Coles Prepaid MasterCards Compromised - June 2022 Promotion

cwongtech on 10/09/2022 - 17:03
Last edited 10/09/2022 - 17:04

Hi fellow OzBargain members,

I've found a few of my cards that have been compromised bought from this deal - 10% off $100 & $250 Mastercard Gift Cards ($4.50/$6.30 Activation Fee Applies) @ Coles
 posted in June 2022

Exact same issue from this forum post just under a year ago but appears to be different merchants that are draining the balances this time
Last time round it was Google Play of some sort

Screenshots of unauthorised transactions as below:
Sample 1 - Healthy Land Massage
Sample 2 - Healthy Land Massage
Sample 3 - Pending Charge - serverblen
Since then, the third card has been blocked by the Incomm operator, and I've been asked to call back in a week for that particular card
The Incomm hotline operator also noted there were three transactions on the third card, a purchase and a refund (which doesn't show on the mybalancenow.com website)

When you card becomes blocked by Incomm, you will get the below message when you attempt to check your balance on the Mybalancenow website

The card details entered are invalid. Please contact Customer Care for assistance.

Most likely the third card affected for me is being tested before they put in through a large purchase

The company that issues the cards bought in the June 2022 promotion are different to the 2021 ones (Coles Financial Services)
This is by Incomm Payments

As per the back of the card, the Customer Service line can be reached via +61 (07) 5660 6022

If you are affected by this issue - contact them, and go through the phone menu to go to "Lost/Stolen" card menu and you'll be able to speak to an operator.
You'll then be asked for your details and given a dispute form (PDF) via email which you'll need to fill and send to a different email ([email protected])

Dispute process is supposed to take anywhere between 45 days and 90 days.

Hopefully by raising awareness, and by gathering more data for Incomm we can help catch these culprits and reach a speedy resolution for all those affected

Probable Cause
From the discussion in the previous attack, it's most likely a brute force attack.
Looks like they put in a small pending charge to test cards (most likely using a payment processor that doesn't have captcha protection), then they use the card instore that doesn't require CVV or PIN (notice how my two cards are above $200, even if I had set a PIN on them, this would not stop the payment because anything above $200 reverts back to Signature Required)

As per the previous Coles Gift card deal/issue
These Coles gift cards have got the same expiry dates 03/27 and leading first 8 digit numbers (at least for the $250s they do)

Suggestions
From the discussion in the previous attack and my own experience as an OzBargainer who delves in saving money via discounted eGift cards regularly..

1) Do not hoard these cards (or ANY eGift cards) in large amounts, only buy any gift cards (especially VISA/MC Prepaid cards) when you have expected bills to pay or planned expenditure
2) If you are exposed with a significant amount of balance, you can attempt to reduce your exposure by consuming the balance as fast as you can:
- These include prepaying your utility bills into credit (keep your physical cards in case unexpected credit refunds by some utility companies, so don't prepay too much into one account)
- Convert to other types of cards, that you can load into an account that has significantly higher security than the Visa/MC prepaid cards (Amazon, enable 2FA to login for example), WISH/Coles eGift cards if you have access to purchasing portals

Thanks for reading and hope not too many OzBargainers are affected.. however this time round so far I have had 3 cards affected out of a sample size of 20 cards which is much higher than last time.

Stay safe and happy saving!

Cheers
Cwongtech

Financial Prepaid Credit/Debit Card

Related Stores

Coles
Coles
MasterCard AU
MasterCard AU
Marketplace

Comments

        • Yola on 10/05/2023 - 09:06

          True, people want to lock because their product is regularly hacked.

  • UrMumsOnlyFan on 14/05/2023 - 12:35
    +2

    Had my first experience of hacking on a $250 card. Guess it was inevitable.

    Incomm says:-

    Disputes are process in the order in which they are received. The dispute process can take between 45 – 90 days.

    No way of knowing how many disputes are in the queue, but I expect very many 😂

    • Neoika on 14/05/2023 - 12:49

      Sorry to hear. You are ahead of those bragged that it would never happen to them and ignored, negged the reminder.

      • UrMumsOnlyFan on 14/05/2023 - 13:46

        I was always conscious of the risk but it was still quite a surprise when it finally happened.

    • SaintSteve on 14/05/2023 - 12:57

      Sucks mate

      I've still been lucky so far but have alerts set to this post for if my luck runs out

      • UrMumsOnlyFan on 14/05/2023 - 13:47
        +1

        I assume Incomm will eventually replace it without any problems. It's just the amount of time it takes that is a pain.

    • trixieb on 14/05/2023 - 12:59

      @the splingee Sorry to hear. Hope you get the refund soon.
      May I ask how how long ago you bought this card before it was hacked?

      • UrMumsOnlyFan on 14/05/2023 - 13:49

        Thanks, it was hacked in less than a week.

        • trixieb on 14/05/2023 - 14:06
          +1

          That's quick. We probably have to use the card within 24 hours to be safe.

  • iChaseYou on 16/05/2023 - 11:34

    Has anyone been able to contact the number 07 5660 6022?

    Not sure if it's been disconnected? Haven't been able to get through in some time during business hours…

    • Yola on 17/05/2023 - 07:25

      Yes have used this number many times but a few times it was engaged.

  • gingerscale on 31/05/2023 - 16:06

    Will these work into stake?

  • TheCandyMan2020 on 11/06/2023 - 20:26
    +1

    Hi guys

    Old thread but I just found out that 2 out of the 4 cards I bought in October 2022 have been hacked!!

    One was used to buy tiktok credits and one was used at some medical centre. All overseas of course.

    I have emailed [email protected] with the details.

    How have you guys fared getting replacement cards from incomm??

    • bob19 on 19/06/2023 - 00:35
      +1

      I just had the same issue with my card which I had bought in October 2022.
      I unpacked it yesterday and after making two transactions I found out that $114 out of $250 had already been spent by the hackers.
      I contacted incomm by the phone and they said that as my two transactions are still shown as pending I need to contact them later to lodge a claim.

      I already have another case in the system. It has already been 50 days since I filed the case. Haven't heard from them. Their email says though that it takes them 45 to 90 days to process the claims.

      I guess we have to learn the lesson - must use Coles Master giftcards without any delays.

  • TheCandyMan2020 on 11/06/2023 - 20:30

    Also i note that the bloody mybalancenow web site doesn't even work in Edge, only in Chrome!

  • daanish on 14/06/2023 - 12:38
    +1

    Just sent off a dispute packet to Incomm. Has anyone sent one recently and got an idea of how quickly they are responding or actioning replacements?
    I recall doing one back in December where I emailed Incomm and never got a reply but also lodged a compliant with Heritage on their 1800 number and I think that was more fruitful as I received a response and replacement card within about 10 days.

    • UrMumsOnlyFan on 14/06/2023 - 21:57
      +1

      They give themselves up to 90 days to investigate your enquiry. Their emailed response specifies the ("no later than") date, then they give themselves a further +3 business days to submit the results of the investigation to you in writing.

      You could contact them sooner if you wish. That might be productive, might be fruitless.

      My case has been over a month.

      • daanish on 14/06/2023 - 22:34

        Thanks for the reply.
        I just got an email back from them notifying that my case has been received and added to the queue.
        When you say it's been over a month - is that just idle time waiting for them to action something or have you been in back and forth conversations?

        • UrMumsOnlyFan on 14/06/2023 - 22:44
          +1

          Nothing to converse about, I'm just waiting. I don't think I'll bother contacting them before the 90 days.

          • cloudy on 24/06/2023 - 22:42

            @UrMumsOnlyFan: yea, my first experience took all of that 90 days, but I did get replacement cards sent afterwards.

            • UrMumsOnlyFan on 25/07/2023 - 08:30

              @cloudy: They ignored one request for an update around the two month mark, but finally approved my case around the 85 day mark.

              Now to see how long the delivery of the replacement card takes.

  • TheCandyMan2020 on 16/06/2023 - 13:06
    +2

    Guys once you have lodged your dispute packet with incomm and have received confirmation from them, I would then call Heritage Bank on 1800 797 799

    They won't directly help but will ensure Incomm investigate in a timely manner.

    Coles Customer Service totally brushed me and just said it's totally up to Incomm.

    If it doesn't end well my complaint to AFCA and the ACCC will be cc'd to Coles, Heritage and Incomm.

    Also bear in mind as soon as you report your cards to incomm they will deactive them and you will no longer be able to access any of the details on mybalancenow.com

    That makes it hard if you havent already filled in your dispute packet as you will no longer be able to see the transactions on your cards.
    So take screenshots of all transactions and card balances in mybalancenow.com BEFORE you contact Incomm on the phone…

    • TheCandyMan2020 on 21/06/2023 - 18:07
      +1

      With some relief I can report that Incomm have completed their investigations into my 2 hacked cards and have confirmed all the transactions on those cards were fraudulent.

      They are issuing me with 2 replacement cards which I will immediately spend on Amazon.com.au gift cards which i will redeem immediately and add to my gift card balance at amazon.com.au

      No more holding onto prepaid Mastercards for me. If I buy them when they are on special again, I will be spending them straight away on amazon.com.au gift cards as above. I do most of my non-grocery shopping at Amazon so makes sense for me.

      • UrMumsOnlyFan on 21/06/2023 - 18:09
        +1

        Good result. How many days did it take from the time of submitting the packet?

        • Yola on 22/06/2023 - 04:34

          Or weeks/months?

        • TheCandyMan2020 on 23/06/2023 - 04:12

          About 2 weeks. I think a lot of the speed had to do with the intervention of Heritage Bank.

          • jayvey on 23/06/2023 - 16:35

            @TheCandyMan2020: Let us know how long it takes for you to receive your replacement cards in the Post. They emailed me on 1st May 23 to say they had finished investigating and would send replacement cards. By 13th of June I still haven't received anything in the post, so I called the 07 5660 6022 number, and they emailed off to a different department to organiser a replacement card, and told me someone would get in touch in 2 days time.

            So I called on 15th June and 22nd June, each time, they told me to call in 2 days time, but they still couldn't tell me what was happening.
            Really frustrating.

            • TheCandyMan2020 on 23/06/2023 - 17:53
              +1

              @jayvey: @jayvey sorry to hear that

              They provided me with a tracking number, but that tracking number still hasnt been lodged with Auspost.

              The issue with these cards is Incomm and the retailers want to make the point of sale process as easy as possible.

              My advice would be they add an extra step to the sales process - before the card can be used, you have to create an account at mybalancenow and set a pin on the card - then when any transaction appears on the card you get an automatic email or SMS from mybalancenow

              They could also use the Mastercard security system to confirm transactions with the PIN you have registered.

              This would still make the point of sale simple, but would introduce a whole lot more security and timely notification of issues….

              I am a little surprised that Coles continue to sell these cards as is given all the issues. I guess from my experience with Coles, where Coles totally brushed me, I am guessing Coles only care about their commission on the sales and have zero interest in what happens after that.

              • TheCandyMan2020 on 24/06/2023 - 18:55
                +1

                @TheCandyMan2020: Tracking now shows item posted late Friday night, should be delivered Monday 26 June or Tuesday 27 June

                Will confirm when it arrives and replacement cards work.

                • jayvey on 25/06/2023 - 13:52

                  @TheCandyMan2020: @TheCandyMan2020 Thanks for the update and letting us know about the tracking number. Did you receive the tracking number via email or phone? I never received a tracking number.
                  On Fri, I decided to call the Heritage Bank Complaints line that other people posted about. Hopefully that will get something happening.

                  • TheCandyMan2020 on 25/06/2023 - 18:04

                    @jayvey: I got it via email from Incomm.

                    • jayvey on 26/06/2023 - 17:16

                      @TheCandyMan2020: Thanks for the info. I received a call from an unknown mobile number today, it was actually an Australian voice, and not some call centre script monkey with a foreign accent. Luckily I picked up the call, as I usually let unknown numbers filter to voicemail.
                      The person sounded like they were one of the staff that process frauds for not just the Coles cards but other cards too. They said there was a delay as they were swamped with lots of cases. Apparently others which are thousands of dollars, had a higher priority with processing, which is why I assumed they process other card frauds as well, because the max Coles card amount is $250.
                      So I was advised that a replacement card would be sent out this week. When I asked if I'll receive a tracking number, they said they don't send out tracking numbers, apparently too many to send out, but they themselves would have a tracking number, and advised that I could call back and speak directly with them (same person) if something went amiss. A bit iffy as no tracking number…… I'll see how it pans out. At least I managed to get someone who was able to give me more info, and not some call script monkey.

                      • daanish on 27/06/2023 - 07:34

                        @jayvey: I received a similar call and had the same conversation about tracking number etc when I had a card replaced back in December. I also called the Heritage complaints line to give them a rev up before I got that call so it's definitely a thing.

                        • jayvey on 29/06/2023 - 15:31

                          @daanish: Thanks @daanish. The Australia Post app just noticed me that there's a delivery is on it's way to me from KEMPS CREEK NSW. It must be the replacement card, as I'm not expecting anything else from NSW.

                          • daanish on 29/06/2023 - 15:36

                            @jayvey: I know the Heritage Bank head office is in Toowoomba, QLD but the cards could be being shipped c/o a Coles facility. Unfortunately I didn't get an tracking details for my cards, they just arrived in the mail and I can't recall the return address.

                            • jayvey on 06/07/2023 - 18:08
                              +1

                              @daanish: Thanks @daanish. Can confirm that the delivery from Kemps Creek NSW was the replacement card from Incom. It was in one of those padded parcel bags. Although Incom didn't provide a tracking number, I did get a notification from the Australia Post App, that a package was being delivered, and that someone needed to sign for it. <phew> Thankfully, it's all good now. Burned up time trying to chase this up. Lodged a case with Incom on 6th Feb, and finally received a new card today (6 Jul).

                              • daanish on 06/07/2023 - 20:18

                                @jayvey: Yikes - that's quite some time between action there. Did you do any follow ups between submitting the case in Feb and having them approve it at the start of May? I submitted a case a few weeks ago and I think I might follow TheCandyMan2020's advise and follow up with the Heritage Complaints team to stoke the fire a little bit - seems like that resulted in a much quicker turnaround time for a replacement than what you've experienced.

                                • jayvey on 06/07/2023 - 22:17

                                  @daanish: Here's the timeline for my case, sorry, it's a bit of a loooooong reply.

                                  5 Feb - Submitted case

                                  March & April, called the (07) 5660 6022 number every 2-3 weeks, no one had any updates, I asked what was taking so long, and apparently they have to give the merchant who's transaction I'm disputing 45 days to respond.

                                  2 May - Received email advising that case had been resolved, and to allow 21-28 business days to receive a new card.

                                  13 June - More than 28 days had now passed, no card still, called up twice, the first person I spoke to said 30 business days hadn’t passed yet and to call back when it did. Definitely more than 30 biz days had passed, so I ended the call, and called again to try and get someone else to speak to, clearly the person before wouldn’t have been any help. I was advised that another card would be sent to replace the one I didn’t receive, but the phone call was cut off before we finished talking. I called again, the next person I got had to email off to a different department to organise a “new card”, and I was advised that someone would contact me in the next 2 days. Later, I realised that the original replacement card was probably never even sent out, as there was no tracking number and/or no notification from my Aus Post App.

                                  After 2 days, still hadn’t heard from anyone.

                                  15th June, 22nd June, called (07) 5660 6022, each time, they told me to call in 2 days time, but they still couldn't tell me what was happening.

                                  23 June Called Heritage Complaints Line, Yep, well and truly time to now express concern (complain). Left a voicemail, and they called me back the same day and were very responsive, and escalated my case.

                                  26 June Incom/Heritage Bank Rep called, and arranged for a new card to be sent to me.

                                  6 Jul Received Card - The End!! OMG!!!

                                  • daanish on 07/07/2023 - 11:23
                                    +2

                                    @jayvey: Thanks for the comprehensive timeline. Once I eventually get my card sorted I was planning on doing a similar post so that anyone else can get an idea of what they're in for and tips others have learnt along the way.

                                    • jayvey on 09/07/2023 - 12:09

                                      @daanish: That's a great idea @daanish! I think it would save many other people a lot of time as well. If I had known the reasons why it takes so long, I probably would have not bothered calling until the initial 90 days was up, after lodging my case.

                                      • daanish on 12/07/2023 - 09:14
                                        +1

                                        @jayvey: So I called the Heritage complaints line on Friday (7 July) and left a voicemail with just my name, mobile and ticket number asking to follow up on the case.

                                        I got a call from a standard mobile number yesterday afternoon (Tues 11 July) and spoke to an agent for Heritage who went over a few details and said that he'd organise for a replacement card to be sent out from somewhere in Victoria so it seems like calling Heritage has definitely sped things up as it has been a couple of days short of a month since I submitted my claim packet.

                                        • jayvey on 12/07/2023 - 17:46

                                          @daanish: Good to hear that it went much quicker for you!

                      • TheCandyMan2020 on 27/06/2023 - 12:41

                        @jayvey: @jayvey I think if you dont answer the call (I didn't) they email you. That's what happened in my case anyway.

                        I received my replacement cards in the mail today and have used them.

                        So in the end I haven't lost a cent which I am happy about.

                        I rate the following support out of 10:

                        Coles / Coles Financial Services 0/10
                        Incomm phone support 3/10
                        Heritage Bank 9/10
                        Incomm after they were contacted by Heritage 9/10

                        I will buy these again @ 10% off, but as soon as I get home and they are active, I'll churn them into Amazon gift cards.

                        • jayvey on 29/06/2023 - 17:04

                          @TheCandyMan2020: Ahh thanks, that's good to know.

                          Agree with the nine-er for Heritage Bank Complaints Line.

                          I'd also buy again at 10% discount, but will use asap as soon as they're activated. It's $ I'd be using anyway to pay bills, ATO, or buy discounted Woolies and Coles gift cards (gotta eat everyday right?) :-) And as a bonus, those flybuy points and credit card points do add up. Use to keep a few spare for online purchases to minimise the risk of my usual credit card from getting hacked, but I won't bother with that anymore, will just use a "burner" debit card and transfer just enough $ in each time I buy something. Too much hassle once the Coles cards get hacked.

  • magster on 07/07/2023 - 18:52
    +1

    I don’t know whether to laugh or cry. But I just found out one of my replacement $250 cards has also been used up by scammers.. about a month after I received it from Incomm. My bad for not using it up right away, but I thought what are the chances. Makes me wonder if this might be an inside job..

    • spc12go on 07/07/2023 - 19:54
      +1

      I wonder how it will play out for you, because they require original receipt. Hope it goes well for you.

    • trixieb on 09/07/2023 - 13:14
      +1

      @magwri Sorry to hear. This is so frustrating. Good luck in getting another replacement and use it straightaway

  • ampathy on 14/09/2023 - 05:56
    +3

    @daanish, @TheCandyMan2020, @jayvey Thank you for your sharing. I contacted Heritage Bank yesterday morning. The officer rang me back two hours later to inform me that she escalated my claim. Incomm rep contacted me right after the same day to solve my claim which I struggled to follow up on for more than 6 months. Heritage Bank Complaints Line did a great job! The officer made my day!

    • TheCandyMan2020 on 15/09/2023 - 09:10
      +1

      Glad to hear it worked out OK.

      I still can't believe they aren't taking steps to make these things more secure.

    • jayvey on 15/09/2023 - 22:08

      No worries, it's nice to know that the updates we posted helped other people. :-)

Login or Join to leave a comment
Login Join