The deliveroo scam

So a friend of mine was telling us a story about how he once had his normal pizza order delivered to his address by Deliveroo, which he accepted and ate, but then was shocked to find out he was charged for it and claimed he never placed the order in the first place.

We naturally all laughed at him. But it's interesting hearing this now lol.
 
So a friend of mine was telling us a story about how he once had his normal pizza order delivered to his address by Deliveroo, which he accepted and ate, but then was shocked to find out he was charged for it and claimed he never placed the order in the first place.

We naturally all laughed at him. But it's interesting hearing this now lol.
I once had an unknown charge for a Hilton in Manchester. I was 100 miles away so this was impossible. I did a chargeback, moved on with my life. A year later I noticed in my work travel booking system the Manchester Hilton. Turns out I had actually booked it and the entire events leading upto the Manchester night had just totally evaded my brain. Bizarre thing to have happen.

Edit: For clarity, I guess I had planned to go there, booked it, then totally forgot and was in a Hilton 100 miles away.
 
It begins with a T and ends with B and has an S in the middle.:)


HSBC were equally crap.

Ex gf spent a load of my card (me and police canceled all but 17 quids worth though, she annoyed them enough they stuck her in a cell and we just went through the phone) all confirmed with them on the phone all gonna be refunded then sent me a letter to confirm. Letter said that I was officaly declaring I did not know the identity of the person :/


Gave them crime number officers details all her details on the phone and they were happy then that crap. In the end it seemed more hassle than it was worth after phoning them again and getting "oh we don't know if we can do that as you know them" and about 2 more calls over a month
 
I once had an unknown charge for a Hilton in Manchester. I was 100 miles away so this was impossible. I did a chargeback, moved on with my life. A year later I noticed in my work travel booking system the Manchester Hilton. Turns out I had actually booked it and the entire events leading upto the Manchester night had just totally evaded my brain. Bizarre thing to have happen.

Edit: For clarity, I guess I had planned to go there, booked it, then totally forgot and was in a Hilton 100 miles away.

lol we suspected our friend had a similar case of amnesia.
 
A debit card I have never used, it sits in a drawer at home, gets charged £38 by deliveroo for I suppose, food delivered. On telling the bank and mentioning the payee on my statement I get raised eyebrows and "Oh that is a common scam". WTF, why have you, the bank, not had harsh words with the company to improve its processes. Then they say that we will accept it's fraud this time but whether we would reimburse you again is doubtful. LIKE IT'S MY FAULT!

Neither me nor my wife uses phone apps or are able to on our POS phones. We do not order food over the Internet by tablet or phone. Some El crappo company has systems so poor that they obviously do not take any security info from the buyer and it's our ******* fault.

A certain bank will lose its customers, we have already moved 10K from its coffers, because we do not believe that they take things seriously. It also took over 30 minutes to get through on their fraud line. Perhaps we should consider this a success.

So, on a serious note. I've just been hit by the infamous deliveroo scam. £89 taken from my account and dont even have a deliveroo account. Turns out the card I hold for the account is due to expire this month and it wasnt even the card number that was used for the transaction! It was the new card details that hadnt even been made into a physical card yet, awaiting approvalnor pending or something, but no physical card exists! So in my eyes the only way this can happen is for VISA to have a dodgy employee selling off card info OR they have been hacked themselves and havent made it known publicly, i mean think of the outrage if it came out that VISA had been hacked! All different banks have been hit by it... scammers are vile cowards that wouldnt dare literally put their hand in my pocket but do so hiding behind a screen! Whatever they spent £89 on wasn't delivered to my house, so am hoping they get caught out. Have told the bank that this isnt over and I will be pushing for compensation - as this is clearly out of my control, but, Im the one having to sort it all out
 
So, on a serious note. I've just been hit by the infamous deliveroo scam. £89 taken from my account and dont even have a deliveroo account. Turns out the card I hold for the account is due to expire this month and it wasnt even the card number that was used for the transaction! It was the new card details that hadnt even been made into a physical card yet, awaiting approvalnor pending or something, but no physical card exists! So in my eyes the only way this can happen is for VISA to have a dodgy employee selling off card info OR they have been hacked themselves and havent made it known publicly, i mean think of the outrage if it came out that VISA had been hacked! All different banks have been hit by it... scammers are vile cowards that wouldnt dare literally put their hand in my pocket but do so hiding behind a screen! Whatever they spent £89 on wasn't delivered to my house, so am hoping they get caught out. Have told the bank that this isnt over and I will be pushing for compensation - as this is clearly out of my control, but, Im the one having to sort it all out
It's far more likely that the card number had been assigned to your account (depending on card they're sometimes shipped out a couple of months early), and someone had a card number generator that got lucky.

IIRC there is a formula that is used to create the card numbers, and it's fairly well known as the card issuers use it with minor variations, and the first 4 digits of your card are always the same for that issuer/card type (for example IIRC Barclaycard Visa always starts with the same 4 digits whilst their MC start with a different 4), so it's only got to get 12 digits right and at least one of which is a check digit, so 11 digits.
If you ever played with old keygens for pirated games you might remember how it was often possible to get a working one within a few attempts.

So what someone can do is use what is effectively a keygen, and hope it works, and depending on the retailer or company doing the card processing they may not need to match the rest of the card details, or even physical address, so they get a huge list of potentially usable numbers then try a company that's got lax security until they get some successes and sell those numbers on as being valid.
A company like Deliveroo might be an ideal way to test these generated card numbers because you don't have to present the card number in person, and don't have to be the person it delivers to or might be asking for it to be delivered to a hotel room or whatever.

Going back a fairly long time I had some fraud on one of my cards for a porn company who authorised my card number based just on the front 16 digits and a hotmail address (at the time I didn't have one as it was new).
Another time someone was apparently creating fake cards and using them in a museum/art gallery coffee bar so loads of people were getting card transactions for something like $1.99* because America tends to be very very behind the curve in dealing with card security (partly because their consumer protection laws tend to be lacking so it's often up to the card holder to fight hard to prove fraud rather than the issuer taking responsibility).

It would be interesting to find out what card details deliveroo in various countries actually check when they validate it for order, as from memory it's largely up to the retailer as to what they do, with the understanding that the less details you take the lower the limit at which it becomes the retailers responsibility to refund any fraud out of pocket. Which is one of the reasons the likes of OCUK tend to want ALL the details and will often only ship to the cardholders address as it means their risk from fraud is massively reduced, whilst IIRC Amazon don't necessarily ask for the CVC every time (Amazon are big enough their own risk algorithms mean they can take the chance).


*I was amazed that got through Barclaycard's anti fraud system, as I rarely leave the country, have never been to the US, NEVER used my credit card for small purchases in person, and never in coffee shops etc (at the same time they blocked my reoccurring online game sub several times).
 
Can Deliveroo be set up so that it requires your fingerprint when authorising payments via Google Pay or PayPal?

We don't have Deliveroo over here in Stafford but we do have Just Eat and I've set it up so that it needs my fingerprint when authorising a payment.
 
In fairness to Deliveroo, it may just be where card fraudsters chose to spend money - lazy buggers can’t be bothered cooking. I found a couple of Deliveroo charges on my cc, but checking my Deliveroo app showed nothing. (Although maybe I’ve misunderstood).
Got them refunded, but never really got to the bottom of how it occurred.
 
It begins with a T and ends with B and has an S in the middle.:)

I was a victim of fraud twice and they had my back both times.

my parents have had cards with them for decades and have never been a victim of fraud even once. Low and behold they dont use the internet
 
I've just had an amount of £88 charged to my account, again a payment to Deliveroo! I've never used them, so how is this possible? The transaction was mid-afternoon today, that's one heck of a lunch for one!! What I can't understand is why the bank didn't contact me to approve the transaction, when they have done recently for smaller amounts!
So again, the card is cancelled and I have to wait for a new one. The bank have said that this is happening a lot just now!!
 
Back
Top Bottom