hacked debit card

[wallace]

I help my sister manage her pennys, make sure DD's are setup that kind of thing. Every so often I check her online statements. I got a shock yesterday because there were loads of payments for small amounts £15 and £18. All to a company called Beyond who are a mobile phone company in australia. Obviously someone/thing has got her details. There was even confirmation payments of 50p. I counted over 70 payments in a week.
I froze her card and notified the bank. Within a couple of hrs she was reimbursed. I wonder how they got her details, she says she only uses her card for tesco shopping, just eat and amazon shopping.

 

[Stuart]

A few months ago I gave my card number to someone I shouldn’t have. Thankfully I realised before any damage was done and cancelled the card.

New card arrived and I used it for petrol and an Amazon purchase. Two days later there were a number of debits on my account from the new card. The bank actually phoned me to check if these payments were authorised and I said no and again the card was cancelled. New card issued (again!).

Quite how someone got the new card details when it had only been used twice was beyond me. The bank refused to give me any further information just an immediate refund and the new card.

Unfortunately, I think it’s becoming the cost of using cards these days.

 

[Spectric]

You were lucky as you spotted the fraud, it seems many people don't and because they just wave their card on the machine are getting ripped off. Some retailers apparently are deliberately overcharging because the customers are not checking, there was something on Tv about this. Also we are now distanced from real money, we do not handle it on a regular basis and I believe has put us at more risk of fraud and the banks seem to have just accepted also be defrauded.

 

[Lurker]

This is one reason that, much to my bank’s annoyance, we insist on paper statements every month.
I read them, her majesty reads them and we discuss anything out of the ordinary.
Having said that, the bank has been excellent at spotting the two fraudulent transactions that we have had, within hours of them happening.

 

[Blackswanwood]

With the experience of a good few years in the payments industry it's often very difficult to find where card security has been compromised but it broadly falls into three categories.

Physical - someone has had the opportunity to take down the details which can be as simple as looking over a shoulder as a physical transaction is being made. Card fraud has strong links to organised crime (which crosses boundaries) so the subsequent transaction may not be madly the person who lifted the information. Where has the card been used? Has it been out of your sister's sight? Has anyone had the opportunity to access it surreptitiously?

Online - the retailers mentioned are unlikely to have unsecure payment portals but that relies on malware not having been dropped onto the device being used to make the transaction. It may be worth scanning the device she uses to see if there is anything hiding in the background and making sure the security software is up to date. It's not uncommon for scammers to delay making a fraudulent transaction after having gained the card details. Has you sister accessed a spoofed site of one of the retailers she thinks she is buying from? Are there other (less blue chip) organisations that the card has been used with over the last few months?

Data Loss - the card user may have got everything right and then the merchant has been subject to a data breach. The chance of being impacted increases if you give permission to the merchant to retain card details "so that you have a smoother experience next time you shop with us".

There is no silver bullet solution to card security but imho for a lot of people using ApplePay or GooglePay in conjunction with biometric security on a mobile phone is a good idea. Of course this also relies on "security hygiene" for the phone i.e. not sharing passcodes etc. Online banking is also a much more effective way to spot suspect payments than paper statements.

and the banks seem to have just accepted also be defrauded.

That's not the case at all - banks are spending millions fighting fraud and are lobbying hard for more action. We can have a theoretical debate about bank profits but the reality is we're all paying for the cost of fraud. The problem would go away if "big tech' was made to feel the pain of their unwillingness to stem the flow of fraud and it was given the required priority by the prosecuting powers in the UK.

 

[Phil]

I have had numerous attempts made at fraud on my card via phone calls from "Bank Fraud Department".
I just ask how much are you trying to steal today, end of call.
Only once did I hot-foot it to the Bank and have the card cancelled and new one issued.

Of greater concern is the hacking of websites.
Received SMS from Liberty Life, system had been hacked.
I followed up with an e-mail and received a reply:
"Your policy and investments are safe and secured.
The information accessed was full names, ID number, Tax number, bank account number."

That is extremely serious information leak. I then forwarded their e-mail to all the other institutions where I have investments including the Bank. Some of them use a OTP via SMS or e-mail which is good.
I now need to start changing all Logon names and passwords.

 

[Jonathan]

2 years ago a good friend of mine had approximately 30k taken from his business account. The bank are not reimbursing the account, lawyers are involved it’s super messy, he will probably never see this money again.
I was luckier when my card was hacked for a small amount and account was reimbursed.

A safety net option today is to have multiple banks that receive funds but has no card or wallet attached.
Then have one bank with spending account which is linked to card and wallets but only keep minimum funds available.
It’s a bit of a pain having to keep transferring funds between banks but here in Europe transactions are instant so thankfully it doesn’t take long.

 

[Blackswanwood]

If anyone is interested this is (imho) a good piece of journalism from BBC News on the topic of scammers …

https://www.bbc.co.uk/news/articles/cj60pl5g4z4o

 

[Lons]

Interesting report Robert, thanks for that.

It will only become more difficult surely as AI gets easier and simpler to access and harder to spot. Even now there are loads of cheap and free software which needs very little knowledge or experience to use. As an example, a friend in the village writes songs of a sort, can't play music or sing so basically just the words but he's managed to put them on youtube with fake music and voice. He doesn't hide it and is open but if he can, anyone can. My wife was completely taken in by Kevin's "beautiful singing voice".

 

[Woodbloke]

I have had numerous attempts made at fraud on my card via phone calls from "Bank Fraud Department".
I just ask how much are you trying to steal today, end of call.

Anyone who's not on the Contacts List on my iPhone doesn't get through - Rob

 

[Steve Maskery]

I was robbed in Limoges a couple of months ago. Two young women asking for help. They had been next to me in the queue at the supermarket. They'd seen me type in my pin. One asked me for directions while the other went into my car, opened my bag, opened my wallet and took my bank card. Within half an hour they had €1000 in cash and multiple attempts at purchases.
I did get my money back from the bank and the police were excellent, chasing it up like a proper crime, not just giving me a crime number. They got the CCTV from the ATM. But I never found out if they ever caught the bastardesses.
S

 

[RogerS]

This story in the papers was intriguing although slightly tenuous IMO



What made me chuckle, though, was this comment

 

[RogerS]

On the subject of scamming websites, I received this morning an email purporting to be from Amex. The header was the give away and the scam also confirmed by my receiving an identical email to another of my email addresses.

Out of curiosity I retyped the URL into my 'sacrificial' computer. Isolated from the rest of my network and allowed only a very restricted access to the net. It looked a very good version of an Amex website. However the giveaway was the page littered with dead links to non-existent pages. Curiosity satisfied, the 'lamb' was deep-cleansed. And once more, just to be sure.

 

[Woodbloke]

On the subject of scamming websites, I received this morning an email purporting to be from Amex. The header was the give away and the scam also confirmed by my receiving an identical email to another of my email addresses.

Out of curiosity I retyped the URL into my 'sacrificial' computer. Isolated from the rest of my network and allowed only a very restricted access to the net. It looked a very good version of an Amex website. However the giveaway was the page littered with dead links to non-existent pages. Curiosity satisfied, the 'lamb' was deep-cleansed. And once more, just to be sure.

Any emails like that looking vaguely suspicious just get deleted before they're even opened, working on the principal that if it's really genuine and important they'll get back to us. Never happens - Rob

 

[SamQ aka Ah! Q!]

it's really genuine and important they'll get back to us. Never happens - Rob

Seconded. O2 (allegedy) employ an Asian androgynous-sounding individual. Tried calling me four times so far, insisting: " We can cut your subscription" and similar keek. I simply say: " No, you can't" and hang up.

 

[Phil]

Anyone who's not on the Contacts List on my iPhone doesn't get through - Rob

Fully agree, BUT bank uses a series of number. I normally wait for the second call.

Any emails like that looking vaguely suspicious just get deleted before they're even opened, working on the principal that if it's really genuine and important they'll get back to us. Never happens - Rob

E-mails not an issue.
Gmail and Hotmail are very good in isolating mails to Spam.
I still check the Spam folder as some valid e-mails also end up there.