PDA

View Full Version : Debit card fraud.


Pelikal
4th May 2012, 16:49
Hello all. I know this topic of card fraud pops up now and again but I thought it couldn't happen to me. I believe I take precautions. I am on JSA so things are a bit tight but I do like a cold cider. So asked ATM for a tenner at the local Teskie store. NIL available. Printed off a mini-statement and there were 2 transactions that made no sense at all, totalling nearly £500. Very odd amounts were deducted. Went to bank to query transactions and they printed off the transaction details. KRW 850,000 on my debit card had been spent in S.Korea!!!

Fraud team is looking into it. How were my details nicked? I rarely go beyond my local county boundaries let alone ******* Korea. This was an ATM fraud. Bastards, I have enough to cope with. The sooner N and S Korea annihilate each other the ******* better and the same goes for all the other ****ers.

Bank Manager assured me I would be credited with the stolen amount.

eastern wiseguy
4th May 2012, 17:17
My buddy had something similar. He was with Halifax and had his card "hacked". He lives in Northern Ireland...is partially sighted and only used the card in branch.

Long story short ...someone extracted over a grand in small amounts .The bank insisted it was HIS fault and he must have given the card to someone.The kicker was as he was in the bank complaining someone was attempting to purchase sporting goods in the good county of Essex with "his" card .

They eventually paid him back. Thought chip and pin was supposed to stop this nonsense?

good spark
4th May 2012, 17:24
ew
your quite right, we where told chip and pin was the silver bullet to stop this bullsh1t
so what happened?

gs

sitigeltfel
4th May 2012, 17:32
Just wait until "Near Field Communication" becomes widely used. The scammers will think all their Christmases have come at once.

rgbrock1
4th May 2012, 17:41
Debit card fraud is increasing on a daily basis. The FBI over here has issued informa-grams about it. There are myriad ways of stealing debit card details but, at the end of the day, the bank issuing the debit card should return the stolen funds to the owner forthwith. (Once it has been established that it was indeed fraud.)

green granite
4th May 2012, 17:57
I suppose, if you have online banking, you could change your pin every day.

Worrals in the wilds
4th May 2012, 18:05
Don't you have to change the pin at an ATM? Neither of my banks offer that service online.

As for chips and pins, I guess the 'nature builds a better mouse' theory applies. :(

ehwatezedoing
4th May 2012, 18:09
I've been screwed 1000$ in two withdrawals. And my account was actually automatically blocked by the bank itself.
Since I could easily prove that I was not in the same area, they reimbursed me without problems. The only hassle was not having access to my account anymore at the time.

Thing is, no matter how careful you are while paying with your debit card, you can still become a victim of fraud.
A machine registering your swipe or chip and PIN numbers can be connected to another one without your knowledge-->This a statement who came from the bank clerk reinstating my account while I was a bit inquisitive about frauds methods.

And so far, it is still cheaper for banks to reimburse those types of frauds than to invest into a much better security system.

Ancient Observer
4th May 2012, 18:11
Wasn't there some (decent Uni) Prof who proved that chip and pin was easy to fiddle?
Also, when I use lots of stores, after I've entered my pin, the screen says "pin OK". I guess that means that millions of machines can read the chip, and the pin. Otherwise, how would the machine know that the pin was OK?

hellsbrink
4th May 2012, 18:17
Wasn't there some (decent Uni) Prof who proved that chip and pin was easy to fiddle?

Been plenty fiddles

EMV - Wikipedia, the free encyclopedia (http://en.wikipedia.org/wiki/EMV)

eticket
4th May 2012, 18:17
As sitigeltfel mentioned, the future is not looking good unless you wrap your cards in tin foil.

Robbed by radiowave | The Sun |Features (http://www.thesun.co.uk/sol/homepage/features/4285837/Robbed-by-radiowave.html)

SpringHeeledJack
4th May 2012, 18:31
What's of more concern is the woman in the Sun article and those huge antennae attatched to her lugs :}

One commenter said

im Amazed by this article as its very inacurate to anybody who knows anything about rfid technology . You would be lucky to get a read from 2cm with this device and in a bag with in a wallet almost impossible. From 3 feet wih this device completely inacuate. I was particularly interested to hear about the possibility of having this device on continuous read mode and walking down the train station collecting hundred of cards - again a acomplete load of rubbish . HF frequency technology has a realistic read range of 1-4cm and this device will not read any further . i think we should be educating people on the realistic chance of fraud happenning rather than trying to promote your company selling rfid blockijng wallets for your own gain.

which seems a bit more realistic, but in general I'm less happy about RFID and it's many increasing uses in our daily lives.



SHJ

Pelikal
4th May 2012, 18:57
Ok, thanks to all for informing me that a tinfoil hat is no longer effective in such circumstances. I had such faith in my tinfoil hat:{x2. Some bastard in S.Korea has £500 of mine and I will get it back.

Waterfordman
4th May 2012, 20:01
Have you ever used your card online? It doesn't have to be an over the counter theft these days.

Frequent change of passwords is recommended, just don't write them down anywhere either :rolleyes:

OFSO
4th May 2012, 20:04
Wife done twice, suspected selling of card details after on-line purchase.

After theft of details, first purchase by thieves is a test purchase for a few pounds, both times this was purchase of a pizza in Sydney NSW.

Card immediately blocked by bank, wife called, "fraudulent use of your card by thieves".

New card & PIN.

Until next time.

G-CPTN
4th May 2012, 20:04
How do you suggest remembering PINs (and passwords) if you frequently change them?

I have enough difficulty remembering those that I already have . . .

DX Wombat
4th May 2012, 20:06
Conversation with Security Branch of Bank one morning: "Good Morning Wombat, Fred from Bank Security here," then, several routine security questions later, "have you authorised a payment of £2,000 this morning?". Me - "NO! Absolutely not!" Fred; "Thank you, the account is now blocked and a new card will be sent out to you." Card duly arrived within a few days and not a single penny was removed from my account. Not a nice experience but helped by the prompt, efficient action of the bank.That is a very condensed verion of events.

Waterfordman
4th May 2012, 20:17
I think we all struggle to remember passwords from time to time. Just use a series that you will always associate with something personal to you. Then again it also depends how much use you make of them too.

flying lid
4th May 2012, 20:18
How do you suggest remembering PINs (and passwords) if you frequently change them?

I have enough difficulty remembering those that I already have . . .


Same here - and I do write them down, but in a very, very cryptic way, which is only recognisable by me. I don't carry around these cryptic reminders though, or stick em on a post-it note on my computer !!

Example - PIN = The first 2 numbers of your your last address, first 2 numbers of your wifes car (say its a ford). Only you know those nos in your head, and your cryptic reminder would be "LADFORD" (Last address ford). Link it to your card cryptically to. So a Mint c/card would be written as "POLO LADFORD" (Polo = Mint - Polo Mints !!!!!!!!!!)

Easy (for me, anyway), and it works.

Lid

1DC
4th May 2012, 20:28
youngest daughter lives in Oz,she got a call from the bank asking if she had just made two transactions in Thailand. She hadn't and had $7000 taken out of her bank.Bank assured her she would be credited,she pointed out that she didn't have enough money left in the bank to make her monthly payments so could they credit her straight away. Bank said it could take up to six weeks so she asked how she was going to make her payments. Bank offered her a loan at their standard rates:ugh::ugh::ugh: After throwing a wobbler she had it resolved..

racedo
4th May 2012, 20:29
Conversation with Security Branch of Bank one morning: "Good Morning Wombat, Fred from Bank Security here," then, several routine security questions later, "have you authorised a payment of £2,000 this morning?". Me - "NO! Absolutely not!" Fred; "Thank you, the account is now blocked and a new card will be sent out to you." Card duly arrived within a few days and not a single penny was removed from my account. Not a nice experience but helped by the prompt, efficient action of the bank

Had pretty similar happen and it was within 30 minutes of attempt in Canada, local branch told me was a single petrol station generating funds for LTTE in Sri Lanka.

Course they called me 1st and I refused to tell them anything, I rang back and while guy amused he said 95% of people just accept his call without querying him being real.

DX Wombat
4th May 2012, 20:55
Racedo, I had a message left on my answerphone to ring Fred at the Bank Security followed by the number to call. I didn't recognise the number and could not find it listed on the Bank's website so I used a number which I knew was genuine, rang the Bank, told them what had happened and was told that Security had indeed been trying to contact me and was then put through to the department concerned. All very helpful and efficient. I have since had a follow-up call and letter to make sure I was happy and understood that no money had been taken from my account. :ok:

ExSp33db1rd
4th May 2012, 21:13
How do you suggest remembering PINs (and passwords) if you frequently change them?

I have enough difficulty remembering those that I already have . . .

Here ! Here !

and for those of us suffering from EGBF ( Electronic Gadget Brain Failure ) not a chance - or am I the only one ? -

Was told of a new trick recently, think of a word, then use the numbers that relate to the letters on a mobile phone key pad, i.e. MATE becomes 6283, words being easier to remember than numbers, trouble is, I have established a lot of numbers and am now trying to invent words to fit what I already have - not very good unless you are a Scrabble ace. ( and of course you need to carry a mobile phone with keys - Grrrrr. )

'course, for those of use with EGBF - no hope.

Pelikal
4th May 2012, 22:19
Just checked and money back in my account. Do we have to carry an ******* machine around with us? Hats off to NW for sorting it so quickly but it should not have happened.

Worrals in the wilds
4th May 2012, 22:31
Glad you got your money back, anyway.
Fortunately I've not been dudded (yet :() but I've had two cards cancelled due to 'suspicious activity', which according to the bank was a series of small transactions to test the number's validity.

She hadn't and had $7000 taken out of her bank.A friend had a similar thing happen, also in Oz. We all had to lend him money so he could eat. After that I've always kept a few hundred in cash, just in case the wheels fall off the cyberbanking wagon. That wouldn't help with the mortgage though.
i think we should be educating people on the realistic chance of fraud happenning rather than trying to promote your company selling rfid blockijng wallets for your own gain. Do you need to buy a special magic wallet :confused:? I just put two sheets of cooking foil in mine to be on the safe side, one in each side pocket, at a cost of about two cents.
Tin foil wallet alert... :O

vulcanised
4th May 2012, 22:34
It only works if you puit the shiny side out.

Pelikal
5th May 2012, 10:24
Worals, thanks for your note. I still don't underastand how it happened.

ExSp33db1rd
5th May 2012, 10:30
It only works if you puit the shiny side out.

Isn't that Flying Lesson No. 1 ? ( keep it shiny side up, rubber side down)

cwatters
5th May 2012, 11:02
It doesn't seem hard to break the system. Just get yourself a reader, modify it, get a temporary job in a petrol station, swap the machine on the night shift..

UK police raid chip and PIN hacking operation - ZDNet Asia News (http://www.zdnetasia.com/uk-police-raid-chip-and-pin-hacking-operation-62044967.htm)

To date, compromised chip and PIN terminals have been found in less than 30 retail outlets throughout the [United Kingdom]

There have been other hacks discovered. This one used a box of tricks between the reader and the terminal. Basically it fools the terminal into thinking a valid pin has been entered when it hasn't. The banks records show a valid Pin has been entered leaving you the difficult job of proving you didn't give out the pin to someone..

BBC - Newsnight: Susan Watts: New flaws in chip and pin system revealed (http://www.bbc.co.uk/blogs/newsnight/susanwatts/2010/02/new_flaws_in_chip_and_pin_syst.html)

Using the cards, Dr Drimer keyed in 0000 as the pin. Since there is no need for the criminal to know the actual pin associated with the card, any combination should work.

It did work, and the printout stated that the purchase had been "verified by pin".


In reality, though, how easy would it be for someone without a PhD in computer science to carry out this attack?

"Even small scale criminal systems have better equipment than what we have. The amount of technical sophistication needed to carry out this attack is really quite low," Dr Steven Murdoch, one of the team, told Newsnight.



The source code for that was released on the web in 2010 I think.

Worrals in the wilds
5th May 2012, 12:59
Debit cards work through the visa/mastercard network, so I guess they're susceptable to the same frauds because the system has the same weaknesses. The only difference is that the fraudster is limited by the available funds in the account, rather than the credit limit. Maybe a solution is to have two accounts; one hooked up to the debit card with a small amount of operating cash, and another account with no card access from which you can dump funds to the other account as required.

Have any Aussies out there had a fraud through the EFTPOS system? In Australia this is much more common than the Visa/Mastercard based debit card systems favoured in the UK and Europe.

alisoncc
5th May 2012, 13:25
I routinely use a VISA debit card for online and instore purchases, but I never have significant amounts of money in that particular account. Typically there wouldn't be more than a couple of hundred dollars max at any point in time.

I have other seperate accounts with the same bank that are not connected with the card in any way, and I am able to transfer funds into the Visa Debit card account instantaneously via Internet banking. So I manage the cash that is accessible through the card keeping it to a sum that I can afford to lose without it causing me to much grief.

Solid Rust Twotter
6th May 2012, 08:45
It only works if you puit the shiny side out.

Wot? No peanut butter...?


I pay in cash for pretty much everything I buy. Debit card used to draw cash and that's about it. Makes it easier to track any dubious activity as it's rarely used and hardly ever for direct purchases.

A A Gruntpuddock
6th May 2012, 11:25
I also got a call from bank security about a suspicious transaction (RBS).

Card cancelled and replaced very efficiently without loss of funds.

When I queried how the miscreants had managed to get the numbers, I was told that nowadays they use computers to generate numbers and test them on shopping sites.

When they get a hit showing that the number is the same as a genuine card, they then cycle through all 999 security number combinations to find the right one.

Fortunately the bank security software caught this one at the first stage.

ShyTorque
6th May 2012, 21:42
Nearly 20 years ago, chip and pin was first introduced in East Asia. Its security was compromised almost immediately. Following what I learned out there, I am of the opinion that a system (i.e. the "old fashioned" one) that will only recognise a personal signature must be more difficult to forge because it is far more complex to forge a signature than it is to discover a four number PIN code.

On coming to live in UK, I've watched it all happen again.

I've also been a victim of attempted card crime myself. Someone attempted to buy expensive shoes, via an online purchase, after phoning me to try to get more details from me by posing as "the police". I asked for a name of the caller and got a gobbledegook answer and the person put the phone down. Someone else rang again, (different voice) within five minutes but gave a slightly different story. I told this caller I was going to get the police involved, which I did.

On arival at home, there was an answer machine message from a German company who told me they had blocked a suspicious attempt to buy expensive shoes from them via my Visa card. Someone had given them my home phone number. The police took a statement. Never got any feedback, but thankfully the transaction was blocked. I did have to cancel my card.

Keef
6th May 2012, 22:00
I had the same experience a couple of weeks ago. Bank called: asked date of birth and home postcode (that's all they get on a cold call). Had I made a cash withdrawal of X...

They are pretty good at spotting the dodgy ones - they get them before they even hit my account.

911slf
20th May 2012, 09:36
If you want a brief non technical introduction to this, try this link.
RFID Range. What Affects The Distance You Can Expect RFID To Work Over? (http://www.wireless-technology-advisor.com/rfid-range.html)

It seems that if you are a crook you could greatly increase the range at which you could read a card by using an illegally powerful transmitter.

My son had his card hacked for the first time within two weeks of a contactless version being issued to him. He informed the issuer that unless they could guarantee to replace it with a traditional card he would close the account. They denied it was hacked in this way but - well they would, wouldn't they.

So long as there are some card issuers that don't use this technology, it is possible to selectively give them your business.

By the way, I recall a story from some years ago about a Cambridge student suspected of stealing books from a library. She was not, but set off the alarm every time she left. It turned out she was wearing stolen jeans with an rfid tag. So certainly that reader worked at a distance of a few feet.

Tableview
20th May 2012, 09:47
Here's a silly one. I did two internet transactions the other day on my Euro credit card for €9.50 each, both for the same provider. Next day, the CC provider called me with some bilge about getting a loan at a preferential rate so I told them not to waste my time with marketing calls, not interested, tot siens, dankie, goodbye.

Next day went to use same card for some shopping and it was refused. Paid cash, went back to the house, called them, and they said my card had been blocked because of a suspicious internet transaction (the second €9.50) and that they'd tried to call me. So they start their security verification call with an attempt to sell a product. Grrrrrrrrrr.... as one might say. B-wankers.

OFSO
20th May 2012, 11:02
Next week I'm treating my about-to-be 90-year old mother in law and her sisters to a birthday lunch. Given where we are going for lunch*, and the appetite these very elderly ladies have for fine food and drink - especially drink - the bill will be astronomical.

I wrote to my bank telling them to remove the card's limit to a transaction between *** and *** on the ***th May at the *** restaurant. They called back on my mobile and said they will check on the phone with me when the transaction is made.

I will be reporting back to JB on this one. Unless we have to stay and wash dishes after my card is refused.

* It would have been cheaper to book 'em all on a Virgin sub-orbital flight, I think. Maybe next year.

OverRun
20th May 2012, 12:11
INTERESTING THREAD ON CREDIT CARD FRAUD (not me or mine)

[Chaps - this is not me, it is simply a very interesting post]

I used to work fraud detection for a shall-not-be-named card service department, so I can walk you through my process that I used at the time...

We used software that I can remember the name of that basically tied a bunch of different databases together.

These databases were directly fraud related (collections and customer service had access to the same databases, but filtered through a specific portal that probably made more sense for their job).

The first thing that happened in this program was that transactions went into a queue. These queues were sorted by priority of how likely you were to find fraud in them, and accounts would go into queues at different times depending on the risk factors. So, risk factors:

1)Testing charges. These are usually online charges through known online vendors that a scammer can use to test a card number as valid. These have been mentioned before in the thread, but there were certain vendors that would fade in and out of popularity (I'm not naming names) that would allow very small (usually 1 dollar) charges on a card and produce some sort of digital product that allowed them to verify “yes this card works” or “no, this card is already being monitored”. They also told us that sometimes there were random guessing programs just trying to stumble across cards (as cards follow certain numbering rules, making it slightly more probable, and there being so many unused cards like college students get at football games and never touch). I'm not sure that I believe that last part, but that's what they told us. So Amazon MP3 followed by newegg... probably going to get called.

2)Another type of testing charge (usually in cases of physical card theft) is the gas charge. Gas is something you can buy almost anywhere without being on camera or talking face-to-face with a clerk. A crook will steal a card, test it at a pump, and then go on a spending spree. So gas followed by best buy.... probably going to get called.

3)Out of Country charges. This is an indication that a card has been compromised by a foreign entity (Russia and Turky were two concerns at the time) and fake plastic has been made and is being used until it's found. Many, many customers are legitimately using their cards in foreign countries and get cut off for what they see as no reason. You card company has a reason: mostly that they're legally obligated to refund you for any transactions that are made on your card and pissing off a handful of people versus catching stuff before it becomes tens of thousands of dollars is an economical choice. This is also the case if we almost always see charges coming from Delaware and all of sudden California. Cards leave a datatrail of where they're used, so almost always used in X suddenly used miles away in Y... probably going to get called.

4)SIC Code doesn't match. SIC codes (I think that's what they're called) are different types of merchants. Let's say that a person always uses their card for fast food, gas, and sometimes clothes shopping. All of a sudden we have $2000 dollars coming through from electronics. Probably going to get called.

5)Time in queues. If something starts off as low risk, but keeps coming back again and again it's going to get moved up in the queues until someone finally looks at it.

There are also queues that get specially created. When TJ Max lost a hard drive with credit card info on it, then all of the effected accounts were moved to a TJ Max queue, which we would put priority on working. There were byzantine ones that we were told never to touch, but probably had some highly classified purpose.

We could work whatever queues we wanted to. Basically we would start our systems up in the morning, and there would have been a message from management saying “We've been getting a lot of fraud-found cases in X45, start there and work until its done, and then work other high priority queues”.

Where this comes into play was our incentive. We had a lot of freedom – a scary amount of it, in retrospect. We could work whatever queues we wanted to. If we suspected fraud we would try and contact the customer to verify the charges. If we couldn't contact them, then we had the power to stop that card. BUT, if we mis-identified fraud, then there was a monitoring system that told our boss. If we didn't work fast enough there was a system for that. If we worked fast by spending all day in a queue with little priority and almost no fraud in it, then our boss would know. The pay sucked, but a monthly incentive of a few hundred bucks could make it decent. There were also teams of fraud finders, and quarterly incentives for teams (like free lunches, baseball tickets, etc.)

The way that I worked was this:

I know that a certain queue pulls certain accounts for certain reasons. I tended to trust the initial computer selection to do its job, more or less, so I used that as my base point.

My first task was to take a look at the charge that specifically tripped the fraud alarm. I would look at it and first think to myself “Do they have a history of this?” I would compare this against demographics. An 80 year old woman who buys food for 6 months, and all of a sudden a charge coming through from steam? Probably not passing on that one. A 20 year old college student who charges everything from clothes to books, and then an iTunes purchase? Maybe they just got an iPod, I'll pass on it.

Cases weren't always cut and dried, so there's other things I can look at. I could see where plane tickets were purchased to and from. So if we have a plane ticket bought from BWI to LAX and sudden out-of-character charges for shopping in California, well... yeah, probably. I could see previous history through a comment log. Other operators (regardless of department) are obligated to comment each interaction with an account. For example, after working an account that I passed on I might write:
“CHRGS COMING FROM OOS (out of state) BUT GAS TRAIL FROM HOME LOCATION TO CURRENT LOCATION PLUS HISTORY OF TRVL. N/A”

The reps who took the incoming calls would also comment. If I looked in there and saw “PERSON CALLED IN AND WAS UNABLE TO VERIFY NON-TRAD (non traditional info: stuff like previous address and drivers license number ). DENIED ACCESS” I might be suspicious. If they'd recently changed their address, that was a red flag. We also had access to databases like lexis-nexis to search records in the DMV and whatever.

So here's a TLDR answer to your question:
When you use that card you're being watched. Sometimes by a person, but most often by computers that analyze and store every purchase you make. Even if you don't know it you have a data trail, and that data trail has a signature to it. When something breaks that signature, and is surrounded by other suspicious details, it either get automatically handled by a computer, and will eventually be handled by a human. The testing charge was suspicious, but maybe by itself wouldn't have mattered. Followed by tools (easy to fence, so a pretty common flag charge) it's no question. Especially if it looked at your account and couldn't find strong previous history with either. So your account gets sent to a high priority queue, and some underpaid dude on the eastern seaboard looks at it, tags it as fraud, and calls you to confirm, maybe helping him make an extra 200 bones at the end of the month.

OFSO
20th May 2012, 12:54
Gas is something you can buy almost anywhere without being on camera or talking face-to-face with a clerk.

Meaning vehicular petrol or diesel, I suppose - well, not here in Spain. There is always CCTV looking at the cars out front and who gets out of 'em. Far too many runners-off these days. And yes it is recorded. Nearly all the local filling stations have shifted to pay-in-advance, too, which is a PITA but I understand why.

racedo
20th May 2012, 19:01
Interesting last post.....

Used a rarely used CC the other day, still a balance on the account reducing slowly but used it for a big online transaction....

Came up with set of randon questions for me to answer and confirm.........
Included old address from 10 years ago, SWMBO name and a number of others which there is no way they could have added together easily as SWMBO has never been on this or any of my CCs.

I was genuinely impressed and the questions even though not happy about Data held.

G-CPTN
20th May 2012, 19:20
Came up with set of randon questions for me to answer and confirm.........
Included old address from 10 years ago, SWMBO name and a number of others which there is no way they could have added together easily as SWMBO has never been on this or any of my CCs.
It's called Phishing . . .

racedo
20th May 2012, 21:17
G-CPTN

Nope as they had the correct data mixed with lots of other options which would have cancelled the transactions if any were incorrect.

The transaction went through as had already confirmation of this and it was a future sporting occasion and through the official website.

It was actually quote good because some of the data really was so old that anybody who has only known me in last 5 years would not know the info and I have only it recorded in my head.

ExSp33db1rd
20th May 2012, 21:32
........to pay-in-advance, too, which is a PITA but I understand why.

I agree, especially when one wants to refill a hire car to the starting level, when two trips to the cashier line is inevitable - even three once, when I tried to be super-smart and beat the system !

west lakes
20th May 2012, 21:53
I got caught a couple of years ago, the bank (Halifax) alerted me to the unusual activity.
The usual stop on card and new card ordered, they even gave me a penalty & interest free overdraft until the money was returned to my account.

Winding forward to earlier this year I tried to top up my PAYG mobile and got the payment declined, tried again the next morning and the same. Then got a call from the bank, they had decided my normal monthly top-up was suspicious and stopped the payment. :O

Worrals in the wilds
21st May 2012, 00:43
Meaning vehicular petrol or diesel, I suppose - well, not here in Spain. There is always CCTV looking at the cars out front and who gets out of 'em.
Same here, thanks to the armed hold up brigade. I think the info in the post is a few years old, but it's still very interesting. :ok:

My own bank asks customers to call them if they're travelling overseas so they can make a note of it, and not cancel their credit cards because a bunch of transactions from India suddenly crop up.

west lakes
21st May 2012, 00:49
My own bank asks customers to call them if they're travelling overseas so they can make a note of it, and not cancel their credit cards because a bunch of transactions from India suddenly crop up.

A whole other story, take the trouble to tell my bank the dates I will be in the Caribbean, arrive at hotel to check in - card declined.
They had forgotten to flag it up on the system!

Pelikal
21st May 2012, 12:23
OverRun, interesting post, as are the others. I kicked off this thread because I was shocked by sums taken out on my card. I reported to the bank in person and handed in my card. I was told the money will be refunded which it was for the two transactions. Between the time of me reporting it and the card being cancelled a third ATM withdrawl had been made in S.Korea, which I again reported. All three totalling just under £750.

I suspected the card details where nicked at the ATMs at the local Teskie. This suspicion has been born out by others I have come in contact with. The local bank branch said there have been at least 20 reported incidents and I spoke to 2 customers in the branch who were reporting at the same time as me. All withdrawls made in Korea and the only machines they regularly use are the store ATMs.

Store security chap told me he has been inundated with queries and I was also told the machines had been 're-equipped' in some manner.

OverRun, I wonder if the bank would have spotted these withdrawls? The sums are clearly wrong. One cannot withdrawl £258.71 from an ATM. This is the sum after exchange rates had been applied.(KRW 450000.00 was taken out on this occasion). I also know the branches in Korea where the money was taken out and I am pretty sure which bank as well.

I have been fully re-imbursed but I would like to know more how the fraud occurred. Regards.

L'aviateur
22nd May 2012, 03:24
I'm quite happy with my bank here in the Middle East now, I get a text message after every transaction or withdrawal. Very reassuring.

DingerX
22nd May 2012, 09:46
Guessing the PIN is the hard way to do things.

Those Chips may be more secure, but the same data is encoded on the magnetic strip. Just attach a fake card slot on top of a real one, a camera aimed at the keypad, and a wifi receiver across the street, and you can get all the debit card info you need.
Write the data to another magnetic strip and transmit the pin, go to some other part of the world, and you're good to go.
At least that's what they do out here.

Check out this Rogues Gallery (http://krebsonsecurity.com/all-about-skimmers/) of debit card skimmers.

radeng
22nd May 2012, 16:31
Some RFID readers are allowed up to 4 watts.....That will go some distance.

Ancient Observer
22nd May 2012, 18:16
Ferkin' security questions! My daughter has about 10 grand with a bank that she can't access because she can't access it.
Yup!! The catch 22 of modern banking. She can't talk to them by phone cos she doesn't know the answers to the questions.....................The Branch won't deal with the issue.

Stiff letter to HQ brought a rubbish reply. Now written to CEO. Expecting more crap by return.

G-CPTN
23rd May 2012, 11:12
BBC News - Bank card courier scam 'nets conmen £1.5m' (http://www.bbc.co.uk/news/business-18172738)

Tableview
23rd May 2012, 13:53
I have just used my GBP debit card for two small transactions in the UK - a train ticket and a 'phone top-up, total £30 and not out of pattern purchases but it is the first time for maybe a month or so that I've used that card. Within an hour I got an automated call asking me to press this and that button and ultimately to confirm the two transactions as genuine.

Tableview
31st May 2012, 18:29
And more ..... the bank that issues my Euro credit card has just introduced a secured payments system. In order to activate it, I have to go onto their website and click on a code to confirm my cellphone number. they then send me a code to the phone which I have to enter on the website.

Each time, it takes so long to get the code that the session on the web server has timed out. So far I have had 3 tries all with the same result. What a wunch of bankers!

601
1st Dec 2012, 08:53
Was in Europe earlier this year. Had given the dates and whereabouts to bank. Tried to top-up phone online through the home web site. Transaction denied as I was not supposed to be at home!!

Tableview
1st Dec 2012, 09:47
Last Friday night I received a text from the fraud department of my UK CC provider querying a transaction I'd just done. I have done the same low value transaction with the same company on roughly the same date every month for the last 5 years, at least. But for some reason they queried it. So I called them and confirmed that the transaction was genuine, and they said they'd remove the fraud block and all would be well.

Half an hour later I tried to use the same card to pay for dinner - declined. Embarassing as I was out for dinner at an unusually (for me!) posh place with rather wealthy friends! Paid cash. Next morning I did some shopping and it was declined, so I rang and they assured me the a/c was in order and the block lifted. So I asked the cashier to run the same transaction on another terminal - declined. Now the bank say the terminals (Sainsburys) must both be faulty. Paid cash. Went to a NatWest branch and tried to get my balance - just to see if it worked. No.

So I ring them again. Now they say the terminal at NatWest is faulty too and there's nothing wrong with my account and definitely no fraud block.! So I read the riot act, got a promise that a supervisor would look into it and call me back. An hour later two small transactions that I'd done as tests were declined. Declaration of war, as I was now on the way to the airport to catch a flight and I explained that there was a potential for a great deal of inconvenience.

Eventually they admitted there was a system failure. So I asked for it to be escalated, yesterday they rang and have credited me with £80 for the inconvenience.

Then got a call from the bank, they had decided my normal monthly top-up was suspicious and stopped the paymentSo it's not just me!