About 10 days ago, I received a Chase Fraud alert for an attempted charge of $12.00. I told Chase the charge was not mine but to please keep the card active (I use it to pay utility bills, amazon, and a few other routine uses, so it is a pain in the backside to make changes). Well, this week there was an attempted $1600+ charge and no fraud alert from Chase! I only found out about the bad charge because the vendor thought it strange that the shipping address was different from the billing address and called my cell # to confirm the charge.
Apparently the hacker has all my information (name, billing address, zip code, etc.) down to the 3-digit verification code printed on the back of the card. Ironically, this card (with the previous 16-digit CC#) was hacked and had an attempted fraudulent charge about 4 years ago. With the new CC# issued 4 years ago, it appears the new 16-digit CC# was hacked again within the last 48 months. Since I download all my Chase activity to CSV files routinely including my MR Visa, I am going to analyze every authorized charge in the last 48 months under the second number to isolate a list of vendors that accepted the card as my potential list of "hacked sites."
I do know I used the MR Black card at an SPG property between 06/2015 and 02/2016. Did the SPG hack include credit card information? I thought it was supposedly encrypted?
I will post an update in the next 10 days as I crisscross my last 4 years of vendors with hacking announcements to see if I can isolate the vendor at the root of this most recent hack and fraud attempt.