Can’t shake this feeling - credit card fraud

[BalaamsAss]

Woke this morning to an email from a company we have a weekly subscription with, to say that our credit card payment had been declined.

Really odd, and while the email looked totally genuine I took all the correct precautions and logged on via the website rather than clicking a link in the email, and input the CC details again. It was once again declined.

DH then checked the CC on the app and discovered 3 transactions we hadn’t made - totalling nearly £6k.

Immediately got onto the phone to the bank who claimed they had spoken to us last night before they had blocked our account.

We hadn’t spoken to them at all. Whoever got our card details wasn’t content with shopping at our expense but also phoned our bank to impersonate us and try and get the card unblocked.

The card is now blocked but apparently we can’t do anything else until we can go into a branch in person - they are all closed until 10am on Wednesday.

I feel utterly sick to my stomach. I feel violated. I feel completely uneasy. I want to cry. I want to stamp my feet and scream. I want to know who did it.

We do shop online a lot, esp at the minute, but we are also super careful. We have no idea how someone got our details.

I hate this. I hate this. I hate this.

Rant over.

@Sportycustard

I had my card details stolen last year. In total thieves spent £19,000 on Air BnB, high end electronics and a vast amount of pizza (£400 order twice a day, who the f* were they feeding?)

I got it all back. Bank seemed remarkably unphased by the whole thing. Some choice words were exchanged when they suggested that I was hiding spending from my partner though (joint account, now firmly closed!)

They probably got the bank from the validation page. When I order anything online it directs me to a page which has my bank name at the top. From there you could work out which bank to call to try to get the card unblocked.

They weren't feeding anything. It was an alias, looks like it was spent on pizza, it was a fraudulent business and a way of getting hands on cold hard cash.

Like some of the fake small business shops, eg. Phone shops, fast food restaurants, corner shops that are fronts for dodgy dealings beneath the facade of being genuine.

These people are clever at harvesting card details and dealing in illegal business.

I had my eBay account hacked last year, they had placed orders to be collected at pick up points hundreds of miles away from me, It's an awful feeling.
It's concerning how they managed to speak with who you have your credit card with. I needed to ring my credit card provider last week (non fraud related) but before they would speak to me I had to answer several security questions ie DOB, address, name of the person who shares the account with me and my telephone banking passwords. I would be putting in a complaint to them.

@MillieVanilla - it was NatWest

DH phoned the number on the card and got through to someone who was utterly useless, and to be honest who raised our suspicions a bit because the way he did things just seemed a bit off.

He then called again on the same number and got someone different, but just as useless.

He called a third time to the number from the website instead and they weren’t much use either.

They just kept saying that in order to do anything they needed ID so he had to go into a branch. They then suggested sending a photo of his passport and a selfie via email to act as an ID check! Not a chance was that happening.

We’re in NI so there aren’t any NatWest branches here, but they are linked to Ulster Bank so we’ll be there first thing in the morning.

The credit card is in DH’s name but I am a second named holder. The account is DH’s but they have both our phone numbers for authorisation purposes. I do most of the spending on it, but the security details etc are all DH’s.

I spent £40 in Argos on Sunday (online order - collected in store) and then the fraudulent transactions went through that night. It is the only time we have left the house since 23rd Dec and the only time the card has been used since then too.

It’s scary how easily credit card details can be found by fraudsters. I have a card that I have only ever used to do a balance transfer. I have never used the card either in a shop or online and the card was still stuck to the letter it comes on when I opened the card, and that was in my paperwork. I had never opened the PIN and that was also still in my paperwork. So the fraudsters didn’t have the card or PIN and there’s no way the details could have been taken from a shop/website as I’ve never used it there. Somehow there was still fraudulent activity on the card. Luckily as it was so unusual for there to be any activity on the card their fraud systems noticed it and sent me a text asking if it was a genuine transaction so I was able to get it all stopped, but they couldn’t tell me how the fraudsters managed to get the card details. The only thing I can think is that it could have been some internal failure (hacking or someone dodgy working there).

I'm finding the Argos shit comment really funny, how typically mumsnet 😂

God calm down. We went on a weekend break a few years ago and when it came to pay both our cards were declined on our joint account. Someone in Florida had basically nicked all our money overnight we had to sit in the managers office as we couldn’t pay! The bank refunded us.

The bank have to refund you.

It is likely that you've made an online payment with the CC, and that website has stored your CC details insecurely and then has been hacked.

Large databases of CC details containing millions of entries are surprisingly simple to buy and are very cheap.

Have a look at haveibeenpwned.com - enter your email address and it will search compromised databases for your details and indicate the type of breach. If you have reused the username/password on a site, get them changed

You will not be able to unblock your account until you have provided ID. You will get a full refund.

When I used to travel a lot for work this happened to me several times. The bank fraud team would block my card then contact me to check whether the transactions were fraudulent. I've also had my card blocked when my activity was unusual. I'd bought some fairly expensive electrical items in the Boxing Day sales. Unusual activity for me and the bank blocked the transactions until they confirmed with me they were genuine.

What has has happened to you in relation to the transactions is upsetting, but not unusual. What is not right though is that the fraudsters got through your banking security. That bit is very suspect.

I spent £40 in Argos on Sunday (online order - collected in store) and then the fraudulent transactions went through that night. It is the only time we have left the house since 23rd Dec and the only time the card has been used since then too.

And two fraudulent transaction that day and also at Argos???

I would lay bets that is your problem - an inside job. That would also explain how they might have had access to more information about you - from your account details. I had this happened to me a few years ago with Amazon, and the banks fraud person that I spoke to me said that "inside jobs" were commonplace.

Has your card been cloned? I do think you have some kind of protection with a cc. Mine was stolen and used and I got the money back x

If you can obliterate the last 3 digits (CV2) on the signature strip after memorizing them (a soldering iron may be needed) then the card can't be used for Cardholder Not Present transactions if the card is skimmed somenhow.

Or rather than mermorising the CV number, write it down securely.

@TheSilveryPussycat

Or rather than mermorising the CV number, write it down securely.

As they say "Your Mileage May Vary"

Mine is squirrelled away in a password manager.

A few years ago I had an amusing run in with a shop that tried to put a transaction through as CNP - the guy insisted he had to see the CV2 to get his machine to work. I suggested that he most certainly did not need that, and instead he should be paying the admin fees to have a proper machine. I notice he now only takes cash.

If you can obliterate the last 3 digits (CV2) on the signature strip after memorizing them (a soldering iron may be needed) then the card can't be used for Cardholder Not Present transactions if the card is skimmed somenhow.

This will not prevent your card from being used for Card Not Present transactions if your card details have been stolen from a compromised website and then sold on the dark web which is the much more common scenario.

@BeBraveAndBeKind

If you can obliterate the last 3 digits (CV2) on the signature strip after memorizing them (a soldering iron may be needed) then the card can't be used for Cardholder Not Present transactions if the card is skimmed somenhow.

This will not prevent your card from being used for Card Not Present transactions if your card details have been stolen from a compromised website and then sold on the dark web which is the much more common scenario.

Exactly. The card that I had used had never left my house. No one had seen the number.

Are the card details saved to your Argos account?

If you file a subject access request with your bank, you may be able to receive the impersonated phone calls the thieves made to your bank’s customer service. I’m not 100% sure if the calls are recorded, or if your bank would supply them, but perhaps hearing the voice may reveal the thief?

@BeBraveAndBeKind

If you can obliterate the last 3 digits (CV2) on the signature strip after memorizing them (a soldering iron may be needed) then the card can't be used for Cardholder Not Present transactions if the card is skimmed somenhow.

This will not prevent your card from being used for Card Not Present transactions if your card details have been stolen from a compromised website and then sold on the dark web which is the much more common scenario.

Whilst nothing is impossible, very few credit card handlers have the approved security to be allowed to store the CV2. That won't prevent a dodgy outfit storing a few, but for a massive "tens of thousands card details stolen" hack, it's very unlikely.

Personally, I'm a big fan of caltrops for scammers. Small, annoyances that mean they'll move on to the next victim.

My last employer was putting over £250,000 a year through debit/credit cards, and they weren't allowed to store the CV2.

PCI-DSS is the magic word

@Vitaminsss

If you file a subject access request with your bank, you may be able to receive the impersonated phone calls the thieves made to your bank’s customer service. I’m not 100% sure if the calls are recorded, or if your bank would supply them, but perhaps hearing the voice may reveal the thief?

The bank won't release the recordings.

If there aren't any recordings, then the customers word trumps the banks (which is why I know all calls are recorded).

On the plus side my bank has always refunded fraudulent payments

Good luck at the bank this morning OP. Please let us know what is said

I don't understand how a scammer would know how to answer your security questions. Most cc companies will ask a couple of different questions.
Are you absolutely sure it wasn't your dh?

First direct were great. Our money (thousands) was reimbursed within an hour.

Turns out customers living overseas had complained banks security inhibiting their spend so bank took security off a load of accounts one ours. Hence they didn’t flag why a mid 40s couple on a mini break in South Wales spent £5k on gaming trainers and porn in Tampa Florida...

Yes, I am absolutely certain it wasn’t my DH - no question.

We’re headed out shortly. Will report back.