Apodaca: Be careful about swiping cards as you shop

On the day after Thanksgiving, I ate leftovers, went to a movie, ate more leftovers, and put gas in my car in preparation for a trip to the Rose Bowl for the UCLA-Stanford football game the following day.

Oh yes, I might also have been the victim of a crime — and I’m not referring to UCLA’s defeat, although the Bruins’ dismal performance was borderline criminal.

My credit card number was stolen.

The way it happened is a lesson in how easily such theft can be accomplished, and how powerless we often feel to stop it. In spite of safeguards taken by consumers to protect their financial information and crackdown efforts by law enforcement agencies, financial institutions and retailers, data theft remains a ubiquitous threat, like a nasty rash that can be tamped down in spots only to pop up somewhere else.

My visit to the gas station? That might have been all that was needed to rip off my number, according to the Costa Mesa police detective investigating the case.

Here’s how these crafty thieves work: Like modern-day Fagins, these criminals often work in gangs. Instead of using orphans like Oliver Twist to pick pockets, they attach so-called skimming devices to the credit and debit card readers on gasoline pumps. The gadgets are small, can be installed quickly and easily, and are extremely difficult for the untrained eye to detect.

When consumers swipe their cards, the devices record the numbers, including possibly the personal identification numbers used with debit cards. The devices are later removed with equal ease, and the stolen numbers are used to make counterfeit cards.

The thieves then use the fake cards to empty bank accounts and run up debts. Victims often don’t learn of the thefts until they receive their monthly financial statements and notice the bogus charges, or until they receive calls from a financial institution’s anti-fraud department checking on questionable transactions.

In my case, I was unaware of the wrongdoing until I got a call from the Costa Mesa Police Department. A suspect had been placed under arrest after someone reported to the police that a customer had been acting suspiciously while trying to make a purchase at a South Coast Plaza jewelry store. My credit card number was among those in the suspect’s stash of fake cards, but it hadn’t yet been used.

The detective, who asked that his name not appear in print, said that these types of crimes can be painstaking to investigate. In attempting to identify victims, all he had to go on initially were the card numbers. The task was complicated by the need to elicit additional information from the issuing banks, and to navigate around privacy laws.

“Identity theft is huge,” he said. In the years that he’s been working on such cases, “it’s just been rampant the entire time.”

It remains unclear whether my 22-year-old son was also a victim of the same criminal ring. His credit card number was also stolen recently, which he learned when he received a call from the bank asking if he’d just made a $1,300 purchase at Bloomingdale’s. My son, who considers Old Navy a splurge, replied emphatically that he had not.

Although we have no evidence that his number was stolen in the same manner, it wouldn’t be a stretch to believe that was the case because he sometimes puts gas in his car at the station nearest to my Newport Beach home.

Of course, gas stations are only one entry point used by financial data thieves. In another recent case, giant bookseller Barnes & Noble said that thieves hacked into its payment devices and might have stolen customer credit and debit card information at 63 of its stores nationwide, including 20 in California.

The book chain said its cashiers now process payments using more secure card readers attached to cash registers.

There are also plenty of low-tech methods used by criminals to obtain personal and financial information. Many years ago, I covered a series of stories on identity theft perpetrated by a gang that swiped mail from people’s mailboxes to obtain information from financial statements and other documents. The results were often devastating, and some victims were forced into bankruptcy.

Since that time, consumers have gotten more knowledgeable about protecting themselves from such crimes, and police are more adept at catching the bad guys.

But data thieves are a sneaky, chameleon-like bunch. They often operate in the shadows, shifting their targets and methods as new opportunities arise. Try as we might to stay ahead of the criminal curve, we must remain ever vigilant, shredders at the ready, Social Security numbers guarded jealously, financial statements combed through meticulously.

I’ll probably think twice next time I gas up my car. I might use cash, or pay the cashier instead of at the pump. My eyes will be peeled for anyone who appears to be tampering with the machinery. Even so, the sad reality is that I could easily fall victim again.

PATRICE APODACA is a Newport-Mesa public school parent and former Los Angeles Times staff writer. She is also a regular contributor to Orange Coast magazine. She lives in Newport Beach.