Credit card fraud - how is this scenario possible?

BUDFORCE · 2024-10-15T18:14:16+0100

I don't think LLoyds have a good reputation when it's comes to CC fraud.

I think Revolut are supposed to be the worst with Lloyds behind them.

slinxy · 2024-10-15T20:42:39+0100

Armageus said:
As opposed to the open source Chromium engine used by Chrome and Edge?

Edit:
Nope Nope Nope... so much wrong with your thought that open source = exploits

It's not my thoughts, like I said; personally I use it on all my computers.
It's the thoughts of the security team at work.

slinxy · 2024-10-15T20:50:01+0100

Semple said:
IIRC there's a major flaw to your consumer rights when using PayPal though - removing your right to s75 protection? Don't believe that's been changed, but remember reading lots of stories about CC providers washing their hands of s75 because PayPal were essentially the middle man in the transaction rather than the end retailer. Thus leaving your only protection being PayPal which do not have the best record when it comes to consumer protections.

I've never had an issue with my bank (the co-op), as soon as they hear paypal... they refund straight back not that I've needed to go to the bank that often, IIRC only twice. Once when my ebay got hacked and someone paid a few grand for an iphone, the money was refunded on my card within an hour and once when there was a double transaction on my card, again it the account got re-credited within the hour.

Usually paypal sorts it out after a few days, if there an issue with the transaction itself. Most stores are really good now a days in issuing refunds, only a few are a PITA on small stuff like not refunding the P&P when the issue was their fault.

Armageus · 2024-10-15T20:56:52+0100

slinxy said:
It's not my thoughts, like I said; personally I use it on all my computers.
It's the thoughts of the security team at work.

Does your security team work for Lloyds?

krooton · 2024-10-15T21:21:16+0100

413x said:
Its lloyds.

Yes they are refunding it as they can see it wasn't me. The conversation was fine. They didn't insinuate it was me. Just that they can see it was approved.

Only thing I can think of is some app can interact with my phone screen (I have a couple which can "draw" over the screen, I have removed these just in case).

The card has been destroyed. And I've asked them not to reissue as its one of those purchase ones with 0pc I'm just paying off.

But if this was a dodgy app it would have to sign into the app, and approve it. Almost like remote desktop.
Because obviously it can't be approved by fingerprint remotely!

Would be a bummer if it was the dodgy YouTube app you said you installed a while back.

sx_turbo · 2024-10-15T21:26:57+0100

Lloyds normally have a couple of approval methods, one is via the app, the other is via a text message with a code.

Wonder if it was text with code that was the authorising function. Though somehow they still need access to your phone, but seems more plausible to intercept a code than authorise on app.

(Or could have used the stripe method as mentioned by others)

Dangerous Dave · 2024-10-15T21:45:41+0100

Didn’t you recently post that you installed a dodgey YouTube app on your phone to remove adverts ?

I’d start there, if someone has full access to your phone they may be able to get card details from the banking apps/digital wallet and authorise transaction's etc.

Semple · 2024-10-16T04:00:22+0100

slinxy said:
I've never had an issue with my bank (the co-op), as soon as they hear paypal... they refund straight back not that I've needed to go to the bank that often, IIRC only twice. Once when my ebay got hacked and someone paid a few grand for an iphone, the money was refunded on my card within an hour and once when there was a double transaction on my card, again it the account got re-credited within the hour.

Usually paypal sorts it out after a few days, if there an issue with the transaction itself. Most stores are really good now a days in issuing refunds, only a few are a PITA on small stuff like not refunding the P&P when the issue was their fault.

But that's nothing to do with s75... One was fraud and the other a mistake.

What I'm talking about is when you've purchased an item and it may have developed a fault after 9 months but the retailer is washing their hands of it. At this point PayPal are not going to be interested in helping as the transaction was a long time ago. S75 doesn't cover you unless you skipped the middle man so in this scenario you'd be out of pocket.

All i'm saying is that it's a stupidly higher risk to pay for expensive things though PayPal rather than using the CC directly.

413x · 2024-10-16T09:13:02+0100

Dangerous Dave said:
Didn’t you recently post that you installed a dodgey YouTube app on your phone to remove adverts ?

I’d start there, if someone has full access to your phone they may be able to get card details from the banking apps/digital wallet and authorise transaction's etc.

Yes I have taken this off in case it is. It's revanced and I've not seen anything on reddit etc saying it is this. But just in case I have chopped it.

Rob_B · 2024-10-16T09:15:12+0100

Revanced itself is fine. Unless you get it from a none official source. So in that sense it's the same as any app.

413x · 2024-10-16T09:19:17+0100

Rob_B said:
Revanced itself is fine. Unless you get it from a none official source. So in that sense it's the same as any app.

That's what I thought. And it's only my lloyds account. Surely if they had that level of access (screen access) they'd do more than a 67 pounds online order.

jaybee · 2024-10-16T10:49:40+0100

In all probability, Lloyds are reading from a script and/or what their systems report on a screen, which says it was "authorised" by yourself when it probably wasn't. These things can grind away at you like you did something wrong or let your guard down, but most of the time it was nothing you did or didn't do. Sometimes you unfortunately just get hacked. Your details will be somewhere in an online dump, and someone got lucky for a short time. They will have already moved onto the next victim. Unless Lloyds are willing to give you more detailed info on what their systems show happened (tip: They won't) then you will never know the true extent of what happened.
I would try to move on. This will likely never happen again. I mean if it does, then you can worry.

413x · 2024-10-16T11:07:49+0100

jaybee said:
In all probability, Lloyds are reading from a script and/or what their systems report on a screen, which says it was "authorised" by yourself when it probably wasn't. These things can grind away at you like you did something wrong or let your guard down, but most of the time it was nothing you did or didn't do. Sometimes you unfortunately just get hacked. Your details will be somewhere in an online dump, and someone got lucky for a short time. They will have already moved onto the next victim. Unless Lloyds are willing to give you more detailed info on what their systems show happened (tip: They won't) then you will never know the true extent of what happened.
I would try to move on. This will likely never happen again. I mean if it does, then you can worry.

Like someone said.. I'm surprised they didn't fight it a bit more if I authorised payment.

Surely that isn't a lie? That would be really bad!

But yes. For now I'm just regularly checking my accounts just to catch any pending.

jaybee · 2024-10-16T11:15:47+0100

They probably should have used language like "our systems are reporting that you authorised the payment". It would have been helpful if they had logs on what the authorisation method was, but since this will be an open case in the fraud team, there is probably limited information they can share with you.