Credit card fraud - how is this scenario possible?

413x

413x

413x

Caporegime
Joined
13 Jan 2010
Posts
32,973
Location
Llaneirwg
So I've just been into the fraud dept for a CC transaction.

I'd like to ask the wise OCers how this scenario is possible.

A transaction was carried out against my card on Sunday (14th) at 2pm on a random online retailer in Holland.

Apparently I approved the transaction according to the rep on the phone. Which I don't understand how that's possible. (ie fingerprint approval in app I assume)

Info :
The card itself doesn't come out of my wallet.
The wallet was in my house at the time.
The transaction was carried out on Firefox which I rarely use.
The ISP was spacex (crazy)

What I can't get over is that the transaction was approved.
How is this possible?

The only thing I can think of is a dodgy app with permissions to interact over the screen? But how would this approve a transaction by fingerprint?
Obviously I'm going through and trying to find apps with this permission level.

Other option is somehow I approved this by accident? Seems unlikely as it was only yesterday!

Anyone else know how this is possible?
 
Last edited:
Doesn't make sense to me, cards are easy enough to clone, but if a bank thinks you approved something you didn't approve they have a major issue. That would mean the bank doesn't have security so shouldn't be used. You're not a muppet so if you get tricked by unclear app ui it's still the bank's fault.

I'm curious which bank it was (so I can avoid them) and how they dealt with it after the conversation - did you get your money back, did they reset credentials, new cards, advice, etc?
 
throwaway4372 said:
Doesn't make sense to me, cards are easy enough to clone, but if a bank thinks you approved something you didn't approve they have a major issue. That would mean the bank doesn't have security so shouldn't be used. You're not a muppet so if you get tricked by unclear app ui it's still the bank's fault.

I'm curious which bank it was (so I can avoid them) and how they dealt with it after the conversation - did you get your money back, did they reset credentials, new cards, advice, etc?
Click to expand...

Its lloyds.

Yes they are refunding it as they can see it wasn't me. The conversation was fine. They didn't insinuate it was me. Just that they can see it was approved.

Only thing I can think of is some app can interact with my phone screen (I have a couple which can "draw" over the screen, I have removed these just in case).

The card has been destroyed. And I've asked them not to reissue as its one of those purchase ones with 0pc I'm just paying off.

But if this was a dodgy app it would have to sign into the app, and approve it. Almost like remote desktop.
Because obviously it can't be approved by fingerprint remotely!
 
Last edited:
My main issue is the apptoval.
I get this card could be cloned,
Or data breach with details.

Its the approval granting I can't get my head around
 
Last edited:
I'd be tempted to think it's an error rather than really being approved. Lots of things would need to line up, plus if you "approved" it with biometrics they'd likely not be so quick to refund.

But this is just conjecture, I'd maybe ask them again to confirm how it was approved. If your device is compromised then you have problems
 
Last edited:
Rob_B said:
I'd be tempted to think it's an error rather than really being approved. Lots of things would need to line up, plus if you "approved" it with biometrics they'd likely not be so quick to refund.

But this is just conjecture, I'd maybe ask them again to confirm how it was approved. If your device is compromised then you have problems
Click to expand...

That's what I'm thinking.
Its a small amount.
Surely if my device was compromised this would be happening all over my accounts?

They said they couldn't confirm if it was app or text message. But that it was approved by one of those methods
 
413x said:
This card hasn't been used physically for months. I can't remember the last time.

If that's what you mean?
Click to expand...

Increasingly a lot of online sites/services have been using Swipe pay to handle CC transactions - there seems to be some IMO rather open to abuse authorisation issues with it if an unscrupulous person is in the right place in the chain.
 
Rroff said:
Increasingly a lot of online sites/services have been using Swipe pay to handle CC transactions - there seems to be some IMO rather open to abuse authorisation issues with it if an unscrupulous person is in the right place in the chain.
Click to expand...
Its quite possible.
Still, it doesn't bypass the reason lloyds we're saying approval was asked for.. And granted I guess
 
What was the retailer it was used at?

Honestly, i'd probably be pushing a bit harder with Lloyds to tell you exactly how and when they think it was approved, as you are concerned you have a security vulnerability but cannot address it as they're refusing to provide details.
 
Can they not confirm how the transaction was approved? I.e. if it was approved via the banking app then you've potentially got a serious problem with your phone.
 
You must log in or register to reply here.
Back
Top Bottom