|
CAPP0
Original Poster
5,988 posts
73 months
|
Over the weekend, my charge card (related to my current account, same provider, although the card function is run by a completely separate business unit) was used fraudulently. In addition, someone attempted to access my main bank online banking (current, savings, mortgage accounts), which prompted it to be locked out. As I say, all the same banking organisation, but completely separate accounts.
I'm reasonably careful, but I do purchase online and over the phone, and although I give a nod to protecting my PIN I guess I could be even more careful/diligent (by which I mean, I protect it from nearby eyes, but maybe I don't search out every CCTV camera in the vicinity).
Any idea how the crims could have got enough information to have a go? They made a few hundred pounds worth of purchases on the card, but didn't get into the online system (AFAIK - no unauthorised activity and I've now changed all the login details). The bank have taken the hit on the card spending, but I'd like to understand how to prevent a recurrence.
|
|
|
Ruttager
1,946 posts
62 months
|
Compromised chip n pin reader?
My card got cloned a few years back. Someone tried to use it in Canada whilst I was in Dubai. Lucky the bank twigged and called me up. I'm pretty sure mine got cloned at a petrol station pay at pump thing but I wouldn't be able to prove it.
|
|
|
John145
361 posts
26 months
|
Could be a number of ways, perhaps someone going through your rubbish and getting enough details from your mail to get through the telephone questions, hacking into your PC and finding details you'd entered into a website, fraudulent website or website that has been hacked and information stolen, talking to the wrong person on the phone, using a chip and pin machine/cash point that has been tampered with...
|
|
|
illmonkey
6,284 posts
68 months
|
The other halfs card was used in fraud, luckily only about £60 (I imagine test runs). To use a card online, you only need the number and expiry date, so someone could have just written that down.
|
|
|
covboy
1,358 posts
44 months
|
Had a similar thing a couple of years back. Caught it early (a couple of mobile top-ups - different numbers - had been charged to my card) Bank were OK about it – took the hit (only about £60) and changed my card no problem and offered to forward cash until the new card arrived.
Still can’t understand how it went through though . Details passed onto their fraud department. Heard no more about it.
|
Advertisement
|
|
|
John145
361 posts
26 months
|
illmonkey said: The other halfs card was used in fraud, luckily only about £60 (I imagine test runs). To use a card online, you only need the number and expiry date, so someone could have just written that down. And address and security code.
|
|
|
CAPP0
Original Poster
5,988 posts
73 months
|
John145 said: illmonkey said: The other halfs card was used in fraud, luckily only about £60 (I imagine test runs). To use a card online, you only need the number and expiry date, so someone could have just written that down. And address and security code. So any telephone transaction where you've ordered something and recited those details = game on. Is it really just "one of those things" which you need to live with? (Assuming you want to purchase items remotely)
|
|
|
Deva Link
26,934 posts
115 months
|
A lot of them are inside jobs. Your charge card was linked to the bank account so someone in the charge card company would have had access to that information, but not enough to log into the account. So that fits.
I used to run 4 credit cards but dropped one after it was defrauded for the third time in two years. Amongst the purchases were currency from a bank and flight tickets, so both should have been fairly easy to look into. Each time I called the company they cheerfully refunded me, and didn't appear to give a toss. I've carried on my life in just the same way but (touch wood) never had a problem with any of the other cards.
|
|
|
Mill Wheel
5,074 posts
66 months
|
If you use the "mothers maiden name" as a security question, you do not have to use your mothers real maiden name as the answer - it is usually all to easy to find that out.
Make one up!
Always cover the chip and pin keypad as you type in the numbers. Filling stations are bad for this, as the keypad is often high up where it can be seen from some distance away.
I fold one finger back and type one number with the back of my finger where it cannot be seen - choose a number to facilitate this if necessary.
And finally change you number randomly rather than wait until you are prompted by an incident such as the one you have experienced!
Occasionally a retailer will have a machine compromised - either with their connivance, or by a crooked employee.
If you keep receipts, then it might make tracking where your card might have been cloned more easy.. only happened to me once, and it wasn't fraud, just a billing error, which was easily spotted on the printed invoice.
|
|
|
julian64
9,875 posts
124 months
|
I had my credit card nobbled once. Noticed a £400 bill from matalan of all places.
I rang the credit card company up, and they then asked if I had made a donation to the red cross.
Apparently I hadn't noticed a £10 donation to the red cross the week previously.
According to the credit card company this was a normal tactic by the thieves to test whether the card was working on minimal information.
The red cross are apparently aware they are being used to test faulty credit cards but declined to change their system for some reason according to the chap I spoke to.
Never heard anymore
|
|
|
lombardo8
105 posts
16 months
|
I was thinking about this just last week as I paid for a service with a small one man business over the phone and gave the long card number, expiry date and the 3 digits on the back. They also have my name and address.
If this company decided to go dodgy and start compromising details they have, I would like to believe that the CC companyin conjunction with Visa and Mastercard will have a system in place to run searches for a common denominator i.e. to determine if different fraudulently used cards have been legitimately used at a merchant prior to the fraud.
|
|
|
illmonkey
6,284 posts
68 months
|
John145 said: illmonkey said: The other halfs card was used in fraud, luckily only about £60 (I imagine test runs). To use a card online, you only need the number and expiry date, so someone could have just written that down. And address and security code. I'd have added those to my post if that was what I was told.
|
|
|
Use Psychology
9,918 posts
62 months
|
|
|
streaky
18,351 posts
119 months
|
Let me count the ways ...
Most likely are (in no particular order): compromised chip-n-PIN reader, dummy ATM facia, compromised/spoof website, 'double swipe' by retail assistant (second swipe to capture details on stand-alone device), overheard details, public/compromised PC.
Streaky
|
|
|
CAPP0
Original Poster
5,988 posts
73 months
|
Streaky said: several methods compromised chip-n-PIN reader - possible dummy ATM facia - not possible, card never used for cash, never beenin an ATM. Ever. compromised/spoof website - possible although the card has only been used to purchase goods which I have subsequently received 'double swipe' by retail assistant (second swipe to capture details on stand-alone device) - unlikely; I can't ever recall the card being out of my sight overheard details - possible but unlikely. I can't recall giving details in public public/compromised PC - public: no. Compromised: work PC behind multiple security systems, or Mac at home.....??? There has been a lot of useful information in the responses - thanks all.
|
|
|
Deva Link
26,934 posts
115 months
|
streaky said: Let me count the ways ...
Most likely are (in no particular order): compromised chip-n-PIN reader, dummy ATM facia, compromised/spoof website, 'double swipe' by retail assistant (second swipe to capture details on stand-alone device), overheard details, public/compromised PC.
Streaky You missed the inside job: http://www.dailymail.co.uk/news/article-2116649/In...OK, the above is a bit gratuitous but I live near Chester where some credit card companies have significant operations and a local person was jailed for nicking people's card details fairly recently.
|
|
|
Mill Wheel
5,074 posts
66 months
|
CAPP0 said: 'double swipe' by retail assistant (second swipe to capture details on stand-alone device) - unlikely; I can't ever recall the card being out of my sight I used to work in a business that used a card check scheme called CardCast. Details of stolen cards were broadcast (by radio I think) to the retailers premises, and before we started the transaction, we used to swipe the card through the CardCast terminal - and if it had been reported as stolen or used fraudulently more than 20 minutes before, it would instantly show up as such, and we could retain the card, and if possible detain the user. In all the time I worked there, not one person ever queried having his card swiped twice, even though it was clearly via a second card swipe slot! 
|
|
|
3Dee
2,567 posts
91 months
|
I know of an incident that happened to a friend where he had purchased a flight, then was automatically forwarded to another site. Not sure what the deal was, but his statement showed the second site had dinged him for £10 (different reference and details).
On revisiting this second site he found he had 'donated' £10 to some charity.... and it was automatically taken...
He tells me he did NOT authorise this, and did not pass over the card details - the damn Flight site HAD done though!
If this is true, then it seems that some unscrupulous sites are indeed passing cc details to a second party.
The internet is getting VERY VERY dangerous these days...
Same for some sware downloads, they find all sorts of ways to bamboozle you to installing addions for advertising and the like! Even the most diligent amongst us sometimes fail to spot the convoluted methods to throw you off the scent of check-boxes, radio buttons and the like.
There should be a new law passed that means to have to always OPT IN (with OPT out Default) to all offers like this!
|
|
|
streaky
18,351 posts
119 months
|
3Dee said: There should be a new law passed that means to have to always OPT IN (with OPT out Default) to all offers like this! In every legislative area ... I won't hold my breath. Streaky
|
|
|
sugerbear
532 posts
28 months
|
Just out of interest were the transactions UK/Europe based or USA. Most likely fraud involves reading the mag stripe at a compromised terminal (or ATM) then sending the details to your sidekick in the US who clones the magstripe and go on a spending spree.
Despite what some will claim, you cannot clone a chip transaction (think of a sainsbury/tesco terminal where you dip the card rather than swipe) because the chip generates a unique cryptogram (checked by your card processor) for each transaction and you cant make a magstripe card from the details of a chip transaction because the details are different.
Might have been a magstripe transaction in the UK but in those cases generally the merchant takes the hit, not the bank.
|
|
