Credit Card Fraud.
Discussion
Mods, I believe this is the most appropriate area to post this, however please feel free to move if you disagree.
So I get up this morning to realise there is a transaction on my Credit Card I don’t recognise (checking on my app).
It’s not a massive amount (£92) with a very well known on line trader. I never made the transaction, I can’t remember ever buying from them.
I managed to get through to my card provider fraud team straight away and they were very helpful - cancelled my card.
This isn’t the first time this has happened to me, about 10 years ago I was victim to a similar fraud on a much larger scale. Six months of total worry and stress. I managed to get it all sorted, to an outcome where I never lost a penny and actually gained through some compensation. I thought then, it could easily happen again and it has.
Since that event I’m very careful to check my balances almost daily. The fraudulent transaction went through sometime yesterday, I spotted it about 04:30 this morning.
What puzzles me is how does this sort of thing happen? How are my details captured? And how can a purchase be carried out without the last 3 numbers?
I have to admit I use my CC for everything, then settle the balance every pay day. I’m much more wary about using my current account card - after the last event.
Also, am I in for a long drawn out affair recouping this sum?
Thanks in advance.
So I get up this morning to realise there is a transaction on my Credit Card I don’t recognise (checking on my app).
It’s not a massive amount (£92) with a very well known on line trader. I never made the transaction, I can’t remember ever buying from them.
I managed to get through to my card provider fraud team straight away and they were very helpful - cancelled my card.
This isn’t the first time this has happened to me, about 10 years ago I was victim to a similar fraud on a much larger scale. Six months of total worry and stress. I managed to get it all sorted, to an outcome where I never lost a penny and actually gained through some compensation. I thought then, it could easily happen again and it has.
Since that event I’m very careful to check my balances almost daily. The fraudulent transaction went through sometime yesterday, I spotted it about 04:30 this morning.
What puzzles me is how does this sort of thing happen? How are my details captured? And how can a purchase be carried out without the last 3 numbers?
I have to admit I use my CC for everything, then settle the balance every pay day. I’m much more wary about using my current account card - after the last event.
Also, am I in for a long drawn out affair recouping this sum?
Thanks in advance.
A few years ago I noticed a few transactions on one of my credit cards that I knew were nothing to do with me or my wife.
When I phoned them up they took very little persuasion to just delete them.
I didn’t cancel the card as they felt it was unnecessary but said if they reappeared they would then do just that.
From memory there were 3 transactions all around £10 and when I phoned the credit card provider they implied that it was a name known to them - it wasn’t a name I had ever heard of though.
When I phoned them up they took very little persuasion to just delete them.
I didn’t cancel the card as they felt it was unnecessary but said if they reappeared they would then do just that.
From memory there were 3 transactions all around £10 and when I phoned the credit card provider they implied that it was a name known to them - it wasn’t a name I had ever heard of though.
Jim H said:
What puzzles me is how does this sort of thing happen? How are my details captured? And how can a purchase be carried out without the last 3 numbers?
.
Hacked online database is pretty common. You can be as careful with your card as possible but if someone you have bought from isn’t there isn’t much you can do..
I’ve been caught once and it was this way. They were buying Lego land tickets and other attendance type things with my details. If the police were at all interested one would think someone turning up to use stolen credit card purchases would be a good place to start, but no.
In my case the provider cancelled the card and refunded the amounts within days.
As for how it happened, do you use the card online?
If so, one method is an attacker can compromise an ecommerce website for a trusted provider, inject a script and then scrape card details (including the CVV check digits) as you enter them. Two older but well known attacks by a group called Magecart included BA and Ticketmaster.
https://www.theregister.com/2018/09/11/british_air...
https://www.theregister.com/2018/07/12/ticketmaste...
A lot of these methods can be mitigated but you are dependent on everything being done properly by whoever runs the website.
The steps to get to the point where the actual website is compromised by the hacker can be long (see what are called supply chain attacks). In the BA example above, the attack originated when a BA network login belonging to somebody who worked for Swissport was compromised and the attackers moved across the BA network, ultimately being able to compromise the website source code.
https://www.theregister.com/2020/10/16/british_air...
There's obviously lots more ways somebody can end up with your card details.
If so, one method is an attacker can compromise an ecommerce website for a trusted provider, inject a script and then scrape card details (including the CVV check digits) as you enter them. Two older but well known attacks by a group called Magecart included BA and Ticketmaster.
https://www.theregister.com/2018/09/11/british_air...
https://www.theregister.com/2018/07/12/ticketmaste...
A lot of these methods can be mitigated but you are dependent on everything being done properly by whoever runs the website.
The steps to get to the point where the actual website is compromised by the hacker can be long (see what are called supply chain attacks). In the BA example above, the attack originated when a BA network login belonging to somebody who worked for Swissport was compromised and the attackers moved across the BA network, ultimately being able to compromise the website source code.
https://www.theregister.com/2020/10/16/british_air...
There's obviously lots more ways somebody can end up with your card details.
I had similar recently, a £5 transaction on my Amex for Amazon. I spotted it immediately as for some reason I get Google Pay alerts for all transactions on that card.
The weird thing is that card is only really used for Google Ads and literally a handful of other online transactions all with large firms, so I can't work out how the details could have been compromised outside a larger data breach.
Credit to Amex though, they sorted it instantly and got a new card to me next day.
The weird thing is that card is only really used for Google Ads and literally a handful of other online transactions all with large firms, so I can't work out how the details could have been compromised outside a larger data breach.
Credit to Amex though, they sorted it instantly and got a new card to me next day.
trickywoo said:
They were buying Lego land tickets and other attendance type things with my details. If the police were at all interested one would think someone turning up to use stolen credit card purchases would be a good place to start, but no.
Tickets that would undoubtably have been sold on by the fraudsters on FBM or similar to raise cash, so even if the police had turned up at Legoland they would just be questioning an innocent family who would have nothing they could give them other than a fake FB profile that had long since been deleted.Harpoon said:
As for how it happened, do you use the card online?
If so, one method is an attacker can compromise an ecommerce website for a trusted provider, inject a script and then scrape card details (including the CVV check digits) as you enter them. Two older but well known attacks by a group called Magecart included BA and Ticketmaster.
https://www.theregister.com/2018/09/11/british_air...
https://www.theregister.com/2018/07/12/ticketmaste...
A lot of these methods can be mitigated but you are dependent on everything being done properly by whoever runs the website.
The steps to get to the point where the actual website is compromised by the hacker can be long (see what are called supply chain attacks). In the BA example above, the attack originated when a BA network login belonging to somebody who worked for Swissport was compromised and the attackers moved across the BA network, ultimately being able to compromise the website source code.
https://www.theregister.com/2020/10/16/british_air...
There's obviously lots more ways somebody can end up with your card details.
Yeah pretty sure mine was leaked from the BA one back then, fortunately HSBC spotted the unusual spend pattern and stopped the card pretty quickly and the scammers only spent £500ish all of which was cancelled off there and then. If so, one method is an attacker can compromise an ecommerce website for a trusted provider, inject a script and then scrape card details (including the CVV check digits) as you enter them. Two older but well known attacks by a group called Magecart included BA and Ticketmaster.
https://www.theregister.com/2018/09/11/british_air...
https://www.theregister.com/2018/07/12/ticketmaste...
A lot of these methods can be mitigated but you are dependent on everything being done properly by whoever runs the website.
The steps to get to the point where the actual website is compromised by the hacker can be long (see what are called supply chain attacks). In the BA example above, the attack originated when a BA network login belonging to somebody who worked for Swissport was compromised and the attackers moved across the BA network, ultimately being able to compromise the website source code.
https://www.theregister.com/2020/10/16/british_air...
There's obviously lots more ways somebody can end up with your card details.
SpidersWeb said:
Tickets that would undoubtably have been sold on by the fraudsters on FBM or similar to raise cash, so even if the police had turned up at Legoland they would just be questioning an innocent family who would have nothing they could give them other than a fake FB profile that had long since been deleted.
The modern equivalent of bought it from a bloke in a pub.I had one card cloned 3 times - there were stories about leaky Indian call centres.
The provider didn't seem in the least bit bothered - asked me to confirm the dodgy transactions and just refunded them. One of the times someone had bought flights and done a currency purchase in a bank, so they must have been sure of themselves.
I stopped using that card provider after the 3rd time.
The provider didn't seem in the least bit bothered - asked me to confirm the dodgy transactions and just refunded them. One of the times someone had bought flights and done a currency purchase in a bank, so they must have been sure of themselves.
I stopped using that card provider after the 3rd time.
Sheepshanks said:
I had one card cloned 3 times - there were stories about leaky Indian call centres.
The provider didn't seem in the least bit bothered - asked me to confirm the dodgy transactions and just refunded them. One of the times someone had bought flights and done a currency purchase in a bank, so they must have been sure of themselves.
I stopped using that card provider after the 3rd time.
I had the same with Barclaycard that it had dodgy transactions before I even had the card, the last time I hadnt even picked the card up from the branch and it had been used, I called Barclaycard from the branch and they could see on the system that it hadnt yet been collected, I cancelled and made sure they sorted, a few days later it dropped off my credit search completely as though I never had oneThe provider didn't seem in the least bit bothered - asked me to confirm the dodgy transactions and just refunded them. One of the times someone had bought flights and done a currency purchase in a bank, so they must have been sure of themselves.
I stopped using that card provider after the 3rd time.
trickywoo said:
The modern equivalent of bought it from a bloke in a pub.
Not really.'Bloke in a pub' was virtually a certainty that would have been dodgy and both buyer and seller would have known, whereas with FBM it might be but it probably isn't, so to go accusing the buyer of being in on it doesn't really hold true.
Evening folks,
Apologies I don’t know how to multi quote.
Yeah I do a lot of on-line purchasing, I wish I didn’t but it’s pretty hard not to these days.
Yeah it was an Amazon purchase. I think I’ve only ever bought one item of Amazon!
It looks like my account has been restored minus that sum.
There were a few transactions
Amazon £0.00.
Amazon £0.00.
Then Amazon £92:00.
When speaking to my card provider, it was almost as they were expecting it - perhaps there had been a lot of activity over the weekend ?
I’m pretty chilled about it, frustrating, but these are the times we live in.
The last one 10 years ago I was minus £35 K and all my savings wiped. I learned a valuable lesson with that one.
I now have my current account with one provider, CC with another provider, savings again - another provider. I didn’t 10 years ago - All with one.
That’s why I use my credit card for pretty much everything, it’s essentially not my money, it’s the card providers and in their interest to sort if there is an issue.
It was a horrible time for myself, imagine having £ 35 K of debt you had no involvement with?
I never got to the bottom of it all, it was horrendous. Essentially I consider it was a rogue employee working within my card provider who’d been watching my accounts and dispatched a new card that never came to my address. But it got to someone.
It’s funny, even back then, I used to check my account daily. And I feel I was onto it early, however it was too late!
Apologies I don’t know how to multi quote.
Yeah I do a lot of on-line purchasing, I wish I didn’t but it’s pretty hard not to these days.
Yeah it was an Amazon purchase. I think I’ve only ever bought one item of Amazon!
It looks like my account has been restored minus that sum.
There were a few transactions
Amazon £0.00.
Amazon £0.00.
Then Amazon £92:00.
When speaking to my card provider, it was almost as they were expecting it - perhaps there had been a lot of activity over the weekend ?
I’m pretty chilled about it, frustrating, but these are the times we live in.
The last one 10 years ago I was minus £35 K and all my savings wiped. I learned a valuable lesson with that one.
I now have my current account with one provider, CC with another provider, savings again - another provider. I didn’t 10 years ago - All with one.
That’s why I use my credit card for pretty much everything, it’s essentially not my money, it’s the card providers and in their interest to sort if there is an issue.
It was a horrible time for myself, imagine having £ 35 K of debt you had no involvement with?
I never got to the bottom of it all, it was horrendous. Essentially I consider it was a rogue employee working within my card provider who’d been watching my accounts and dispatched a new card that never came to my address. But it got to someone.
It’s funny, even back then, I used to check my account daily. And I feel I was onto it early, however it was too late!
SpidersWeb said:
trickywoo said:
The modern equivalent of bought it from a bloke in a pub.
Not really.'Bloke in a pub' was virtually a certainty that would have been dodgy and both buyer and seller would have known, whereas with FBM it might be but it probably isn't, so to go accusing the buyer of being in on it doesn't really hold true.
[quote=Panamax]I think there seems to be a lot of "low value" fraud perpetrated around those little white square SumUp payment devices. [/quote.
That’s interesting.
I very rarely go to the local pubs. 3-4 times a year. They both operate with this type of payment devices. Sum up.
I was at both (pubs)about 7 weeks ago.
You’ve really got to be on your guard these days haven’t you.
If you are not thinking about finances and security 24/7 - (especially on-line) you bloody we’ll need to be.
That’s interesting.
I very rarely go to the local pubs. 3-4 times a year. They both operate with this type of payment devices. Sum up.
I was at both (pubs)about 7 weeks ago.
You’ve really got to be on your guard these days haven’t you.
If you are not thinking about finances and security 24/7 - (especially on-line) you bloody we’ll need to be.
I had a big fraud on an MBNA Credit Card about 20 years ago.
Amazingly someone had spent a great deal of money at a Fiat dealer in one transaction, I cannot recall how much exactly (perhaps £40k+).
So I rang MBNA and said this is not mine and they told me that I had bought 2 (yes two) new Fiat Cinquecentos. It was in the system as one transaction and they said the cardholder was present and had verified the deal.
I told them I was not in Manchester, had never been to Manchester and at the day in question was at Santa Pod Raceway with about 30 people from the Nissan GTR Owners Club who could all verify I was there at the point in time in question.
They got a proper investigator on it and for a long time told me I was the main suspect!
In the end they admitted it wasn't me given:
- I could prove I wasn't there
- Buying 2 Fiats was surely suspicious
- I was personally registered with the FCA, so would hardly be doing dodgy transactions, as I'd lose my career forever
- The fact that the dealer was fairly near their call centre and office suggested it was an inside job.
They blocked it and put it into dispute, but It took about 6 months for them to finally admit it wasn't me. It was obviously well done as it got through full authentication etc.
Amazingly someone had spent a great deal of money at a Fiat dealer in one transaction, I cannot recall how much exactly (perhaps £40k+).
So I rang MBNA and said this is not mine and they told me that I had bought 2 (yes two) new Fiat Cinquecentos. It was in the system as one transaction and they said the cardholder was present and had verified the deal.
I told them I was not in Manchester, had never been to Manchester and at the day in question was at Santa Pod Raceway with about 30 people from the Nissan GTR Owners Club who could all verify I was there at the point in time in question.
They got a proper investigator on it and for a long time told me I was the main suspect!
In the end they admitted it wasn't me given:
- I could prove I wasn't there
- Buying 2 Fiats was surely suspicious
- I was personally registered with the FCA, so would hardly be doing dodgy transactions, as I'd lose my career forever
- The fact that the dealer was fairly near their call centre and office suggested it was an inside job.
They blocked it and put it into dispute, but It took about 6 months for them to finally admit it wasn't me. It was obviously well done as it got through full authentication etc.
Edited by Guyr on Monday 1st July 19:00
I could write a whole chapter and more on my experience 10 years ago.
I vet all my land-line calls, I never answer, from experience it’s always some idiot wanting to sell me something - or worse.
If anyone wants me, and it’s important, they have my Mobile number.
Anyway, whilst this massive fraud was going on 10 years ago, a few weeks after the actual event. My land-line-was ringing very often. When I dialled 1471 (remember that? . Always number withheld. It kept ringing and ringing.
One day I’d had enough, I answered. This guy said: “ are you mister Jim H”, I said “yeah, and who the f
k are you? And why do you keep calling me?”
He introduced himself as detective inspector so and so from some cyber crime unit.
I’m thinking yeah whatever,I was having none of it, I was that paranoid at the time. My head was scrambled.
I asked him his badge number and name and I informed him I’d check it out. I did, I went to an operating Police Station - remember them?
He actually was a copper.
But I was trusting no one.
I actually ended up having a good laugh with him afterwards. It was a huge scam, one of the guys he was chasing he ended up arresting, then he skipped bail..Then this guys mug was on Crime Watch. It was a bloody surreal moment in my life.
£92 is fk all, £35 K in the hole is a different story altogether.
I vet all my land-line calls, I never answer, from experience it’s always some idiot wanting to sell me something - or worse.
If anyone wants me, and it’s important, they have my Mobile number.
Anyway, whilst this massive fraud was going on 10 years ago, a few weeks after the actual event. My land-line-was ringing very often. When I dialled 1471 (remember that? . Always number withheld. It kept ringing and ringing.
One day I’d had enough, I answered. This guy said: “ are you mister Jim H”, I said “yeah, and who the f
k are you? And why do you keep calling me?”He introduced himself as detective inspector so and so from some cyber crime unit.
I’m thinking yeah whatever,I was having none of it, I was that paranoid at the time. My head was scrambled.
I asked him his badge number and name and I informed him I’d check it out. I did, I went to an operating Police Station - remember them?
He actually was a copper.
But I was trusting no one.
I actually ended up having a good laugh with him afterwards. It was a huge scam, one of the guys he was chasing he ended up arresting, then he skipped bail..Then this guys mug was on Crime Watch. It was a bloody surreal moment in my life.
£92 is f
k all, £35 K in the hole is a different story altogether.Here you go, I kept an e-mail.
Names removed.
Good Morning,
Just to keep you updated of on-going developments in the investigation, on the 29th July a Dutch National by the name of Atwel Angel was Charged and Remanded for Conspiracy to Launder Criminal property, this relates directly to the bank accounts the money in your crime were transferred too.
He is believed to have entered into an agreement with a Nigerian man by the name Adjarho Akpomedaye to supply people to be used to open bank accounts for this criminality.
Angel’s next court appearance is scheduled for 19th August 2016.
As you may be aware Akpomedaye has following his arrest in December 2015 absconded and is to feature on Crime Watch at some point in September.
If you have any questions please let me know.
Kind Regards
The above text was from the cyber crime detective.
I’ve just googled his name. Mr Angel.
https://www.maidenhead-advertiser.co.uk/gallery/co...
wker.
Names removed.
Good Morning,
Just to keep you updated of on-going developments in the investigation, on the 29th July a Dutch National by the name of Atwel Angel was Charged and Remanded for Conspiracy to Launder Criminal property, this relates directly to the bank accounts the money in your crime were transferred too.
He is believed to have entered into an agreement with a Nigerian man by the name Adjarho Akpomedaye to supply people to be used to open bank accounts for this criminality.
Angel’s next court appearance is scheduled for 19th August 2016.
As you may be aware Akpomedaye has following his arrest in December 2015 absconded and is to feature on Crime Watch at some point in September.
If you have any questions please let me know.
Kind Regards
The above text was from the cyber crime detective.
I’ve just googled his name. Mr Angel.
https://www.maidenhead-advertiser.co.uk/gallery/co...
w
ker.Gassing Station | Finance | Top of Page | What's New | My Stuff