GDPR for your own card purchases?
Discussion
A friend of mine has had her card fraudulently used a couple of times to buy tickets to an event. She's been told that despite it being her card used, and her address used to send the tickets to, that the company cant tell her what name they were in due to GDPR? Is this correct?
I mean surely you're within whatever data bubble that falls under seeing as its "you" thats made the bookings?
Its obviously someone she knows and she's trying to narrow down the list. The company have said that they'll tell the police or her bank if they ask
I mean surely you're within whatever data bubble that falls under seeing as its "you" thats made the bookings?
Its obviously someone she knows and she's trying to narrow down the list. The company have said that they'll tell the police or her bank if they ask
I think the issue is it's not her card, it's the bank's.
Same reason why the police aren't interested - it's not her that's been scammed, it's the bank.
Happened to me three times (three lots of separate occasions) with the same card provider. I'd have thought some easy to trace situations - airline ticket bought and foreign currency from a bank, some jewellery sent to an address etc. No one gave a toss.
Same reason why the police aren't interested - it's not her that's been scammed, it's the bank.
Happened to me three times (three lots of separate occasions) with the same card provider. I'd have thought some easy to trace situations - airline ticket bought and foreign currency from a bank, some jewellery sent to an address etc. No one gave a toss.
HotJambalaya said:
A friend of mine has had her card fraudulently used a couple of times to buy tickets to an event. She's been told that despite it being her card used, and her address used to send the tickets to, that the company cant tell her what name they were in due to GDPR? Is this correct?
I mean surely you're within whatever data bubble that falls under seeing as its "you" thats made the bookings?
Its obviously someone she knows and she's trying to narrow down the list. The company have said that they'll tell the police or her bank if they ask
Why can't she intercept the mail? Is she a student? If not is it possible this is a clueless husband accidentally trying to surprise her with her own card?I mean surely you're within whatever data bubble that falls under seeing as its "you" thats made the bookings?
Its obviously someone she knows and she's trying to narrow down the list. The company have said that they'll tell the police or her bank if they ask
Sheepshanks said:
I think the issue is it's not her card, it's the bank's.
Same reason why the police aren't interested - it's not her that's been scammed, it's the bank.
Happened to me three times (three lots of separate occasions) with the same card provider. I'd have thought some easy to trace situations - airline ticket bought and foreign currency from a bank, some jewellery sent to an address etc. No one gave a toss.
Unless I've missed something, its the OPs friend that has been the victim not the bank. Same reason why the police aren't interested - it's not her that's been scammed, it's the bank.
Happened to me three times (three lots of separate occasions) with the same card provider. I'd have thought some easy to trace situations - airline ticket bought and foreign currency from a bank, some jewellery sent to an address etc. No one gave a toss.
You could get your friend to report it to the police (fraud by false rep). Of course they wont say 'oh it was Sally that used the card' but they'll investigated it.
The details being requested are the personal details of someone else; not OP's friend.
GDPR prevents this disclosure. While OP's friend may consider that a crime has been committed, it is not their responsibility to investigate. That lies with the Police, and the Police do have the power to request the relevent personal details.
GDPR prevents this disclosure. While OP's friend may consider that a crime has been committed, it is not their responsibility to investigate. That lies with the Police, and the Police do have the power to request the relevent personal details.
Edited by Rivenink on Monday 20th February 19:25
LosingGrip said:
Unless I've missed something, its the OPs friend that has been the victim not the bank.
You could get your friend to report it to the police (fraud by false rep). Of course they wont say 'oh it was Sally that used the card' but they'll investigated it.
The bank will refund her.You could get your friend to report it to the police (fraud by false rep). Of course they wont say 'oh it was Sally that used the card' but they'll investigated it.
sociopath said:
Trying to work out what the fraud is if the tickets are sent to the card holder? Unless its the seller of the tickets trying to make more money.
The card holder could live in a block of flats with a communal post area where the post can be intercepted if the card holder is known to be out at work during the day. The tickets can then be resold on facebook marketplace etc before the card holder glances at their monthly statement.sociopath said:
Trying to work out what the fraud is if the tickets are sent to the card holder? Unless its the seller of the tickets trying to make more money.
OP is suggesting (I think) they were ordered in someone else's name - is that even possible? And surely, if you were fraudulently using a credit card, you wouldn't use your own name?Sounds like this could be an internal issue within a family, perhaps?
Sheepshanks said:
sociopath said:
Trying to work out what the fraud is if the tickets are sent to the card holder? Unless its the seller of the tickets trying to make more money.
OP is suggesting (I think) they were ordered in someone else's name - is that even possible? And surely, if you were fraudulently using a credit card, you wouldn't use your own name?Sounds like this could be an internal issue within a family, perhaps?
the tickets had been sent to her flat directly, and since that matched the billing address the company was happy. They are not willing to disclose what name the tickets were purchased in.
This is not a family issue since she doesn’t have any here. Unfortunately the street entrance to the communal area of her flat is open, so anyone would know that
My question is more a technical one I guess, if you use my card and my address surely I’m privy to any of the details regarding the order?
Well, like I said previously, in the multiple times this happened to me I just disputed the charges and they were credited back without question.
Perhaps in my case it was more obvious as the charges were from all the place.
I guess the bank recharges the seller if they haven't 100% followed the rules but if the seller objects then perhaps it gets complicated.
I think for one-off small amounts the bank might just swallow it. If this has happened before and she's paid the bill then that could be a problem.
Perhaps in my case it was more obvious as the charges were from all the place.
I guess the bank recharges the seller if they haven't 100% followed the rules but if the seller objects then perhaps it gets complicated.
I think for one-off small amounts the bank might just swallow it. If this has happened before and she's paid the bill then that could be a problem.
HotJambalaya said:
Sheepshanks said:
sociopath said:
Trying to work out what the fraud is if the tickets are sent to the card holder? Unless its the seller of the tickets trying to make more money.
OP is suggesting (I think) they were ordered in someone else's name - is that even possible? And surely, if you were fraudulently using a credit card, you wouldn't use your own name?Sounds like this could be an internal issue within a family, perhaps?
the tickets had been sent to her flat directly, and since that matched the billing address the company was happy. They are not willing to disclose what name the tickets were purchased in.
This is not a family issue since she doesn’t have any here. Unfortunately the street entrance to the communal area of her flat is open, so anyone would know that
My question is more a technical one I guess, if you use my card and my address surely I’m privy to any of the details regarding the order?
GDPR allows for very significant fines to be levied if companies fail in their responsibilities.
Rivenink said:
Quite simply, the name itself is personal identifiable information, which means the company must adhere to GDPR. GDPR confers rights to the individual identified, and responsibilites on the company as the data controller. It's not your information, and you have no rights to it.
GDPR allows for very significant fines to be levied if companies fail in their responsibilities.
This is the rub, the OP wants the details of the scumbag who stole his details and purchased the tickets, but GDPR doesn't care whether they are scum or not. That's the problem with lots of laws, it gives rights to scum, when us 'not scum' would rather they didn't.GDPR allows for very significant fines to be levied if companies fail in their responsibilities.
vikingaero said:
Back in the days when certain groups could clone your analogue mobile phone, all the numbers would be on your monthly statement, so you could call them up telling them their friends where thieving scum.
NEC P3 with the engineer chip... Direct entry of new ESNs via the keypad. those were the days 
The company is correct in that it can't give out the information because the person requesting it isn't the person who gave that information. Even if the person who ordered the tickets has used someone else's address and bank details, that's the information they gave and it belongs to them even if they don't exist and used a fake name. It's not down to the ticket company to legally investigate who owns the data, only protect it at this stage and assist with any criminal investigation.
Same thing happens if someone takes out a loan or opens a bank account using some or all of your details. Once you inform the provider that it's not you, you don't have any right to the data they hold as you didn't give it. They can close the product etc but they can't give out the information to you as you didn't provide it.
Same thing happens if someone takes out a loan or opens a bank account using some or all of your details. Once you inform the provider that it's not you, you don't have any right to the data they hold as you didn't give it. They can close the product etc but they can't give out the information to you as you didn't provide it.
A couple of years ago, my card was cloned and someone e ran up 25k GBK of purchases in an afternoon. Found out as a suspicious retailer called me (no idea how they found my number) and asked me about an order for Hugo Boss Jackets to be sent to an address in West London.
Clearly not me and the bank did refund all the charges.
I notified the police, gave them the name and address of the person who had committed the fraud, and they did nothing.
Not really my issue as it was the bank that lost the money, but I was amazed that no action was taken.
Makes you wonder why we all play by the rules to be honest !
Clearly not me and the bank did refund all the charges.
I notified the police, gave them the name and address of the person who had committed the fraud, and they did nothing.
Not really my issue as it was the bank that lost the money, but I was amazed that no action was taken.
Makes you wonder why we all play by the rules to be honest !
Gassing Station | Speed, Plod & the Law | Top of Page | What's New | My Stuff