Unfortunately, it happens.
Someone used my credit card online without my permission. My American Express statement showed a charge for software that I had not ordered. I notified Amex and they checked it out and said that the charge appeared legitimate. The problem was that the data supplied was my card number, my address, and everything else, except the email address was not my email address.
Someone used all of my data and created a special email address to download software and charged it to my account. Amex has turned this over to their Fraud department, and my card number has been changed.
Can an email address be identified as to who originated it?
If a software provider gives a customer a license number for their software, can they revoke that license and make that software inoperable?
What you’ve experienced is identity theft. Besides your credit card number, someone knows enough about you to correctly fill in the billing address used to verify card ownership. The opportunities for full resolution are few and difficult.
Can the email address be traced? It’s extremely unlikely. Can the software be disabled? Ditto.
Let’s look at the steps you should take when this happens, and why resolution is rarely satisfactory.
Become a Patron of Ask Leo! and go ad-free!
Someone using your credit card online?
When you discover a bogus charge on your credit card, the single most important thing to do is to call your credit card company immediately to report it so they can take appropriate action. Beyond that, there’s little you can do to prevent a repeat occurrence other than try to figure out how someone got your information.
You’ve already taken exactly the right steps: you called the credit card company and told them you had discovered a bogus charge on your card.
They, in turn, took exactly the right steps to protect you: invalidated your old credit card number and issued you a new card. Hopefully, they also refunded you the amount in question. In the U.S., at least, I believe they’re required to, as long as you report the fraud within a certain amount of time.
Those are steps that need to happen as soon as you discover an issue. The sooner you report the issue, the sooner your card will be disabled and the sooner you’ll stop risking additional bogus charges.
And that’s where it ends. Honestly, that’s about all you can do about the incident.
About that email address
While your credit card company probably has your email on file so they can send you promotional and administrative information, it’s not used to validate your credit card when you purchase something.
At a minimum, the credit card company uses the expiration date to confirm you’re holding the card in your hand. They’ll also sometimes check the billing address or postal code you provide against the account, as well as the extended validation code that may be requested from the back or front of your card. They may also use your phone number.
That a different email address was used means nothing.
In fact, it’s possible the merchant didn’t even require a valid email address at all. It’s obviously not good business practice, but the email address is generally used only to send informational messages like sales receipts — messages your thief won’t care about at all.
Obviously, if the product was to be delivered via email, that’s another matter. The email address had to be valid — at least long enough for the thief to get the delivery. Before and after that? It could be completely bogus.
Chances are there’s nothing to trace. The email address was either completely fake or existed only long enough to complete the transaction. The address had nothing to do with who the thief might be or where he was located.
Even if the thief was stupid enough to use a permanent email address that could somehow be associated with him, chances for tracing are still slim to none.
- I believe it would require legal action to force the email provider to reveal any information about an email address, such as the IP address from which a message might have been sent.
- I believe it would require further legal action to force the ISP who owns that IP address to reveal any information about it, such as its location or ownership.
- Even the location might not be enough if it’s shared by multiple users.
Now, even if both entities were cooperative (which is highly unlikely), they may not have the data. That’s an enormous amount of data to log and keep. I expect providers flush their records regularly.
The harsh, practical reality is that an email address cannot easily be traced if the sender sets it up to remain hidden. It simply requires too much cooperation from too many entities who are predisposed not to help.
You actually want things to be this difficult, because this is how your privacy is protected from those who might try to find you.
Revoking the license applied to software after it’s been purchased, installed, and activated amounts to a kill switch. A software vendor could decide — for any reasons it deems appropriate — that you’re no longer entitled to use the software.
Most software does not have a kill switch. Once activated, the software remains so until it’s reinstalled for some reason.
That’s not to say there isn’t software out there with a kill switch. Particularly these days, when software frequently “phones home” to contact the manufacturer’s servers for updates and the like, it wouldn’t be difficult at all.
But depending on the software and its intended audience, one false ‘kill’ — disabling a legitimate user’s software by mistake — could be a public relations nightmare.
Any time issues like this come up, it’s important — after taking the time-sensitive steps I’ve mentioned above — to sit back and see what lessons can be learned to protect yourself from having it happen again.
How did the thief get your information in the first place? Has that issue been corrected, and if not, what’s to prevent it, or worse, from happening again?
Reviewing Internet Safety: 7 Steps to Keeping Your Computer Safe on the Internet would be a great place to start.
As would subscribing to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.