Wife got a phone call today from Tesco Mastercard, a couple of online transactions that didn't match her profile (iTunes and a betting site). Nowt to do with us, card now blocked, won't cost us anything, all credit to Tesco for being on the ball. But we're left wondering how the card's got compromised. Who's safe to buy from? The card's only a year old, maybe thirty different places we've given it to, most of them household names like Tesco and Amazon, but a few small local businesses, the garage and shops. So how? One bent member of staff? Can staff get the card number from an owner-present chip & pin transaction? Can staff get the number from an online transaction? Or do crooks just test random numbers at iTunes till one works?
I too once got a letter from HSBC a few years back mind you, saying weather do i agree with a £1500 transaction for a flat screen telly was me or not. Funny enough the cards limit was 1K, i phoned straight away and told them it wasnt me, this was all be fore the whole chip&pin business. At work we use the chip and pin system, On most if not all modernday recipts the card number only shown is the last four digits, expiry date, auth code and transaction number(issued at the bank). No details are kept as to actually use the card for fraudelent(sp?) reasons. We had a lady customer last week and i served her, she was adamant that she wanted both copys of the recipts as she was afraid of fraud of her card, one copy is the merchant and the other is the customer's copy. With our recipts only th customer copy has all the details, the merchant copy does not. I assured the lady that none of our recipts are used in any missuse or naughty business and explained it would be impossible for me to order stuff with these limited details as it does not include the CVS(security code) needed for online shopping. Personally theres a sense of being safe but it would be stupid of being "too" safe.
atanum, the merchant copy should have the full details on and the customer one have some blanked out, the reason being the customer can drop their receipt outside...
I am wary of using certain sites that use not so well known card processing firms, especially sites that require you to enter card details that is sent directly to the host in which the details are processed manually or such - This is why I have a debit card just for this where I transfer the funds to that account via online banking just before sending off my details. These purchases are usually small and on that account I cannot go below £0.01. When not in use I only ever have £0.01 in it! I haven't had a problem with fraud *touchwood*. However I know someone who has where her money was used abroad in hotels and expensive electrical goods. After police investigation in the UK it turned out that someone from Natwest requested a new card and pin but got it sent to the branch rather than my friend's home and used it on a spending spree. It was an inside job but unfortunately they could not pinpoint who it was that did so. So cpemma, I daresay it's possible that a bent Tesco credit card staff (although it's probably overseen by some highstreet bank) managed to somehow obtain details.
Very very easy to do this if you own a business. We own a hotel, and we get new credit card numbers every single day, we could save them, and use they 2 years down the road if we were bent.
The UK chip and pin system is incredibly insecure. A few years ago Panorama looked at how the UK banks decided to use the less secure version of it to save money. Basically there are two versions, one that sends hashed info from the terminal to the bank to check the pin and doesnt keep the pin anywhere but at the bank and the less secure that (if i remember correctly) saves you pin directly onto the card and uses the same encryption for every card. So basically all you need is a hacked terminal and you can read the pin directly and clone the card which then can be used in a cash point. I think they demonstrated it with an O2 top up card.
Cancelled once during a debacle where a lot of us ordered something from an online store and they were compromised. Never been defrauded (right word?) yet though *touches wood*
I haven't had any problems, but I think my dad had to cancel a card about a year ago. He eventually determined that it had happened at a restaurant. When you swipe a card or watch the cashier swipe it, the entire transaction is secure. Online orders, as well, are really quite safe. At a restaurant, though, when you hand your card off to a waitress and she wanders off to a corner to run it, she's got more than enough time to copy details off it.
I've had to cancel one before as I had my details used in London while I was at home. Natwest phoned me the following day to ask about it, and then told me it was them testing my card. Lucky for me Natwest didn't let the transaction go through then, and cancelled the card straight away
Yep, my debit card got cloned - several transactions went through before I noticed at the end of the month - bank systems don't seem to be as hot as credit card on fraud. I had to ring up and get the card stopped, and dispute the dodgy transactions. I got all the money back - but it was a pain in the ass at the time. We even had to report it to the police so we could get a crime reference number for the bank... By then I'd got invoices in the post for goods that had been purchased on my card and delivered to another name and address in Manchester. I mentioned this, and they ran the address through their records and apparently it's well known to the constabulary. Not that they could do anything about it, as it was just used as a pick up place.
My dad has his cloned a month or so ago, apparently it was used in germany and they got away with a grand in two large transactions. We get the money back from the insurance so thats ok, though apparently if they had been abit more cautious it wouldnt have set off the fraud alarm. Apparently the guy my dad delt with said these things seem to happen mostly at garages and that was the case with us, coincidentaly the guy who runs the place has never seen eye to eye with my dad (he's accused him of stealing petrol?! and the like a few times before) so who knows.
Never been done myself (read: yet) but it seems most people these days have been a victim at some point. I never use my debit card online or so i'm not particularly worried for when it does happen. I suppose it's only a matter of time til tho, especially with three credit cards on the go...
I was the data monkey for one of the train booking companies from there i had access to all the details CC numbers and all of large percentage of the train using population a more dodgy punter than me could have made good use of it, well till they introduced the cv3 code on the back, they didn't store that on the database.
Does anyone else wish they could have a longer PIN on their cards? 4 numbers is nothing - why can't we have any number as long as it is at least 4 digits and up to a max of 8 or 10?
I've heard of plenty of petrol stations getting caught cloning credit cards, one of them got busted near my girlfriends only a few weeks ago. It could of just been one bad egg at any one of the well known shops you used though. As you said, atleast Tesco was on the ball
QFT - Always insist on the mobile terminal if your paying in a restaurant. I completely cheesed off a waiter at a Chinese when he tried to wander off with my card, and I called him back in a very loud voice and asked for the terminal. If they don't have one, go with your card and the bill and pay at the till.