Fraudulant card use

[Colin_McLeod]

The small-value transaction is a very good indicator of fraudulent intent. Very few of us use cards for such small amounts as 1 or 2 units of our local currency, certainly not of another currency. Most card issuers will immediately pick these up and refer to the cardholder.

 

PayPal often invite buyers to contribute £1.00 to some charity or other. I did this on a few occassions and my Bank picked this up and checked with me to see if the transactions were genuine.

[Kris]

 

On a more serious note, its interesting that car phone warehouse has been mentioned more than once.

 

 

 

 

It's not just CPWH John, it's all mobile phone stores that this occurs in. Phones are very easy to sell on and get the money that way. When I worked in the mobile industry it was noticeable that there were some certain area's that had far more of this activity occurring at them than others. The fraud teams were well aware of this and the shops in question. I did enquire what happened with the details on behalf of a customer but was not given an answer.

 

 

[AndrewC]

So far I've not had any problems. <touch wood> There have been instances when the card issuer has called to query a purchase but its always been me.

 

One source of ID theft that Andy Y missed was your bins. SHRED EVERYTHING with your name, address, or any identifying data on it. That encludes junk mail and envelopes. We picked up a good cross cut shredder from Ryman when we first moved to the UK. I'm sure its paid for itself on more than one ocassion. There have been at least 3 instances of our paper recycling being nicked from the bin this year alone. In one case they took the whole bl**dy bin. (and the neighbour's bins as well) All they got was a large bag ot confetti useful only for composting or lining a gerbil cage.

 

 

[87023Velocity]

Just checked my current account this evening and I too have had 2 transactions taken from my accout for Pay as You Go topup, £30 Vodafone and £30 O2. Fortunately, I check my account every few days and try to get a mini statement at least every 4-5 days were possible. I too had ordered some items from a model shop on Thursday last week via internet, however, our Asda home shopping is paid for using the same card online. The guy at Halifax thinks the transactions for the PAYG were more than likely put through online. Anyhow card has been stopped and should get the cash back in the next few weeks!

 

It has certainly made me think anyhow.

 

Cheers

 

Simon

 

 

 

 

[Guest baldrick25]

Since I buy , and have bought items from Model railway 'shops/dealers' recently, I've been checking my accounts once a day recently online.

Tonight I noticed that the available balance had reduced by £59.99.... mmmmm methinks , I don't remember buying two items at that price, but I did spend that amount ONCE at ModelRailLive .

Rang the bank , and the little so and so's were trying to take the debit TWICE , having already put it through on the 28th September ( dates are from memory- online banking has timed out now) . The second payment has been stopped before they got their mits on it... I would urge everyone to be vigilant , as a cursory glance at the monthly statement would have probably led me to saying that it was the model I bought.... and then forgotten.

[andyman7]

So when you say you will not use a merchant who does not offer PayPal, this is probably the reason they do not offer it. I did offer the service for a while until I got hit with a 13% charge on an overseas purchase, that's a full 10% more than I get charged by Mastercard. No more, I cancelled the account.

 

These days you have to offer PayPal as a seller...!

[muddys-blues]

Many comment on here that congratulate the Banks for being vigilant on spotting fraud, but lets remember who forced down this road of PIN NUMBERS card security, it was the BANKS, I run a Forecourt Garage and Repair Garage, and when people signed cards you watched them like a Hawk and kept eye contact, chit chatting and so on, checking the signature, taking a cursory look at name, now you all look away from each other, cover up the pin pad, can't touch the card etc, so is it progress ???

 

The only thing that we do not have to deal with now, that we had to deal with regularly a couple of years ago was chargeback enquiries were scrupilous or forgetful people would enquire as to "did I really visit your garage and pay for something" can you dig out the receipt and arse about faxing a copy to the card machine supplying bank.

 

Also it is amazing how many people just leave card receipts at the counter with "oh just chuck it in the bin".

 

So what is the answer ??

[deltic79]

Many comment on here that congratulate the Banks for being vigilant on spotting fraud, but lets remember who forced down this road of PIN NUMBERS card security, it was the BANKS, I run a Forecourt Garage and Repair Garage, and when people signed cards you watched them like a Hawk and kept eye contact, chit chatting and so on, checking the signature, taking a cursory look at name, now you all look away from each other, cover up the pin pad, can't touch the card etc, so is it progress ???

I agree. Of course the banks forced us down this route because chip and pin provides more security than a signature so THEY are less likely to lose out to fraud. Yes this added protection is passed on to the individual, but the bottom line is it protects bad debt write-offs on the balance sheet. Fraud was vastly reduced when chip and pin was introduced in Europe so it was natural that the UK would follow suit. The problem with signatures for transactions is that they very rarely look anything like the one on the back of the card - how carefully do most people sign the back of their new card only to scribble a rushed signature on a receipt? This means they are very easily forged and provides the card holder and retailer with very little protection.

 

I also agree the retailer would watch the seller carefully when signing for a transaction as you suggest, but chip and pin was also rolled out to protect the cardholder, not just the retailer. The good thing about the retailer not touching the card (note that this comment is not directed at your business, just a generalisation ) is that they can't skim it in a cloning machine under the desk when you take your eye of it for a second. That was another big seller of chip and pin at the time it was released.

 

 

Obviously there are ways around every security device/technique (as we've witness the consequences of in the posts above) and fraud will always exist. The challenge is for the banks to stay a step ahead of the fraudsters - if they stand still the fraudsters will get on top of the security.

 

 

[Guest baldrick25]

Now my card has been 'compromised'. I used it for online Ebay transactions from UK suppliers - absolutely no problem for three years now, then I saw some 'servos' in bulk from China. TWO hours after the transaction for those, there's a £30 PAYG transaction for o2 on there . Yes I have an o2 mobile , but its a contract Blackberry and o2 confirm that it wasn't that mobile that received the credit. The bank confirms that it was an online transaction for the fraudulent top-up, so I guess its a 3digit number on the back used to verify.. Now I can't say it was THAT Ebay transaction , but as I've not used the card anywhere else except the usual trusted grocery-shopping superstores , and the usual bank ATMs, but I draw that conclusion.

Card stopped , transaction disputed , and some claim forms in the post that need signing... all a PITA really....

Just a warning about NON-UK suppliers on Ebay and elsewhere...

 

Why is it that Bank 'FRAUD' departments close on Sunday - do all the crooks take a day off as well?

[Guest dilbert]

I agree. Of course the banks forced us down this route because chip and pin provides more security than a signature so THEY are less likely to lose out to fraud. Yes this added protection is passed on to the individual, but the bottom line is it protects bad debt write-offs on the balance sheet. Fraud was vastly reduced when chip and pin was introduced in Europe so it was natural that the UK would follow suit. The problem with signatures for transactions is that they very rarely look anything like the one on the back of the card - how carefully do most people sign the back of their new card only to scribble a rushed signature on a receipt? This means they are very easily forged and provides the card holder and retailer with very little protection.

 

Just catching up ...

 

Chip and pin technology n France was rolled out at least 25 years earlier than in the UK.. the immediate effect was the increase in cheque fraud - other techniques such as online scanning of cheques had to be introduced..

 

In the plastic card jungle the banks don't lose out whatsoever - they charge an annual card premium (for insurance purposes) and when a dodgy transaction comes along in most cases, it is the seller that takes the hit - principally due to txns and "customer not present" abuse.

 

In the USA, I know of several colleagues who sign their card "See Id" (and they are not all Chinese)... dilbert

[Guest baldrick25]

This is begining to smell..... I also have some items on preorder at a suppliers, and only a week ago decided to do a purchase of a 'cheap' item on special offer... After taking the order , 'Thanks for the order' was said by the dealer... 'Don't you want some card details?' I enquired. We've already got those ' he said , ' is the last 4 digits of the card still XXXX, which took me aback a little , but thought that as I had left a pre-order, its perhaps to be expected. 'DO you need the security number ', I asked - 'we have that . is it XXX' .. Thanks for the order and the call was terminated....

It stuck in my mind, as not being 'proper', and I'm off to see Bank Manager tomorrow just to confirm if my breach was a 'PIN compromise' or ' Security number compromise' ..

I've got a very big feeling its the same dealer...

If it is a security number compromise , then next stop is plod together with that receipt for the 'extra' transaction, which could be a starting point for a few checks...

[Guest dilbert]

I used to write about four cheques per year - since the recent credit card abuse I had the pleasure of addressing, I am now writing currently about four cheques per week.... and this is with shopkeepers whom I have known for quite a while - no problem on their side either, they are not paying silly commission rates back to the banks based on cc txns..., unfortunately this doesn't work x-country/x-currency...

 

In the latter vein, my latest purchase was done thru PayPal - the first time in the Model railway retail ordering I have received an invoice prior to reception of the goods...

 

Those UK retailers that don't want to accept PayPal is not a problem for myself - they will not have the opportunity of receiving orders from me, their call ...dilbert.

[Pugsley]

Someone had indeed been using my card and I was asked to identify several transactions. The only one I recognised was a box-shifter.

Would this be a ***** ********* based one, by any chance? My dad had the details of his card, which he hardly ever uses, stolen. The last place he used it, about a month before the fraudulent transaction, was said box-shifter.

[Guest baldrick25]

I don't want to say too much till I've seen the 'authorities ' tomorrow, but talking to the Bank Customer person today , who ordered a new card etc, said that the PIN number of the new card would stay the same, the security number on the back would be different- so draw your own conculsions how the fraud was perpetrated.

[sjp23480]

I too recently pre-ordered a limited edition item from a certain box shifter (not in ***** *****). The next day I go to use my card in another model shop, only to have the transation declined. Turns out the card had been cancelled after some "scrote" tried to use it for £500 of M&S stuff via the internet.

 

Thankfully my card provider realised the transaction was out of the ordinary (clearly knew that M&S don't sell model railways) and said transaction was declined. Will still check my statement when it come in.

 

In the meantime, should I contact the "suspect" retailer to notify them of this issue?

 

The issue (as it appears to me) is that, although I provided all my card details, no transaction was processed as it was a pre-order for a 2011 delivery. I am thinking therefore, that the fraudster assumed that this would be untraceable in the absence of a transaction?

 

It seems several other RMWebbers have experienced similar issues having placed pre-orders for other items?

 

Is there a pattern?

 

Steve

[Chris116]

In the meantime, should I contact the "suspect" retailer to notify them of this issue?

 

The problem of contacting the retailer is that you may be speaking to the crook! Far better to contact the Bank and the Police and let them take it from there.

 

I would also be very careful at giving any clues on here as the crook may read what we are writing and therefore have a chance to cover their tracks before the Bank/Police get to them.

 

Chris

[beast66606]

The problem of contacting the retailer is that you may be speaking to the crook! Far better to contact the Bank and the Police and let them take it from there.

 

I would also be very careful at giving any clues on here as the crook may read what we are writing and therefore have a chance to cover their tracks before the Bank/Police get to them.

 

Chris

 

And of course the crook may be nothing to do with the retailer in question (whoever that may be), let the experts handle it, and not the lynch mob, it could be an insecure wireless connection has been breached, or a trojan on the PC has stolen the details, there are other explanations other than it has to be "xyz retailer" including "oh yes, I forgot about that transaction"

[Lady_Ava_Hay]

This is begining to smell.... 'DO you need the security number ', I asked - 'we have that . is it XXX'

 

This is a serious breach of the dealer/card issuer licence terms. You are not supposed to keep any CCV numbers but you have to keep the rest of the details. Most retailers now issue the line of X's last 4 digit receipts and retailers that trade over the phone or the net will have some form of secure storage of this data. Some even use a third party to do the transaction for them and they just receive a bulk credit. They pay more in commission. PayPal is just another intermediary. It enables everyone to be able to accept payment by credit card without all the faff and expense of having your own credit card account.

 

At the same time i have to agree that there is a pattern building up here but one thread with a few replies in amongst 10,000 members does not constitute a major fraud. There has to be a common denominator but this is not the place to discuss it.

 

Just to cross the fence for a minute and to explain which is the most dangerous method, I think that it is the physically losing sight of the card or giving the card details over the phone. I was, until recently, in a job where all the details went over the phone and I was receiving them. If I entered them into the computer, I then had no access to them apart from taking more money from those cards to the credit of the employer, not me. I am also leaving a white hot trail on the account so that any future problems would flag up immediately and would be traceable to me. All large call centres have to have this technology in order to stay in business.

 

The exception would be NOT accessing the file and taking the card details on a piece of paper. This would also need a 'number withheld' on the phone since that would prevent a search of the incoming calls from a certain number. The latest scam involves an inbound operator using a mobile phone and repeating and recording every number you give them over an open phone line.

 

That is basically where phone transactions can go wrong.

 

For the future, as cheques disappear, we have the inter bank transfer. Basically, if you have a sort code and account number for the recipient you can send money to it from your own bank account. This requires me to use a bank supplied little machine to do that which issues a random number which I have to enter into the banks website and it sends the money. I am sure that some determined hacker is capable of cracking all this but it still doesn't help him much since my bank account won't send the money unless I jump through all these hoops. How the supplier knows that I have paid is a mystery. This is very much an EU thing. They have had it in Germany for years and quite a few German websites have the requisite details on the site

[Mike Bellamy]

I picked up a link to a plastic modelling forum from elsewhere and as the name is out there in the public domain and they mention it on their own web site I don't think I am going against Andy's wish to keep this topic away from 'naming names' http://www.hannants.co.uk/ Search for 'Hannants card fraud' and there are pages and pages of comments

 

I understand from some of the discussion that in this case it is thought that the hackers got into the (in)secure server in USA and gained access to card details that way. It may not be the fault of the retailer I recall that one of the topics also mentioned a Japanese site that had traced a fraudulent attack back to Korea.

 

Mike

[Billystanier]

Had 3 credit card frauds over the last year (with 2 different credit card providers). The latest was this week. Just done some investigating work and the frauds always seem to follow a week or so after a purchase with a well-known box shifter. Coincidence? Has anyone else had problems recently?

[woodenhead]

Did you purchase online or via a phone service i.e. did you verbally hand over your card number and security code to make the purchase.

 

What form did the fraud take and how did you find out about it.

[Billystanier]

Internet only. Never verbally. It could just be a coincidence as I buy quite a lot of models online.

Only noticed when I looked online at my credit card statement(s) and some transactions I didn't recognise (2 in the UK, 1 in the USA). According to the credit card companies, the fraud was done with online purchases too.

[jonny777]

My credit card fraud department are often on the phone with suspected illegal activity, but this is usually down to occasional Paypal payees being registered in Luxembourg. However, the calls are automated and as long as I agree the last 5 transactions were ok, they allow transactions on the card to resume without the bother of changing numbers, issuing new cards, etc.

 

I can't recall having any problems with mail order model railway suppliers, in fact my experiences with all of them have been good over the last 20 years or so. I did have £500 taken from my credit card after a visit to a restaurant once, and £660 after ordering chocolates online for my father's birthday.

 

But the strangest one was about 18 months ago when I noticed that my card had been debited to Elephant.co.uk in Cardiff for £535. I have never used them for insurance, so knew it was not me. I still cannot understand the logic of renewing insurance with fraudulent card details, as that is the one thing that would normally need your name & address & possibly vehicle registration.

 

I was refunded on all three of those events.

[Coldgunner]

Many years ago when the PSP was released I went into what was then Virgin Megastore to buy one. I pay for everything off debit as I simply can't trust myself with a credit card. Due to a cashier error, the transaction went out twice. First was over the phone, as they had a policy of over £x.xx had to be authorised in such a way. Then the cashier made the mistake of running the transaction through again on the till, effectively charging twice the amount. It bounced back to me after a week but it taught me to keep a good eye on the cashier, as they can swipe cards on hidden devices.

 

I've had a couple of further fraud instances, both of which were not online. It turned out a machine I'd used (all were at petrol stations, go figure) was lifting details and the scrawny irk bought mobile top ups with it. It was small amounts, but when they happen you have been violated. Thats happened a couple of times and every time the bank has refunded it, I think they get multiple calls in the same area, possibly reporting the same machine. I only use cash in pubs.

[Lady_Ava_Hay]

Internet only. Never verbally. It could just be a coincidence as I buy quite a lot of models online.

Only noticed when I looked online at my credit card statement(s) and some transactions I didn't recognise (2 in the UK, 1 in the USA). According to the credit card companies, the fraud was done with online purchases too.

 

You almost certainly have a Trojan or key logger in your computer which is possibly linked to the box shifter's website as this is leaky and a valuable source of card details. Too much of it and no extra security as a result and they will lose their credit card licence.

 

It is of course possible ( but unlikely ) that the Trojan is on the box shifter's site and is linked to your harvested E Mail address or IP address.

 

You have not specified your firewall arrangements but they might be worth reviewing particularly if you are operating an older browser.