Warning to all on line shoppers - not a joke!!

[putthehamsterbackinitscage]

If you shop on line with supermarkets or others who store your card details - think again!!

Like many regular posters, I have been using on line shopping for groceries for 2-3 years ....

My card details were stored for ease of use, and the ocado website simply charged my card with no input needed from me....

Then my account got hacked and it's apparently all my problem... They won't cancel a fraudulent order for £2k even though it hasn't been delivered and I have had to cancel my card and will now have the fun of sorting out the mess with my card provider, sorting out all the other stuff that will get messed up by this and being without cards for the next 2 weeks...

Please think about this - delete your card details and don't save them....

And consider switching to companies that verify card details for every transaction....

Pipbin - when I had the same thing happen they changed the email address but everything was sent to my stored email address too. Which would be a useful heads up if Ocado actually would do anything other than effectively say "compu'er says nooooo". Twats.

They changed the email address too - I got an email telling me it was changed but by that point I was locked out...

The truth is there is no security apart from your password - everything else is worthless, and passwords can be hacked

I only ever used the app from my phone, or the website from home, on a trusted device

The only security for anyone is to not store payment details - and the same for any other sites too...

Sweary... Cross post but yours is better

Thanks for posting this, I am about to cancel my Smart Pass anyway, so have now removed my details for purchases, you are right about it being weak although I have noticed them asking for my password more often recently. I hope you get it sorted out ASAP.

Ive just removed mine so thank you for the warning.
However, I did always have to enter the security code with each order so not sure if that made it a bit more secure?

that's dreadful. I'm sorry if I'm being thick but why was the money taken so quickly?

Normally when you do a grocery shop online, the money isn't taken until the order is being picked for delivery. Does Ocado take it right away then?

It seems very unfair that they won't just cancel the order & refund on your say so too! I very rarely use Ocado, and don't have a current card saved on there, but this would definitely put me off using their app in the future!

I hope it's all sorted out very quickly for you.

If you used that password for anything else then you must change it.

I shop from my iPhone with ocado and have my card details stored

I don't see how my password could be hacked at all

They don't take my money at ocado til 2 days after my order is delivered either

Ocado don't charge until after delivery as far as I know. They now take your carrier bags that you have returned off the total before they charge.

Passwords can be hacked easily if you have a weak password or if you use the same password for other sites and the other site has poor security and their password get stolen.

If the order hasn't been delivered it should be easy for them to cancel. Hopefully it's only the £1 pre auth. Apple save my card details, partly, so this can be used as opposed to saving in websites. My phone will allow me to scan debit cards, so you don't always need to enter details.

Could I ask were you using the same email and password for ocado as for mumsnet? Or for talk talk?

When I was on the telephone to them trying to get them to block the account/stop the order last month the wanker lady on the phone kept telling me they wouldn't charge my card until the goods were delivered. As these were goods I hadn't ordered, going to a house some distance from mine, it really wasn't comforting. Because they wouldn't fucking cancel on my say so.

I couldn't believe that they wouldn't stop the order when I called to say the account was hacked and pretty much told me it wasn't their problem. Like yorkshire I thought it wouldn't be hard at all to cancel an order that hadn't been picked. How wrong and silly I was.

Can you move any money out of that account so the payment bounces? They don't take payment until After delivery.

What happened in the end Sweary?

ceevee - I was using a similar password but different email from mumsnet, but that was my thought as to where it had come from as the email for mumsnet was [email protected] and Ocado was [email protected] and I have quite an unusual surname. stupidly my password was different numbers on the same string of letters. Not anymore. Though with Ocado I actually don't know what it is anymore and they won't reset it for me.

Pipbin - eventually I had an email (24 hours or so later) saying they suspected the transaction was fraudulent and were cancelling it. Well, durr, I had already told them it was. That was a wonderful 24 hours for my anxiety...

My bank sent a new card out.

Ocado won't let me have my account back but I'm minded not to shop with them ever again anyway.

So the upshot was nothing bad happened, but they couldn't have given less of a shit when I called to sort it out - telling me it wasn't their problem whilst I was having palpitations at £1k o booze being sent to a fraudster and me being stuck with the bill because they wouldn't stop the account/order.

I bet Ocado get paid for fraudulent orders by the bank/credit card companies so really it's not in their interest to cancel...

Do they ask for the 3 digit security number from your card? Was the delivery address your address?

The other thing, be really, really careful about using open access wifi (so in the coffee shop, say, or on public transport) for anything requiring a password - not saying that this is how they got OP's password, but it is a known weak link within the internet, and is apparently very easy to hack into someone's details when they are using unsecured wifi like this.

did you escalate on facebook or twitter? Seems to be the only way now to get customer service issues resolved.

Well, that's me cancelling my Ocado account. How incredibly shoddy. Sorry you've had to deal with this, OP and Sweary.

I'll be contacting them again later to try to find out if they have stopped the order before it's due to be delivered but they could be a lot more customer friendly - I couldn't speak to their financial team - only the customer service assistant, and came off the phone feeling that I was wasting my time.

I tried contact via Twitter before starting this thread, but hit very much the same as on the phone... They even tried telling me they don't store card details so I suggested they read their own web site...

I'm always careful about public wifi - I have enough data on my contract that I usually do all online stuff over 4g - I've seen devices like 'pineapple' in action and know how easy it is to spoof a hotel or other public wifi. And I usually use apps where possible as if they are well written, they don't leak account details over a fake wifi.

In the interim, all accounts I had card details stored have now been removed, card cancelled and I now have the headache of sorting out stuff where my card is used regularly...

To all those who say you should be protected, yes - that's fine but the hassle of sorting it out is not so much fun, and as sweary says, the anxiety/stress caused is definitely not needed...

And the timing of payments - they take a pre auth £1 when you checkout, and then take the correct payment later... The card issuer wasn't sure if they use the same auth code when they take the final payment, but if they do,that means it will still g through and you then have to report as fraud...

ceeveebee - not a talk talk customer, and no, not same as mumsnet do I don't know how or whether just brute force ...

I'm so shocked that Ocado have allowed someone to change the address the goods are sent to so easily! There should be an extra layer of security if someone has changed address.

Also, Ocado must know the address of the people who've done this to you! They should be contacting the police as well.

I must admit I stopped shopping with Ocado a couple of years ago. They kept putting raw meat in the same bag as things like butter and cheese, when I asked them not to, they're response was basically - we don't gove a shit. So I never shopped with them again.