Credit card fraud - how is this scenario possible?

Brun said:
I use my Halifax Mastercard online a lot and the overwhelming majority of the time it only needs the card number, exp. date and CVV. The first two can obviously get stored online (and hacked/stolen etc.), but the latter should never be as far as I'm aware.
Click to expand...
Indeed that's how it works with lloyds mastercard, just cc#/exp/cvv (I make online transactions of that type every week), all of which could be captured from a compromised browser.
 
Semple said:
But that's nothing to do with s75... One was fraud and the other a mistake.

What I'm talking about is when you've purchased an item and it may have developed a fault after 9 months but the retailer is washing their hands of it. At this point PayPal are not going to be interested in helping as the transaction was a long time ago. S75 doesn't cover you unless you skipped the middle man so in this scenario you'd be out of pocket.

All i'm saying is that it's a stupidly higher risk to pay for expensive things though PayPal rather than using the CC directly.
Click to expand...
Lots of retailers use or offer PayPal as their payments service, if you fill in your credit card details via PayPal instead of logging in then it still counts as you paying the retailer, just the retailer doesn't get a look at your CC details as it's handled by PayPal. When it's clearly identified that you paid a retailer via CC just with PayPal as the payment service then S75 does apply.
 
andybird123 said:
When it's clearly identified that you paid a retailer via CC just with PayPal as the payment service then S75 does apply.
Click to expand...
so you refute what he says .. I thought the same issue exists for Amazon 3rd party purchases even if you use CC, S75 is out the window, as amazon are a proxy.
 
413x said:
Like someone said.. I'm surprised they didn't fight it a bit more if I authorised payment.

Surely that isn't a lie? That would be really bad!

But yes. For now I'm just regularly checking my accounts just to catch any pending.
Click to expand...

Not sure about Lloyds, but with Barclays, Amex i get a real time notification from the app every payment has been made, whether it is online website purchase or in person contactless payment. Including payment via Paypal, in which I get 2 notifications, one from the bank and one from PayPal.
 
Last edited:
Brun said:
I'm also a bit confused about the approval thing. I use my Halifax Mastercard online a lot and the overwhelming majority of the time it only needs the card number, exp. date and CVV. The first two can obviously get stored online (and hacked/stolen etc.), but the latter should never be as far as I'm aware.

It rarely asks for any other authorisation, unlike my current account card which often makes me use the app to approve.
Click to expand...
Chrome / Google been storing this for a while.

Its tokenised, perfectly valid to store. It's pretty much how all one tap pay works - Apple Pay is a variant.
 
All of your cards should ping a notification for any transaction made using them in realtime, this includes physical card use. If they don't then set up your wallet on the phone or bank app to do this.

The perps just used another verification method for that transaction as they leafed your CC details some way at some point, probably from a store backend breach or some such.

As for the Firefox comment someone else made, nonsense. open source can be more secure, major exploits get seen to rather quickly. I think that IT team is full of boomers who haven't left the year 2003 or zoomers who joined under the boomer eye.
 
mrk said:
All of your cards should ping a notification for any transaction made using them in realtime, this includes physical card use. If they don't then set up your wallet on the phone or bank app to do this.

The perps just used another verification method for that transaction as they leafed your CC details some way at some point, probably from a store backend breach or some such.

As for the Firefox comment someone else made, nonsense. open source can be more secure, major exploits get seen to rather quickly. I think that IT team is full of boomers who haven't left the year 2003 or zoomers who joined under the boomer eye.
Click to expand...
My lloyds debut does. Can't seem to find the setting for the CC.

My Amex does as well
 
jpaul said:
so you refute what he says .. I thought the same issue exists for Amazon 3rd party purchases even if you use CC, S75 is out the window, as amazon are a proxy.
Click to expand...
I'm not refuting what he says, just pointing out that there are 2 different ways of using PayPal, one of which does offer you S75 protection. Amazon marketplace doesn't have the same loophole available so never buy anything from Amazon which isn't actually direct from Amazon - most of the third party resellers also have their own website so Google them and buy direct from their website using a different payment processor.

ALL online stores use a third party processor for CC transactions so you need to check what process they use before buying where it shows on your CC as the retailer or as Amazon/PayPal. PayPal do offer a version of this if you're not logged in and enter your card details directly.
 
Last edited:
article enumerating the issue https://www.moneysavingexpert.com/credit-cards/PayPal-Section75/
An ever-growing number of retailers now encourage customers to pay via PayPal, but if you're doing it on a credit card – for items that cost more than £100 – you could be missing out on valuable extra protection. That's because using PayPal, as well as other 'new forms' of payment like buy now, pay later, can scupper your Section 75 rights. This short guide runs through how to make sure you don’t lose out when shopping online


[td]You ARE COVERED by Section 75 if...[/td][td]...PayPal is used as a 'payment processor' by an online store, but you weren’t logged into a PayPal account. [/td]
 
Heisenberg said:
Quite scary if Lloyd’s are adamant there was authentication carried out on the transaction
Click to expand...
From recent experience with Fraud teams I've found you need to escalate a few teams before you get someone who isn't blindly following a script based on what they see on screen rather than dig into anything.

@413x have you been able to speak to them again?

Can you get them to confirm if it was an ECOM (Ecommerce/online) or MOTO (Mail order telephone order) transaction, if ECOM was it a wallet transaction or direct card and was there any 3D Secure authentication?
If ECOM banks are supposed to enforce a step up challenge for 3DSecure when a card is being saved, or a purchase is attempted outside the norm for your account history (This includes device used, country your ip is displaying .etc).
 
You must log in or register to reply here.
Back
Top Bottom