Credit card fraud - how is this scenario possible?

[BUDFORCE]

I don't think LLoyds have a good reputation when it's comes to CC fraud.

I think Revolut are supposed to be the worst with Lloyds behind them.

 

[slinxy]

As opposed to the open source Chromium engine used by Chrome and Edge?

Edit:
Nope Nope Nope... so much wrong with your thought that open source = exploits

It's not my thoughts, like I said; personally I use it on all my computers.
It's the thoughts of the security team at work.

 

[slinxy]

IIRC there's a major flaw to your consumer rights when using PayPal though - removing your right to s75 protection? Don't believe that's been changed, but remember reading lots of stories about CC providers washing their hands of s75 because PayPal were essentially the middle man in the transaction rather than the end retailer. Thus leaving your only protection being PayPal which do not have the best record when it comes to consumer protections.

I've never had an issue with my bank (the co-op), as soon as they hear paypal... they refund straight back not that I've needed to go to the bank that often, IIRC only twice. Once when my ebay got hacked and someone paid a few grand for an iphone, the money was refunded on my card within an hour and once when there was a double transaction on my card, again it the account got re-credited within the hour.

Usually paypal sorts it out after a few days, if there an issue with the transaction itself. Most stores are really good now a days in issuing refunds, only a few are a PITA on small stuff like not refunding the P&P when the issue was their fault.

 

[Armageus]

It's not my thoughts, like I said; personally I use it on all my computers.
It's the thoughts of the security team at work.

Does your security team work for Lloyds?

 

[krooton]

Its lloyds.

Yes they are refunding it as they can see it wasn't me. The conversation was fine. They didn't insinuate it was me. Just that they can see it was approved.

Only thing I can think of is some app can interact with my phone screen (I have a couple which can "draw" over the screen, I have removed these just in case).

The card has been destroyed. And I've asked them not to reissue as its one of those purchase ones with 0pc I'm just paying off.

But if this was a dodgy app it would have to sign into the app, and approve it. Almost like remote desktop.
Because obviously it can't be approved by fingerprint remotely!

Would be a bummer if it was the dodgy YouTube app you said you installed a while back.

 

[sx_turbo]

Lloyds normally have a couple of approval methods, one is via the app, the other is via a text message with a code.

Wonder if it was text with code that was the authorising function. Though somehow they still need access to your phone, but seems more plausible to intercept a code than authorise on app.

(Or could have used the stripe method as mentioned by others)

 

[Dangerous Dave]

Didn’t you recently post that you installed a dodgey YouTube app on your phone to remove adverts ?

I’d start there, if someone has full access to your phone they may be able to get card details from the banking apps/digital wallet and authorise transaction's etc.

 

[Semple]

I've never had an issue with my bank (the co-op), as soon as they hear paypal... they refund straight back not that I've needed to go to the bank that often, IIRC only twice. Once when my ebay got hacked and someone paid a few grand for an iphone, the money was refunded on my card within an hour and once when there was a double transaction on my card, again it the account got re-credited within the hour.

Usually paypal sorts it out after a few days, if there an issue with the transaction itself. Most stores are really good now a days in issuing refunds, only a few are a PITA on small stuff like not refunding the P&P when the issue was their fault.

But that's nothing to do with s75... One was fraud and the other a mistake.

What I'm talking about is when you've purchased an item and it may have developed a fault after 9 months but the retailer is washing their hands of it. At this point PayPal are not going to be interested in helping as the transaction was a long time ago. S75 doesn't cover you unless you skipped the middle man so in this scenario you'd be out of pocket.

All i'm saying is that it's a stupidly higher risk to pay for expensive things though PayPal rather than using the CC directly.

 

[413x]

Didn’t you recently post that you installed a dodgey YouTube app on your phone to remove adverts ?

I’d start there, if someone has full access to your phone they may be able to get card details from the banking apps/digital wallet and authorise transaction's etc.

Yes I have taken this off in case it is. It's revanced and I've not seen anything on reddit etc saying it is this. But just in case I have chopped it.

 

[Rob_B]

Revanced itself is fine. Unless you get it from a none official source. So in that sense it's the same as any app.

 

[413x]

Revanced itself is fine. Unless you get it from a none official source. So in that sense it's the same as any app.

That's what I thought. And it's only my lloyds account. Surely if they had that level of access (screen access) they'd do more than a 67 pounds online order.

 

[jaybee]

In all probability, Lloyds are reading from a script and/or what their systems report on a screen, which says it was "authorised" by yourself when it probably wasn't. These things can grind away at you like you did something wrong or let your guard down, but most of the time it was nothing you did or didn't do. Sometimes you unfortunately just get hacked. Your details will be somewhere in an online dump, and someone got lucky for a short time. They will have already moved onto the next victim. Unless Lloyds are willing to give you more detailed info on what their systems show happened (tip: They won't) then you will never know the true extent of what happened.
I would try to move on. This will likely never happen again. I mean if it does, then you can worry.

 

[413x]

In all probability, Lloyds are reading from a script and/or what their systems report on a screen, which says it was "authorised" by yourself when it probably wasn't. These things can grind away at you like you did something wrong or let your guard down, but most of the time it was nothing you did or didn't do. Sometimes you unfortunately just get hacked. Your details will be somewhere in an online dump, and someone got lucky for a short time. They will have already moved onto the next victim. Unless Lloyds are willing to give you more detailed info on what their systems show happened (tip: They won't) then you will never know the true extent of what happened.
I would try to move on. This will likely never happen again. I mean if it does, then you can worry.

Like someone said.. I'm surprised they didn't fight it a bit more if I authorised payment.

Surely that isn't a lie? That would be really bad!

But yes. For now I'm just regularly checking my accounts just to catch any pending.

 

[jaybee]

They probably should have used language like "our systems are reporting that you authorised the payment". It would have been helpful if they had logs on what the authorisation method was, but since this will be an open case in the fraud team, there is probably limited information they can share with you.

 

[A2Z]

Banks are just dumb when it comes to fraud stuff.

Had my credit card (Halifax) blocked for no reason trying to do a transaction I've literally been making for years. Told me to send selfie with ID, I said no. Then told me I need to come into branch with ID, I again said no, I'll just stop using this card.

3 weeks later my card is working perfectly fine again without me having done a single thing. Yea ok then.

 

[Jimbeam3678]

Banks are just dumb when it comes to fraud stuff.

Had my credit card (Halifax) blocked for no reason trying to do a transaction I've literally been making for years. Told me to send selfie with ID, I said no. Then told me I need to come into branch with ID, I again said no, I'll just stop using this card.

3 weeks later my card is working perfectly fine again without me having done a single thing. Yea ok then.

Banks are a lot things but being dumb when it comes to fraud isn't one of them.

 

[Yaayuh!]

So I've just been into the fraud dept for a CC transaction.

I'd like to ask the wise OCers how this scenario is possible.

A transaction was carried out against my card on Sunday (14th) at 2pm on a random online retailer in Holland.

My wife had this, Sunday at some random retailer in Holland, furniture shop IIRC. Lloyds card too!
Got it taken off and new card coming.

Spoiler: Transaction

Wait... are you my wife?

 

[A2Z]

Banks are a lot things but being dumb when it comes to fraud isn't one of them.

Err the rest of my post showed why they are, sounds like you work for one. In the fraud department.

 

[413x]

My wife had this, Sunday at some random retailer in Holland, furniture shop IIRC. Lloyds card too!
Got it taken off and new card coming.

Spoiler: Transaction

Wait... are you my wife?

Yeah exactly the same retailer!
Thanks for posting!

Mine was 62.90.
This is exactly 75 euros. Like yours 80 euros

This must be a vulnerability on their side! Not good!

I'm going to be having words if they say I've authorised it but that was a lie.


Edit.
I am free on Wednesdays for proxy wifing.
But I expect only the best and to be treated like the queen I am!

 

[Jimbeam3678]

Err the rest of my post showed why they are, sounds like you work for one. In the fraud department.

No never worked for a bank or in a fraud department I have been involved in various compliance, cyber security and specifically PCI compliance projects at various levels. These projects exposed me enough to see that a lot of things happen behind the scenes without customers realising.