Credit card Fraud

stfc

If it's fraud just deal with your card issuer rather than the payment processers.

The card issuers have to re-imburse you, but will chargeback transactions to mitigate their loss. Not all transactions can be charged back depending on the type of fraud and location, but the card issuer has to pay you back.

Also don't expect the card issuer to do anything with the fraudsters details, thats not their repsonsibilty. The police are also unlikely to care for that amount. Frustrating!

Be carefull with Section 75. If for example you have a credit limit of £1000 and puchase something for £2000 by putting your account in credit you may have a battle on your hands, as putting accounts in credit is normally against the t&c's.

Paul_Varjak

stfc wrote: »

If it's fraud just deal with your card issuer rather than the payment processers.

I think you are right

stfc wrote: »

The card issuers have to re-imburse you, but will chargeback transactions to mitigate their loss. Not all transactions can be charged back depending on the type of fraud and location, but the card issuer has to pay you back.

There does seem a general consensus that I will get my money back and I guess that is all I should worry about. But I really hate fraudsters and I hate the Police for ignoring fraud.

stfc wrote: »

Be carefull with Section 75. If for example you have a credit limit of £1000 and puchase something for £2000 by putting your account in credit you may have a battle on your hands, as putting accounts in credit is normally against the t&c's.

I did not know that putting an account in credit may breach their T&Cs, though I have heard that some card issuers do charge for accounts in credit! But I guess that is because they want to make money from us by providing credit and if we use the credit card as a 'free' pre-paid debit card that is not really want the CC company wants!

Paul_Varjak

I have now looked more into putting credit accounts to credit. According to Halifax if you put a CC account into credit then if your card limit is say, £500, then your limit i still £500 even if your account is in credit, by say, £1,000! Tesco Credit Cards tell me that they refund any credit balance.

The other problem is that if your account is in credit and a fraudulent transaction occurs on that credit card then the fraudster has, in effect, taken your money before any of the CC company's monies!

Eydon

ElkyElky wrote: »

I doubt a credit card generator was used in this situation. The expiry date and CVV isn't tied directly to the card number so if they did generate a valid card number, it would be virtually impossible for them to get the expiry or CVV.

There is no tool or magical way for anyone to get a CVV number by using the credit card number only.

Sorry, but you are wrong on both counts. The CVV1 (which is stored on the mag stripe and on the chip) and the CVV2 (the printed number on the back) are both calculated using the card number, expiry date and a few other magical numbers, which are known to some people (me included) who have previously worked or are working in the credit card industry.

Whilst I agree that it's not always easy to guess the expiry date, there are ways, and once you know that, the rest is quite easy.

Shelldean

glad the police have an address,but if it's anything like the fraud committed on our DEBIT card then, nothing will be done.

Our card was used to pay £500 off some thieving swines credit card, so could obviously be traced. Nothing done ever!!! Tho bank did reimburse us.

ElkyElky

Eydon wrote: »

Sorry, but you are wrong on both counts. The CVV1 (which is stored on the mag stripe and on the chip) and the CVV2 (the printed number on the back) are both calculated using the card number, expiry date and a few other magical numbers, which are known to some people (me included) who have previously worked or are working in the credit card industry.

Whilst I agree that it's not always easy to guess the expiry date, there are ways, and once you know that, the rest is quite easy.

What I meant was... if I perhaps used a credit card number generate right now, and luckily found a valid credit card number. There is actually no way I could possibly obtain the CVV and the expiry by just having the credit card number. It's just not possible.

CVV1 may be encoded on the card but I'm specifically referring to CVV2, which is not.

CVV, CVC CVC2 and CVV2 values are generated when the card is issued. The values are calculated by encrypting the card number, expiration date and service code with encryption keys ( Often called Card Verification Key or CVK ) known only to the issuing bank, and decimalising the result.

The encryption keys, I assume, would only be accessible by a limited number of bank employees. Without knowing the banks algorithm for encrypting the CVV2, it is virtually impossible for any fraudster to generate the CVV2 with only the card number.

Eydon

ElkyElky wrote: »

What I meant was... if I perhaps used a credit card number generate right now, and luckily found a valid credit card number. There is actually no way I could possibly obtain the CVV and the expiry by just having the credit card number. It's just not possible.

CVV1 may be encoded on the card but I'm specifically referring to CVV2, which is not.

Agreed- in order to generate the CVV1 and/or CVV2 (they use the same algorithm for both but with slightly different numbers) you do need the expiry date.

Paul_Varjak

I am now convinced that the website used to process my credit card is a fraudulent website! This is how the fraud works..

Fraudsters create a FAKE website (www.gigantiko.com) and offer to sell oversized shoes! The first indicator that the website is fake is that you cannot select the size of shoes for any of the shoes on offer!

www.gigantiko.com was registered on 25/08/2009 and they signed up with the payment processor (www.moneybookers.com) in September 2009. www.moneybookers does not implement any name/address or 3D (eg Verified by Visa or MasterCard SecureCode) checks whatsoever! That is the only reason this fraud can work!

According to www.moneybookers.com there have been around 200 transactions on the site since last month. But how is that possible? The website name appears nowhere on the internet except on the website itself and two websites that list website names! So, no advertising of oversized shoes you cannot specify the size of, generates 200 orders in a month? I think not!

If you register on www.gigantiko.com and order goods, the only payment method (of the six offered) that seems to work is for www.moneybookers.com. The PayPal payment method says it takes you to the PayPal secure site but merely takes you to unsecure page on www.gigantiko.com where it propmts for full card details!

Orders numbers on the website are generated in ascending order from #1. I tested this theory by registering with two e-mail addresses (which they don't verify) and generated consecutive order numbers! So, the site has not had 200 legitimate purchasers! The website is merely there to create a false legitimacy for the whole fraud!

Prices on the website are listed in pounds sterling by default but when you checkout this magically changes to the equivalent amount in euros. My card was charged in Euros when the fraudsters used my details.

Interestingly, the website is registered through a third party anonymous registration scheme. Why would a genuine merchant do that?

I am pretty sure this is an international scam, probably with Dutch connections, although one person who called me from www.gigantiko.com appeared to have a West African accent!

A second (failed) transaction was made on a Dutch website the day after the successful transaction, but I think this website is not involoved in the fraud. I think the fraudsters just made attempts to order from this site to 'cover their tracks' and divert attention from the fraudulent website.

Paul_Varjak

Shelldean wrote: »

glad the police have an address,but if it's anything like the fraud committed on our DEBIT card then, nothing will be done.

Our card was used to pay £500 off some thieving swines credit card, so could obviously be traced. Nothing done ever!!! Tho bank did reimburse us.

That is the problem with debit card fraud - it is YOUR money that is being played with! Credit cards are always better to use than debit cards!

I have now closed one bank account and stopped a debit card on another account. So, I now only have one debit card and one credit card - with a different institution from my bank!!!

I carry one debit card, one credit card and cash in my wallet. I carry nothing else that would identify me! My cards only have an initial and surname and I have deleted the 3 digit codes from the back of the cards!

I will only use the debit card in a BANK cash machine and NEVER for purchases. I will only used the credit card in well-recognised outlets. I will NEVER hand my card to anyone, ever or do any transaction that requires the use of the 3 digit CVV code (either online/telephone or in person)

Finally, I no longer carry my driving licence or any other form of ID with me and the emergency phone I keep in the car has its handset and SIM card PIN protected even though I keep no numbers stored on either the SIM card or the phone!

ElkyElky

Paul_Varjak wrote: »

I will only use the debit card in a BANK cash machine and NEVER for purchases. I will only used the credit card in well-recognised outlets. I will NEVER hand my card to anyone, ever or do any transaction that requires the use of the 3 digit CVV code (either online/telephone or in person)

Finally, I no longer carry my driving licence or any other form of ID with me and the emergency phone I keep in the car has its handset and SIM card PIN protected even though I keep no numbers stored on either the SIM card or the phone!

Unfortunately, it is compulsory for all websites selling products/services to request the CVV to process the transaction now. If they don't, then they are most likely fraudulent or a website you shouldn't trust. But you should relatively fine ordering from websites you actually know (Tesco, Argos etc.. known companies). For example.. if a company advertises on TV, then you'll know it will be pretty much safe. No fraudulent company could afford professional advertisements.

I think.. not carrying your driving licence and stuff may be a bit excessive but certainly is an excellent way of preventing identity theft. The only problem with that is, if you get pulled over or have an accident or something, the Police would ask you for ID. If you have an accident and you can't give your name or address for whatever reason, they'll have to search your person to find out who you are.

Another good idea is, if you must leave things in your car, think about buying a car safe, which you can buy from Argos.

http://www.argos.co.uk/static/Product/partNumber/0073367/Trail/searchtext%3ECAR+SAFE.htm and maybe even a wheel clamp to prevent it from getting stolen during the night.