Guest JudgeMental Posted December 31, 2009 Posted December 31, 2009 Just had a call from Nat West regards my credit card, 2 attempted transactions have been made this morning. one to car phone warehouse £409, and one to an on line clothing store, Access? for £290 These have been stopped and advised to destroy card and they will send a new one. you read about this all the time but this is the first time it has happened to us. Now since getting Nationwide cards a year or so ago I don't use this card much, I booked a couple of flight to Thailand for this Easter and that is it. I don't use it for fuel/restaurants anything that I can remember....Where do they get your details from I wonder. maybe it was the flights with Thia airways over the phone...who knows! Mrs Mental is out shopping as per usual! :-S when she returns she will dig out paperwork and see whats going on *-) Be careful out there! happy new year! :-D
malc d Posted December 31, 2009 Posted December 31, 2009 ... and no doubt a lot more people will be affected when the banks stop people using cheques. :-(
Brian Kirby Posted December 31, 2009 Posted December 31, 2009 Hi EddieBad luck, a total nuisance, and very unsettling. Four danger points. 1. When you get cash if the machine has a "skimmer" added to the slot you put your card into. Any funny looking additions to that slot and either report their presence or just leave alone. In either event, don't use the machine. 2. Online purchases that do not go through a secure payment facility, Paypal or similar. 3. Second most risky, I think, telephone sales where you give your card number and the security code from the back of the card and the recipient can just write the lot down for their own use. 4. Most risky by far, those forms to send off by post with your card details, plus the security code, all neatly written down. Anyone getting those can photocopy them and distribute them like confetti to anyone who is interested. They get paid too!Phone the issuer's fraud department and see what they can tell you. They won't say much, but you should be able to find out if the transactions were over the phone or internet, with card holder absent, or were in-store - in which case your card has been "cloned" possibly at a location where you lost sight of it, possibly by skimming a cash machine transaction. They should also be able to tell you the origin of the transactions, which from what/where I would assume is within UK. May give a clue as to where the details were lifted. I was also told the details are not, as one might imagine, necessarily used immediately, but saved up for later, or even just lifted to order and sold on to be included onto a counterfeit card. They will follow up, but don't put much effort in. For them it is just a financial risk, the difference between CC interest rates and Bank base rate is astronomical, so why spend the profit chasing fraudsters?
Guest JudgeMental Posted December 31, 2009 Posted December 31, 2009 well...the plot thickens I have just checked and I paid for flights with Nationwide card not the nat west. and the payment to carphone warehouse went through....so much for their rigorous protection policy's. The natwest card was last used in August when we had a weekend in Shropshire. 3 transactions. one when I bought some glasses in an optician's (my wifes sisters shop) a meal inn a pub restaurant, and fuel nearby. all of these have meant the card was handled by others but not out of my sight. so 3 people had the opportunity to see the security pin Hey Ho :-D
CliveH Posted December 31, 2009 Posted December 31, 2009 A £ to a penny says it was the pub or the petrol station. Both no doubt employ part time people who would gain the details. I have heard that they now keep the details for weeks or months before using the stolen details as most people think it has to be a recent transaction where the details were stolen. Most recent I had was where a card was used to buy petrol I use just one card for this and this alone and so when a couple of vodaphone top ups at £30 popped up I knew it was not me. So do check your statements as the odd £30 is easily missed.
AliB Posted December 31, 2009 Posted December 31, 2009 Part of our business is an online store. Transactions online are fully secure, at the checkout your payment details are passed straight to our payment service provider, HSBC. This means we never see your credit card details, we just receive a confirmation or a decline notification from HSBC. Periodically a third party, approved by HSBC, tests the system and audits our procedures. So far they have been unable to break it. I would estimate that over 70% of our sales are made by people telephoning our sales office and giving us their credit card details over the phone. These are not written down but processed immediately on the shop terminal. We have to trust staff will not copy the details. When we tell customers that it is much more secure to order online they state it is easier to place the order over the telephone. Plus they wanted to make sure somebody was there. Most people do not seem bothered about the security of their credit card details so is it any wonder criminals see this as easy pickings. Of course phone the company to verify they are trading but why then give your details to a complete stranger? The most audacious scam I heard of involved the swap out of a chip n pin machine. The crooks simply walked into a petrol station pretending to be from the service provider and stating they had come to fit a new chip n pin machine. The staff thought nothing of it until it was realised the new machine sent all payment transaction to a different holding account. The crooks took the proceeds for a couple of days then vanished. They probably had downloaded all the credit card details from the terminal.
malc d Posted December 31, 2009 Posted December 31, 2009 AliB: I always understood that transactions online are NOT necessarily secure if the buyer is using Wi-Fi. Is that now secure ? ( I've not used it myself ).
AliB Posted December 31, 2009 Posted December 31, 2009 Any wireless connection has the potential to be accessed by third parties. However, if you have taken all the correct security steps - changed the default name of the router (the SSID) and allocated that to all devices you want to allow access, you should be very secure. It would take a very knowledgeable and determined hacker to break in to your network.
Guest JudgeMental Posted December 31, 2009 Posted December 31, 2009 if you leave the card out of your hand or worse stil out of sight in a restaurant for instance. and the person gets a chance to see the 3 digit code on the back along with the card number, they can go on line shopping.....
Guest peter Posted December 31, 2009 Posted December 31, 2009 And what about the delivery address being different. Also the vendor usually sends you an E.Mailed receipt and order confirmation so you can quickly cancell the order.
Guest JudgeMental Posted January 2, 2010 Posted January 2, 2010 CliveH - 2009-12-31 1:57 PM A £ to a penny says it was the pub or the petrol station. Both no doubt employ part time people who would gain the details. I have heard that they now keep the details for weeks or months before using the stolen details as most people think it has to be a recent transaction where the details were stolen. Most recent I had was where a card was used to buy petrol I use just one card for this and this alone and so when a couple of vodaphone top ups at £30 popped up I knew it was not me. So do check your statements as the odd £30 is easily missed. I just kind of remembered that at the restaurant we had to go to the bar area and pay at till. so unless they have a skimming machine fitted I think it was probably the fuel station? these are pretty notorious these days for fraud dont you think? *-) I am getting confused now......does a skimming machine get your 3 digit security code? I thought they got the far more important 4 pin number...with that you can get cash out whatever:-S
Basil Posted January 2, 2010 Posted January 2, 2010 On this topic, but with a slightly fifferent slant, does anyone know how long a company can retain your credit/ debit card details on their system after you have made a transaction? I will enlarge my reason for asking once I have some answers. it is regarding possible fraudulent use. Basil
maggyd Posted January 2, 2010 Posted January 2, 2010 Well over a year I would say! we paid house/ contents insurance with debit card, and when we didnt cancel the following year they proceeded to take the cash from our account :-S for the second year! we were under the impression that they would have to request details again!! WRONG. it has taken us 4 months to be reimbursed.
GJH Posted January 2, 2010 Posted January 2, 2010 In order to comply with the Data Protection Act (N.B. only applies to private individuals not companies etc.) credit/debit card details should only be kept whilst there is a business purpose for doing so. In most cases it is likely that such a period would not exceed a few months. The situation with insurance companies or other organisations (e.g. Caravan Club) where there is an annual renewal mechanism can be different. When you pay by debit/credit card most such companies will give you the option to allow them to file the information in order to automatically process renewals unless you cancel - basically like a direct debit. As with all opt in/out clauses in contracts it is necessary for us all to be fully aware and not to inadvertently allow retention when we don't want to. Graham
AliB Posted January 2, 2010 Posted January 2, 2010 To process a credit card transaction where the customer is not present (called a CNP transaction) the following data is required: card number , expiry date. 3 digit number on the signature strip (called the CVS), house number and postcode. If the retailer wish to send the goods to a different address that is his choice but he must accept a "possible fraud". The payment can be a one-off or recurring. You need a different type of merchant account to process recurring charges. Our company is not authorised to accept recurring charges. As such we have no right to store card details. However, the transaction can be "pre authorised". This means the transaction is approved and the money is reserved on the customer's account. It is not taken out of the account until we hit the "ship now " key on the transaction terminal. The card number is not stored, the transaction is basically completed immediately. This type of transaction is often used by hotels when you reserve a room and it may give the impression the card details have been stored.
Frankkia Posted January 2, 2010 Posted January 2, 2010 In a similar vein. We received a call a few days ago - by the time we picked up the answering machine had kicked in so we missed them saying who the company was. It was an automated voice asking me to confirm,by pressing 1 that I was the person they were naming and if not to press 5. - I put the 'phone down and then rang 1471 - it was on 0845 number - using "say no to 0870" I fouind it was the Coop bank. Again using "say no to 0870" rather than the number on the back of the credit card which was also an 0845 number ((I hate these charge sharing numbers)) I was asked if 2 internet transactions I had made the night before were genuine (they were). The one that had kicked off their computer to make the call was an american company with a UK shop. (£61). Now I am quite happy that they checked but what made me livid was the use of the automated calling system. If a fraudster set up an automated system which asked the "customer" to confirm details he/she could quite easily phrase the questions in such a way as to be able to steal the "customers" identity. It would appear that many banks are using a similar system and I would hope that anyone receiving such a call would do what I did and put the 'phone down and try to identify the caller and then waste their time and money (I had to speak to 3 different people at Coop on a free phone number before getting the right person). They may then get the message that it is more wasteful to use an automated calling system than getting a human to ring you. At least with a person you can ask the right questions to confirm that they are who they say they are before you part with personal info. For motorhomers who spend a lot of time away it would be a good idea to make sure their banks / CC companies are aware of a mobile 'phone No as there is a higher incidence of checks and if they fail to verify a transaction because you are not there to answer your home 'phone they will stop your card. Now that could be inconvenient!
Basil Posted January 3, 2010 Posted January 3, 2010 Thank you for your replies, sorry to drag this out but just to clarify and confirm, first I understood that 'Continuous' Credit/ Debit card payments i.e. automatic insurance/ subscription renewal, could only be carried out with your permission (normally agreed at the first instance). Reading the further replies, the information can only be kept for the duration of the particular time of the transaction or perhaps for the immediate time after, say 1 month for the transaction to completely go through. Is my understanding correct as those two answers are what I believed? Bas P.S. Frankkia, I believe you will find that 0845 numbers are not premium rate numbers (where a cut is taken by the 'owner') but standard local rate that may be phoned at that rate from anywhere in the country. Also they are completely free to phone from a BT landline, maybe others too, if you have the free calling package.
GJH Posted January 3, 2010 Posted January 3, 2010 Basil - 2010-01-03 1:05 PM Thank you for your replies, sorry to drag this out but just to clarify and confirm, first I understood that 'Continuous' Credit/ Debit card payments i.e. automatic insurance/ subscription renewal, could only be carried out with your permission (normally agreed at the first instance). Correct - but you need to make sure you don't give permission by default. Reading the further replies, the information can only be kept for the duration of the particular time of the transaction or perhaps for the immediate time after, say 1 month for the transaction to completely go through. Basically, but probably more than 1 month. I think the Information Commissioner's recommendation is 3 months but it could be more than that in some instances. Graham
Basil Posted January 3, 2010 Posted January 3, 2010 Thanks everyone. Ok. Now the reason I have raised this is that I purchased, as a gift for my son on his birthday, an electrical item from a national electrical retailers, (sort of like a Meteor!!!) which after some seven months malfunctioned. Now I had not given him the reciept, which was a credit card purchase, but nevertheless he returned it to his local store as it was an 'own' brand and he lives some 100 miles from me and did not want to wait for me to post it. They said that they no longer supplied the article but would refund the purchase price but he had no reciept with him. He telephoned me and got the reciept number which enabled them to call it up on their system and, heres my concern, they refunded it (apparently, got to check yet) to my credit card! Now if I had been there and they had asked me for my card and refunded it I would not be concerned but on the face of it they have retained my credit card details for seven months plus on a system that can be accessed by their staff (this wasn't the manager or anything) at any branch in the country and furthermore it appears that they can use those details to make transactions (I agree that it is a refund but are they able to do anything else?) and also possibly take note of your details if they desired leaving fraud a possibility. So am I being concerned uneccessarily? Should they be able to do this? How long should they be able to do this? Should I make representations to anyone? Your thoughts would be appreciated please! Bas
malc d Posted January 3, 2010 Posted January 3, 2010 Heard on the radio the other day that an increasing problem now is fake 'engineers' go into retail premises, petrol stations etc and say they have come to update / replace the card readers. The readers are then adapted to wirelessly transfer card details to the 'hackers'. One way to tell if the reader has been got at is to weigh it - if it weighs more it is likely to have been modified. :-(
GJH Posted January 3, 2010 Posted January 3, 2010 Basil - 2010-01-03 2:36 PM Thanks everyone. Ok. Now the reason I have raised this is that I purchased, as a gift for my son on his birthday, an electrical item from a national electrical retailers, (sort of like a Meteor!!!) which after some seven months malfunctioned. Now I had not given him the reciept, which was a credit card purchase, but nevertheless he returned it to his local store as it was an 'own' brand and he lives some 100 miles from me and did not want to wait for me to post it. They said that they no longer supplied the article but would refund the purchase price but he had no reciept with him. He telephoned me and got the reciept number which enabled them to call it up on their system and, heres my concern, they refunded it (apparently, got to check yet) to my credit card! Now if I had been there and they had asked me for my card and refunded it I would not be concerned but on the face of it they have retained my credit card details for seven months plus on a system that can be accessed by their staff (this wasn't the manager or anything) at any branch in the country and furthermore it appears that they can use those details to make transactions (I agree that it is a refund but are they able to do anything else?) and also possibly take note of your details if they desired leaving fraud a possibility. So am I being concerned uneccessarily? Should they be able to do this? How long should they be able to do this? Should I make representations to anyone? Your thoughts would be appreciated please! Bas If I were you I would contact the head office of the company and ask for full details of why they retain the information and exactly what purposes they might use it for. Tell them that if you do not receive a satisfactory response within a time you think reasonable that you will be making a complaint to the Information Commissioner's Office. Leave them in no doubt that an answer which simply seeks to fob you off will definitely result in you contacting the ICO. I suspect that they will come back with something related to the need to have the ability to refund to the card account within the guarantee period. Graham
Recommended Posts
Archived
This topic is now archived and is closed to further replies.