Depends on how far Amazon's checks go. I can certainly set up a different address in my account with a completely different name to my own, and have items sent to that instead. Which I just did when pinging my girlfriend some gifts for her birthday and the package was addressed to her, not me.

But that's because you're a known and registered Amazon user. You can, of course, change the delivery address but only through your account at the checkout or add an address from "My Amazon".

So unless his account was also hacked it sounds like a whole new temporary Amazon account had been set up using the stolen card details. This would mean there were two Amazon accounts with two different registered user home addresses using the same credit card at some point.
You would have thought there'd be some automatic check with the card issuer that the card and registered user address matched.

It surely can't be as simple as using another computer to set up a new account using the the same ie. correct registered user name, address and card details then change the delivery address at the checkout.

Hence my comment about "depends how far Amazon's checks go". I know for a fact that eBuyer don't allow it, so everything it routed through my brother's account when I want to order because he needed to use my credit card to buy something the first time.

Sorry to have to resurrect my old thread but almost six years on guess what? I've had one of my cards done gain. Some git tried to push through a ?450+ (online?) purchase at John Lewis using my card details. Luckily my card provider did block both attempts but I've had to destroy my old card and been issued with a new one which has just arrived.

I know for certain this fraud was all executed online as after my first experience and the hassle that caused I dedicated one credit card to online transactions with the actual card locked away. That discipline has been maintained religiously ever since.

Love to know how the card details were obtained but if it is like last time I'll never be told or if anyone actually knows how it was done. Scanned my computer for viruses and other malware and one thing that wasn't there when I did that last Saturday, two days before the fraud occured, was flagged as a trojan. Maybe nothing to do with it but I cleaned it out immediately, rescanned and all is now apparently clean.

I'm a bit concerned because I've only just swapped over to broadband, using the ISPs router at present and since then I've had a nasty Winlock trojan, this recent trojan, several other malware items and now my dedicated online credit card has been done. Apart from swapping to BB I haven't changed anything recently, I do regular AV, anti-malware scans and everything I download gets manually scanned without exception, ZIP and RAR before and after decompression. Yet I've had more trouble in the last month than in the previous 6 years.

Use better porn sites.

IIRC the American card circuit was hacked few weeks ago and for a while card numbers from all over the world were available to anyone willing to fork some money for them...maybe you were one of the unlucky ones.

I never pay for porn and certainly not with a credit card, that would just be wrong.

My guess is some retailer I've used recently has a less than secure site. The only new place I can think of where I've used my card directly recently for a purchase ie. not via Paypal was for some MS points two days prior to the fraud. Maybe it was there, although the payments page was using the Barclaycard/Visa verification system so it seems unlikely.

Whoevever and however they got my details the letter I've just had from John Lewis confirming cancelling "my order" had mistakes in both my name and address. If that was what the fraudsters used it is no wonder it was blocked. But how can they have obtained, presumably, correct credit card info but messed up with my name and address?

You don't need to pay for porn for this to happen. There's bazillions of dodgy free porn sites on the web which will quite happily allow trojans and all sorts of nasty malware access to your system. You could have had a keylogger that's pinched your details for example.

I have AV obviously and other active AM running on my system and its is quick scanned manually with Malwarebytes at least twice a week. Also fully scanned with three different programs once a month including a boot time one and everything downloaded is double scanned manually too. I would have hoped any trojans/keyloggers would have been either blocked or at the very least detected during those scans.

As said earlier I did find a trojan during a boot time scan after the fraud came to light. This occurred less than two days after my weekly scans so I know it wasn't there before then. If it was a keylogger the only way my credit card info could have recorded was when buying those MS points. Honestly I didn't go anywhere dodgy or new during that time except whilst searching for the best price for MS points. So that trojan/keylogger, if that is what it was, most likely came from one of those I'm thinking.

But what can you? I always try to pay by Paypal for just this sort of reason and I sometimes, although I'll admit not in this case, use a tip I read about online about pasting in, from a secured text document, sensitive information like credit card numbers. That way a keylogger can't record the keystrokes although if somebody can gain access to your computer wherever that info is held could in itself be a vulnerability.