The deliveroo scam

Soldato
Joined
3 Jun 2012
Posts
10,803
Not living with us, no, and nobody enters the house and opens our safe or drawers to read a debit card.

OK, but has anyone come in?

Not hard to take a photo of both sides of a card say 6 months back, then start using it now.

I'd never trust anyone enough not to.. apart from my wife.

I'd fully expect my kids to try it at least once. Because... kids.
 

NVP

NVP

Soldato
Joined
6 Sep 2007
Posts
12,649
Anyone else have no idea how this could have happened given the details the OP has shared so far?
Problems in the banks transaction management back-end, ie. someone else's transaction being applied to their account due to transaction processing problems within the daily batch. Usually the bank find out and correct before the customers notice but sometimes it takes a customer flagging it to find out there's a batch problem.

Edit: Bit of an example - a new merchant used a special character which got through most programs but an old batch program was never modified to handle such and had a badly designed exception handling process which missed it, read the next record for the merchant details and applied an incorrect merchant code to a correct transaction. Same could possibly happen if an error occurred when calling for customer details although it would be exceptionally rare to have something like this go unnoticed for so long. Perhaps they've upgraded their IBM batch with some new stack API's and are having issues? Lots of possibilities, worth asking them to verify the original transaction coming in from MasterCard or Visa.
 
Last edited:
Permabanned
Joined
5 Jun 2010
Posts
15,459
Problems in the banks transaction management back-end, ie. someone else's transaction being applied to their account due to transaction processing problems within the daily batch. Usually the bank find out and correct before the customers notice but sometimes it takes a customer flagging it to find out there's a batch problem.

Edit: Bit of an example - a new merchant used a special character which got through most programs but an old batch program was never modified to handle such and had a badly designed exception handling process which missed it, read the next record for the merchant details and applied an incorrect merchant code to a correct transaction. Same could possibly happen if an error occurred when calling for customer details although it would be exceptionally rare to have something like this go unnoticed for so long. Perhaps they've upgraded their IBM batch with some new stack API's and are having issues? Lots of possibilities, worth asking them to verify the original transaction coming in from MasterCard or Visa.


So not a "Deliveroo Scam" then like the OP suggests.
 
Permabanned
Joined
9 Aug 2008
Posts
35,707
banks need to up their security man this should not be happening in 2021. All banks need a re-auth with MFA on all transactions and I don't care how inconvenient it might be to someone. They loosing bloody billions to scammers and scammers are winning!

I read up about London scammers and how much they ripping out of peoples banks through cash withdrawals. Absolutely disgusting it is.
 
Soldato
Joined
30 Jan 2009
Posts
17,175
Location
Aquilonem Londinensi
banks need to up their security man this should not be happening in 2021. All banks need a re-auth with MFA on all transactions and I don't care how inconvenient it might be to someone. They loosing bloody billions to scammers and scammers are winning!

I read up about London scammers and how much they ripping out of peoples banks through cash withdrawals. Absolutely disgusting it is.

The money lost is probably less than would be spent on all the Karen's calling up every other day
 
Associate
Joined
22 Oct 2002
Posts
2,046
Location
Hull, UK
Well, I'm not going to read 8 pages, but unless card cloning has changed, the card needs to have been used in order for it to be cloned? The OP said he's never used it.

I actually linked to a page in the thread, but I copied the text to to help save you the hassle.

Just found similar item on my Barclaycard statement. (Deliveroo.co.uk London). We live in an area of Buckinghamshire that Deliveroo and JustEats won't deliver to!

Barclaycard say card details probably obtained from a database hack.

Card is only used for eBay/PayPal purchases and for paying agents of property we own abroad, so strange that it ended up being used in the UK, as would imply eBay/PayPal have been hacked.
 
Soldato
Joined
15 Jan 2004
Posts
10,185
But once again... that means the card has to have been used. OP says they haven't used it, so either they are lying or something else is the wrong.
 
Soldato
OP
Joined
1 Mar 2010
Posts
14,359
Location
5 degrees starboard
No idea. Just throwing ideas out there...

Could have got their details from a key-logger.

Could have got them physically from the cards somehow.
Definitely not a keylogger that card is not used anywhere and certainly not online. That account is pensions in, direct debits out occasional dump to a savings vehicle. All done by my wife who would rather write cheques than use her debit card. :) my card has never left the house since it arrived shiny new from the bank.

I have a seperate current account and card for online use from a different bank so there is a firewall airgap about 100 yards long along the high street.:D
 

NVP

NVP

Soldato
Joined
6 Sep 2007
Posts
12,649
Definitely not a keylogger that card is not used anywhere and certainly not online. That account is pensions in, direct debits out occasional dump to a savings vehicle. All done by my wife who would rather write cheques than use her debit card. :) my card has never left the house since it arrived shiny new from the bank.

I have a seperate current account and card for online use from a different bank so there is a firewall airgap about 100 yards long along the high street.:D
Ask them to trace the transaction clearing data and if it shows legit get them to ask the acquirer (M/C or Visa or whoever) to verify it's legit from the merchants data. If all is legit then someone has/had a leak, as you say the card has never been used and it's pretty impossible for someone to figure out the encryption keys to correctly create a duplicate.
 
Back
Top Bottom