AmEx Credit Card Fraud after Signing up to Google Pay

Long time lurker here, but had to sign up to share this one with the community. Would appreciate your thoughts on it.

So I thought I'd get with the times and sign up to Google Pay yesterday. Like any good OZBer I have an Amex with a supplementary card and a primary. I haven't used the supp card in months- it sits in my drawer waiting for special occasions XD anyway, within 5 minutes of adding the thing onto Google Pay, 2 fraudulent charges went through! Seems like a massive coincidence, and I tried to remove cards etc but couldn't figure out how to completely disable my Google Pay account.

Anyway, today the primary has been used for more fraudulent charges. I'm convinced it has to be related to Google Pay. Everything has been reported to AMEX as appropriate but- has anyone heard of this happening before??

Related Stores

Google Pay
Google Pay

Comments

  • +5

    My amex is linked to google pay and never had an issue.

    • Thanks!

  • +8

    You may have malware on your phone. So should look more into that (might need to wipe it) and do not use other cards on your phone.

    I think amex will be good in dealing with the fraudulent charges so leave it with them but check regularly.

    btw welcome to ozb and where's the MS paint drawing?

    • +3
      • +4

        Deadset you have an alert for the words MS Paint, don't you? :p

        • +10

          It's actually a very complex and somewhat illegal script. Don't tell scotty.

    • Thanks! I should have joined before now just for that drawing. Beautiful.

  • +4

    has anyone heard of this happening before??

    No. Anything's possible, but typically, card data is compromised from an unsecure/unencrypted server or database, portioned up, sliced and diced into other compromised card data and sold on the dark web in batches. Fraudulent charges then occur months/years later by the people that bought the stolen card data. Although sometimes a portion are batch tested sooner to check availability before being sold.

    within 5 minutes of adding the thing onto Google Pay, 2 fraudulent charges went through! Seems like a massive coincidence

    It's possible, but the timing seems unlikely as the fraudster would be sitting there waiting for your card data to use it straight away.

    I would be putting money on the compromise being a website you have used the secondary card on.

    Otherwise, have you checked your device/network for malware?

    Out of curiosity, where were the fraudulent charges and for how much? The same place for both cards?

    • Thanks for your detailed reply. How would I go about checking my device (3 week old Samsung) and network for malware? That did cross my mind as a possibility but I'm not super techy and probably should do some research on that myself.

      That's the thing about the expenses- it was a $30 Vodafone charge plus a $100ish charge to some booze delivery place in Melbourne (twice, once on each card). Im not sure how far AMEX go in investigating, but surely that stuff can be tracked down if they want to?

      In terms of a compromised website I might have put the card data in to,that does sound fairly common but it seems weird that I would have used both cards on the same site (would have been one or the other).

      • Depends, just find a reputable anti virus/malware program and run it.

        They usually don't bother, because the transactions can be disputed and the acquiring bank has to pay them back.

        If enough cards are compromised they can usually narrow down the point of compromise and take appropriate steps that way, but if you're thinking of them "catching the fraudsters", then that is highly unlikely (low priority to law enforcement) to near impossible unfortunately.

        Yep, which is why it could be malware I suppose?

  • Can you elaborate on these 2 fraudulent transactions? amount? description on statement?

    • See reply to John Kimble.. hope you arent the fraudster trying to work out if I'm on to you ;P

  • +2

    Are you sure it's not one of your family members or people you've lent the card details to using your card? I have my Google Pay set up so that if anyone buys anything on any of the Amexes I've set up on it, like with my dad's supplementary Amex, I get notified about it immediately via a notification.

    • That seems like a terrible breach of security but it sounds possible

    • Nope def not a family member.

  • Did you use public wifi at any time?

  • Have you checked: Have I Been Pwned

    Someone might actually have your password and trying all manner of sites to see if they have access to something.

    Especially websites that allow you to login with email as username. Most sites should really implement some kind of 2FA.

    • Ah thanks for that. Looks live I've been pawned a few times. Guess that means I should get a new email?

      • +2

        Change your passwords. Don't use same password for all sites. Get 2 factor authentication if the site offers it.

        Have a secure password (include, caps, numbers, symbols and more than 10 characters) for non financial sites, scrub any personal data ie birthdays, credit cards after use (never save card details).

        For your financial sites use a different secure password.

        Two tiers is simplest, you might also have 3 tiers but up to you.

        Good luck!

        • Good tips

        • Sounds smart, and simple. Thank you kind person :)

  • Ok this post made me check my recent GP purchases. Might be different from OPs situation as transactions happening on his other linked card. I regularly go to a fish and chip shop. 1 transaction has the shops name. The other recent one had a personal name, and when you go into details in GP it says the shop details next door. Time of transaction not possible as I was at work. I think the shop details of the last transaction is google address being out of whack with location settings. Also I hate how the transcation on bank statements don't always show shop name as they use the trading name. Makes it hard check purchaes months after.

Login or Join to leave a comment