Debit card fraud (OT, a bit long)

OT but so much experience here!
Wife noticed this morning that her Barclays current account was £400 down from yesterday, with no transaction listed. She went into the branch and they said "You bought a Dyson". She bought one three months ago and thought she used the Barclaycard credit card, so came home to check.
Confirmed she did bought it from Amazon on Barclaycard.
Both Dyson and Amazon deny making the second transaction.
Phoned bank fraud department and failed the initial security check, her DOB and/or mothers maiden name have been changed. But after authenticating with the Pin Sentry they were happy to talk to her, said "Card must have been cloned, we'll cancel it and send you another".
The original order was actually for three items, but the value of the new transaction is *exactly* the same as the total, five digits so unlikely to be chance (and the bank knew it was for a Dyson).
She only uses the card in ATMs or for online transactions, so I don't *think* someone has literally cloned the card. Amazon may have her debit card details as well as credit card.
Question.
What's leaked is the value of a specific transaction between Barclays and Amazon (rather than Dyson, I assume) plus details of a card other than the one used. Doesn't this imply that the leak must have come from the systems of one of these two organisations? Data snatched from the ether at the time of the original transaction wouldn't have been associated with the debit card details.
By some miracle, she spotted this before the transaction had actually gone through, so it may well have been stopped already. But I am wondering what else we might be vulnerable from.
TIA!
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 29/06/2015 16:27, newshound wrote:

OK I have had something similar and it highlights a dirty little secret about credit card transactions that they would really rather you didn't know. The transaction I had go spectacularly wrong was a rerun of a final payment for an entire fitted kitchen fully *three* years later!
Not surprisingly this stuck out like a sore thumb.
Once a company has your details and full verification the credit card transaction can be run more than once and unlike a cheque it *never* times out. They will unwind it quickly once you point it out.

They would wouldn't they. I would get your bank fraud department to check again. My strong suspicion is that that vendor inadvertently reran an old batch of transactions somehow and that you are not alone.
It is a good one to ask one of the money pages. I doubt if your card has really been compromised. My suspicion is that human error has resulted in a rerun of the exact same batch of transactions verbatim.

That DOB and/or mothers maiden name have been changed is more worrying. Perhaps you should be worried. Time to do a deep AV scan...

I reckon that means it was a rerun phantom transaction.

It could also mean that your home computer is compromised by a keylogger and the miscreants now have enough info to fake being you. The puzzle is that they should buy another Dyson rather than something more easily traded secondhand.

It is better to be safe than sorry but apply a bit of pressure about the curious numerical coincidence that the transaction was for the exact same amount and demand to know the delivery address.
Genuine malicious attacks on cards tend to be along the lines of a small donation to a charity followed by a top of the range iPhone.
--
Regards,
Martin Brown
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 29/06/2015 16:53, Martin Brown wrote:

Thank you for the prompt response, much to think about there. By good fortune (I think) my wife does all her shopping on a Chromebook which I'd like to believe is much less vulnerable to keyloggers etc than a Windows PC.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

OK, this is not directly related to what has happened to you, but does fall into the category of 'how credit cards work in ways you didn't realise'.
One day, I go to te village shop, and my credit card is rejected. I leave te shopping there and go home and get on te phone.
'Your credit card was rejcetd because its out of date' 'No, its valid till the end of the next month' 'It was unti8l you used your new one' 'I haven't even recieved my new one yet' 'Yes you have, because there's a transaction of £6.50 on it' 'Not by me there ain't. Who is the payee?' 'The Financial Times' 'I do have an online subscription with them, but how would they know to use my new card that I haven't received yet?' 'Oh they would get notified *automatically*' 'Right, so basically you can not send me a new card, and before I receive it let alone activate it, someone without my knowledge or consent can cause my old card to be cancelled, and you think that's OK?' 'Yes, basically'.
In fact I found the card. My (soon to be ex-) wife had thrown it in a pile of junk mail ..
--
New Socialism consists essentially in being seen to have your heart in
the right place whilst your head is in the clouds and your hand is in
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 29/06/2015 17:17, The Natural Philosopher wrote:

I wonder what strings the FT can pull to have that happen?
A continuing payment authorisation seems to persist across cards with the same number but I have had to put the new expiry date *manually* into my online payment details for the likes of Amazon, Tesco etc.
It is clearly a major breach of security if they give out the CVV number and expiry date of your new card to third parties! I suspect what they mean is a week or two after they send out your new card they process any long term continuing payments against it.

There is a common scam at the moment being perpetrated against rural customers like farmers who have mailboxes at the gate end of long drives. Essentially ordering a new credit card bound to that address, following the postie on his rounds and stealing it without the addressee ever knowing it existed.
The first they find out is when bills start arriving on the mat. A couple of local friends have had identity theft problems like this.
--
Regards,
Martin Brown
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Tue, 30 Jun 2015 09:22:44 +0100, Martin Brown wrote:

I
BTDTGTTS, except this time the cards fraud protection had been tripped. I don't carry cash apart from a few quid in coins. Bit bloomin' embarassing when your card gets rejected and you can't pay for seven quids worth of groceries. The second reason why I have two cards on different card systems and different banks, the first being business/private.
What tripped the fraud protection? The way a large computer related online store validated my card for a couple of hundred quid transaction the night before. They asked for validation of a £1 transaction but didn't follow through and take it when they got "yep that's OK". This request orginated in the US, seconds later they bang in the validation and a payment request for the goods, same co ID etc, but from the UK.

know to

None at all, when the card issuer changes a cards number that change is passed up the chain to subscriptions etc.

er

They are only needed to "prove" the card is in the possession of the person entering the data into an online transaction.
I should imagine subscriptions to cards are handled like DD's to a bank account. The account has to have a record that company A will ask for a fixed/variable amount with this reference to enable the transaction to happen. All the card co is sending to company A is "you know that sub you have to card X ref Y, please use card Z from now on".

Even so if the card needs activation *any* attempted transaction to the new card before activation should be rejected. Otherwise what's the point of activation? With subs card co says "oh sorry, new number we told you about is not valid yet, please use old number" note that old number is not sent, to prevent a hacker spoofing this reject message with a different "old number".

ee

Or a bent postie, it's perfectly obvious that a bit of post contains a card. The return address will indicate what the card is. I wonder how long it would take to be noticed that a card is "lost in the post" once every 3 to 6 weeks on a particular walk? Remember postie can select which bank and card issuer from the return address so the "loss" is spread across banks/issuer. The downfall of many is getting greedy...
--
Cheers
Dave.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
[Snip]

When these cards first appeared, I had to go into my bank branch and sign for mine. That's security.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Wed, 01 Jul 2015 10:17:31 +0100, Charles Hope wrote:

That must date back to when banks had branches.
Only one in town now, Barclays, and thats' on weird hours and they can't actually do anything without refering upwards, other than counter cash/cheque things.
HSBC have just slammed the door shut, boarded up the windows and taken away the ATM, all in the space of about 3 months with no warning to the staff either. Damn shame as they could actually do things without refering upwards.
Next nearest branches are 20+ miles away.
--
Cheers
Dave.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Dave Liquorice wrote:

    Our last four trips abroad have suffered from card protection measures. Often for trivial amounts---<£50. Once because the payment was to a chemist! Even though the bank have been informed that we will be abroad and where. The bank has foreign fixed and mobile telephone numbers to contact us when abroad, but always only phone the UK home number and leave a message! Fortunately we always carry cash and other bank cards. Customer service no longer exists.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Wed, 01 Jul 2015 09:40:47 +0100 (BST), "Dave Liquorice"

Nowadays that would depend on the postman also identifying the mail with the pin number sent separately, and being on duty when both items are out for delivery. Since the last changes at Royal Mail my post seems to be delivered by one of three postmen.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
newshound scribbled

Ask the bank for a new debit card number.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 29/06/2015 18:16, Jonno wrote:

Might not help.
Colleague of mine is still unwinding the fraud from his corporate card.
They stopped his card, cancelled the transactions, and sent a new card.
With the same number, which undid the cancellation. Fraud restarted.
So they sent him another card, this time with another number.
Timeout was hit on the cancellation, so the fraud restarted - and the fraudulent transactions were automatically transferred to the new card number.
This time they cancelled his new card. But not the old one...
He's now on his 4th card since Christmas. Luckily he hasn't had to go anywhere!
Andy
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Vir Campestris scribbled

Time to cancel the bank account.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Mon, 29 Jun 2015 21:45:10 +0100, Jonno wrote:

card.

Agreed, plenty of banks out there. But this is a coporate card, OPs colleague may not have control of who the company banks with. But it certainly seems like time for a email to the MD/CEO, MD Finance of the company cc'd to the CEO/MD MD Customer Service of the card co/bank. Expressing ones "disappointment".
--
Cheers
Dave.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 01/07/2015 08:57, Dave Liquorice wrote:

Today he was looking for 'phone numbers for the internal credit card people. They've ignored his emails, but the automated system has noticed that he hasn't submitted an expense claim for all the fraudulent items and has sent him a "strike 1" email.
Andy
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 02/07/2015 21:11, Vir Campestris wrote:

Ho hum. Dumb as a rock accounting department with automated software.
It is time to take the complaint directly to the head of department. Provide a succinct summary of events so far, emails ignored, timeline and most recent development - then sit back and watch the fireworks.
--
Regards,
Martin Brown
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I once had fraud on a new debit card. I'd only used it once - at an indoor machine in the bank. I suspected internal fraud - the bank was very cagey.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 29/06/2015 22:02, Charles Hope wrote:

I had the same on a company account some years ago. There were two cards, one was used on a regular basis. The other was never used.
Both had substantial debits made against them to overseas accounts. Abbey were quick to return the money without any ado.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

There was a spate of that some years ago - it was an internal fraud. Banks were telling people to cut up their cards when it was reported, which very conveniently destroyed the transaction sequence number in the card chip which was the only proof that the fraudulant transaction which was verified by PIN had not been done using the customer's card at all.
--
Andrew Gabriel
[email address is not usable -- followup in the newsgroup]
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Sounds like the crooks are now wise to the way banks look for unusual transactions and thus can slip under the radar. I don't think a payment method has ever been foolproof, and the more we use cashless systems the more the crooks desert the real world and inhabit the virtual one. The challenge as it has always been is to find ways to stay ahead of the pack. I'm expecting some issues when Apple Pay and the new 30 quid limit come to pass in the contactless world Come September. Brian
--
From the Sofa of Brian Gaff Reply address is active
"newshound" < snipped-for-privacy@stevejqr.plus.com> wrote in message
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.