HELP - card cloned possibly linked to Crowd funder

[ArseDiamonds]

Hi namechanged

But I’m a long time lurker, sporadic poster.

I donated to the transgendertrend crowdfunder and since then I’ve got four transactions which are not mine on the card. They appear to originate from the same postcode as the crowdfunder.

It’s been used at deliveroo and fucking Airbnb!!! Has anyone else had problems?

I have two credit cards. One I use only for online / phone transactions, the other for face to face. I recently had a fraud alert on the F2F card as it was being used online. God only knows how those details had been harvested as the card had not been used for months!

Have you got virus software?

The OP has had some suspicious replies because there are some improbable parts to her post.

The assumption that a Crowdfunder employee has done this is really not credible.

The bit about post codes matching is not credible. If the card, whether stolen or cloned, has been used for deliveroo or an airbnb the post codes will be the post codes of those businesses.

You don’t need to clone a card to make online payments (such as to air bnb and Deliveroo) you just need the card details.

Online payments to things like crowdfunder are encrypted the company will often state they have no access to the card details, so it’s more likely if the details were captured it is down to a compromised system of some kind when you are inputting the details online or a card reader on a card machine or atm.

Credit card companies are good at spotting this. I had a card cloned- didn't know until I got a call from Bank of Scotland fraud department. They were brilliant. The system had flagged up that it was very unlikely to have been me making this purchase giving my spending history. They spotted it so quickly the dubious charge never even appeared on my statement.

That is a far more credible explanation Offred than it being a dodgy employee at Crowdfunder.

If it has happened because of an infected device you need to get some good quality anti-virus software and disinfect the device but you should also change all your passwords from a device that is not infected and check to make sure things like your recovery details (mobile/email) have not been changed as card details may not be the only information that has been stolen.

And don’t do this on public WiFi either. Make sure both the device and the connection are secure.

Agree with Offred and FlaviaAlbia. It will not be the employee. Card details are very heavily encrypted when used in ecommerce transactions under PCIDSS regulations. Places like just eat/deliveroo and hungry horse are commonly used to test the validity of card numbers by fraudsters.

I don’t know re the troll stuff. Card fraud is stressful and people panic.

I don’t think it matters, it’s highly unlikely to be a weakness re crowdfunder (definitely not TT). The weak points are usually related to the point at which the card is used. Either a skimmer attached to a card reader, a payment made using an insecure network or an infected device... or the obvious age old type; a trusted person who has access to the card itself and can actually copy the numbers from the card.

The types of fraudulent transactions are usually tiny amounts - subscriptions to dodgy online websites or online purchases designed to look like normal spending; air bnb and deliveroo would appear to be you being on holiday and wouldn’t necessarily flag up as fraud even if you had never used those companies before.

Well, I'd be astonished if the credit card details were saved by crowdfunder in a way a member of staff could access or read. If they did have the data saved or logged, I'd expect it to be encrypted and salted so it's impossible to use without running a decryption algorithm.

The card has been stopped now. I have phoned the police who directed me to action fraud, I’ve gone through that and been told I don’t need to report as card company will.

Postcodes - It is a credit card. we have looked at all the transactions on line they are all postcoded. DP (who works in finance) said the first fraudulent transaction was at the same postcode as the crowdfunder donation, he thought it was possibly the crowd funder.

I was shopping at the weekend, I’m always extremely careful with the card though. (again DP works finance is paranoid) I would MUCH rather think someone got hold of card details then, than my card was targeted because of what I had donated to.

I have previously donated to woman’s place, jennifer James, James free speech campaigns without problems.

I posted here because I thought it would be the best place to ask if anyone else had had problems since donating.

I in no way want to damage FPFW crowdfunder and I am happy to report my own post if people think it is damaging to that.

I know the MRA’s/TRA’s are crawling all over this board, especially at this time of night.

If no-one else has had any issues and you want this taken down I will request its removal if a poster recognise asks me to.

Thanks to everyone who has tried to reassure me that my details can’t be hacked from crowdfunder. We’re just concerned as it’s 18 years since anything like this has happened as like I said we’re very careful.

offred I would’ve paid on my phone, could my phone be the weak point?

Is it possible for crowdfunder to be hacked and if so is it possible to hack the people who donated to a particular crowd funder.

Anybody who’s thinks I’m a troll needs to report, MN will confirm to you I’m a name changer.

Oh and I’m suspicious of crowdfunder employees because when I emailed to complain about the original crowd funder being taken down, the response I got telling me it had been reinstated was frankly a little snotty!

Any device is potentially a weak point but operating systems that have been around longer or are more popular usually have more malware targeting them.

I would have thought, having access to the type of transactions and more info that the credit card company would have given you advice re what you may need to do to prevent future problems.

If they think all you need to do is cancel the card then they will probably have reason to believe that is sufficient but they usually explain why they feel that is sufficient TBH.

Thank you OP - you have reminded me I need to donate.

That's good news! It's worrying when something like this happens, but you did all the right things - checked your statement, called the card provider, posted in Feminism Chat

I in no way want to damage FPFW crowdfunder and I am happy to report my own post if people think it is damaging to that.
I wouldn't worry, I'm sure this has done no damage.

offred I did use public WiFi on my phone at the weekend, but I wasn’t shopping on my phone at that point. Could that have been it?

If I take my phone to Apple will they be able to ‘disinfect’ it for me.

Card company just went through all transactions with us, noted which ones weren’t ours. Said the card was stopped an we would receive something within 7 days to sign and say they weren’t ours.

Then I would think stopping the card will be sufficient.

Credit card companies/banks don’t always recover these losses from the fraudsters. They are unlikely to fail to tell you the things you need to do.

OK thanks, and thanks for all your help it is appreciated.

It is usually the processor that is compromised and thousands of cards cloned.

I donated twice to Transgender Trend, once through their site when the crowdfunder was down and then through the crowdfunder. Also to the FPFW crowdfunder. No problems. I can’t see any postcodes for these transactions on my phone banking app.

It is most likely the OP’s card details were taken during a real life transaction. I think it is possible to steal details when people are at tills or on a public WiFi connection. You can buy blocking devices for your cards in your purse.