Credit card fraud

Mkh198 on 28/03/2017 - 22:14

Not sure if this is the correct area to ask about credit card fraud?

I received a text message from Anz yesterday informing me my credit card had suspicious activity and had been blocked. Upon calling ANZ my ANZ Amex card had been used on multiple occasions that day- initially beginning with $1 on Netflix and others such as $980 david jones online, catch of the day, eb games etc. Seems to all be Australian websites.

Now I haven't used this card for 11 days. The card was on me at all times. How could someone have got my details?
I used the card 2 weeks ago for PayPal online. Paid for flights online with qantas on my laptop computer 2 weeks ago (which possibly doesn't have up to date spyware protection)…

Any ideas on how details are obtained in this instance?

Thanks for your help

Financial

Comments

  • mskeggs on 28/03/2017 - 22:20
    +3

    No, but it doesn't really matter.
    It is vanishingly unlikely the PC was the source as the charges are all local. More likely somebody in a restaurant or similar skimmed it, or maybe a ATM reader.
    Get a new card and move on. You won't have to wear any losses, just the hassle of updating any direct debits.
    In my case, it was the incentive to have two unrelated cards so I can keep buying things while the new card was delivered.

    • airzone on 29/03/2017 - 00:32

      Most likely this.

    • Diji1 on 29/03/2017 - 00:35
      +1

      It is vanishingly unlikely the PC was the source as the charges are all local.

      Huh? The charges were likely all local because the OP is Australian so using the card elsewhere would trigger fraud detection.

      • mskeggs on 29/03/2017 - 02:18
        +3

        Attackers gaining credit card details via pc level exploits aren't hand crafting their attacks to localise spending. They get bulk details and target weak vendors. They get enough return on volume to not waste time carefully geo targeting. Happy to be proved wrong, but a local card use points strongly to a local vulnerability like skimming, not an Internet sourced global one.

    • John Kimble on 29/03/2017 - 12:22
      +1

      More likely somebody in a restaurant or similar skimmed it, or maybe a ATM reader.

      I disagree. If this was the case, they would most likely counterfeited the card and the fraudsters would have attempted card present fraud or ATM withdrawals (although not sure if you can get cash out at ATMs with Amex? My experience with them is limited).

      Card and/or personal details are compromised online in a number of ways (malware/Man in the middle, hacks, breaches, etc) and in most cases cards are compromised months or years ago and sold on the dark web in big batches (20 to 30 or more).

      Below is a nice link on some of the data breaches (not necessarily just card data) we know about:

      http://www.informationisbeautiful.net/visualizations/worlds-…

      FYI - I work in the industry

      • mskeggs on 29/03/2017 - 13:32

        That is quite interesting.
        I had understood that the people using online details for fraud targeted weak online targets like cd-key vendors or gift card/cellular airtime credit and other low value transactions, and usually in countries with less solid banking systems. It suggests a step up in sophistication if local crims are sorting through online breaches to find the Aussie cards and using them against local merchants. I still suspect it is likely to be a local who gained opportunistic physical access to the card to record the number/exp/ccv, but I guess if the banks have seen this purchase pattern repeat over and over for a series of different card holders as the bad guys work their way down a list, that would be pretty good evidence the source was an online exploit.

  • Jules855 on 28/03/2017 - 22:23
    +4

    No one could possibly be able to answer that question. It could've happened months ago and it's taken this long for them to sell your credit card details off.

  • AlienC on 29/03/2017 - 06:44
    +1

    This is one of my current biggest fears atm since relatively recently getting a new debit card.

    I only really use it at big chains stores or semi trusted places like coles and woolies or dominos and subway not local cafe or no name Chinese restaurants /noracist (but even then some of the trusted areas or places told be potential weaknesses but any who.. anyways yay go convenience).

    I always check the atm card reader but the skimmers have gotten so good these days that sometimes it is hard to tell even if you try to pick at it or inspect it and look closely and nobody really wants to destroy bank property well maybe crazy robbers or people but not me definitely.

    My wallet is also most definitely RFID and skimmer proof protected so that should cover most things unless they try to catch you as you take it out.

    • [Deactivated] on 29/03/2017 - 08:26
      +3

      ok, hows your tin hat
      if you get skimmed you get your money back anyway….
      whats the big deal?

      • AlienC on 29/03/2017 - 08:29

        A bit loose might need to Ozbargain another one.

        No big deal just have never personally experienced it or encountered it so it's still new to me dammit.

      • John Kimble on 29/03/2017 - 12:26

        whats the big deal?

        Prevention is better than cure perhaps? For example, it is very annoying when you get fraud on your card as you will need a new card number; this means if you have lots of direct debits attached you have to call/update each merchant with the new details.

        Also, sometimes banks take a while to process the disputes/give you the money back (but these days they are normally pretty good…shouldn't take more than a month if it is a straight forward case).

    • derek324 on 29/03/2017 - 08:27
      +2

      There is a lot advice floating around, some of it reasonable, but some plain incorrect. There is only one way to fully protect yourself: check your account often, and if you see an unauthorized transaction, ring your bank. You may inquire in advance about your bank policy. As an example: Comm Bank refunds and issues a new credit card, a bit of hassle, but no financial loses. To make your life less stressful: balance when and where to use credit card vs. good old fashioned cash.

      • AlienC on 29/03/2017 - 08:31

        Be sturdy, strict and vigilant gotcha.

        What's the protocol for Westpac by any chance?

        • kerfuffle on 29/03/2017 - 08:47

          As someone who was a victim of credit card fraud and who had a card with Westpac: they didn't cancel my card at first (someone went and bought $1299 of goods from Officeworks online, so I called them up and disputed the transaction) and it wasn't until a second fraudulent transaction hit my account that they cancelled the card for me.

        • John Kimble on 29/03/2017 - 12:39

          @kerfuffle: I remember this one; mostly likely an apple product; e.g. laptop, ipad or iphone

        • kerfuffle on 29/03/2017 - 14:47

          @John Kimble: Yeah probably, but I still want to know ahahahaha. Uber weren't much help either …

        • SirFlibbled on 29/03/2017 - 15:20
          +1

          @kerfuffle: I know the feeling. 28 Degrees was amazing when my card was hit. My CBA card was also hit not long after (never worked out how both cards were compromised likely by the same syndicate considering I was hit both times in South Africa) who basically dragged their heels. In the meantime the businesses providing the service was likely going to lose their money.

      • SirFlibbled on 29/03/2017 - 15:18

        Don't be too quick to call the bank though. I had a charge recently which came up as a travel agent in a near by suburb to me. Before I called the bank, I googled it. Turned out to be the local noodle place I bought dinner a couple of nights before hand.

        Why they come up as a travel agent is weird though.

        • AlienC on 30/03/2017 - 03:27

          This is my current problem I have so many transactions that sometimes that 1/100 random impulse buy at your local restaurant or cafe you had in the middle of the afternoon a few weeks ago for whatever reason might seem very strange now and out of place.

          For me I would love to try and catch every little fraud that I might get even if it was as small as a few dollars but the reality is unless it is something major or somehow sticks out there is a good chance it might just slip under my eagle hawk trance so to speak haha lol wow what did I just write lol.

          When money is so tight every little bit not missed or accounted for counts.

  • Mkh198 on 29/03/2017 - 09:03

    Thanks everyone for the info. I would have thought my details would be from a recent transaction- not potentially one even several months ago. Interesting to know they sell details…
    if it was online purchases then couldn't they get the delivery address from the merchants to trace who it is?

    • kerfuffle on 29/03/2017 - 12:06

      Hahahahaha I wish. No they won't due to privacy reasons (I wanted to know what they bought from Officeworks)

    • John Kimble on 29/03/2017 - 12:37
      +1

      Yes, but often the delivery address is a mule address, sometimes a vacant lot or a house for sale that is empty. The police have to get involved to request the delivery details from the card issuer and/or the merchant and do their investigation. Unfortunately, the police don't prioritise this sort of crime (unless the fraudster is known to them, it's linked to organised crime or starts to get up over the $10,000 mark or so), so it would be unlikely they would do anything but file a police report.

      I've only managed to get police involved a few times:

      1) I had footage showing one man repeatedly going to the same ATM and withdrawing tens of thousands of cash with stolen cards over many weeks. The police were familiar with the fraudster and it was easy to catch him, so they got involved.

      2) Security guard for a pub/club was processing refunds to his own card when the pub was closed. hahaha easy one for the police too.

      3) Fraudsters were going around stealing credit cards from mailboxes in the one area; one of them they stole was a card that was a visa debit linked to a mortgage, they managed to steal enough info to take over the account so they could withdraw tens of thousands of dollars of cash from ATMs from the mortgage account over a few weeks (every time the fraud team called the "account holder" to ask if the ATM withdrawals were valid, they confirmed them as genuine!!!). This was a few known criminals using the money for drug habits.

      Given option 3, my advice is not to have a card linked to your mortgage!!!

  • Findo on 29/03/2017 - 11:59

    Did you swipe your card at any terminals? I always insert my card, but when it doesn't work I do PayWave transactions. I haven't had my card/s used fraudulently ever since I stopped swiping my card.

  • John Kimble on 29/03/2017 - 12:53
    +1

    In my opinion your card was most likely compromised when you used it online at some stage.

  • Mkh198 on 29/03/2017 - 13:19

    i recently bought my overseas flights on this card and the card was going to be my overseas travel insurance. Does that mean I can't use it for the insurance anymore? Or is the insurance policy per 'card account' eg because my account isn't being closed but rather the card cancelled and a new one reissued the insurance will still apply

    • John Kimble on 29/03/2017 - 13:21

      You should be fine, but double check with ANZ.

    • AlienC on 30/03/2017 - 03:29

      Yeah I would double check in case they need to do any extra missed or not done administration to transfer the insurance to your new card but I would assume something like that should be automatic like auto assigning you with the new card to your current account etc.

    • Mkh198 on 02/04/2017 - 15:30

      Yep all fine. Travel insurance will be covered. Got a reference number of the phone call to be safe too.

  • waratah on 30/03/2017 - 21:56
    +1

    I too have been scammed over the last 2 days on my Coles Mastercard credit card for many thousands of dollars over many transactions. The call centre (somewhere in India I think) said someone had also tried over 500 times to charge one type of transaction to it. Most of the charges are still showing as pending and I have to wait a few days before I can dispute them. There are several that are approved from "Google……..payhelp GBR", some for the same amount. I have never used Google payhelp.

    I have checked all my transactions over the past few months and I have only used it at major supermarkets, department stores or regular shops and have not used it for online shopping. So I have no idea how it was scammed. What is particularly disappointing is that although there were hundreds of unusual transactions occurring on my card their Fraud Department did not detect it or notify me!!! It was only whilst checking my online statement (which I diligently do every few days) that I found these transactions that had occurred over the last 2 days. I promptly phoned their call centre and lodged a dispute and cancelled my card. This is what their website states:

    " The Falcon™ fraud management system identifies unusual activity on your card and alerts our security experts.
    Immediate fraud notification systems detect possible fraudulent transactions worldwide and alert you by SMS or phone, 24/7."

    When I asked whey their fraud management system didn't detect or identify the unusual activity and notify me, they could give no explanation but said they would "take my feedback on board". Not good enough!!!!

    Yes I should be able to get all of the transactions reversed but it can take up to 6 weeks which is a real inconvenience.

    Everyone needs to ensure they check their statements every few days or at least weekly. Don't rely on the company's Fraud Detection systems!

    • John Kimble on 31/03/2017 - 15:23

      When I asked whey their fraud management system didn't detect or identify the unusual activity and notify me, they could give no explanation but said they would "take my feedback on board". Not good enough!!!!

      The call centre would have no idea why, you would need to speak to the fraud team, but it would be highly unlikely that the fraud team would speak to you directly and even if they did, they would never admit they missed it.

      Everyone needs to ensure they check their statements every few days or at least weekly. Don't rely on the company's Fraud Detection systems!

      Yep!

  • ronnknee on 31/03/2017 - 00:15
    +1

    Discount Drug Store by any chance?

  • waratah on 31/03/2017 - 10:27

    No, have never bought anything from Discount Drug Store and no purchases online for months. If I do purchase online I use Paypal. I have absolutely no idea how anyone could get my details. All the purchases seem to be coming up in Great Britain from a variety of merchants.

    What really concerns me is the lack of fraud detection by Coles Mastercard. I have been with them for many years and in the past I would get a phone call or SMS if there was any unusual activity on my card. Not anymore it seems. They used to be good but it seems since being taken over from GE Financial by Latitude Financial their Fraud Department is not as viligent. They can't provide me with any reason as to why they didn't notify me or put a stop on my card.

    The Indian Call Centre operators are hard to understand and they say they can't see the same details of transactions on their computer that I see on mine????? I have to wait about a week until all the fraudulent transactions have gone from pending to approved before they will lodge a dispute and then up to 6 weeks for it to be resolved. I should receive a new card in about 2 weeks but can't use it until this is resolved as they have maxed out my card!!

    This is all such a big pain in the butt and I am seriously thinking of cancelling this card once this is all sorted out. It has been great for earning flybuys points but if this is going to happen again in the future it is not worth it. Will move to a credit card where the provider has better fraud detection should this occur again. Any suggestions?

    • kerfuffle on 31/03/2017 - 10:34

      Not Westpac. They didn't pick up on my Officeworks purchase despite the facts that I've never purchased from Officeworks online before nor ever bought over $1000 in one transaction.

    • John Kimble on 31/03/2017 - 15:31

      Will move to a credit card where the provider has better fraud detection should this occur again. Any suggestions?

      The big four have the biggest budget and resources devoted to fraud detection, but they also get hit the most because they have the most cards out there (as you would expect). They all use the same fraud detection tools (there aren't too many around) and some use multiple, so it is just a matter of who has implemented the most effective rules and has enough resources to react when a major fraud event hits…there's no way to know which provider has "better fraud detection" as this as it is not shared anywhere (at least with the general public anyway).

      Oh and BTW, card issuers mainly care about "card present" fraud, because that is where they lose the chargeback. "card not present" fraud (online) is where the majority of the time the merchant loses (unless it is 3D Secure), so it is a lower priority for card issuers.

    • Mkh198 on 02/04/2017 - 15:29

      I was very impressed that ANZ picked my the fraudulent activity so quickly. I asked them how they managed to pick it up considering I sometimes put hundreds on several times a day at the shops.

Login or Join to leave a comment
Login Join