52

I just got off a very obvious scam call where the scammer was offering to "lower" my interest rate. I played along to try to waste some of their time. I gave a fake expiration date and a fake last 4 digits of the card. He put me on a short hold and came back saying that was the wrong number. I went to a fake CC generator site thinking maybe there is something in the last 4 that can verify legitimacy kind of like the first four can indicate the Brand (Visa, MC, etc.). I gave him those last 4 and once again, after a brief hold, he came back saying it was the wrong number. At this point he lost his cool and started swearing, etc. and eventually hung up, but I've never heard or seen anything like this before.

Is it possible to verify that the last 4 digits of a card number are legit? In this case, it was supposed to be a Chase Visa. Could it be a checksum or something else? Might the expiration date and the last 4 need to match? Or is it more likely that he actually had my full number and was phishing for more info or something?

stormdrain
  • 493
  • 1
  • 4
  • 7

4 Answers4

149

He was probably trying to impersonate you on a site that legitimately knows your card number, perhaps your card issuer itself. Such a site would challenge your identity by asking for your last four digits; when you gave the wrong information, his verification attempt failed, and he knew it was bogus. He may even have triggered a lock on your account, frustrating him further.

If this scenario is correct, he doesn’t have your card number, but he has other personal information, and reviewing your security and activity on important accounts for a while may be warranted.

erickson
  • 848
  • 1
  • 6
  • 5
32

The last digit is a check digit that uses the Luhn algorithm to help avoid data entry errors, but you need all of the previous digits to calculate the check value.

It is possible that they have a "current" list of credit card numbers that are linked to people. The numbers in their database don't include the entire credit card number, because the legitimate vendors they stole it from aren't supposed to store the entire number.

They checked your last four with their list and didn't get a match. Therefore they couldn't move on to the next phase which is to get more of your data.

Freiheit
  • 8,772
  • 3
  • 44
  • 65
mhoran_psprep
  • 148,961
  • 16
  • 203
  • 418
17

More likely he had nothing and was trying to get you to read out the entire number "so we can correct it."

Or, as @freiheit suggested, more likely they were trying to use this to authenticate themselves as you in a system that might give them the rest of the digits. In which case, if you weren't going to just hang up on them, giving a false response was absolutely the right thing to do.

keshlam
  • 52,634
  • 6
  • 87
  • 177
3

It is possible that the scam caller already had your full credit card number and was simply trying to confirm the last 4 digits as a way to verify their information. It is important to be cautious and not give out any personal information, including credit card numbers, to unsolicited callers. If you are unsure about the validity of a call, it is best to hang up and contact the company or organization directly using a known phone number or website.

Emotional words Poetry
  • 31
  • 1