieves stock up on high cost gift cards and then ditch the credit card.

  • YES!! I just realized that I have very strange charges on my account as well. I, like many people, mainly use their debit cards, which I guess I’ll cease from doing. Any advice how to get my bank to reimburse me?? Total was around $500…

    • Usually credit card companies are better about reimbursing fraudulent charges than a bank. Best to use a CC than a debit card.

    • I just filled out form at the credit union and within a week the $ was back, which was a good thing since there were 4 transactions totaling $2K (it was my ATM, not a credit card)

  • Mostly because I’m not a criminal, I’m so confused how this happens. So, they can detect your credit card through your wallet/purse and then clone them onto a new card that same day? My credit card says “see ID” on the back and I get asked maybe 3 times a year for my ID for a purchase.

    • The “See ID” thing is very regional. In California, I ALWAYS get asked to show an ID whenever I use a credit card. Even at a sit-down restaurant.
      However, they never ask for ID at retailers in the Northeast or here in the DC area. It’s very odd.

    • I thought technically a credit card isn’t legal (authorized?) until signed, so having “See ID” instead of your signature means that it’s not actually valid.
      I find it very quaint when I go to the UK and store clerks, etc. actually turn over my card and compare the signature there with my signature on their receipt. I NEVER see that in the U.S.

    • saf

      “See ID” in place of a signature is against the CC agreement. The store clerks are supposed to refuse the charge and confiscate the card.

      CC security is not something that retail is good at.

      • Allison

        Huh, that makes me feel better. I was a store clerk at office max and a customer loudly berated me for not asking for his ID when running his credit card because it said “SEE ID” on the back. (Mind you this was in Texas where I’d never seen anyone else do that, ever.) “I coulda been a criminal! A CRIMINAL I SAY!” “Sir, you’re buying 1.99 worth of rubber bands.”

        • Oh man, I wish you had confiscated his card and called the police when he didn’t sign the receipt with “SEE ID” as his signature.

      • Huh. Good to know.

      • Yep. And it can cause a lot of problems in foreign countries. Your signature won’t match the card and they’ll often reject it. Plus, your signature on your CC won’t match you’re ID, making rejection even more likely.

  • I had my ATM card and pin un-authorizedly used (to the tune of $2K) over Thanksgiving. My credit union said it is VERY possible, even probable, that the breach occurred months ago (doesn’t mean not in Columbia Heights or MtP as I frequently use it in both places) but they waited until a Holiday (because if they did one before and one after midnight they could get around my daily ATM ceiling without raising flags). My credit union said this is usually done on a massive scale, and that looking to the few days before is typically of little help.

  • I live in Bloomingdale. In October, somebody got a hold of my credit card number and paid a $300 DC parking ticket. I filed a report with my bank. A month later, they sent me a screen shot of the person’s transaction. She had over $1000 in DC driving violations and used my card to pay $300. Filed a police report (they were very helpful) and bank refunded my money. No idea how she got a hold of my number. I use the card all over the city.

    • Wow. That is a whole other level of stupid to use a stolen credit card to pay for something under your name.

  • Sparta

    Ever since I moved back to DC (from NoVA) 5 years ago, my cards have been hacked 3 times.

    It’s endemic. As long as US retailers resist changing from magnetic strips to chips, like other Western developed nations, it will continue.

  • Yes! Both my wife and I went to IHOP and used both our cards. Today both cars were compromised one of which at an Exxon in college park MD ($1.30) and the other at a giant foods in DC ($400+)!

  • A friend’s card was hacked while paying gas at a gas station in Alexandria , I noticed a pretty blond woman out of her car in the cold for no reason, somebody in her car was manipulating a computer, nefore we arrived in dc, the credit card company called him notifying that a purchase made in west virginia with her card was suspicious, and really was.

  • Urgh! Both my wife and I recently had two of our accounts (joint credit card and joint checking account) stolen on 3 separate occasions in the last month – in other words, 3 separate card numbers were taken. It had to be skimming of some kind because they all showed up as card swipes (vs online purchases). Lots of my hard earned money spent at local area Walmarts, liquors stores etc but also somewhere down in Raleigh. We used them at Target in CoHi during the holidays but surely they’ve cracked down right? We also used (or tried to) at that shady Exxon station at 10th and Michigan Ave NE in Brookland. Honestly think we got skimmed there but no way to prove it.

  • I live in Col Hts and use Target and other vendors frequently. Yesterday someone used my credit card info in Australia, and my Bank put a hold on it and cancelled my card. Messed up!!

  • So as to an update on my previous post. EVERYONE in my party on new years eve (Four of us) received fraudulent charges a few days after we went to this IHOP for a late night dessert of chocolate chip pancakes and ice cream. This is the only establishment where we all paid separately using the cards that were ALL compromised. Below is the information we found on Identity Theft and Fraud Reporting procedures for MPDC.

    Financial and Cyber Crimes Unit
    300 Indiana Avenue, NW Room 3019
    Washington, DC 20001
    (202) 727-4159
    [email protected]
    Office Hours: Monday thru Friday 8:30 am to 6:00 pm

  • Yes. My bank contacted me saying my card had been fraudulently used, and I remember it happened after I used the card at Target in Columbia Heights.

Comments are closed.