Credit Card Fraud

[Infidelus]

I have been with my credit card provider (major name in banking) for a loooong time and have had very few issues. I got a text message from them on Saturday morning (early hours) asking me to confirm some transactions. Most of them were fine but one was definitely not me. I called them and confirmed the suspicious transaction was not me and they blocked that card and said they would issue a new one. OK, no problem.

This morning (even earlier hours) I received yet another text from them with another suspicious transaction (this one had been declined), this time on the card with the new number according to the text. So I called them again and they have said that they will, once again, block that card and send me another new one.

I asked them how somebody could have used my new card when I don't even know the number (only the last 4 digits show in my account and I haven't received the card yet) and the woman I was speaking to said "it gets automatically updated". I asked how that was possible as, from every website I have ever purchased from, I always have to manually enter my new card details when the old one expires. She was adamant that it was automatic. I have to admit to getting a little irritated with her at this point and raising my voice (for which I apologised at the end of the call) because I cannot see how that is possible, and she just kept repeating the same thing "it's automatic".

Has anyone else ever come across this?

 

[Feek]

Has anyone else ever come across this?

Just a few days ago.

Credit Card Fraud..Barclays

So on Monday I find multiple Meta, Facebook advertisement charges on my credit card, a few quid each occurrence. No biggie. The Barclays fraud line even called me, fantastic. So account is frozen and new card dispatched. New card arrived today, damn thing was still stuck to the letter when...

forums.overclockers.co.uk

 

[radderfire]

Has anyone else ever come across this?

My bank was changing something about their credit card for all customers (can't remember what exactly), and I got issued a new credit card with a different number. Subsequently, some credit card payments for regular online payments went through on the new card, when I had never updated the details online. So, the bank must be able to create an association between the old card and the new card behind the scenes. Hence the card is "automatically" updated online. Maybe that's what she meant. This doesn't explain how the bank would actually block the fraudster though. The fraudster must be using a recurring payment at the same site. If they tried a "new" site, they wouldn't have the new number. Just my guess.

 

[UTmaniac]

The way banks seem to allow payments to transfer over to replacement cards without us, the customers, authorising it is concerning.

It begs the question, what's the point of a card expiry date, if something paid for on an old card gets moved to a new card?

 

[sparton_SPA]

Had this a few times, without realising that this is the reason it is happening.
Very concerning though.

Might be worth cancelling the account/card entirely and starting on another one?

 

[mattyfez]

Yeh it happened to me once... It was AA or RAC brakedown anual payment... I had a new debit card and didn't want to renew it so thought I wouldn't have to manually cancel membership as I paid the previous free on my old debit card . I was wrong.

 

[Diddums]

Yeh it happened to me once... It was AA or RAC brakedown anual payment... I had a new debit card and didn't want to renew it so thought I wouldn't have to manually cancel membership as I paid the previous free on my old debit card . I was wrong.

That's not fraud though.


Nvm, misread the thread.

 

[Infidelus]

Thanks all.

Just a few days ago.

Credit Card Fraud..Barclays

So on Monday I find multiple Meta, Facebook advertisement charges on my credit card, a few quid each occurrence. No biggie. The Barclays fraud line even called me, fantastic. So account is frozen and new card dispatched. New card arrived today, damn thing was still stuck to the letter when...

forums.overclockers.co.uk

I guess I should have searched but didn't think this was going to be a common thing. Mine's Barclaycard too and exactly the same Facebook/Meta charges. I did tell the first woman that I don't use social media - the closest I get is buying games for my Quest 3, and I only have a Meta account, not Facebook.

I guess I may have to look for another credit card provider if this keeps happening as I don't have a backup.

 

[Slam62]

Funny, I just started down the road of fraud investigation on my wife’s card which I am an additional holder.
I feel really stupid for not checking more thoroughly and the fraud goes back 18 months until the present day.

I’m pretty confident we can prove it wasn’t us who inadvertently signed up but I expect a fight.

The bit I’ve found interesting is that the date the fraud started we had another separate fraud took place, we were charged a one off small amount.

Anyway I do a search for that company, weirdly it as a strange name and it’s address is a small town not that far away. It is a coincidence that is all we definitely never went to the shop and the shop is now down as out of business. Street view shows it as a clothes shop.

Another anyway, it does have a simple website selling these little biscuits. But not much choice.
So look up the company name, comes up with a location in Sofia Bulgaria, wow, so then look the biscuits company up on companies house, the only director left is a lady from Bulgaria. The company is so small the accounts don’t have to be audited and the director certified this.

Ffs the same day the main fraud started, they have another website, no limited company, but it is abroad.

The rest is a bit dull but may help someone else.

I email customer support and they reply quickly, they tell me the email address used to sign up, it was an email we no longer use.

Anyhow I login, I have to reset my password, support lady is super helpful, I then say look I didn’t sign up to this I want a refund, straight away offers a small refund, I then say oh no I want a lot more, immediately offers 4 times as much. Makes me think guilty as charged, they say they have cancelled the subscription, but others say they do that then carry on charging.

Anyway we have cancelled the cards now, the bank kept trying to persuade us to do a charge back, and wanted us to incriminate ourselves in the process.
So now it appears we will have to be careful about the new card, what a pain.

 

[dlockers]

Funny, I just started down the road of fraud investigation on my wife’s card which I am an additional holder.
I feel really stupid for not checking more thoroughly and the fraud goes back 18 months until the present day.

I’m pretty confident we can prove it wasn’t us who inadvertently signed up but I expect a fight.

The bit I’ve found interesting is that the date the fraud started we had another separate fraud took place, we were charged a one off small amount.

Anyway I do a search for that company, weirdly it as a strange name and it’s address is a small town not that far away. It is a coincidence that is all we definitely never went to the shop and the shop is now down as out of business. Street view shows it as a clothes shop.

Another anyway, it does have a simple website selling these little biscuits. But not much choice.
So look up the company name, comes up with a location in Sofia Bulgaria, wow, so then look the biscuits company up on companies house, the only director left is a lady from Bulgaria. The company is so small the accounts don’t have to be audited and the director certified this.

Ffs the same day the main fraud started, they have another website, no limited company, but it is abroad.

The rest is a bit dull but may help someone else.

I email customer support and they reply quickly, they tell me the email address used to sign up, it was an email we no longer use.

Anyhow I login, I have to reset my password, support lady is super helpful, I then say look I didn’t sign up to this I want a refund, straight away offers a small refund, I then say oh no I want a lot more, immediately offers 4 times as much. Makes me think guilty as charged, they say they have cancelled the subscription, but others say they do that then carry on charging.

Anyway we have cancelled the cards now, the bank kept trying to persuade us to do a charge back, and wanted us to incriminate ourselves in the process.
So now it appears we will have to be careful about the new card, what a pain.

lol what? You signed up to a biscuit sub, forgot, let them bill you for ages, and then claimed it was a fraud?

 

[Slam62]

lol what? You signed up to a biscuit sub, forgot, let them bill you for ages, and then claimed it was a fraud?

No not at all must try harder

 

[Hagar]

It's a cracker!

 

[Werewolf]

My bank was changing something about their credit card for all customers (can't remember what exactly), and I got issued a new credit card with a different number. Subsequently, some credit card payments for regular online payments went through on the new card, when I had never updated the details online. So, the bank must be able to create an association between the old card and the new card behind the scenes. Hence the card is "automatically" updated online. Maybe that's what she meant. This doesn't explain how the bank would actually block the fraudster though. The fraudster must be using a recurring payment at the same site. If they tried a "new" site, they wouldn't have the new number. Just my guess.

The number on the front of the card is just the Card's ID, which along with the start date, expiry date, CVV and issue number may change repeated.
Behind the scenes it's linked to the account number which may or may not be the same as the first card you had, or may be something completely different but probably won't ever change as it's the "customer" record.

The way banks seem to allow payments to transfer over to replacement cards without us, the customers, authorising it is concerning.

It begs the question, what's the point of a card expiry date, if something paid for on an old card gets moved to a new card?

It's the check as you pay for something initially and IIRC links to an authorisation that corresponds to the transaction type.
Basically would you be happy if every month you had to redo your netflix sub (and everything else) because it only authorised it for one month despite you telling it you wanted a reoccurring sub?

Thanks all.


I guess I should have searched but didn't think this was going to be a common thing. Mine's Barclaycard too and exactly the same Facebook/Meta charges. I did tell the first woman that I don't use social media - the closest I get is buying games for my Quest 3, and I only have a Meta account, not Facebook.

I guess I may have to look for another credit card provider if this keeps happening as I don't have a backup.

Fraudsters often find a company that is lax in it's checks then uses the card numbers on that, or for low value transactions that are unlikely to trigger the fraud flags/be noticed straight away so that they can check the details they've got are valid before they do something like sell them on as part of a "checked" batch. Back in the day they'd sometimes make "fake" cards up and use them in places like coffee shops that still only had magswipe in the US, going back to about 2005 that's how a load of people discovered one of the US DVD retailers had been compromised, as the fraudsters were using the card numbers to buy a $2 coffee at a US gallery as their check that the number was valid.
They'll also probably with something like facebook/google ads be using them to fund fraud that gets them more money for example adverts that try and get people to enter their details on drivinglicence.uk as opposed to the proper .gov.uk portal (and thus potentially getting both more card numbers and importantly full details to go with them).

It's always worth having a backup card on a different account specifically because of fraud, it's also why I do have credit cards and only ever use my debit card online to pay my credit card (although these days I do that in the banking app).

 

[Diddums]

the bank kept trying to persuade us to do a charge back, and wanted us to incriminate ourselves in the process.

Qué?

 

[dlockers]

Qué?

They were phallic cakes

 

[alexakasloth]

I asked them how somebody could have used my new card when I don't even know the number (only the last 4 digits show in my account and I haven't received the card yet) and the woman I was speaking to said "it gets automatically updated". I asked how that was possible as, from every website I have ever purchased from, I always have to manually enter my new card details when the old one expires. She was adamant that it was automatic. I have to admit to getting a little irritated with her at this point and raising my voice (for which I apologised at the end of the call) because I cannot see how that is possible, and she just kept repeating the same thing "it's automatic".

Has anyone else ever come across this?

If it's an American card provider it's because the card number will just update the last number sequentially until it reaches 9. So a fraudster can just guess the next one if they think it's been blocked.

 

[Slam62]

Qué?

Well on the charge back form it gave a number of options for subscriptions all of which entailed saying you had signed up to it. Which we haven’t. Also a charge back wouldn’t cover all payments.

I think fraud investigators are over loaded at the moment.

If it helps, a brief summary.

We have had a subscription going out of our account twice a month for 18 months, I should have spotted it, in hindsight it’s obvious, but so should the bank, I’ve had steam purchases blocked by them and various other innocent purchases they have insisted on us confirming they are legit.

I was investigating and found the date when it started and noticed another transaction for £5 which we know we didn’t authorise, that company seems to have close links to Bulgaria in one form or another and seems pretty much a front.
So I wondered whether that was used to check the card worked and then on with the subscription company.

I have checked my google activity around the original date have found no evidence that I visited any related website. My wife was out all day at a Christmas market, she has the train ticket, parking ticket and a receipt from a shop showing where she was. She only had her phone and never buys anything with it.

So my conclusion is some Bulgarian lot have gone to some lengths to give the appearance of being legit but aren’t and have got hold of our card details and managed to get it all past the bank.

They’ve created a set of data to help persuade us that it is legit, but you don’t have to dig very far to find some suspicious activity.

Finally the trust pilot reviews for the company are bizarre, not many reviews, some are glowing and saying how good their customer service is and the refund with no problems. Others are written in bold red letters saying this sight is a scam, they tell you they’ve cancelled your sub but keep taking the payments and other such things.

Another guy who gave a good review said he had to do that or they wouldn’t give a refund.

Just a sorry tail, when we get our new cards we are going to have to watch the transactions very closely.

 

[Infidelus]

It's always worth having a backup card on a different account specifically because of fraud, it's also why I do have credit cards and only ever use my debit card online to pay my credit card (although these days I do that in the banking app).

Thanks. I did have a backup card for a few years but ended up cancelling it after receiving some very poor customer service. I've had a few offers of cards from companies I deal with so may take one of them up on it, just for a backup.

If it's an American card provider it's because the card number will just update the last number sequentially until it reaches 9. So a fraudster can just guess the next one if they think it's been blocked.

It's Barclaycard. The last digit wasn't next sequentially and the entire last 4 digits were completely different so they'd have been guessing a few thousand numbers until they got there so I'm guessing it's not that in this instance.

 

[arty]

I don't know whether this helps at all, but the last company I worked for used a 'card updater' service provided by our payment provider (in concert with the banks) to automatically update subscribers' card numbers and thus avoid failed subscription renewal payments. However, in order for this to work correctly, we had to make it explicit (via the payment provider API) that it was to be a renewing (recurring) payment at the point the original one (i.e. normally the first on the subscription) was made, as this allowed the banks to make any additional anti-fraud checks they needed to at that moment.

Perhaps this is being abused by credit card fraudsters?

 

[Kelt]

Just had a call from Halifax fraud, someone's attempted to buy a TV from Argos, and an Xbox from Microsoft with my credit card.

Card still in my possession, so obviously leaked from some online shop I've used recently.

They blocked the Argos one, but the MS transaction went through, but not confirmed, so will be cancelled.

Not sure if MS are using the usual SMS check with your phone, but worrying that it got that far.