credit card fraud?

bhm100

We've just had ours cloned again, 3rd time in 3yrs, 2nd time in 5 months. On all occasions the card company (MBNA) have been on the ball, contacted me to check the transactions & we've not been charged.

The latest time we've not really used the card much, only 5 statements and a total of 23 different companies (which doesn't include Wiggle) so I've pursued this with their Fraud dept quite a bit. The comments were surprising....

1. It's very unlikely to be keyloggers, etc. It could just have been a personal view but one comment about data being passed on by disgruntled staff rings true. It's very easy for someone to copy a database or simply write down a few details. And virtually impossible to trace if they go to a 3rd party.
2. All the folks I spoke to disliked companies who keep your details on record & "automatically renew" your insurance/etc the following year, because they keep ALL your details & certainly sufficient for cloning, so they are good target for thieves.
3. All the transactions were phone/internet purchases and not "verified by Visa". Where goods were ordered, the delivery address wasn't ours. I asked why this happened and they said by law the seller must deliver to the address confirmed by the CC company - which is supplied when the transaction is confirmed. Delivering to a different address breaches the CC agreement - common sense really..
4. They don't normally launch an investigation... yes, really. So the chances of getting away with it on small purchases are very good. Why not ? well, IMO despite the scale of the problem they have no incentive because once they prove the delivery address isn't the card owner, they just back-charge to the vendor. And the inference was that they usually prove the wrong address in over 90% of the cases (& presumably wrong phone in the phone top-up cases ?).

FatLarry

I just got a call from MBNA advising that my card has been cancelled as they have been notified by an online retailer that stored card details had been "plundered."

The only places it's stored on line are Paypal and a certain cycle shop on the South Coast.

Paypal only for me in future.

disgruntledgoat

Two years ago I bought a £2.99 spoke magnet from said bike warehouse which ended up costing me £410 through the same fraudulant manner.

Debit Card and I'd recently turned down my lovley bank's offer to pay to keep my account with them for which one of the benefits was "Debit Card Insurance"! Joy.

Paypal only, as the chorus goes.

alfablue

Didn't your bank refund the amount? Mine did.

disgruntledgoat

alfablue wrote:

Didn't your bank refund the amount? Mine did.

They did not... I'm presuming your bike treats it's customers with less than the contempt mine did.

I say did as, pretty obvioulsy, they aren't my bank anymore.

prawny

Don't put too much faith in paypal.

My paypal account has just been hijacked through ebay I think, lots of complaints for things not received but no money in my account and 3 payments to America.
Paypal have been crap they want me to refund the people that have complained out of my own account then they will credit my paypal account. Then I have to withdraw the money from paypal again and maybe pay a handling cost! I'm really annoyed with them, I even rang and told them that I had no knowledge of the sales and they pretty much want me to sort it out myself.

I've deleted my bank and card details from the paypal account so they can't take any money from me and leaving the mess for them to sort out, I feel sorry for the people that have been scammed one guy has paid out over £700 somewhere! :shock:

stevieboy

Another victim after storing card details online at THAT online bike shop.

£3600 balance transfer to my barclaycard from someone down south who had a Lloyds Card. It was refunded after a couple of letters and my minimum payment was waived for a month. The scary bit was, the BT actually worked and was on my statement before Barclaycard even bothered to ring me.

bendertherobot

The problem with ID'ing a certain bike shop is that, statistically, people who post on here are likely to have shopped there. Thus the chance of many people having one link is fairly high. Of course it's equally high that each of us put in petrol at our local garage.

DomPro

Just got bitten by the fraud bug: looks like someone at Ribble. They made a few small purchases for mobile top-ups, followed by a very large purchase in a short space of time. Fortunantly the card company knew it was dodgy and called me up. Card cancelled, bank investigating, no harm done. Probably won't bother using them again if they can't keep my details secure. Used Visa Verification too.

blongers

I have had my debit card deatils copied and used very recently and because i barely use it i can pinpoint exactly where it was used and the fraud squad are on to it.

i gave the card details to an internet site which i won't name but it might rhyme with a city in germany that we almost destroyed in 1944/45....

after visiting the store/warehouse since and seeing that the card details are processed manually it is obvious that this is an internal affair..
i had not used my card for weeks before and made this one only transaction, then a couple of days later i found that my card had been stopped and when i checked online... there were a load of vodaphone top ups that had gone through...

i asked the bank if they were going to persue it with them only getting upto a couple of hundred pounds before it was stopped and they said that they would.
i will get my money back but i did offer to deal with it myself if they were not interested.

i will not use the internet anymore to scour around for the cheapest deal anymore... local shops might charge you a little bit more but you won't get this problem and it is much easier to sort out any problems with the goods afterwards.

bendertherobot

Again, how can people be sure that it's Berlin or Dibble when they use their cards to buy petrol and down the corner shop?

Hang on. Berlin use Protx and don't store the details. They even do verified by Visa (at least for me). So the above post, if it's Berlin you mean, makes no sense!

blongers

i did not use my debit card for 5 days before that transaction and then when i tried to use it a few days after it was already blocked.... and it shows on my statement that the phone topups were on the same daysas my card was processed in that rhyming german city..

there was no verified visa or paypal....

bendertherobot

Check their website. It's PROTX. They don't HAVE your details.

"Credit card security
We now use Protx to process our on-line orders, Protx is one of the leading payment service providers allowing transactions to be processed by Streamline, Royal bank of Scotland and Natwest card processing. This is probably the most secure credit card payment method available, using all the latest encryption methods. Your credit card details are not stored on any servers or computers."!

amaferanga

Get a card and bank account specially for internet purchases. That's what i did after I was *****ed. Then just transfer what you need onto the card to make a purchase using your internet banking so even if someone does get your details there's nothing for them to steal.

nickwill

I've been caught out twice almost immediately after making a purchase from the Portsmouth firm. After the first time, and reading the rumours on here, I started using their Paypal option. I had no further problem till I made a purchase in a hurry and used their standard system. Within 2 days, Access were ringing me up to inform me of a fraudulent transaction!
Both frauds involved a prepay transaction for O2.

I am now wary of using them, despite their great service. If and when I use them again, I will use Paypal. I feel very sorry for the firm as I feel they are a quality outfit.

tiny_pens

For those who believe that verified by visa will keep your details safe might want to reassess the situation. Turns out its not too difficult to reset the passwords (given that any fraudster would already have your card details to get to start a purchase in the first place)

http://fonant.blogspot.com/2008/06/verified-by-visa-barclays-style-zero.html

Sure its better than nothing but I wouldn't want to have to argue with my bank that I hadn't made the transactions even though the purchases had been through the verified by visa security checking.

Try it out some time

Tiny

bendertherobot

tiny_pens wrote:

For those who believe that verified by visa will keep your details safe might want to reassess the situation. Turns out its not too difficult to reset the passwords (given that any fraudster would already have your card details to get to start a purchase in the first place)

http://fonant.blogspot.com/2008/06/verified-by-visa-barclays-style-zero.html

Sure its better than nothing but I wouldn't want to have to argue with my bank that I hadn't made the transactions even though the purchases had been through the verified by visa security checking.

Try it out some time

Tiny

My point was not that it was neccesarily safe but that it was used. The poster above claimed that "Berlin" manually entered details which is incorrect.

The thing about fraud is that people will look at the most common link. Technically every person who has had a fraud on here is a member of bike radar. And they don't do fraud. I would think everyone is a member of Amazon, one which DOES store your details. And I've never heard about them doing fraud either.

Tempestas

Couldn't agree more with the above post, everyone here uses a bike and are quick to spot the link. But think about it, how many forum users are on here and have been effected? it's a tiny minority and if one of the companies you mention actually had a problem don't you think there would be a lot more posters?

Chances are the problem is at the card issuers end or even before the card reaches you, these people have a large number of cards available to them and may not use them for a while. I just buy using a CC now and am happy that it will be covered.

dilemna

I was targeted about 4 years ago for just under £3,500. I bought ferry tickets at the now defunct speedferries. Went to France for two weeks cycling and while I was in France my card number went on a spending spree with some one else. First few transactions were small shopping transactions just testing my card then mobile phones then fraudster purchased a £2,500 all singing all dancing flat screen TV another £700 on another item which I can't remember. As far as I know none of these items turned up at my address I hasten to say. Anyway the bank/credit card company stopped my cards, subsequently voiding the transactions and cancelled removed them from my account. Thus I was reimbursed. It was a simple phone call to establish which transactions were mine and which weren't. They accepted my word without question which given all the horror stories you hear was a relief. I supposed they couldn't do otherwise as I was in France I guess the fraudulent transactions did not originate from there so they couldn't do anything else. However I heard nothing more so presumed they weren't interested in pursuing the culprit(s) for the stolen goods/funds.

It was a bit inconvenient as my card was stopped as the purchases had been flagged up by the bank/credit card software as unusual items - for me. I had told them I was going to France as well maybe this was my error. I had very little money for the 2nd week of my cycling holiday which was a bit of a bummer and just made it home where I could draw on more funds.

Following the big petrol station credit and bank card skimming scam in many major fuel stations a few years ago I NEVER use a plastic card to pay for fuel always CASH now. In fact I try to use cash where ever possible except sadly you can't for online shopping. I don't think this type of fraud is restricted just to on-line cycle shops. It's everywhere. ITV news regularly features corrupt banking/financial workers who sell customers' details including passwords and pins. Also the weak link might be your own computer if you have a malevolent programme you don't know about watching or recording what you are doing. I've not had a problem yet with the site that has an aunt in Germany in Berlin. Never used the site based in Portsmouth so cannot comment. I'm sure they get just as frustrated and annoyed as their customers when fraud occurs. We all pay for it ultimately.

For those who have not yet suffered fraud or it has been some time, it's not if you will be targeted but when. Chip and Pin was supposed to be totally secure. It is certainly not as the Ingenico made card and pin readers can be opened and a replacement chip placed inside to record pin as well as card numbers so fraudsters don't even need a camera to record customers entering pins. The fraudsters just down load the data from the unit every now and again then start spending. Saudi Arabia has the right attitude to thieves – a bit of torture, cut their hands and arms off.

man2wolf

I've been buying stuff over the Internet for years and never had a problem - until last week! Suddenly had fraudulent transactions on my Visa card, Several mobile phone top-ups and a kebab shop down south. I bought a jacket from Ribble a couple of months ago, first time I've used them. It may just be a coincidence though!

blongers

bendertherobot...

thanks for your comments but i have to refer back to my original post... i had not used the card at all leading up to the purchase from rhyming german city.
when i looked a my statements online there was the details of the transaction for goods and on the same date the fraudulant transactions.

there is no way that site can be secure regardless what they say about the system and how can anyone be sure that nobody can access the details?

you mention amazon.. i have actually bought lots of stuff from that site... never have to put my details in because they are already stored after the first purchase and i have also never heard of a fraud from amazon.

anyway... will be ordering a new frame for the summer later this week (and it will be local store) so time to look forward to something positve

bendertherobot

blongers wrote:

bendertherobot...

thanks for your comments but i have to refer back to my original post... i had not used the card at all leading up to the purchase from rhyming german city.
when i looked a my statements online there was the details of the transaction for goods and on the same date the fraudulant transactions.

there is no way that site can be secure regardless what they say about the system and how can anyone be sure that nobody can access the details?

Because they don't HAVE the details. Protx do.

bendertherobot

blongers wrote:

you mention amazon.. i have actually bought lots of stuff from that site... never have to put my details in because they are already stored after the first purchase and i have also never heard of a fraud from amazon.

Can you prove it wasn't amazon?

blongers

if you read and understood my posts you will clearly see that i had not used my card for sometime eitherside of that particular transaction and the fraud was on exactly the same day!!!

maybe you are somehow connected to germany??

bendertherobot

blongers wrote:

if you read and understood my posts you will clearly see that i had not used my card for sometime eitherside of that particular transaction and the fraud was on exactly the same day!!!

maybe you are somehow connected to germany??

Connected? If I was I'd have a word with BikeRadar about allowing you to post unfounded allegations.

So, explain again. How did Berlin get the details from Protx?

skylark

What is all this Berlin, Germany talk?

bendertherobot

skylark wrote:

What is all this Berlin, Germany talk?

Rhymnes with Berlin. Might have been a wizard.

blorg

And there I was trying to figure out what bike shop rhymed with Dresden. Personally I have my card details stored with the Portsmouth outfit and have never had a problem. Their customer service on the other hand has always been excellent.

Droops

Just got back from a short holiday to discover an e-mail from NatWest confirming that I changed my NatWest Secure password last Sunday.
Oh God - I was in the middle of nowhere on Sunday; no phone coverage; no internet.
I immediately checked my Mastercard account online to see that four internet purchases were made, also on Sunday, totalling around £10k.
A quick call to NatWest has got them on the case and they will reimburse the payments, but it now means I must get a new card (again).
The interesting thing here is that the fraudster actally PHONED NatWest secure to change the NatWest Secure password, thereby verifying that they have all the required details to commit the fraud.
Ironically, the call was probably made using airtime previously stolen from someone else's card!
Whilst I applaud NatWest/Mastercard for reimbursing the payments without fuss (as they also did when a similar thing happened six months ago) I'm afraid that, in some ways, they shoot them selves in the foot by repeatedly increasing credit limits on cards without being asked. I didn't request a £10k limit on my card. I don't need a £10k limit on my card.
Incidentally, in the past few months I have made purchases from Wiggle, Merlin, Ribble, Parker, CRC, Forest of Dean Sring Classic, Dragon Ride, Amazon, Marks & Spencer, Waterstones, Richer Sounds... It's for NatWest's fraud team to ascertain whether any link exists with any of these vendors.

I will now take the advice of Amaferanga and open a bank account just for internet use, and transfer only enough money to cover each purchase.
Why should I bother when NatWest reimburse me without question? Because it's crime and I have a moral duty to help prevent crime.

andy_wrx

Droops wrote:

I didn't request a £10k limit on my card. I don't need a £10k limit on my card.

They do seem to have cut down on this unasked-for credit increase tactic recently, but yes I had one card which came with a £17500 credit limit and I rang them up and had it reduced to £5000 : their reaction was like I was the only person ever to have done this...

I work in computer software, which takes orders and card details, interfacing to card processors/banks, and I know the way card security is supposed to be handled (Google PCI DSS if you're interested) and the hoops that makes us jump though when designing/coding our product, but goodness knows what actually happens when you purchase using a card on some websites, or use it in a restaurant or filling station, or what the card-issuer's outsourced call-centre and data-processors in India do with your card details, etc...

Having had my card details compromised twice I now carry two cards in my wallet (nothing like the embarrassment of being told your card is stopped when you try to use it at the tyre garage, in front of a queue of other customers, and wondering how you're going to pay for those tyres just fitted to your car...) and have another one in the safe at home, which is the only one I use for internet purchases...