Join my email list and get FREE ACCESS to the MSM Freebie Library, including my top printables & eBooks.

Secrets of a Former Credit Card Thief

Secrets of a Former Credit Card Thief is a fascinating article and one which everyone who uses debit and/or credit cards needs to read in order to protect themselves:

We’ve all heard the standard tips about preventing identity theft and credit card fraud. But what would a real identity thief tell you if he had the chance? Dan DeFelippi, who was convicted of credit card fraud and ID theft in 2004, says simply this: You can’t be too careful.

DeFelippi, 29, mostly made fake credit cards with real credit card information he bought online. “I would make fake IDs to go with them, and then I’d buy laptops or other expensive items in the store and sell them on eBay,” he says. DeFelippi was also involved in several other kinds of scams, including phishing schemes that exploited AOL and PayPal customers. Committing credit card fraud is still “ridiculously easy to do,” he says. “Anyone with a computer and $100 could start making money tomorrow.”

After his conviction, DeFelippi faced eight years in prison, but under a plea deal he agreed to community service and to pay back more than $200,000 in restitution. He also worked for the U.S. Secret Service, helping to infiltrate the online underground and training agents in the latest fraud techniques. His help led to the arrests of five to 15 people over two years. Today, he’s a Web developer at a graphic design company in Rochester, N.Y. He agreed to take an hour with to share his story and his top tips on how to protect yourself.

Read the full article.

photo credit

Subscribe for free email updates from Money Saving Mom® and get my Guide to Freezer Cooking for free!


  • Andrea Q says:

    Thanks for sharing this article. He makes some good recommendation in the article and DeFelippi also claims that you’re better protected against fraud when you use a credit card instead of a debit card.

  • ANN says:

    The information is interesting. But, it is kind of annoying that the guys gets off the hook and is now making a living from telling his secrets. WOW!

    • Andrea Q says:

      He is doing community service and paying back $200,000. It sounds like what he is doing is part of the community service, not a money making gig.

    • Agreed, Ann! His “punishment” seems petty compared to the people’s lives he changed forever by stealing their identities!

      • ANN says:

        I think that once you have paid back the $200,000 and done your community service, then you are good. Until then, you are a criminal who shouldn’t be profitting off other people’s losses.

    • Amanda says:

      I would go as far as to say I hope the secret service was not paying him to help them, that should have been part of his community service assignment. Also, not sure why a graphic design company would actually hire him with that kind of conviction. He is not trustworthy and they are probably putting their employees at risk of identity theft. I wonder if he learned his lesson?

  • This is one tip I never thought about, but actually makes tons of sense:

    “ What steps do you take to protect your own data online?

    DeFilippi: All financial services companies have two-factor authentication. So you typically have to put in a password plus something else. A lot of banks use questions, but that can actually give you a false sense of security because you can find out a lot of information about people online. So maybe this is extreme, but for those questions, I make up stuff. I don’t put in my real information. For example, a common question is: “What city were you married in?” Well, I’m not married, but I’ll answer that question so there’s no way anyone could possibly know the answer. I try to make sure at least one of the questions has a made-up answer.”

    I definitely will be making up a fictitious dog or something soon!

    • Rae says:

      yeah I never thought about that before!

      • Ileana says:

        I also read the full article and thought this was a great tip! I worked doing collections and had heard of some of the ways that fraud is commited and saw first hand of how it destroyed people!

  • Becky says:

    I’ve always heard the “use your debit card as a credit card” part too- apparently you get the same protection as a regular credit card user does. Conversely, if you type in your PIN and use your card as a debit card you really have no recourse in the event of fraud-which is SCARY!

    I guess I’m glad he tells his “secrets” but I agree with Ann- hopefully he’s making or made his restitution.

    • Elizabeth says:

      Actually, no, you don’t get the same protections on your debit card even if you swipe it as a credit card. While I am adamantly against debt, this just isn’t true. With a debit card, no matter how you used it, if it takes you too long to discover the fraud, you could be responsible for paying for all of it.

    • brookeb says:

      Do you mean if you use a credit card with a pin? Because you certainly do have recourse with most debit cards + pin, as far as a bank refunding your money and going after the theft. At least I have with 2 major banks, but you should check your statements about this. The downside to debit cards is that you wouldn’t have that money in hand while it’s being dealt with, but with a good bank that should be only a day or so until it’s put back in there.

      • Elizabeth says:

        I’ve had friends have to wait weeks, even with major banks, to get their money back after debit card fraud. And, how much you’re liable for depends on how quickly you report it. From the link I posted above:
        “For example, if you report the loss within two business days after you realize your [debit] card is missing, you will not be responsible for more than $50 for unauthorized use. However, if you don’t report the loss within two business days after you discover the loss, you could lose up to $500 because of an unauthorized transfer. You also risk unlimited loss if you fail to report an unauthorized transfer within 60 days after your bank statement containing unauthorized use is mailed to you.”

        • brookeb says:

          That’s federal maximums, though, so others may vary. My bank covers 100% of all charges if you report it within 60 days, if it’s related to your online banking, and they use the Visa zero liability model for debit cards, which mandates that they extend reporting to 5 days from noticing it, although there are some variations with ATM usage from outside ATMs. Still, it’s a good point that banks do vary on this, even though there is some set standard of what they must at least do. Since many banks offer similar services otherwise, this might be where people want to compare and shop around.

          • Becky says:

            That’s what my card does too- the Visa model (my card is a Visa check card).
            But like you said, a good reminder that banks vary in their practices.

          • Elizabeth says:

            And, remember that’s a company policy, which can change whenever they feel like changing it back to the federal rules and regulations.

  • dawn says:

    WOW!!! Thanks for posting this. I have heard some of this info before but…. Very insightful.

  • M.W. says:

    The comments about his “restitution” make me smile. I am married to a White Collar Crimes Detective, and by now, am more used to the “lighter” penalties, but always smile when I see other peoples reactions because I understand! Often, these cases are so complex that they take hundreds of hours to put together, and then it seems like the person convicted gets a slap on the wrist, so to speak. One way to look at it, though, is that there is only a certain amount of space and money available for housing prisoners. Would you rather have this guy, who is non-violent, in jail, or a someone who is preying on children locked up for a long time? Hope that helps…

    • Neighbor says:

      Very good point. I live next door to a convicted murderer. He served 25 years in prison (the minimum required by law) and 5 years probation. Behind him, is a convicted rapist. We were notified by the sheriff’s office about the rapist, but not the murderer. Neither one lived there when we bought our home.

  • Good tips.
    My bank recently told me they recommend people get either a separate checking account and only keep the bare minimum in that for their debit use or use a Visa gift card because criminals are now using scanners that can read your credit card from the parking lot when you’re using Redbox or Blockbuster Express.

    • Amanda says:

      I don’t recommend Visa gift cards. I got one at Christmas once and they are such a pain to use and you most likely will have a small balance of a few cents leftover that you never get to use because every purchase has to be under your balance or it gets denied. You cannot pay the remainder in cash. Plus, there is an almost $5 activation fee.

  • This was a great article – so helpful! My husband is a computer programmer and very safety-conscious, but these are great tips.

    For all the Facebook users out there, there is an easy way to make sure you use the “https” security he talks about, but you do have to set it, as fbook’s default is the non-secure option.

    To change your settings, go to Facebook > Account > Account Settings. From there, you can click “Browse Facebook on a secure connection (https) whenever possible.”

    You can also choose other security features, but this is the basic (and I think the most important) one to protect yourself.

    Thanks for sharing the article!

    • KimH says:

      Thanks for that tip Kelli!!

    • Thanks for this tip. Went in and changed my setting right away.

      This article makes me think about which stores ask me to see my credit card and enter the last digits off the card and which ones don’t.
      And which places seem secure. The big chain grocery store seems safe, but the small gas station where you pay outside….not so much.

    • Ginny says:

      Beware, though, that the Facebook https setting will revert to plain old http (unsecured) if you use a FB app. You will get a warning about it. And although once you leave the app the system is supposed to reset you to https, it doesn’t work for everyone. It doesn’t work for me or my daughter, but it does for at least one of my friends.

  • Elizabeth says:

    While many credit companies offer the same protections on debit cards that they do on their credit cards, under federal law only credit cards offer the consumer protections that stop fraud and relieve consumers of responsibility for fraudulent charges. Banks can, and do, make you fill out lots of paperwork, and go through a full investigation before giving you your money back. I’ve had friends go through this. Their checking account completely cleared out because of debit card fraud, and weeks before they got it back.

    • Dana says:

      Depends entirely on the bank, I have a visa debit card that was stolen online and used on a matchmaking site (ie. atypical use), and I was notified a couple hours after it happened via phone call. And the money was put right back in as soon as I verified it was fraudulent. I did LATER get something in the mail I had to sign saying the charge was fraudulent, but the money was replaced immediately.

      Another time, I got double charged on a debit transaction at a store, and I called the bank the next day, and the charge was credited back to my account immediately.

  • SuAnne McBroom says:

    Thanks for sharing this article. We can not be too careful! Just this week the bank called us because somehow a person had our credit card number and was using it in another state. We have no idea how that happen! We are so grateful the bank caught it before they ran up a huge amount.

    • Ericka Lewis says:

      I’ve had that happen a couple of times–I’m so glad the credit card companies were checking on it because it might have taken me a while to notice on my own. Overall, I’ve been really impressed with my credit card companies because of this (I do not pay extra for ppi or anything, it must be something they do anyway). I also had someone hack into our itunes account which had a credit card attached and order lots of stuff. Luckily, again, the credit card company informed me and we sorted it out without too much hassle.

  • DeAnna says:

    as a victim of identity theft (a worker stole my info from the office of my health insurance ) who almost lost her house b\c of it, I swear by Debix protection. I got a year free from the settlement, and they’re amazing. Any little thing out of the norm and they call me! When hubs and I went on our cruise we were new to the program and didnt tell them we were traveling. They flagged my accounts and called me the minute I used my debit card in Florida and I had to answer pre approved questions and give passcodes in order to use my cards. it was a hassle but after going through all the crap of before, i can say its more than worth it.

  • Tammi says:

    Our credit union is very good when it comes to this issue. Someone was able to get our debit card information, and tried to purchase something that was out of the norm for us. They Flagged the account, called us to see if we authorize the purchase. Since we didn’t they would let the transaction go through, canceled our cards and issued new ones. Now our account is flagged to be watched for suspicious activity for my own piece of mind.

  • dee says:

    I have a Citibank personal account with all 7 of us on it (Hubby + 5 kids ages 19 – 24) and one for my business with all of my employees on it. Plus I have a Capital One card for international travel and my daughter in college in Canada (only card that doesn’t charge an international exchange fee).

    Citibank has been hacked a few times and they’ve closed my account and sent new cards. The only time someone used my card was my business card. I caught it right away. They paid a lot of utility bills, which I recognized as unusual. The weirdest thing they did was pay for emergency surgery for their dog when it was hit by a car. The vet’s staff knew the person because they had been bringing their dog there since it was a puppy. They told the vet I was their cousin and was gifting them the surgery to help the dog. Citibank won’t tell me if they prosecuted. They took all of the charges off of my card and changed my account number. Citibank also told me I couldn’t talk to the vet’s office again either. I did find out the dog survived though.

  • B says:

    Debit cards are not safe at all, like that article said someone gets a hold of it they have all your bank info. Credit cards are very reasonable on fighting fraud. Having a credit card does not mean a person spends wrecklessly and is in debt. I spend credit on 100% of what I buy-I don’t have a penny in debt and stay under budget every month.

  • Crystal,
    Thanks for posting this! I read the whole thing and I will sure be looking at all of the recommendations…and looking into

    Thanks again!

  • KimH says:

    That was a great article.. Thanks for sharing it.
    Have you any great articles on using your smart phones to do banking & business? I have been told several times recently to NOT do banking on your smart phone because your account numbers & any attached to that are captured in your phone somewhere and are easy to recover if you’re a thief in the know.

  • cat says:

    Great article. In todays world this is all to real. tfs

Money Saving Mom® Comment Policy

We love comments from readers, so chime in with your thoughts below! We do our best to keep this blog upbeat and encouraging, so please keep your comments cordial and kind. Read more information on our comment policy.

Leave a Comment

Your email address will not be published. Required fields are marked *