beware of Alex Premachuk 2 2

[Oskywalker]

I hope you get your money back.

[ivegotneatstuff]

Where are you based? Interesting that "Premachuk" is a very rare name - I can only find 2 in the USA and they appear to be married and are in Saint Petersburg and 3 with that last name in canada

[Krismusic]

sorry this happened.. hope you get your book back or money. I'll keep note if its although I am in GTA, in Ontario but it might show up in Toronto to try to re sell and I've been looking at a Hulk 181 or GSX 1 as my next big purchases

[James J Johnson]

6 hours ago, ivegotneatstuff said:

Where are you based? Interesting that "Premachuk" is a very rare name - I can only find 2 in the USA and they appear to be married and are in Saint Petersburg and 3 with that last name in canada

There are 2 Premachuks in the US, as you noted, 1 in Argentina, and a whopping 30 Premachuks in Canada, which appears to be the Premachuk capital of the world though not necessarily a feather in the collective cap of our neighbors to the north in this case. Of course, there's a fair chance that no one named Premachuk is involved in this caper and just the Premachuk name is being used without any particular Premachuk's knowledge. There's few enough of them and they all appear to be related. Perhaps reaching out to the Premachuks might yield helpful info.

https://www.google.com/search?source=hp&ei=FFAqXsqVOaK1ggftmKiYDg&q=Premachuk+facebook&oq=Premachuk+facebook&gs_l=psy-ab.12...1174.5021..7141...0.0..0.145.2347.0j18......0....1..gws-wiz.......0i131j0j0i10j0i5i30j33i160j33i299.IdELPkpuzxM&ved=0ahUKEwjK782jkpvnAhWimuAKHW0MCuMQ4dUDCAs#spf=1579831326956

Edited January 24, 2020 by James J Johnson

[comicwiz]

I noticed there is a variation of that name in Montreal with an "i" instead of an "e" - i.e. Primachuk. One of the tricks scammers use as well when they might be using a throwaway name of someone in their circle (family, relative). I say this reserving recognition that the name they used might not even be the person committing the scam, but sometimes that kind of alteration in spelling is meant to throw you off their trail.

[blazingbob]

5 hours ago, comicwiz said:

I noticed there is a variation of that name in Montreal with an "i" instead of an "e" - i.e. Primachuk. One of the tricks scammers use as well when they might be using a throwaway name of someone in their circle (family, relative). I say this reserving recognition that the name they used might not even be the person committing the scam, but sometimes that kind of alteration in spelling is meant to throw you off their trail.

Not that I'm arguing with you but from the chargeback you can get the issuing bank phone number.  You call them,  in the case of this crew the card is fraudulent,  the address is close and there is no Alex Premachuk who has physical possession of this card.  They are basically running blocks of fake cards with "almost close" billing addresses that pass the check digit cc processor audit.  I'm not sure these cards would work if run through a chip reader which is why they target mail order type companies.  If they are emailing you with a phone number to call you are generally put on hold and "Alex Premachuk" gets on the line.  They then give you a song and dance on why you need to ship it right away.  If you ship it they pick it up,  when the charge from your merchant services provider is sent to the bank they charge it back stating that the card is fraudulent.  Chargebacks can occur 30-45 days after the initial charge.  Your book is long gone by then.   

[comicwiz]

1 hour ago, blazingbob said:

Not that I'm arguing with you but from the chargeback you can get the issuing bank phone number.  You call them,  in the case of this crew the card is fraudulent,  the address is close and there is no Alex Premachuk who has physical possession of this card.  They are basically running blocks of fake cards with "almost close" billing addresses that pass the check digit cc processor audit.  I'm not sure these cards would work if run through a chip reader which is why they target mail order type companies.  If they are emailing you with a phone number to call you are generally put on hold and "Alex Premachuk" gets on the line.  They then give you a song and dance on why you need to ship it right away.  If you ship it they pick it up,  when the charge from your merchant services provider is sent to the bank they charge it back stating that the card is fraudulent.  Chargebacks can occur 30-45 days after the initial charge.  Your book is long gone by then.   

Thanks for explaining this Bob. There's two things I can't reconcile - the first being that the name should match the card number, and I realize this is something that's not always followed when someone is paying over the phone. However, would the address they are asking the item to be shipped to be somehow associated to the scam? I can't imagine someone knocking on my door saying, "hey, I ordered something online and I had it shipped to your place" wouldn't go over too easy with most people, so wouldn't the receiving address be an accomplice to the fraud? I guess I falsely believed that one of the facets which help keep online cc fraud in check is that the person has to have it shipped to a location where they have access in some way. I know this is probably for the credit card fraud people to pursue, but the way this theft ring has been able to do this is worrying since they seem to have found a loophole to carry out their fraud.

Edited January 24, 2020 by comicwiz

[Krismusic]

question though wouldn't the billing address and shipping address have to match? so how do the thieves get the package if its at a random person house?

[blazingbob]

9 minutes ago, comicwiz said:

Thanks for explaining this Bob. There's two things I can't reconcile - the first being that the name should match the card number, and I realize this is something that's not always followed when someone is paying over the phone. However, would the address they are asking the item to be shipped to be somehow associated to the scam? I can't imagine someone knocking on my door saying, "hey, I ordered something online and I had it shipped to your place" wouldn't go over too easy with most people, so wouldn't the receiving address be an accomplice to the fraud? I guess I falsely believed that one of the facets which help keep online cc fraud in check is that the person has to have it shipped to a location where they have access in some way. I know this is probably for the credit card fraud people to pursue, but the way this theft ring has been able to do this is worrying since they seem to have found a loophole to carry out their fraud.

You can max out how much information you enter on a mail order purchase but it doesn't necessarily mean you won't get a authorization code.  Name on Card is not a "key" field as far as I know.  You can get an authorization code with a address not matching.  You will generally get a decline if the 3 digit code security code doesn't match.

AMEX is probably the loosest of the cc companies that will give authorization codes.  I have a AMEX card in my postal account that has a 2020 expiration date even though my new card is 2023.  Goes through every time.  

[blazingbob]

5 minutes ago, Krismusic said:

question though wouldn't the billing address and shipping address have to match? so how do the thieves get the package if its at a random person house?

Billing address/shipping address are usually apartment buildings.  When I mapped out the Montreal "Crooks" there seemed to be an area they concentrated the deliveries to.  They are either sitting in cars waiting for the packages to be brought by the postman or when a notice is placed they then go to the post office to pick up.  Either way in all instances these packages are being delivered.    

I have a security check in my system that looks for duplicate IP addresses which they are not triggering so I'm assuming they are using different devices to login in and order from.  

[Krismusic]

2 minutes ago, blazingbob said:

You can max out how much information you enter on a mail order purchase but it doesn't necessarily mean you won't get a authorization code.  Name on Card is not a "key" field as far as I know.  You can get an authorization code with a address not matching.  You will generally get a decline if the 3 digit code security code doesn't match.

AMEX is probably the loosest of the cc companies that will give authorization codes.  I have a AMEX card in my postal account that has a 2020 expiration date even though my new card is 2023.  Goes through every time.  

ahh not familiar with AMEX I know many places here specifically say no AMEX specially near the Niagara region which is close to the border. 

[comicwiz]

2 minutes ago, blazingbob said:

You can max out how much information you enter on a mail order purchase but it doesn't necessarily mean you won't get a authorization code.  Name on Card is not a "key" field as far as I know.  You can get an authorization code with a address not matching.  You will generally get a decline if the 3 digit code security code doesn't match.

AMEX is probably the loosest of the cc companies that will give authorization codes.  I have a AMEX card in my postal account that has a 2020 expiration date even though my new card is 2023.  Goes through every time.  

Bob, I hope you don't mind me asking, but in situations such as these (where a known fraud ring is operating out of a city, that seemingly is targeting dealers with high value comics), will the credit card company absorb the loss, or will the seller have to take the hit? It seems too easy for people with access to stolen cards to defraud people and work the system in their favour.

[blazingbob]

1 minute ago, comicwiz said:

Bob, I hope you don't mind me asking, but in situations such as these (where a known fraud ring is operating out of a city, that seemingly is targeting dealers with high value comics), will the credit card company absorb the loss, or will the seller have to take the hit? It seems too easy for people with access to stolen cards to defraud people and work the system in their favour.

As I believe I stated earlier you have to dispute the chargeback by the issuing bank by stating that you provided as much information as humanly possible.   Your argument is if the issuing bank knows that the card is fraudulent why are they giving an authorization code.  This type of problem is not solved even if you had a secure online cc processing checkout that the customer is keying in the information. 

Potential for fraud is why merchant services rates are higher for mail order transactions versus card/chip present.     

[comicwiz]

1 hour ago, blazingbob said:

As I believe I stated earlier you have to dispute the chargeback by the issuing bank by stating that you provided as much information as humanly possible.   Your argument is if the issuing bank knows that the card is fraudulent why are they giving an authorization code.  This type of problem is not solved even if you had a secure online cc processing checkout that the customer is keying in the information. 

Potential for fraud is why merchant services rates are higher for mail order transactions versus card/chip present.     

Just curious here, but if you sent them an invoice through PayPal, which took the credit card payment information in a one-time payment scenario, do you think it would be declined, given all the variables were the same as trying to fulfill a mail order transaction with a fraudulent card?

[JollyComics]

On 1/21/2020 at 5:58 PM, blazingbob said:

Actually unless I know the customer or they can provide solid references that I can contact I will no longer ship to Montreal.

Doesn't matter what shipping company you use when shipping to this theft ring.  The real issue and frankly one that the banks "bake into your rates" is that they are providing authorization codes on fraudulent credit cards.  The Montreal police department could care less about this.  They won't even take a report even if you have multiple buyer names,  addresses,  banking info etc.    

Hi Bob, I hope you are fully recovered and I will see you at C2E2.  Maybe we should call the credit card companies to check for fraud. Yes it's an old fashioned way like we used to call the bank to see if the check is valid. Anything is automatic and got tricked. Thieves are creative people to find a loophole in the technology.  We should go backward and do the old fashioned way.

[blazingbob]

8 minutes ago, comicwiz said:

Just curious here, but if you sent them an invoice through PayPal, which took the credit card payment information in a one-time payment scenario, do you think it would be declined, given all the variables were the same as trying to fulfill a mail order transaction with a fraudulent card?

Paypal is a Merchant service provider just like Chase Paymentech or any of the other companies that provide that service.  Paypal would be clearing the purchase and securing the funds from a credit card or bank account.  I've never had a Paypal chargeback so I'm not 100% sure how they handle that since they are the one's paying you.  

[blazingbob]

1 minute ago, JollyComics said:

Hi Bob, I hope you are fully recovered and I will see you at C2E2.  Maybe we should call the credit card companies to check for fraud. Yes it's an old fashioned way like we used to call the bank to see if the check is valid. Anything is automatic and got tricked. Thieves are creative people to find a loophole in the technology.  We should go backward and do the old fashioned way.

I agree and when I did have one of the crooks on the phone he got very upset that I wanted the issuing bank number to call them since he wouldn't give me a valid business reference.  This guy claimed I was discriminating against him because he was a first time buyer who just wanted to buy some books.  

Again,  with mail order I don't believe there is a 100% ironclad way to prevent a fraud chargeback.  However for the fees my bank charges it is THEIR responsibility not to give authorization codes on fraudulent cards.  The other option which one security person told me was not to accept credit cards.  I went are you kidding me?  

[blazingbob]

It is pretty sad that the "electronic payment business" is built on a lot of "false" security even with chips.

CC payments in person no longer requiring signature.

No id in a lot of cases required.

You technically as a merchant can't really write anything down about the buyer.  

You could find a card on the floor,  run it until it declines and be on your way. 

 

[comicwiz]

11 minutes ago, blazingbob said:

Again,  with mail order I don't believe there is a 100% ironclad way to prevent a fraud chargeback.  However for the fees my bank charges it is THEIR responsibility not to give authorization codes on fraudulent cards.  The other option which one security person told me was not to accept credit cards.  I went are you kidding me?  

I 100% agree with the sentiment. The thing is, I always thought the mailing address of the issued card was always the failsafe. Online, you would have to enter the mailing address of the card. Someone stealing a card might not have that information, although they might if they took the whole wallet. The other thing is the three digit number feels like the kind of security measure akin to leaving a sticky note on your safe with the combination. It would be more intuitive to have some kind of 3-digit security password that only the person using the card would know.

There are certainly other variables that seem like a false sense of security, but the three digit CSV seems the easiest to bypass for anyone as long as they are physically holding the card, which is likely the highest percentage form of fraudulant transaction (i.e. people stealing someone's wallet and buying as much as they can on tap).

I recently heard a lady had her wallet stolen, the thieves managed to withdraw all the money from her bank account because - get this - she had the bank card passcode written on a piece of paper that was inside the wallet. In that same report, the bank made an announcement that if you use a password that includes numbers from your birthdate, you might not be covered if thieves steal all your money. Imagine what they would do if someone took your entire wallet  and thieves managed to figure out your passcodes for all your cards based on the birth date information on drivers license and other pieces of ID that include that information. Where do they draw the line on the craftiness of thieves - these are thieves after all! 

I appreciate minimizing risks, but it seems there's certain details thieves would never be able to match up, and one of them will always be the persons address who the card rightfully belongs to, and when they somehow manage to figure that out, they still need the merch delivered to an address they live at or can access mail from.

Edited January 24, 2020 by comicwiz

[blazingbob]

5 minutes ago, comicwiz said:

I 100% agree with the sentiment. The thing is, I always thought the mailing address of the issued card was always the failsafe. Online, you would have to enter the mailing address of the card. Someone stealing a card might not have that information, although they might if they took the whole wallet. The other thing is the three digit number feels like the kind of security measure akin to leaving a sticky note on your safe with the combination. It would be more intuitive to have some kind of 3-digit security password that only the person using the card would know. So many variable here, I recently heard a lady had her wallet stolen, the thieves managed to withdraw all the money from her bank account because - get this - she had the bank card passcode written on a piece of paper that was inside the wallet. In that same report, the bank made an announcement that if you use a password that includes numbers from your birthdate, you might not be covered if thieves steal all your money. Imagine what they would do if someone took your entire wallet (like what happened to me last Christmas) and thieves managed to figure out your passcodes for all your cards based on the birth date information on drivers license and other pieces of ID that include that information. I appreciate minimizing risks, but it seems there's certain details thieves would never be able to match up, and one of them will always be the persons address who the card rightfully belongs to, and when they somehow manage to figure that out, they still need the merch delivered to an address they live at or can access mail from.

Again, they are not always stealing the card from someone.  That type of thief uses the stolen card billing address but asks it to be shipped to a different address.  This type of thief is easier to spot since you can google earth the shipping address versus the billing address.  If you have a billing address where the house is worth 2 million and a trailer park shipping address the red flag usually goes up for me.

These credit cards are a block of numbers where they are generating cards

Credit cards in the US don't require a PIN yet.  Debit cards run with a chip reader are processed as credit cards.

 

Edited January 24, 2020 by blazingbob