Active discussions

Meet the Other Phone. A phone that grows with your child.

Meet the Other Phone.
A phone that grows with your child.

Buy now

Please or to access all these features

Talk
Money matters

Find financial and money-saving discussions including debt and pension chat on our Money forum. If you're looking for ways to make your money to go further, sign up to our Moneysaver emails here.

Original poster

Warning to all on line shoppers - not a joke!!

66 replies

putthehamsterbackinitscage · 03/01/2016 21:00

If you shop on line with supermarkets or others who store your card details - think again!!

Like many regular posters, I have been using on line shopping for groceries for 2-3 years ....

My card details were stored for ease of use, and the ocado website simply charged my card with no input needed from me....

Then my account got hacked and it's apparently all my problem... They won't cancel a fraudulent order for £2k even though it hasn't been delivered and I have had to cancel my card and will now have the fun of sorting out the mess with my card provider, sorting out all the other stuff that will get messed up by this and being without cards for the next 2 weeks...

Please think about this - delete your card details and don't save them....

And consider switching to companies that verify card details for every transaction....

OP posts:
AnchorDownDeepBreath · 04/01/2016 08:54

Ah, so it was bought on the app? It sounds like the Ocado app is woefully insecure. The website does ask for verified by Visa even for saved cards, and looking at the app now, it wants me to reenter the long card number to use it as it hasn't been used on the app before.

You might get more joy with them today, OP. I hope you do. If the address has changed, they should be providing that information to the police asap.

It'd also be interesting to know if they got your password on the first attempt, and therefore likely knew it somehow, or if the app let them just keep guessing.

Bakeoffcake · 04/01/2016 10:12

Thanks for this thread. I've just gone onto my account at Ocado and despite me note using them for over two years I still have a card stored on my account! I've removed it!!

bruffin · 04/01/2016 14:18

My ocado app has a pin number, so that every time i add to an order it asks for the pin number, this is an option you get when you set up the app.

User543212345 · 04/01/2016 15:11

I don't use the app so it can't (just) be a problem there.

bruffin · 04/01/2016 17:38

Ocado do still use verified by visa, it flashes up when you pay. However. I havent had to verify anything on my visa debit card for a while now on ocado or anywhere else, whereas i used to be asked for everything,even £10 on dc school dinners.

margaritasbythesea · 04/01/2016 17:52

hefi - how would you be careful about that? To not use free WiFi at all or not shop on it?

I am woefully ignorant and now worried about my amazon account ...

Pipbin · 04/01/2016 17:55

Using free Wifi is fine, but don't use it to log into your bank or enter payment details.

IgnoreMeEveryOtherReindeerDoes · 04/01/2016 18:01

Asda direct won't allow you to remove card details as I tried closing all online shopping accounts I don't use anymore and I also emailed their data protection and still they won't remove my details.

NotDavidTennant · 04/01/2016 18:07

I never store card details now if I can avoid it after my account at Play.com got hacked many years ago.

I don't know if it's changed now, but in those days the police weren't interested either as they considered the website to be the victim of the crime and therefore the website had to report it.

Hulababy · 04/01/2016 18:11

On the Ocado app - check your settings. Make sure you have not turned Speedy Checkout on as that means you don't need to add a pin/finger print ID. It's not an automatic string, it has to be turned on but sometimes it's easy to get trigger happy when setting things up.

I Always have to enter my PIN or finger ID when creating and adding orders.

Pipistrella · 04/01/2016 18:12

I have the Verified thing, but lately when it pops up, it disappears again without my having to fill it in.

Not sure why this happens, I think I might ring and ask the bank.

Bakeoffcake · 04/01/2016 18:20

IgnoreMe that's absolutely shocking that Asda won't let you remove your card details.

Surely they can't be allowed to do that!

Original poster
putthehamsterbackinitscage · 04/01/2016 19:49

Quick update...

I used Twitter last night/this morning and got a far better response than on the phone

I have now had confirmation they have cancelled the order but as for sweary my account is locked and effectively closed - they have cancelled my smart pass, Ocado reserved and all orders but I have no way of knowing if my personal details are deleted/stored within their systems still

Ocado maintain they do not store bank /payment card details but use some form of code to communicate with banks.... I remain sceptical as when you switch between bowsers/devices and apps, the website can show payment card details so there must be some way the browser converts/displays this, and the hacker must also have been able to access it

To clarify, when I would check out an order with the app, it would seek either Touch ID or password, but if the account is already hacked, then that is no protection ...

There is nothing to notify you if a new delivery address, only changes to email address, so if they had not revised the email address, but had say turned off text notifications I might not have noticed until the order had been delivered and an invoice arrived via email

I have expressed my views on the service I received yesterday but if anybody else does have a similar issue, I would suggest Twitter rather than the call centre ...Hmm

And I still advise not storing payment details at all In the future.... And To all those who have said, I had already been busy closing unneeded accounts/ changing passwords / deleting as much info as possible across a range of sites even where payment info is not stored.... All will help my plan of nit spending during the next couple of months Wink

OP posts:
bruffin · 04/01/2016 20:36

you cant view payment details on the app, and on the system it only shows last 4 numbers of the card, you cant go in toedit payment details, only add a completely new card.

Pipbin · 04/01/2016 21:54

The problem isn't if they store your details though. The problem is that your account was hacked, including the stored details.
I don't think someone hacked Ocado and then used your card details, rather they got hold of your email and password and hacked your account. It was your account that was hacked, not Ocado.

I think the big worry is that someone who had got your email and password managed to change the email address as well as the delivery address without this flagging something up.

Please make sure that you change anything that had the same password.

ceeveebee · 04/01/2016 22:31

You would think that ocado would have some way of monitoring suspicious activity like changing email address, password and delivery address all in short succession. I know that this would be flagged as suspicious in the digital organisation I work for, and the account would be suspended until investigated.

Or tighten up on their security processes. For example when I changed my address with my bank they used a two step identification process where they texted a code to my mobile. They are being a bit sloppy.

New posts on this thread. Refresh page