hacked debit card

[wallace]

I help my sister manage her pennys, make sure DD's are setup that kind of thing. Every so often I check her online statements. I got a shock yesterday because there were loads of payments for small amounts £15 and £18. All to a company called Beyond who are a mobile phone company in australia. Obviously someone/thing has got her details. There was even confirmation payments of 50p. I counted over 70 payments in a week.
I froze her card and notified the bank. Within a couple of hrs she was reimbursed. I wonder how they got her details, she says she only uses her card for tesco shopping, just eat and amazon shopping.

 

[Stuart]

A few months ago I gave my card number to someone I shouldn’t have. Thankfully I realised before any damage was done and cancelled the card.

New card arrived and I used it for petrol and an Amazon purchase. Two days later there were a number of debits on my account from the new card. The bank actually phoned me to check if these payments were authorised and I said no and again the card was cancelled. New card issued (again!).

Quite how someone got the new card details when it had only been used twice was beyond me. The bank refused to give me any further information just an immediate refund and the new card.

Unfortunately, I think it’s becoming the cost of using cards these days.

 

[Spectric]

You were lucky as you spotted the fraud, it seems many people don't and because they just wave their card on the machine are getting ripped off. Some retailers apparently are deliberately overcharging because the customers are not checking, there was something on Tv about this. Also we are now distanced from real money, we do not handle it on a regular basis and I believe has put us at more risk of fraud and the banks seem to have just accepted also be defrauded.

 

[Lurker]

This is one reason that, much to my bank’s annoyance, we insist on paper statements every month.
I read them, her majesty reads them and we discuss anything out of the ordinary.
Having said that, the bank has been excellent at spotting the two fraudulent transactions that we have had, within hours of them happening.

 

[Blackswanwood]

With the experience of a good few years in the payments industry it's often very difficult to find where card security has been compromised but it broadly falls into three categories.

Physical - someone has had the opportunity to take down the details which can be as simple as looking over a shoulder as a physical transaction is being made. Card fraud has strong links to organised crime (which crosses boundaries) so the subsequent transaction may not be madly the person who lifted the information. Where has the card been used? Has it been out of your sister's sight? Has anyone had the opportunity to access it surreptitiously?

Online - the retailers mentioned are unlikely to have unsecure payment portals but that relies on malware not having been dropped onto the device being used to make the transaction. It may be worth scanning the device she uses to see if there is anything hiding in the background and making sure the security software is up to date. It's not uncommon for scammers to delay making a fraudulent transaction after having gained the card details. Has you sister accessed a spoofed site of one of the retailers she thinks she is buying from? Are there other (less blue chip) organisations that the card has been used with over the last few months?

Data Loss - the card user may have got everything right and then the merchant has been subject to a data breach. The chance of being impacted increases if you give permission to the merchant to retain card details "so that you have a smoother experience next time you shop with us".

There is no silver bullet solution to card security but imho for a lot of people using ApplePay or GooglePay in conjunction with biometric security on a mobile phone is a good idea. Of course this also relies on "security hygiene" for the phone i.e. not sharing passcodes etc. Online banking is also a much more effective way to spot suspect payments than paper statements.

and the banks seem to have just accepted also be defrauded.

That's not the case at all - banks are spending millions fighting fraud and are lobbying hard for more action. We can have a theoretical debate about bank profits but the reality is we're all paying for the cost of fraud. The problem would go away if "big tech' was made to feel the pain of their unwillingness to stem the flow of fraud and it was given the required priority by the prosecuting powers in the UK.

 

[Phil]

I have had numerous attempts made at fraud on my card via phone calls from "Bank Fraud Department".
I just ask how much are you trying to steal today, end of call.
Only once did I hot-foot it to the Bank and have the card cancelled and new one issued.

Of greater concern is the hacking of websites.
Received SMS from Liberty Life, system had been hacked.
I followed up with an e-mail and received a reply:
"Your policy and investments are safe and secured.
The information accessed was full names, ID number, Tax number, bank account number."

That is extremely serious information leak. I then forwarded their e-mail to all the other institutions where I have investments including the Bank. Some of them use a OTP via SMS or e-mail which is good.
I now need to start changing all Logon names and passwords.

 

[Jonathan]

2 years ago a good friend of mine had approximately 30k taken from his business account. The bank are not reimbursing the account, lawyers are involved it’s super messy, he will probably never see this money again.
I was luckier when my card was hacked for a small amount and account was reimbursed.

A safety net option today is to have multiple banks that receive funds but has no card or wallet attached.
Then have one bank with spending account which is linked to card and wallets but only keep minimum funds available.
It’s a bit of a pain having to keep transferring funds between banks but here in Europe transactions are instant so thankfully it doesn’t take long.