PDA

View Full Version : Heads Up - Online Fraud


27mm
29th Dec 2014, 14:52
Story so far:
On 23 Dec, current account debit card details somehow accessed fraudulently.
Some 6000 taken, all in separate online transactions, averaging some 200 per transaction at House of Frazer, John Lewis, Fortnum & Mason et al.
Bank picked up the unusual activity quickly and texted us.

The message from us is to check your bank accounts daily; we hadn't checked on Xmas Eve (how many of us did?)

Happy and fraud free New Year to all :sad:

airship
29th Dec 2014, 17:21
Bank picked up the unusual activity quickly and texted us. Hmmm, thieves with taste. Do you usually shop at Tesco or Lidl then?! I shall ask Arthur to check the bank a/c on a Daley basis forthwith. :E

Fox3WheresMyBanana
29th Dec 2014, 18:00
A suggestion: If your online banking allows you to set an alert limit, try setting it below whatever your minimum is. This causes my bank's system to send me an email whenever there's a transaction.

27mm
29th Dec 2014, 18:36
Fox3, thanks, good tip :ok:

mixture
29th Dec 2014, 21:07
current account debit card

And this is why you do not use debit cards, at least not linked to your primary current account.

I've got a debit card, purely because of those odd transactions that explicitly require the use of a debit card, but its linked to a separate account with a minimal balance in it and no overdraft facility. So my maximum loss is known and fixed.

For everything else, I use credit cards, not because of the credit (because I pay any balances in full every month). But because credit cards afford you much higher protection against fraud and other seller misbehaviour.

I would strongly advise you to do the same.


P.S. For avoidance of doubt, when I say credit cards above, I mean credit cards. Not charge cards (e.g. Amex) because they don't benefit from the same added protections, they are in the same category as debit cards ... i.e. down to the discretion of your card provider rather than enshrined in law.

Gertrude the Wombat
29th Dec 2014, 21:40
So my maximum loss is known and fixed.
Surely one's loss if someone else defrauds some retailer and/or one's bank is zero anyway? Unless they somehow manage to make the 50 limit stick, but it's hard to see how, unless they can prove some involvement. In which case one's maximum loss is known and fixed to 50 (or whatever your local regulation is).

Or ... unless ... you are daft enough to sign up for Verified by Visa (or the Mastercard equivalent), which is a bank con trick that moves all the risk from the retailer and/or bank to the customer. Of course the retailer will say "you have to, your bank insists", and the bank will say "nothing to do with us guv if a retailer insists on it", but I have found that refusing to sign up restricts my ability to pay just one tax online (so I do it by phone, using the same card).

It might stop me buying things from the occasional individual retailer, but it doesn't stop me buying the same thing from someone else - this is called competition.

mixture
29th Dec 2014, 22:31
Surely one's loss if someone else defrauds some retailer and/or one's bank is zero anyway?

Theoretically my friend. Theoretically.

That's my very point. Unless you are using credit cards, with debit and charge cards, you are at the mercy of the card provider's discretion, their policies, procedures and conditions.

You do not have the protection afforded to you enshrined in law. You ONLY get that with credit cards.

Debit card chargeback is not the same thing. Its not legally binding and so you've no recourse to law if you are unhappy. It is merely a commercial service provided by the card provider at their discretion and on their terms.

India Four Two
29th Dec 2014, 22:41
you are daft enough to sign up for Verified by Visa

GtW,

Could you expand on what the problem is?

mixture
29th Dec 2014, 22:47
Could you expand on what the problem is?

There is no problem, he's feeding you FUD.

At least when it comes to credit cards, card providers cannot pass the buck on their legal obligations.

As I've said though, with debit and charge cards ... all chargebacks are a commercial matter at the card provider's discretion.

Verified by Visa is a good thing. Everyone should be signed up for it. It helps protect you against fraudulent transactions by putting an extra hoop for the criminals to jump through. Whilst they may be able to pillage your card number and CVV from online databases and sell them online, criminals won't know your VbV password. So they could only use your stolen card number for non-VbV transactions, they would be prevented from using your card on websites that use VbV.....

Gertrude the Wombat
29th Dec 2014, 22:48
Could you expand on what the problem is?
Basically as I've said, it moves the liability to you, the punter. More info is on Light Blue Touchpaper.

mixture
29th Dec 2014, 22:54
Basically as I've said, it moves the liability to you, the punter.

Bolleaux my friend. Utter bolleaux.

The purpose of Verified by Visa (and similar schemes) is to shift the liability from merchants to the issuing bank.

Let me repeat that ... FROM merchant TO issuing bank ..... **NOT** TO consumer !

It has less than bugger all to do with the cardholder. Its all to do with who picks up the tab when the cardholder makes a claim.

As I said, in this day and age, you are incredibly foolish if you don't take advantage of such schemes for your own security.... ESPECIALLY if you use debit cards that take the cash straight off your bank account !

So to reiterate - if you have a genuine claim, the use of Verified by Visa (and similar schemes) will not disadvantage you because the liability shift has nothing to do with you, its a business thing between the bank and the merchant.

Gertrude the Wombat
29th Dec 2014, 23:10
Bolleaux my friend. Utter bolleaux.
Well, I don't know who you are, my friend, or your relevant qualifications, but I do know the people at the Security Research group at the Computer Laboratory at Cambridge Universtiy, some of they quite well, and on this particular technical topic I'm going with them, unless you have more than just assertion to refute their published research.

mixture
29th Dec 2014, 23:14
Security Research group at the Computer Laboratory at Cambridge Universtiy, some of they quite well, and on this particular technical topic I'm going with them

Well there's your problem... you think its a technical topic and you're looking to some geeks in Cambridge to give you the answer.

They may well have done some (now out of date) research work on Verified by Visa from a technical point of view .... but the liability shift stuff really is not their domain.

Its not entirely my domain either, but I do think you need to do some more reading and not just blindly believe what people tell you just because they can boast they're working in some ivory towers Uni.

For a start ... why don't you tell me (or copy-paste an answer from your chums) telling us how exactly Verified by Visa lets banks wiggle out of their Section 75 obligations in relation to credit cards.

As I said, if you have a valid claim, then using VbV won't harm your chances in the slightest !

Its up to you to prove to me otherwise because at the moment I reckon you don't have a clue what you're talking about when you're making your audacious claims about the effects of liability shift between merchants and banks ....

Capetonian
30th Dec 2014, 05:46
I have always wondered how the criminals who cloned my CC in Madrid a few years ago managed to draw more in a single transaction from an ATM than I can draw in a week.

A good tip is to scratch off the CCV number and memorise it. That way, if someone steals your CC, they can't use it online.