How do people get hold of your card number/address/security number....

[JanH]

...unless it's off a "secure" internet site?

It has just happened to us again - only worse - before, people have had our card details but ordered internet stuff like downloads.

Now, someone has ordered something tangible to be delivered to a different address, but was able to quote their name with our address and our card security code, and ask for delivery to their name with another address (200 miles away )

I'm suspecting a paypal connection because we've had this with paypal before, I haven't used it for well over a year but did use it again in December and presto, here we go again.

bump - I need to know!!!!!

Hmm, I'm not sure, but I don't think Paypal is the problem. At least, I use paypal a reasonable amount, but have have never had problems with my card. DH's card was misused, but not very competantly.

do you have a firewall on your pc - is there any chance that 'spyware' has captured your card details?

the most common way is through a "trojan horse" programme on your computer. Do you have a good, up to date anti virus programme?

oati - that's not what spyware does, and a firewall won't help if you've opened an infected file.

DH says the horse thingy - apparently cos he sorted out his mates comp on sunday a thrid party attaches a file to your comp in a file you wouldn't think to look in and then basically emails your details back to them at regualr intervals (at least that's laymans terms for me to understand)

if not a trojan, then it could be a rogue employee at any company you've ordered from in the past - more likely a small company than paypal.

the bank are refunding aren't they?

actually SP I meant waht you said - just couldn't think of the right terminology - something about something on your computer anyway

We had a complete systems crash shortly before Christmas (msn-introduced virus to blame apparently) and subsequently had everything cleared down and started again pretty much from scratch, with Norton firewall and virus protection. Before that we did have a Trojan which Norton couldn't fix, but that has gone now. Also we have spybot and adaware which we run regularly.

The amount concerned is under £10 (phew), although the person had also ordered a games console for £300+ - luckily the website's internet fraud section had asked for extra verification so that didn't go through!

SP, I am also suspecting a rogue employee at somewhere I've ordered from in the past - the website concerned now sounds pretty hot, I have to report incident to police tomorrow and they will take it from there.

I just asked the website concerned how come the wrong name wasn't picked up - they said "AVS (Address Verification System) dosen't look at names - it looks at the house number in the first line of the address and the postcode - if these 2 variables match the only other thing that it will check is the 3 digit code on the back of the card".

Obv AVS should look at names!!!!

Right, but you could legitimately order something giving your name and address and want it shipped somewhere else - it could be a gift.

I know three people whose cards have been cloaned following transactions through paypal, although I use it and have never had any problems.

failing that, have you been to a restaurant recently and given your card up for payment? it's pretty easy to steal card details that way too which is why it's imperitive that you never let your card out of your sight, although I know that's easier said than done.

This makes me so mad Grrrr. My mum received an email from "paypal" yesterday stating that someone had been trying to log into her account from a unknown IP and asked her to click on the link and log in. She was just about to do it. I told her not to knowing it would have been the fake paypal site.

Have you had any mail like that Jan?

Hmmm, I'd expect fishing mails would lead to your paypal/ebay account being misused, not to credit card fraud. I don't think you can see credit card details directly on ebay, iyswim.

NQC, that's the thing, this person gave their own name as cardholder - the current system doesn't check the name - did any of you know that? I didn't know that!!!

Explanation from merchant:

Wannabe, I haven't, but DH was in Greece for a few days in November and he's not sure - he said yes he did, but then decided he was confused because he had to hand over his passport in his hotel, and that he didn't ever lose sight of his card. So AFAIK nobody's ever taken either of them away.

It's really hard though when this happens to put your hand on your heart and say you have been 100% careful!