My feed
Premium
Please
or
to access all these features

AIBU?

Our bank account has been cleared out

241 replies

lougle · 04/06/2016 22:32

Today my DH said 'why do we have no money??'
I told him not to be so ridiculous, because we have been working really hard to save money and build up a buffer in our account. So I looked at our bank account: available balance £14.

Someone has used almost £2000 on Next and Foot Asylum purchases, with a pizza and a dessert order thrown in Angry.

The irony is that I never buy from Next because we can't afford for me to buy new clothes. I only ever buy from charity shops or (very rarely) Primark. So the fraud claim is very easy to prove. That and the fact that the man on the phone from the bank had to tell me what Foot Asylum is Grin.

The transactions were all in the last day or so, and were all made using DH's card. We also had a letter today from Next, addressed to a man we've never heard of, thanking him for advising them if his change of address. So Next have given us a fraud case ID number and have put a block on account applications from our address. The bank fraud team will contact us tomorrow.

How gutting. We're lucky that DD1's DLA gets paid into a different account, so we can use that for a few days and reimburse it when we get reimbursed by the bank. If it got paid into the same account we'd be absolutely done for.

OP posts:
Report
Bolograph · 05/06/2016 17:25

I would suspect some kind of keylogger on your PC then

I wouldn't: memorable names used for phone banking are rarely the same as online things. I'd expect that the memorable name is trivially deducible from Facebook or just relatively easily guessed.

Remember: an attacker doesn't have to get it right every time, they just have to get it right often enough to make money. They aren't trying to steal two grand from you, they're trying to steal two grand from anyone they can steal two grand from.

So if they have to try guessing the credentials of hundred people, making one hundred phone calls, and on the hundredth occasion they get lucky and steal two grand, that's a pretty decent day's work. Do that every day and you're making forty grand a week, weekends to yourself.

It's the same as breaking in to gmail accounts. Take a list of a thousand email addresses, and then just try logging in to all of them with the password "password123". That won't work if you're keen to break into one particular account, but you aren't: you're just breaking into accounts.

Report
Quills · 05/06/2016 17:27

Normally I would agree Bolograph, but the OP mentioned that the memorable word is also used in their Verified by Visa password online Smile

Report
Bolograph · 05/06/2016 17:30

Do that every day and you're making forty grand a week

Do that every day and you're making forty grand a month.

Report
Bolograph · 05/06/2016 17:33

the OP mentioned that the memorable word is also used in their Verified by Visa password online

Oh Jesus, I didn't notice that.

Bristol University CS department offer a "computer security for non-CS students" course, which is basically "stay safe online" taught by people who know what they're doing, rather than a lot of the myth and nonsense. We should all do that.

"Stop using your Windows PC and use an iPad, the chances are much better that it's OK" would be on the list.

Report
ihearttc · 05/06/2016 18:16

I have a Next account and use Verified by Visa...if you make a payment through Next they don't ask you for your Verified by Visa password.

Report
Saramel · 05/06/2016 18:25

This happened to me with a Sainsbury's Credit Card. I'd only bought one item on it and then put it away. To my horror the next statement said I was close on my credit limit which meant someone had spent a couple of thousand pound. Within 10 minutes of phoning the Card people, they'd assured me they could see it was definitely fraudulent purchases due to the way they had done little amounts to start with. They sorted it out in a very short time and hopefully you will have the same kind of luck.

Report
Bolograph · 05/06/2016 18:40

I have a Next account and use Verified by Visa...if you make a payment through Next they don't ask you for your Verified by Visa password.

Indeed. VbV is as the discretion of the merchant, who gets some extra protection (ie, shifts some liability back to the bank) in exchange for putting a hurdle up which will result in some percentage of sales failing because people can't or won't use VbV. It's a trade off: a few fewer charge-backs in exchange for a few extra abandoned carts, and each merchant will have a risk appetite decision to make.

Report
lougle · 05/06/2016 20:39

Ahh, so they wouldn't have been asked to verify. I wonder if foot asylum uses VbV...possibly not in that case.

OP posts:
Report
Ontheisland · 05/06/2016 21:09

I remember years ago (mid nineties), there was somewhere on the interweb or more than likely in a newspaper that published the algorithm required to create a card number that would work. I remember trying it when terminals were in their infancy and you could just key in card number. It worked!

I did not steal any money, but was fascinated how card numbers are created, it wasn't that hard IIRC it was the account number and some sums. I'd love to find that info again but I'm pretty sure it's gone now.

Report
Bolograph · 06/06/2016 01:28

The card checksum digit, and the format of the credit card number more broadly, is hardly some dark secret:

en.wikipedia.org/wiki/Payment_card_number

en.wikipedia.org/wiki/Luhn_algorithm

It won't get you very far these days, as you'll need some subset of the expiration date, the billing address, the CV2 or the chip in order to spin a credible transaction, in the UK at least.

Report
Goingtobeawesome · 06/06/2016 13:55

Someone tried to do this with my card. What pissed me off was the bank cancelled my card but didn't tell me 😡 I found out days later when I tried to buy something.

Report
LunaLoveg00d · 06/06/2016 13:56

but that somehow they've got the details online

you're not a Talk Talk customer are you??

Report
AristotleTheGreat · 06/06/2016 13:59

I feel for you.
We had someone using our card a few years ago to buy a holiday!! The bank was quite Shock as, of course, you do need to give YOUR REAL NAME for the flight tickets.
We've never been told if they manage to find them but we got a full refund.

Report
lougle · 06/06/2016 14:02

No, not Talk Talk.

OP posts:
Report
LurkingHusband · 06/06/2016 14:03

Do any UK banks offer an ability to set up email/sms/phone alerts for

  1. transactions over £x
  2. if your balance goes below £y

    ??

    Would be a powerful tool to detect (and therefore discourage) fraud.
Report
LurkingHusband · 06/06/2016 14:07

Also, a little tip I use when receiving a new card, is to memorise (in my case using a password manager, but a scrap of paper will do) the CV2 number (that's the last 3 digits on the signature strip) and then obliterate them (you may need a soldering iron).

The CV2 number is only needed for Cardholder Not Present transactions i.e. internet or phone). If it's not on the card, then it can't be swiped by a fraudster. Additionally, anyone who notices it's absence may be worthy of suspicion themselves.

Report
Bolograph · 06/06/2016 14:08

Lloyds offer text if balance falls below a threshold, and text if transaction done outside the UK (which is handy when travelling and will catch some frauds). I don't think they offer text on large transactions.

Report
AristotleTheGreat · 06/06/2016 14:09

HSBC and Barclays also offer a text if you go below a certain amount.
Barclays has an alert system if your CC goes over a certain amount in total (so would pick up one big transaction or several smaller ones)

Report
GarlicSteak · 06/06/2016 14:11

Yes, Lurking, mine does - NatWest. I should imagine most do now.

One of the extremely few advantages of being dirt poor now - I don't have to worry about bank theft! If anyone can buy nice stuff using my accounts, they're smarter than me 😂

For those who haven't realised, btw, contactless cards can be skimmed while still in your handbag/pocket. Scanners only cost £30 online. You can get wallets with a lining that blocks the signal, or botch your own up using baking foil and/or an oven liner. Alternatively, don't have one linked to your main account - just load the flashcard when you're about to use it.

This is why they have a £30 limit but that isn't much help when somebody goes and makes hundreds of small purchases, as they commonly do at festivals & the like.

Report
lougle · 06/06/2016 14:13

I asked why our account wasn't flagged, and they said it was because the retailers they used don't fit their algorithm of high risk transactions. If they'd used it on IT it might have done.

OP posts:
Report
GarlicSteak · 06/06/2016 14:13

... following on from my warning about contactless cards - also applies to phones. It's wise to disable NFC, at least when you're in a crowded place.

Report
AprilSkies44 · 06/06/2016 14:16

This reply has been deleted

Message withdrawn at poster's request.

Don’t want to miss threads like this?

Weekly

Sign up to our weekly round up and get all the best threads sent straight to your inbox!

Log in to update your newsletter preferences.

You've subscribed!

AristotleTheGreat · 06/06/2016 14:18

What is NFC garlic?

Report
KERALA1 · 06/06/2016 14:22

It's worrying and hassle to sort out.

Some charmer managed to pinch my card from my purse in Starbucks and withdrew £800 otc.

Best was the robbers who burgled my flat loaded my possessions into my car and drove off in it!

Report
whojamaflip · 06/06/2016 14:24

I had this with my barclaycard several years ago - someone decided to buy over £500 worth of motorbike parts - shame that my limit was £250 due to being a poor student Grin bank flagged it but I still don't know how they got my details - card was in my purse and hadn't been used in months!

Report
Please create an account

To comment on this thread you need to create a Mumsnet account.