Credit card, `compromised`.

[OldCarlos]

Being a bit of a dinosaur I'm never comfortable with newer technology.........especially where my money is concerned! & although we have debit cards for everyday use & a credit card which we use to purchase items over the £100 we'd never used the tinterweb to buy anything. (we don't do internet banking, or have a paypal acct etc)

After family & friends kept going on about amaz0n etc, we decided about 18 months ago to get a credit card to use solely for this reason, with only a lowish £2k max.
70% of purchases are via amaz0n (not marketplace) then the likes of argos, j lewis etc Other bits only when checked out a few reviews & reasonably sure the seller is kosher.

Haven't used it loads, apart from Xmas time & there was less than £180 spent on it last month. (some months it isn't used at all)


Last night my `moneyboss` tried to use it & it was declined?


This morning a message was left on the answer machine stating they were from X bank (which corresponds to our CC) asking to ring a certain number & to quote ***.
Mmmm I thought, I'm not falling for that, so rang the # direct on the CC.

After umpteen recorded messages, then security questions, it turns out someone has somehow maxed out the card! (approx. £1800) over the past week.


This seems to have happened the day after our last purchase was made on the 22nd & it was paid to the company via paypal


Apparently amongst things purchased were; Men's clothing, Insurance from Admiral, used at Ocado...... wtf? Surely these would be easy (ish) to trace?

Anyroad, card now destroyed & another will be sent out.


Just how common (& easy to do) is this sort of scam?

 

[Steep]

It's happened to me a couple of times in the last ten years and I'm certain that one of them was my card being skimmed in a local shop. I've even had someone take out a payday loan using (partially) my details, that was by far the most difficult thing to sort out (I have a collection of final demands and threatening letters) and probably still hasn't been as these thing get sold on en-masse to debt recovery companies. I bank purely online now and check my account daily so no surprises on that front.

It happened to my mother too before she died and the purchases on her card were equally strange, subscription to a wine club, a sky subscription, various other things that required delivering. The thing was she never shopped online with it.

 

[Steep]

Question, if you don't have a paypal account, how did you manage to pay for something via paypal?

 

[dean messenger]

Question, if you don't have a paypal account, how did you manage to pay for something via paypal?

a fake paypal account set up by the thief then they use the card for purchases would be obvious guess

 

[viv1969]

Extremely easy and common.
If you've put it in the hands of your CC company, they'll sort it for you.

 

[srichards]

If the card has one of those contact less thingies i wonder if it is possible to get the card details just from having it physically near a reader?

Most friends that have been done have had their cards skimmed in shops, particularly fuel stations or dodgy ATMs.

 

[viv1969]

Question, if you don't have a paypal account, how did you manage to pay for something via paypal?

I thought you could pay to someone elses PayPal account directly from a credit card.

 

[Tigger.ufo]

My friend had a card scammed after shopping at Amazon and paying his TV licence.

Turned out to be an employee (now ex) of TV licencing who was selling details!

All sorted by CC company though.

 

[OldCarlos]

I thought you could pay to someone elses PayPal account directly from a credit card.

I think that was the case, but not 100% sure.

 

[Phil V]

I thought you could pay to someone elses PayPal account directly from a credit card.

You can

 

[Phil V]

It's massively more likely to have been a physical skimming. Most e-commerce doesn't put enough details in one place to compromise your card.

 

[OldCarlos]

Extremely easy and common.
If you've put it in the hands of your CC company, they'll sort it for you.

Yep, they said all is fine & they just compile a report to pass on to the police. We probably won't hear anything else.

 

[OldCarlos]

If the card has one of those contact less thingies i wonder if it is possible to get the card details just from having it physically near a reader?

Haha, I wondered about the safety of these cards in relation to our debit cards, but apparently you have to be right up against the reader.

It's massively more likely to have been a physical skimming. Most e-commerce doesn't put enough details in one place to compromise your card.

The CC in question never leaves the house, it's purely for tinterweb.

 

[viv1969]

Yep, they said all is fine & they just compile a report to pass on to the police. We probably won't hear anything else.

When mine was skimmed, the cc company did the same...and reimbursed every penny.

 

[Steep]

Didn't realise you could pay to a PP account that way, you live and learn

 

[OldCarlos]

It's happened to me a couple of times in the last ten years and I'm certain that one of them was my card being skimmed in a local shop. I've even had someone take out a payday loan using (partially) my details, that was by far the most difficult thing to sort out (I have a collection of final demands and threatening letters) and probably still hasn't been as these thing get sold on en-masse to debt recovery companies. I bank purely online now and check my account daily so no surprises on that front.

It happened to my mother too before she died and the purchases on her card were equally strange, subscription to a wine club, a sky subscription, various other things that required delivering. The thing was she never shopped online with it.

I can't quite fathom how they can get away with purchasing stuff like that. (am I missing something? )

Presumably you don't get to hear anything afterwards/any outcomes?

 

[nilagin]

Haha, I wondered about the safety of these cards in relation to our debit cards, but apparently you have to be right up against the reader.

Not as safe as you may think.

View: https://www.youtube.com/watch?v=EKks3vfiy6Q

 

[Steep]

I can't quite fathom how they can get away with purchasing stuff like that. (am I missing something? )

Presumably you don't get to hear anything afterwards/any outcomes?

No, never heard anything. I suspect most of it is just covered by the bank as it's cheaper than trying to chase it down.

 

[OldCarlos]

Not as safe as you may think.

It's a crazy world we live in.

btw, I don't trust any of it

 

[Jannyfox]

You may not want to internet bank but at least it means you can check card balances etc daily. When my card was hacked (from a retailer's online site) I picked it up before my bank did. I was on the phone straight away and the guy on the other end said 'do you want a new card?' You can imagine my reply. I think the hacked one was already in very small pieces. The damage was stopped at two small purchases, both online. I just paid my next bill off less that amount and never heard anything. Disturbing when it happens, though. It would be nice if every online retailer used the verification system, but they don't.

 

[StewartR]

It would be nice if every online retailer used the verification system, but they don't.

It amazes me that they don't.

Our website payment gateway has the '3D Secure' stuff (Verified By Visa, MasterCard SecureCode) implemented by default. It costs nothing, it might reduce your merchant account fees, and it gives you protection against fraudulent card use. I can't see why any online retailer would choose not to use it. (Except hire businesses, ironically!)

 

[Craig1912]

Wife just had £2000 in cash transferred from the credit card to a (as it turns out) fraudulent Barclays account. Apparently the person arranged the transfer over the phone and a bit of a mystery how they got through security. Tesco (card supplier) haven't said much other than the person was female with a northern accent like my wife's! Can't understand how it didn't throw up a red flag as we have never made any cash transfers previously and only a couple of months ago they phone to question a couple of other transactions as they said they looked odd. All sorted now but wife has a CIFAS against her name.

 

[onomatopoeia]

One way the card details get compromised is if a retailer that you have purchased from has their website hacked and all the card details of previous customers taken. This happened to mine, the card company cancelled the card when they found out, which led to awkwardness and a mobile phone call when I was trying to pay for petrol as they didn't tell me straight away.

On that occasion no charges were made against my card before it was cancelled, but I had a few days without the card as a consequence.

What we do with our card processing is have it all happen on a third party site, so we never see the details of the card used to pay, we just get a notification from the merchant services that the payment against a particular invoice has been processed successfully. If someone telephones us with card details we type them straight into the service provider's virtual terminal, again not writing them down anywhere, so they cannot be stolen from us as we never record them.

 

[Overexposed]

This is why I never moan if I get a call from the credit card company checking to see if a payment is ok because its slightly out of line with normal spending habits.

 

[Garry Edwards]

It amazes me that they don't.

Our website payment gateway has the '3D Secure' stuff (Verified By Visa, MasterCard SecureCode) implemented by default. It costs nothing, it might reduce your merchant account fees, and it gives you protection against fraudulent card use. I can't see why any online retailer would choose not to use it. (Except hire businesses, ironically!)

We do, but there is a trade off - the higher the level of security, the higher the likelyhood of the transaction not going through, because the higher the number of things that MUST be right, the greater the chance there is of a customer getting something wrong.
For example, if the customer has told his bank that he lives in flat 1, 10 Arcadia Gardens and tells our website that he lives ground floor flat, 10 Arcadia Gardens, then the card will be rejected - and this happens, a lot.

One way the card details get compromised is if a retailer that you have purchased from has their website hacked and all the card details of previous customers taken. This happened to mine, the card company cancelled the card when they found out, which led to awkwardness and a mobile phone call when I was trying to pay for petrol as they didn't tell me straight away.

On that occasion no charges were made against my card before it was cancelled, but I had a few days without the card as a consequence.

What we do with our card processing is have it all happen on a third party site, so we never see the details of the card used to pay, we just get a notification from the merchant services that the payment against a particular invoice has been processed successfully. If someone telephones us with card details we type them straight into the service provider's virtual terminal, again not writing them down anywhere, so they cannot be stolen from us as we never record them.

Thieves can only hack the retailer's website successfully if the information is on there to start with - we use a secure third party payment portal, so we don't have the info to start with, and I think it's fair to say that all reputable companies do exactly the same.

We have now been told not to accept phone orders, because of the risk of fraud. What happens here is that the card holder orders goods by phone and then denies that he authorised the transaction - and the fact that we have a voice recording of the call, and the fact that he then signed for the goods, does no good at all because the credit card Company just gives him our money back, encouraging this kind of fraud.

IMO the reason these frauds are so widespread and so successful is that the police do nothing to catch the criminals, even when presented with all the evidence on a plate.

 

[Llamaman]

The only (so far) time this happened to me was when my CC bill showed some "Air France" purchases of some £2000. Turns out someone had bought flights from a travel agency - in person, so must have been a cloned card or the agency were in on the fraud.
This was before online shopping was commonplace, and I tended to use my debit card more in shops etc, so I could be reasonable certain where it got cloned. It was in a restaurant, where the card was suspiciously taken from me, and then returned with the card reader. The fact that the meal was terrible (and a disastrous date to boot) only served to rub salt in the wound.

Now, HSBC go too far the other way. My card gets stopped at least once every 3 months for 'dodgy' transactions - such as SnappySnaps (yeah, I'm sure someone cloned my card to buy £10 of photo prints) and holidays I've told them about in advance. Grrrr.

 

[onomatopoeia]

Thieves can only hack the retailer's website successfully if the information is on there to start with - we use a secure third party payment portal, so we don't have the info to start with, and I think it's fair to say that all reputable companies do exactly the same.

Larger retailers tend to give the option to customers to store card details so they don't have to re-enter them for repeat orders (think about Amazon for an example). However for a small business like ours, the PCI-DSS requirements are a bit much so we took the easy way out in implementing automated card processing and like you never have the card details.

 

[fuzzyedges]

I had £670 pounds worth of sea and surf clothing plus £45 domino pizzas and £20 cinema tickets on a card I hadnt used for 18mth (forgot to cancel when the offer finished) Now this begs the question of how, as it was only used to transfer a balance to and never left my house If we forget all the electronic gimmickry of cloning and look at the cc company itself it only needs a bent employee to sell on the details and its that easy

 

[Byker28i]

It was found that oversea call centres for the banks were selling large lists of details for a few hundred pounds, which was a lot of money for them. Of course for the banks it's easier to blame the customer.
Strange how some of you know the story as when it happened to us they wouldn't release any details.
These days I'm very careful, shred everything with any personal details on, even anything with our address on.

 

[OldCarlos]

These days I'm very careful, shred everything with any personal details on, even anything with our address on.

We've done the same for years. (it's a ball-ache sometimes, especially at Christmas )

 

[Furtim]

Based on what you've described, it sounds like the PayPal site you used to pay was perhaps a replica / phishing site? In other words while it looked like PayPal, it was nothing more than a page setup to get you to enter your credit card details.

Just a thought.

 

[Alisonfd]

I'm glad you got it sorted out.

Tesco suspected my parents credit card had been used for fraud but never bothered to block it or contact us for almost a month after the first suspected fraudulent transaction. There were no problems indicated at all, as we were able to book holidays, shop on Amazon, buy petrol etc.

About 5-6 weeks ago an Amazon transaction was refused so we contacted them. They said nothing wrong, no reason for it being blocked and let it go through. Then 2 weeks ago, the card stopped working completely. They blocked our access to the online credit card statement, and we no longer have paper statements. We contacted them and they refused to speak to us until we had received a verification code to unlock the online statements.

Last Wednesday we finally got access to online banking again. We phoned them and the guy said that the credit card was suspected as being stolen on March 20th due to a high number of transactions and every transaction since was being classed as fraudulent. He said that these high number of transactions continued randomly throughout the next month until eventually they blocked the card as it went over the daily transaction limit on more than one occasion. They didn't block it due to fraud, but because we were buying a lot of stuff online (mostly Amazon), as we have been doing on a regular basis with this card for about 5 years.

When we asked why they never phoned us they said because they didn't think it was that important as it was only a low amount (About 25% of the spending limit was used). But to confirm that it was not fraud and unlock the card, we had to go through and confirm the details of every transaction. My mum was there for about 3 hours reading out each transaction 1 by 1 off her online statement confirming it was an authorised transaction. It didn't help the guy on the other end was really slow.

We are now considering getting away from Tesco as we are disgusted that they suspected fraud but never reported this to us. This plus an incident with them denying our charge back on a car rental key deposit because "it doesn't say its refundable" when it did (It said in the small print on the forms we signed, we will refund you the 100euro deposit within 48 hours of you returning the car keys , we had a receipt saying we had returned the keys but Tesco refused to acknowledge the small print was even there), has really annoyed us.

 

[dejongj]

They are all very similar in that way in my experience. Or if they call they call the landline. Duh, if you see a suspicious transaction in Italy maybe I am in Italy. Just call my mobile to verify and don't leave a message on the landline and block my card.

Anyway stuff happens, fraud happens both electronically and offline. Its a shame but so be it. I also had someone paying off a loan in Sheffield. It made me laugh as unless it is a shell company it is rather traceable

 

[Alisonfd]

Yeah. A friend worked for Lloyds and within a month of starting someone had taken all his money, and managed to use a card linked to his account.

What they didn't count on was the CCTV in the shops he used a card in and they never even considered the fact there is a record of where you transfer money to! Turned out to be another staff member who he had a disagreement with. They had requested a 2nd card be added to his account and went on a spending spree before nicking the rest.

 

[OldCarlos]

Based on what you've described, it sounds like the PayPal site you used to pay was perhaps a replica / phishing site? In other words while it looked like PayPal, it was nothing more than a page setup to get you to enter your credit card details.

Just a thought.

We thought the same, BUT the items ordered were delivered.

Reading other's experiences on here, a rogue employee seems like the likeliest scenario.

 

[Keith W]

I once had an issue with amounts of money going missing out of my account, went to the bank & got it sorted, money returned and new bank card issued.

About a month later it started happening again so off I went to the bank to complain except this time I was met by a rather unhelpful & rude young man who said there was nothing he could do about the list of pending transactions etc. etc. and when I said I would contact the police to report this he then started saying I could not do that which led to me getting somewhat irate and angry

By this time my confrontation had drawn the attention of the manager who took me into his office and within about 20 mins all was sorted.

It tuned out to be an employee of the bank, the unhelpfull one, who was taking small amounts of money out of various peoples accounts in the hope it wouldn't be noticed

 

[Alisonfd]

I once had an issue with amounts of money going missing out of my account, went to the bank & got it sorted, money returned and new bank card issued.

About a month later it started happening again so off I went to the bank to complain except this time I was met by a rather unhelpful & rude young man who said there was nothing he could do about the list of pending transactions etc. etc. and when I said I would contact the police to report this he then started saying I could not do that which led to me getting somewhat irate and angry

By this time my confrontation had drawn the attention of the manager who took me into his office and within about 20 mins all was sorted.

It tuned out to be an employee of the bank, the unhelpfull one, who was taking small amounts of money out of various peoples accounts in the hope it wouldn't be noticed

Damn. I am glad you didn't give up.

Some people think really do think they will never get caught when they do stuff like this and the sad thing is, so many people wouldn't of noticed the odd bit of cash missing.

 

[Llamaman]

There's something seriously wrong about a bank's controls if junior members of staff can do this kind of thing and not get noticed. They need to stop viewing this as a cost/benefit issue and start viewing it as a right/wrong issue. Turning a blind eye to petty crime because it's cheaper to isn't helping them to restore their tarnished image.

 

[OldCarlos]

When/if they find out the source of the problem, be it a rogue employee, fake site, skimmed etc etc, I'd have thought it good practice to let the customer know. if only for peace of mind & possibly to help stop it happening again if it was a dodgy seller.

 

[Alisonfd]

When/if they find out the source of the problem, be it a rogue employee, fake site, skimmed etc etc, I'd have thought it good practice to let the customer know. if only for peace of mind & possibly to help stop it happening again if it was a dodgy seller.

Yeah it would be nice if they did that.

Also if you guys sign up for any subscriptions or authorise an approved payments with PayPal, check them on a regular basis. You may no longer use the service you set it up for but they may still have the ability to charge you.