Credit card data hacked

[Fastpedaller]

A heads-up to all to check their bank accounts for unusual transactions. Yesterday evening my Wife's watch bleeped and stated she'd just made a £25 payment to Apple/itunes. Seconds later another payment £100. She immediately froze the card from making online or card payments. The card was with her, and she used the telephone to then call them. They seemed very vague, and said they would issue a new card and set the investigation in place, but she should contact Apple/Itunes. As she hasn't ordered or ever paid them with the card, they surely aren't involved? The transactions show as pending, but the card provided say they can't be stopped! We do not place our full card details with any suppliers, and also don't trust the 'MS Edge' will save your details to this computer, so never allow it. Clearly the card provider has been hacked, or an insider has released data.

 

[nogoodnamesleft]

You need to be careful as such messages can come from sources that are just trying random phoner numbers/card companies.

On one of my numbers I periodically get text messages "A suspicious £137.63 payment has been made on your card to AirBnB. If this was not you click on this link to stop the payment" or "... call this number to stop the payment" (they vary a bit). And undoubtedly when you call they'd be taking you through security (card, etc.) - I've not called to test.

My phone never pings to say I've made a transaction (except through Apple Pay where vendor doesn't get the card number anyway).

Be careful it isn't just Phishing as it is a technique the Phish'ers use.

 

[Fastpedaller]

You need to be careful as such messages can come from sources that are just trying random phoner numbers/card companies.

On one of my numbers I periodically get text messages "A suspicious £137.63 payment has been made on your card to AirBnB. If this was not you click on this link to stop the payment" or "... call this number to stop the payment" (they vary a bit). And undoubtedly when you call they'd be taking you through security (card, etc.) - I've not called to test.

My phone never pings to say I've made a transaction (except through Apple Pay where vendor doesn't get the card number anyway).

Be careful it isn't just Phishing as it is a technique the Phish'ers use.

Good points, and indeed good advice. This wasn't phishing, it was from the credit card provider, and has shown on the online statement. When she phoned the card provider (using the phone number on the card) they confirmed the payments were pending, but said they couldn't stop them.

 

[nogoodnamesleft]

Additionally, card provider should be refunding the fraudulent transactions without any debate.

My cards have been hacked from online stores (both very reputable mainstream retailers) on two occasions. Both times I got notification from the companies saying they'd been victim of a hack and were investigating. Then card bill with fraudulent transaction, each transaction below £130 totalling around £1500. I call card company, no questions, they just stop the card and re-issue and read through each transaction "Was this you?" And I answer "No" and it immediately refunded, etc. (new card arrived 2 days later). Never any debate about are you sure or no "we'll have to investigate", they just refund every transaction I say wasn't me.

 

[annedonnelly]

That's why I use a different card (debit rather than credit though) for any online spending. It never leaves the house so if it's hacked it can only be an online transaction. If it has to be stopped and replaced I won't be inconvenienced by not being able to use my "outside" cards.

In addition the online card links to an account with no cash in it. If I'm going to spend anything online I transfer the amount I need before pressing the payment button. It's all a bit more hassle but it's worked well for me for years.

 

[FrankCrank]

Thanx to the OP for the heads up
Since being back in the UK these past couple of months, received numerous 'cloud' related scam messages, requesting immediate action from me or utter doom will follow. All simply ignored, but surprised by the perseverance of the scammers.
Shame to have to be so cynical and sceptical, but sign of the times I guess.

 

[Tenkaykev]

I have a complaint in with the Ombudsman regarding Nationwides security procedures which allowed £2k Credit Card balance transfer. A series of partial answers from them. I asked them if my PIN and passwords hadn't been breached how did the transfer take place. They said it might have been via publically available information, ( Name Address DOB etc ) and when I asked specific questions they said they couldn't disclose anything due to their internal Fraud procedures, considered the matter closed and would not engage in any further correspondence, hence my referring the case to the Ombudsman.
EDIT to add the money that was fraudulently taken was immediately refunded and they later credited £100 to my account. I told them I wasn't at all interested in compensation, I just wanted to know how the security had been breached.

 

[nogoodnamesleft]

I have a complaint in with the Ombudsman regarding Nationwides security procedures ...

Some years back I had a "disagreement" with one of the very mainstream card issuers. They were requiring their security on the card be setup via e-mail. I argued that e-mail is very very insecure, with unencrypted messages being passed between unknown servers between me and them being cached for unknown timescales, etc.

Went back and forth for a bit until I got a letter "Your complaint has been upheld and as a gesture of goodwill we are crediting your account with £xxx". I wasn't seeking compensation as I'd not lost anything but I was shocked at how readily they expected private personal security details to be passed using very insecure methods to set security on the card! Really made me appreciate how they are seem not particularly concerned about fraud and just seem to treat it as a quantifiable cost of business.

 

[presta]

When I thought I might have been scammed I rang the bank to lock my account. Fortunately it was a false alarm, because when I called to unlock it, it turned out that they'd done absolutely nothing.

 

[Tenkaykev]

When I thought I might have been scammed I rang the bank to lock my account. Fortunately it was a false alarm, because when I called to unlock it, it turned out that they'd done absolutely nothing.

When I rang to query why I had been sent an email asking how I rated my experience with Customer Services when there had been no such interaction I was assured there was no suspicious activity on my account. They should have immediately flagged the account but didn't. One of my questions was why not, and when exactly was a marker put on the account ( this alerts any company doing credit / background checks that the account is flagged as having been a victim of fraud )

 

[Fastpedaller]

I have a complaint in with the Ombudsman regarding Nationwides security procedures which allowed £2k Credit Card balance transfer. A series of partial answers from them. I asked them if my PIN and passwords hadn't been breached how did the transfer take place. They said it might have been via publically available information, ( Name Address DOB etc ) and when I asked specific questions they said they couldn't disclose anything due to their internal Fraud procedures, considered the matter closed and would not engage in any further correspondence, hence my referring the case to the Ombudsman.
EDIT to add the money that was fraudulently taken was immediately refunded and they later credited £100 to my account. I told them I wasn't at all interested in compensation, I just wanted to know how the security had been breached.

And you still don't know

I suspect hacking is rife - A financial institution has a 'conflict of interest' if it reveals it's had (or has) a problem, so resists the release of such info into the media. These things should have transparency, otherwise the situation is likely to get a lot worse.
There are probably many VERY WEALTHY crooks, who have successfully scammed financials that dare not reveal the event has occurred - with the scammers still free and laughing

 

[ebikeerwidnes]

That's why I use a different card (debit rather than credit though) for any online spending. It never leaves the house so if it's hacked it can only be an online transaction. If it has to be stopped and replaced I won't be inconvenienced by not being able to use my "outside" cards.

In addition the online card links to an account with no cash in it. If I'm going to spend anything online I transfer the amount I need before pressing the payment button. It's all a bit more hassle but it's worked well for me for years.

I think credit cards are more secure than debit cards as they get tied up with the credit act
debit cards are closer to cash as you have the money in the account already so it is different

check it out but I think credit cards are better for online transactions if something goes wrong

 

[Tenkaykev]

And you still don't know

I suspect hacking is rife - A financial institution has a 'conflict of interest' if it reveals it's had (or has) a problem, so resists the release of such info into the media. These things should have transparency, otherwise the situation is likely to get a lot worse.
There are probably many VERY WEALTHY crooks, who have successfully scammed financials that dare not reveal the event has occurred - with the scammers still free and laughing

All the major banks fraud departments co-operate with each other to the extent of exchanging information as new threats/ methodologies arise.
My experience was discussed ( briefly and informally ) with someone in such a position at one of the major banks. " something doesn't ring true " was their opinion. It will be interesting to see what the Ombudsman has to say. As I said, water under the bridge, I have no interest in any financial compensation ( I made this clear ), it was the attitude of obfuscation and dismissal that I found annoying.

 

[ebikeerwidnes]

Some years back I had a "disagreement" with one of the very mainstream card issuers. They were requiring their security on the card be setup via e-mail. I argued that e-mail is very very insecure, with unencrypted messages being passed between unknown servers between me and them being cached for unknown timescales, etc.

Went back and forth for a bit until I got a letter "Your complaint has been upheld and as a gesture of goodwill we are crediting your account with £xxx". I wasn't seeking compensation as I'd not lost anything but I was shocked at how readily they expected private personal security details to be passed using very insecure methods to set security on the card! Really made me appreciate how they are seem not particularly concerned about fraud and just seem to treat it as a quantifiable cost of business.

email is terrible for security - you are right

the banks should know this and never use them to send anything involving security in any way

when I was a techy programmer I once had to write something that used email
easiest way was to just replace the whole email system on the computer with what I wrote
it was incredibly easy for even a basic programmer and some basic information

my boss refused to believe me that it was as easy as I said

10 seconds later he got an email from his boss telling him he was a moron
a few seconds later he got a more insulting one from 10 Downing street
then one from MI5 saying he was under arrest
then one from The President of the USA

he gave up at that point

but it is totally insecure

 

[Mike_P]

I have a separate credit card for on line transactions.
Had one rouge transaction which was quickly cancelled, a PAYG top up. Also cancelled the card once when I realised I had placed an order on a false web site.