Discovered last night that someone has used my debit card to buy £270 of clothes from an online store. I noticed a difference between my “balance” and “available balance” of £270, which I couldn’t account for.

Called bank last night, card cancelled, fraud team should be in touch today and getting money back shouldn’t be an issue apparently.

I don’t know how they’ve got the card details, possibly from a website I’ve bought stuff from previously has been hacked. I’ve never used the website the £270 of clothes has been bought from. Also I normally only use my credit card online, not debit card. I do sometimes use debit card for Amazon etc., i.e. places I trust.

However there is another worrying thing. My 02 online account was recently hacked, about a month ago. Password, security questions and delivery address all changed and my phone barred! I think whoever was doing it would being planning to order a new phone and get it delivered to the updated address.

I wondering if this is a coincidence or whether my laptop or another computer I use has been compromised in some way….. any ideas what to look out for? I use AVG Anti-virus free, but might try something else.

Do you use simple passwords or the same ones for multiple things?

Could just be coincidence that both O2 account and CC were jacked at similar times.

all your updates done? Ever used the debit card anywhere? Could be any chip & pin machine.

I don’t use simple passwords and they’re all different too…. apart from my 02 one which was the same as a generic one I’d used for logging into Chain Reaction for example. Email, Facebook, Paypal etc. all have different passwords

Can chip and pin be easily compromised? I thought it was reasonably secure… I could have been skimmed at a cash point though, which aren’t chip and pin. Plus if it has been a chip and pin machine, they would also have my PIN so why faff about buying clothes online, just go to a cashpoint and clear out the account.

I also think there is a possibility the O2 thing could be an inside job…

dmorts – Member
I also think there is a possibility the O2 thing could be an inside job…

Thats quite a bold statement to make…. 😕

Thats quite a bold statement to make….

Eh? It’s quite plausible and does happen within organisations, therefore stating it could have possibly happened isn’t exactly bold is it? Thanks for the help….

dmorts – Member
why faff about buying clothes online, just go to a cashpoint and clear out the account.

cos crimminals are stupid?

Also doubt they’ve got your PIN

Cash machines have cameras and require the PIN, online shopping doesn’t. They will know which retailers don’t need the right address etc. the clothes are then easily sold on for something. Scam £250 of clothes and make £100 selling on is still £100. If your card has been done properly then they will be selling 1000’s of numbers to groups who will be doing the same thing over and over.

Could just be a simple case of a skimmed card. We had nigh on £500 worth of phone top up credits taken from our current account. It was the wife’s cash card which I hardly ever used. Bank reckon it was skimmed at a cashpoint a month or so before.
Unbelievably a sparky who was working on my site had the same thing happen about a month later, and it was the same company taking the top ups.
Mother **** the lot of them!

O2?

probably coincindence but it is worth checking your computer antivirus is on, is upto date and working.

I had my debit card skimmed 2 weeks ago. Noticed last thursday when I got my weekly text balance update. on the phone to first direct straight away, had the money (~£1900 taken in ~20 transactions) refunded in minutes and the card cancelled. took until yesterday to get the new card and pin, bit annoying but ok. it looks like my card was skimmed and cloned as some of the transactions looked to me like card present ones. where it was skimmed I have no idea, but it is done in the blink of an eye so I’m not sure its possible to stop. I’ll try and hide my pin more in the future I guess.

2nd fraud in 2 or 3 years for me, as I got done in the chainreaction fraud a while back. that was the crdeit card though so less hassle. reminds me I need to get a new credit card and stop using the debit card everywhere!

I think the banks need to bring in biometrics, and drop pins to just a back up. the less we use them the less they are vulnerable.

Dont need a pin for online purchases as we found out. Apparently some European companies don’t even bother with the three digit “security” requirement.
I was shown as being present for all 100 odd transactions and each one had an overseas card charge attached. Unbelievably it was us who spotted this after 4 days an not the bank. Pretty crap when all the transactions were for exactly the same amount all accompanied with the overseas charge of a quid!

Anti-virus is up to date (AVG Free) and scanned laptop last night and nothing found. That doesn’t mean there isn’t anything there though, might be something too well hidden.

When new debit card arrives will only use it for cash withdrawals. Will use credit card or Paypal (funded by bank acc) for online stuff.

Skimming is a possibility, but can they get the CVV/CSC number on the back by the magnetic strip by skimming? Thought that was the point of it. So if you skimmed the card you’d also need that CVV/CSC number to use the card online and then you’d also need the PIN to use a cash point. Therefore the skimmed details are not sufficient on their own…

That said I was in London a month ago…will see if I used a cashpoint

The CVV is not exactly hidden from view though. I treat it like a 2nd PIN.

CC only online, Debit Card only in bank ATMs and occasional chip+pin type terminals (although a load of people here got scammed using EC Card in 1 or 2 major stores here a couple of years back).

The o2 thing may not be just a coincidence. I know of people that have had the double attack on the mobile phone and bank at the same time, as a combined attack. Doesn’t need much to get started on it – just a bank a/c statement for the a/c where the phone contract is paid via DD, and a willing party in the o2 (or other phone provider) call centre. With the real owner away on vacation for a week or so, who will be more than fubared for weeks before he can start the negligence claim against the phone provider.

ATMs are EMV i.e. Chip but with online PIN (the transaction goes all the way back to your bank) rather than Chip and PIN where the card itself authenticates the PIN.

A compromised ATM or POS terminal can harvest your PIN and the mag stripe. There are sophisticated ways of doing it but a mag stripe reader and old fashioned shoulder surfing is making a comeback. The chip data is (for practical purposes) safe.

There are 3 types of CVV – CVV1 on the mag stripe, CVV2 printed on the signature strip and iCVV from the chip. Each relies on a different 3 digit service code so that they can’t be used in place of each other.

You don’t need CVV2 for online transactions. It’s up the merchant to decide whether they want to take the risk of not having it or not.

The biggest con of all is the Verified by Visa online check, if they know your DoB they can just reset it each time. It’s so stupid, I no longer bother to remember by password and just reset it to something random each time using my DoB.

The other bad thing about VbV is that encourages you to enter details on a website that is neither the merchants or the banks…

You don’t need CVV2 for online transactions. It’s up the merchant to decide whether they want to take the risk of not having it or not.

The clothes were bought from asos.com and were for an exact amount in pounds/pence, so assuming someone in the UK has done it. You can buy from from asos.com worldwide though. Asos.com seem to require a CSC asos.com CSC