How to Prevent Card-Not-Present Fraud?

Lfrank1989 on 21/01/2020 - 12:06
Last edited 21/01/2020 - 14:30 by 1 other user

First time posting in forum. Here's my story…

I just found out 3 transactions that I don't recognise on my CBA Platinum debit card and reported to CBA. The usual process went on, talked with the operator and she cancelled my card and new one is on the way.

All 3 transactions were from Sydney, like one from Domino's Mascot Zetland and Vodafone North Sydney, and I am from Melbourne. The interesting thing is that I never use my debit card, I am an OzBargainer who use credit cards and take benefits of signup bonus. There is no way someone has got my card numbers either online or outside. I always use my credit cards to make payments. The only place my debit card number is stored is in Beem it app. Another interesting fact is that this happened 6 months ago. I found out some transactions I didn't make and had to dispute. I couldn't recall what the transactions were about but it's really weird that this happened twice within a year.

Anyway, is there anything I missed? How do I prevent such things happening again?

Financial Credit Card

Comments

  • Soluble on 21/01/2020 - 12:19
    +4

    Are they definitely card not present sales? That would mean they are manually keyed into an EFTPOS machine. Or online sales?

    I had a similar one quite a few years ago, the card had never left my house and was never stored electronically. Card was used to book a hotel room in Abu Dhabi. CBA promptly refunded the amount and sorted it all it. Got a new card, 2 months later card was used for 2 extremely small amounts(fishing amounts I assume). 3rd card no such issues. Now it's available in the CBA app I just lock the card for online payments, instore international payments and contactless.

    There is a full card lock, but I'm pretty sure when I tried that I was getting emails about whether it was lost or stolen

    • Debuting on 21/01/2020 - 12:29
      +2

      Yeah, same experience too. However, everytime I write about it; including why I think it happened. You usually get called out as a troll or bs-ing…

      I do believe some international crime syndicate has managed to get access to the underlying encryption keys. It's no longer about keeping the devices you use secure. I am a believer that you can get unlucky and have your card numbers generated (provided some underlying key is known), or some internal database which records it has been compromised somewhere.

      I had a ubank card which just sat idle and I didn't even know the pin number for it and randomly one day it was used to book a small-chain hotel in Toronto.

      However, the OP should first check if their phone is secure, because they have used Beem-it and that's all.

      • John Kimble on 21/01/2020 - 12:53

        There's no "underlying key" for credit card numbers. They have to pass a mod 10 check, but that's it.

        They can just brute force generate card numbers until they get lucky. But then they need to do the same with expiry date and CVV.

        It's less common these days because it's so time consuming/inefficient when you can just buy compromised cards online now (or hack a database) …but I'm sure it still happens. Eg could be the case here if the OP has really never used their card.

      • Typical16-bitEnjoyer on 21/01/2020 - 15:01

        I do believe some international crime syndicate has managed to get access to the underlying encryption keys.

        They're generating working combos. Nothing more. It happens far more often than you think.

    • frank1989 on 21/01/2020 - 13:40

      Yes, according to the bank, they seem to be online transactions.

  • sagrules on 21/01/2020 - 12:52
    +2

    A couple of weeks ago this happened to me, someone used few fishing amounts at Gucci (store I have never entered or purchased from) for $1.00 and then less than a week later made $1340 purchase for a card i havent used in over 3 months. Its currently under investigation, but i've been told it could take up to 8 weeks to resolve. It was only triggered because i set a limit to be notified for transactions over $200. That was the only one out of 6 that hit the cap. But made me investigate further and alert fraud dept at that bank.

    • [Deactivated] on 21/01/2020 - 13:36
      +1

      Had a similar issue - smaller transactions on my card. According to the bank these are 'test' transactions to check the numbers do actually work.

    • sagrules on 21/01/2020 - 13:38

      Should clarify this was on a credit card not debit.

  • GoldenDragon888 on 21/01/2020 - 13:15
    +4

    Disable debit transaction on your card. Can be done in the app.

    Its better when spurious transactions are on credit. As it’s the banks money and they have more of incentive to get it back. This was on a Google talk by Frank Abagnale who works in fraud protection.

    Also I have had my cba credit compromised twice in the last 6 months. Thankfully I have excluded international transactions for high these were. Both times I spoke with the bank operators said it was probably some one running numbers. Seemed nonchalant about it like it regularly happens.

  • Shadowsfury on 21/01/2020 - 14:08

    Had something similar with a companion 28 Degrees card - had 3 transactions occur in quick succession recently even though the card has never been used even once (got it for my mum but she never ended up using it in the 3 or so years since I got it for her).

    All the transactions were in Sydney except one (was like a pet store, skybus, and a clothing store). Got it all refunded but I was confused at how it might have occurred if the card had never left home.

  • ilikeradiohead on 21/01/2020 - 14:19
    +1

    Happened to me last year with a Bankwest platinum card. The funny thing was I hadn't been in Australia for almost 9 months so I have no idea when it happened. The thieves hit up a Harvey Norman (around $2k), drove to another one and bought the same item, and treated themselves to Maccas en route haha.

    • John Kimble on 21/01/2020 - 14:30

      That sounds like card present fraud. Unless they did click and collect and ordered through the Maccas app or something.

      • ilikeradiohead on 22/01/2020 - 01:47

        Yeah no idea. I guess they could have duplicated the card, but it was a chip card so I thought that wasn't possible?

        • John Kimble on 22/01/2020 - 07:04

          They only copy the mag stripe…but how did they get your PIN? 🤔

  • frank1989 on 21/01/2020 - 14:28
    +1

    So how did someone gain access to the debit/credit card that is not actively used? It was never swiped or used outside or its number were never stored electronically. And in my case, my debit card was newly issued 6 months ago because of my dispute on previous fraud transactions.
    Lucky that I saw it in the early stage and they are still pending charges. See the transactions details below.

    Vodafone North Sydney $3
    20 Jan 8:49pm

    Rydo Technologies Pty Mascot $1
    20 Jan 9:15pm

    Domino's Mascot Zetland $66.25
    20 Jan 9:53pm

    • HighAndDry on 21/01/2020 - 14:51

      The first two look like test transactions to see the card number works. But then to use it for Domino's? Beyond weird.

      I'd just disable online transactions for the debit card entirely.

      • frank1989 on 21/01/2020 - 14:52

        Will do when I got my new debit card.

      • John Kimble on 21/01/2020 - 14:56

        People steal anything and everything. My guess is teenagers…

        • HighAndDry on 21/01/2020 - 18:37

          But the effort vs the pay off…

  • jayniner on 21/01/2020 - 14:43
    +1

    I also had it happen twice to me recently… the second time was only a week after getting a new credit card that I hadn't even used! I asked the fraud team how it could have happened and they replied that they generate CC numbers (how they get matching expiry and CCV I don't know) then do small transactions to test, then bigger ones. The bank quickly refund the money but it is annoying having to get a new CC and update automatic/recurring payments etc.

    • frank1989 on 21/01/2020 - 14:47

      My transactions didn't look like a test lol.

      • John Kimble on 21/01/2020 - 14:55

        $3 and $1 are test transactions?

      • Soluble on 21/01/2020 - 14:58

        The first low value ones are usually test transactions. Then usually it would go to high value, unless there wasn't enough money in the account and they got hungry while testing other cards

  • Typical16-bitEnjoyer on 21/01/2020 - 14:58

    They generate the CC numbers via various methods I won't go into. Once get a working combo they do a test transaction, wait, then go hell for leather. They never need to see your card. It can happen to cards that have never seen the light of day.

    End of the day, it's not your money. It's the bank's money. You're indemnified. Just report it, your bank will do their thing.

    • frank1989 on 21/01/2020 - 15:05
      +1

      Please go into those various methods. I am interested! That's the point of this whole discussion. How can you randomly generate 16-digit card numbers, expiry date and cvv that work?? And what about those security features by visa/mastercard? Is it that easy to clone a card?

      • Typical16-bitEnjoyer on 21/01/2020 - 15:11
        +1

        Google it. I'm not going into it.

        I'm simply stating you have nothing to worry about if you use adequate internet security for online purchases and for in-store purchases. Fraudulent transactions will happen sometimes. Report it, move on. It isn't actually your money. You've done nothing wrong.

        If the banks wanted to fix it they would have already. They're not stressed. Instead of beefing up security the past decade they've gone all in on Paywave etc. which requires absolutely no security other than the physical card lol. It's small potatoes. It's all insured if it's a large transaction. They don't care nor worry. Neither should you worry.

        • John Kimble on 21/01/2020 - 15:17

          It's not insured, they just have a fraud/loss budget/quota…trust me, they care

          • Typical16-bitEnjoyer on 21/01/2020 - 15:22
            +2

            @John Kimble: I used to work for one of these mobs (banks). They don't care :)

            It's sort of insured. At least for one major bank, they actually insure themselves lol.

            They only chase the big fish. They'll only care about the little fish if they multiple to ~10x of what it is today.

            • John Kimble on 21/01/2020 - 15:24
              +1

              @Typical16-bitEnjoyer: Same. But not one of the big 4. Perhaps it's different for tier 2 banks and below.

              • Typical16-bitEnjoyer on 21/01/2020 - 15:27
                +2

                @John Kimble: Each have very difficult practices in my experience.

                OP's transaction for my ex employer? A blip on a report somewhere that'll never get looked at. Ever.

        • ribbonsofnight on 21/01/2020 - 16:32
          +1

          They don't worry about individual fraudulent transactions but someone at the bank would love to reduce the cost of fraud by even 5% or 10%.

  • Lexan on 21/01/2020 - 15:55
    -1

    I have 2 credit cards in RFID sleeves, nothing happened the last 6years. Probably high tech machine have scanned your card details then transfer them into a blank card. It's possible.

    • Typical16-bitEnjoyer on 21/01/2020 - 16:22
      +8

      This nearly never happens. It's scaremongering just to sell more RFID cases with huge markup.

      • ribbonsofnight on 21/01/2020 - 16:35
        +1

        Yeah, If it was happening often we'd have banks asking if you keep your card in RFID sleeves and suggesting you do when fraud occurs.

    • terrys on 22/01/2020 - 09:31

      Ones you sit it, or do the operators fondle your bum?

Login or Join to leave a comment
Login Join