Credit card fraud - how is this scenario possible?

[VaderDSL]

I know it's highly unlikely to be the case, but does the Lloyds app have a section that shows approved devices? Just to verify there aren't any other devices authorised?

On Barclays at least there is a manage devices section so I can check and remove any old devices.

 

[413x]

I know it's highly unlikely to be the case, but does the Lloyds app have a section that shows approved devices? Just to verify there aren't any other devices authorised?

On Barclays at least there is a manage devices section so I can check and remove any old devices.

Unfortunately not. I did also ask if there was a way I could see history of requests for myself.

 

[413x]

Can they not confirm how the transaction was approved? I.e. if it was approved via the banking app then you've potentially got a serious problem with your phone.

I may ring them back and see if I can get this confirmed.
Like you say.. If it's my phone I either approved it without thinking about it (unlikely) or something seriously dodgy on it.

What I can't wrap my head around is they'd need not just visibility of my phone. But to actually be able to interact with it.

They'd need my card details.
And the be able to approve the transaction.

 

[Rob_B]

I believe Lloyds use ThreatMetrix, ask the fraud investigator to check to see what device usage there was at the time of the transaction. If you logged into the app they will have a record of it.

 

[Brun]

I'm also a bit confused about the approval thing. I use my Halifax Mastercard online a lot and the overwhelming majority of the time it only needs the card number, exp. date and CVV. The first two can obviously get stored online (and hacked/stolen etc.), but the latter should never be as far as I'm aware.

It rarely asks for any other authorisation, unlike my current account card which often makes me use the app to approve.

Did you have it specifically set up to require approval for all transactions?

 

[Semple]

I'm also a bit confused about the approval thing. I use my Halifax Mastercard online a lot and the overwhelming majority of the time it only needs the card number, exp. date and CVV. The first two can obviously get stored online (and hacked/stolen etc.), but the latter should never be as far as I'm aware.

It rarely asks for any other authorisation, unlike my current account card which often makes me use the app to approve.

Did you have it specifically set up to require approval for all transactions?

That's quite strange as my halifax MasterCard is always prompting for authorisation. I think I even bought something recently for about £40 and still had to authenticate via the app.

 

[413x]

I'm also a bit confused about the approval thing. I use my Halifax Mastercard online a lot and the overwhelming majority of the time it only needs the card number, exp. date and CVV. The first two can obviously get stored online (and hacked/stolen etc.), but the latter should never be as far as I'm aware.

It rarely asks for any other authorisation, unlike my current account card which often makes me use the app to approve.

Did you have it specifically set up to require approval for all transactions?

I don't think there's an option for this, but I'd have it on if there was

 

[413x]

I believe Lloyds use ThreatMetrix, ask the fraud investigator to check to see what device usage there was at the time of the transaction. If you logged into the app they will have a record of it.

This is really useful.
Because this would clear up some of the ambiguity.

 

[Diddums]

Anyone else know how this is possible?

You got hammered on Saturday night, flew to Amsterdam to bang a hooker, ended up taking some class A narcotics, flew back, wife found out and now you're trying to hide it and are using this thread as evidence.

 

[Raymond Lin]

Can you approve via SMS code?

i.e. SMS hack

 

[413x]

You got hammered on Saturday night, flew to Amsterdam to bang a hooker, ended up taking some class A narcotics, flew back, wife found out and now you're trying to hide it and are using this thread as evidence.

That would be impressive from my tent on the hill in 3c!

 

[413x]

Can you approve via SMS code?

i.e. SMS hack

Apparently so. That's what I need to clarify. What was used to approve.

 

[pepp77]

Can you approve via SMS code?

i.e. SMS hack

Just came to say this.

 

[john_smith]

LLoyds use SMS for my transactions. Are you android? possibly some malware on it forwarding sms, but you'd have still had the sms unless it mutes and deletes.

 

[VaderDSL]

I'm also a bit confused about the approval thing. I use my Halifax Mastercard online a lot and the overwhelming majority of the time it only needs the card number, exp. date and CVV. The first two can obviously get stored online (and hacked/stolen etc.), but the latter should never be as far as I'm aware.

It rarely asks for any other authorisation, unlike my current account card which often makes me use the app to approve.

Did you have it specifically set up to require approval for all transactions?

Could it be IP based? I've had the same IP / hardware for years now and I rarely get asked for approval unless it's a large amount, maybe the system can see certain criteria and assume it's authentic that way for smaller amounts instead of asking for approval for every transaction?

 

[slinxy]

Firefox has a p1 vulnerability on it at the moment, just got out of a meeting for it.... Even thou I use it myself personally, we don't allow firefox on any of our devices as it's open source which means anyone can look at the code and find expolits for it.

When it comes to online shopping, I try to always proxy it via paypal so I don't give my actual card details to any online store and I don't have to change the details for the 100s of accounts, just one location.
If anything goes pear, then it's a call to paypal or/and the bank and it's normally back within mins.

 

[Armageus]

we don't allow firefox on any of our devices as it's open source which means anyone can look at the code and find expolits for it

As opposed to the open source Chromium engine used by Chrome and Edge?

Edit:
Nope Nope Nope... so much wrong with your thought that open source = exploits

 

[jaybee]

@413x is your phone Android and have you ever used SMS with code to approve things linked to your Lloyds account, like setting up a new payee or approving a payment?
As above, it's possible your phone is compromised or someone carried out a sophisticated sms attack.
I take it your phone it still functioning as normal and you can make and receive calls showing up as your normal mobile number?

 

[413x]

@413x is your phone Android and have you ever used SMS with code to approve things linked to your Lloyds account, like setting up a new payee or approving a payment?
As above, it's possible your phone is compromised or someone carried out a sophisticated sms attack.
I take it your phone it still functioning as normal and you can make and receive calls showing up as your normal mobile number?

I don't recall ever using SMS. But I can't be sure.
I'll try and make a call from it to my work phone.
But everything is working OK from my perspective.

Yeah android

 

[Semple]

When it comes to online shopping, I try to always proxy it via paypal so I don't give my actual card details to any online store and I don't have to change the details for the 100s of accounts, just one location.
If anything goes pear, then it's a call to paypal or/and the bank and it's normally back within mins.

IIRC there's a major flaw to your consumer rights when using PayPal though - removing your right to s75 protection? Don't believe that's been changed, but remember reading lots of stories about CC providers washing their hands of s75 because PayPal were essentially the middle man in the transaction rather than the end retailer. Thus leaving your only protection being PayPal which do not have the best record when it comes to consumer protections.