Getting bank card PIN from phone/wallet theft?

Associate
Joined
1 Mar 2004
Posts
2,002
Location
Warwickshire
Saw this story on the BBC today:


A woman has described how criminals raided her gym locker, stole her wallet and went on an £8,000 shopping spree while she was exercising.
Charlotte, from west London, who did not want her full name published, told the BBC how she felt blamed by her bank and made to feel like a "criminal".
She believes thieves accessed her card PIN via the phone app, but Santander said she must have disclosed it...

Does anyone know how this scam might have worked?
I believe the criminals usually just do a string of contactless payments when they steal a wallet until it gets blocked, but in this case they somehow got access to the PIN, & noting the value of the purchases, possibly overcame the anti-fraud measures too?

Looks like Santander refunded some? of the money; whether that was because of social medial pressure or because there's an actual issue with their banking app/system, who knows.
 
Doubt some gym locker raiders have expert knowledge on banking app vulnerabilities. More likely she had it written down on a scrap of paper or somthing, has lied to the bank about it and then continued to double down on the lie until she got to where she is now
 
I was shoulder surfed at cashpoint on my stag do, then had my wallet stollen.

foolishly i had 2 cards on the same pin as well..... only lost 300 euros out of cash point so could have been a lot worse (a number of transactrions got blocked).

bank refused to give me my money back becasue my pin was used and they said i was responsible for that.
 
An acquaintance of mine lost his wallet, stupidly he had his bank cards and PIN number written on a piece of paper instead his wallet. They made a couple of withdrawal’s of £250 before his card was cancelled, I think he got his money back in the end.

Whats the chances of losing your wallet in the street and it being picked up by somebody willing to steal money off it.
 
possibly overcame the anti-fraud measures too?
Assuming it was a woman thief who got her stuff (being that it was the gym changing rooms), and Santander stupidly phoned her to approve any of the suspicious transactions.. well that's their mistake right there.

However the PIN thing is fishy. Sounds like she definitely had it written down, and somehow also made it stupidly easy for them to get into her app as well :confused: How did they get into her banking app, that's really the biggest worry/mistake that she made.
 
If her gym needs a pin to get in, bet her card pin number is the same as her gym access.
It would be a total coincidence if some scatty thief broke into a locker of a perticular person which knew the pin number of the card.

However like all purchases if done in shops, then can't the cctv possibly see thieves who used the card?
 
An acquaintance of mine lost his wallet, stupidly he had his bank cards and PIN number written on a piece of paper instead his wallet. They made a couple of withdrawal’s of £250 before his card was cancelled, I think he got his money back in the end.

Whats the chances of losing your wallet in the street and it being picked up by somebody willing to steal money off it.
its way to long ago to help me (2011)... but out of curiosity i wonder why the difference between him and me.... i was absolutely told no chance of getting my cash back as my pin was used. The bank said the moment that happened i was out of luck and they claimed that no bank would treat me any diffferent (they would say that i guess)
 
its way to long ago to help me (2011)... but out of curiosity i wonder why the difference between him and me.... i was absolutely told no chance of getting my cash back as my pin was used. The bank said the moment that happened i was out of luck and they claimed that no bank would treat me any diffferent (they would say that i guess)
Dunno maybe I remembered it wrong, it was a few years ago now and he’s passed away.
 
An acquaintance of mine lost his wallet, stupidly he had his bank cards and PIN number written on a piece of paper instead his wallet. They made a couple of withdrawal’s of £250 before his card was cancelled, I think he got his money back in the end.

Whats the chances of losing your wallet in the street and it being picked up by somebody willing to steal money off it.

It's 50/50 either someone will use it to steal money or they won't. But why did they have the PIN in the wallet in the first place? :mad:
 
Reading the article they transferred money from her saving account before going on the spending spree so sounds like they did have access to the banking app.

Wonder if they managed to get the phone pin it would be interesting to see the logins/logs etc as once you have the phone pin you can access security on the phone to add a new face/finger print then once added use the newly added details to access the banking app where some banks do allow you to access your current pin. It would also allow them to use Apple/Andriod pay
 
About 4 years ago someone used my credit card for a small purchase that went through, then a big purchase at a builders merchants about 200 miles away that got blocked, and triggered a call from the fraud people at my bank luckily. It was a card that I had never used since the day it arrived, and had always been locked away in the house so I assume that was an inside job.
 
Both the halifax and the Santander bank app have an option to retrieve your pin.
Its basically a `tell me my pin option`.
This would allowed them to spend on chip and pin.

In order to get access to the bank app you will need to have accessed the phone and then provided the same phone PIN again (or biometrics) if its a new phone.

Once your in the bank app its easy to transfer money between accounts.
Im just not sure how they managed to spend 8k without it triggering any security though, how they managed to presumably add someone news biometrics to the phone, or how they got into the phone in the first place.
Last time I made a big purchase that was out of character (over 1k for a PC) the spend was blocked and I got a phone call from the bank to authorise it.
Maybe thats the bit that they shoulder surfed (phone pin) and then followed her into the gym.
It says 2 other people had there lockers raided but not what the outcome was.
Its possible those were only cracked open as the theives were not sure which locker she used.
 
If her gym needs a pin to get in, bet her card pin number is the same as her gym access.
It would be a total coincidence if some scatty thief broke into a locker of a perticular person which knew the pin number of the card.

However like all purchases if done in shops, then can't the cctv possibly see thieves who used the card?
That one sounds like the most likely theory to me - I bet loads of people use the same gym door code as their cards.

Just need to peek over their shoulder when they're entering it (or do a hi tech thermal imaging approach of taking a picture of the keypad, or some other method) then watch which locker they use. People are probably less protective / wary over the pin they use to get into a gym than when getting cash out, so probably easier to spy on them (even if it's the same number).
 
Back
Top Bottom