Online fraud question

dayloon

dayloon

dayloon

Associate
Joined
6 Dec 2002
Posts
1,286
Location
Stafford
I need to pick OCUK's brains if possible.

Yesterday at 1pm i purchased a toy for my son's b'day for £45 from littlewoods online (using my debit card). At 6pm i needed to use my debit card at a petrol station but it kept being declined with "Unauthorised". I called my bank who said that at 1.30pm 2 additional purchases were made from littlewoods online totalling £700. I informed them that i did not make these purchases and my card was cancelled. I then called littlewoods who searched their system for my bank card details and confirmed 3 orders were made within 30 minutes of each other

1) A £45 toy (my order)
2) A camcorder
3) A PS3

She wouldn't give me the delivery address of the last 2 items, just said that it was an address in birmingham. I live in Stafford. My question is...how on earth did somebody manage to get my card details ? I thought about card cloning etc but it's a bit of a coincidence that the fraudster used the same website, 30 minutes after me. They must have got my card details from the website somehow. It's really bothering me. The connection was secure, i presume the staff at littlewoods don't see the full card number and the payment is processed online. So how could it of happened ?

Any advice appreciated.
 
I thought about a keylogger but i've got a fresh windows 7 build on there (48 hrs ago) with AV & spyware protection
 
When I worked for a certain DIY supply company processing internet orders - I could see full financial details for the transactions - and it was relatively trivial to access other info on the system without leaving your own account details tagged :( I can just imagine the possibilities for fraud... specially if they have a bunch of new temps in for the xmas rush... I wonder who won't be coming back after their first day at the call center...
 
Rroff said:
When I worked for a certain DIY supply company processing internet orders - I could see full financial details for the transactions - and it was relatively trivial to access other info on the system without leaving your own account details tagged :(
Click to expand...

Biohazard said:
Same, when I worked for Tesco (home delivery).
Click to expand...

That has shocked me :eek: I always thought only the last four digits or something were visible to employees......
 
Maybe not now this was a few years ago, but I got full details that were typed into the computer.

Name, address, full card number etc for phoning up the merchant thing at the bank, if a certain card needed special authority before putting through etc.

you would need all the details to do that.
 
They dont need your CC Numbers. All they need is your account and they can order away to their hearts content.
 
If they're a PCI-DSS compliant company (and you'd think someone of that size would be) they shouldn't have access to unencrypted card data. As already mentioned though - if they're using your account to order and don't need to enter a CVV then that's possible.
 
We had full access to all data except the CVV... and you don't actually need that to force an order through... or you didn't back then. This was a pretty major company too.
 
Volcs said:
If they're a PCI-DSS compliant company (and you'd think someone of that size would be) they shouldn't have access to unencrypted card data. As already mentioned though - if they're using your account to order and don't need to enter a CVV then that's possible.
Click to expand...

All merchants have to be now or Visa/MC will refuse to process transactions. Part of the standard is limiting access to people or systems that "need to know" only.
 
You must log in or register to reply here.
Back
Top Bottom