Credit card Fraud

Paul_Varjak

Elky Elky...

I think you may have misunderstood a little. I will NEVER use my card in any transaction that requires the use of CVV code. So, I will NEVER use it online - with the possible proviso of websites where payment is handled directly on a recognised payment processor website. Even then, I would prefer to use a virtual card in such transactions. I would definitely NEVER disclose the CVV by phone.

If someone uses my normal (non-virtual) card in any transaction that requires the use of the CVV code then I will know this has not been obtained from me!

Not carrying a driving licence is actually a suggestion made by the Credit Experrt (run by Experian) website to prevent Identity Theft. I am now signed up with CreditExpert so that I get notification if anyone opens accounts in my name.

I was completely unaware of car safes - I will look into that one! At home I have one large safe and a security two-drawer filing cabinet (weighing 300 pounds). Both are fireproof!

I am now hiding my disabled badge in the car - that contains my full name (unfortunately).

I doubt anyone would steal my car as it has a left foot throttle! When I park the car I flip up the throttle (so it cannot be seen), so anyone trying to steal it would just see a car with a brake pedal!

ElkyElky

Paul_Varjak wrote: »

Elky Elky...
I was completely unaware of car safes - I will look into that one! At home I have one large safe and a security two-drawer filing cabinet (weighing 300 pounds). Both are fireproof!

I am now hiding my disabled badge in the car - that contains my full name (unfortunately).

I doubt anyone would steal my car as it has a left foot throttle! When I park the car I flip up the throttle (so it cannot be seen), so anyone trying to steal it would just see a car with a brake pedal!

You can always block out your surname on your disabled badge by sticking a little bit of paper over it. I don't know though if that would get you into trouble with parking wardens or something.

I respect your decision not to use your cards on the internet. At least you'll have peace of mind knowing that your chances of being defrauded again has greatly reduced.

Sounds like a nifty car! All cars should come with a function like that.. perhaps some locking mechanism on the throttle when it's flipped up. lol I can just picture their face when they try to steal the car.

olly300

ElkyElky wrote: »

I respect your decision not to use your cards on the internet. At least you'll have peace of mind knowing that your chances of being defrauded again has greatly reduced.

Exactly how?

All the people I personally know who have had their credit cards used have not used the card at all. They just suddenly receive a bill stating their card has been used in some foreign country.

Paul_Varjak

Eydon wrote: »

Agreed- in order to generate the CVV1 and/or CVV2 (they use the same algorithm for both but with slightly different numbers) you do need the expiry date.

From what I have read it is easy to generate card numbers of a valid fortmat and there are only limited expiry dates because they consist of only a month and year and most cards don't seem to be valid for more than 3 years.

If it is then possible to generate the CVV number from card number and expiry date, then really, the trick seems to be finding a card number that actually exists!

On www.gigantiko.com I used a card number of mine that ceased some 20 years ago (but that I still remember) to see what happened when I placed a 'fake' order. The shopping cart system recognised it as a valid card number (whatever expiry date I put in) and seemingly processed the transaction! If I used an invalid format number it rejected the card!

I wonder just how much 'intelligence' shopping cart systems have in terms of recognising card numbers/expiry dates/CVV numbers? Maybe, some shopping cart systems can pre-validate such information before submitting a 'test' transaction to a payment processor - just to check if the card number actually exists?

My card issuer tells me that this type of fraud - where the card number/expiry date/CVV number are generated before a test transaction is made - is the biggest fraud they have at the moment. It is a type of fraud that could be eliminated if the payment processors actually did name/address checks and implemented 3D checks (MasterCard SecureCode or Verified by Visa).

Anyone who saw Watchdog last night may have noticed that it is possible to redirect mail for someone else by logging onto the Royal Mail website. It seems that as long as a valid credit card is used, it is possible to redirect mail for anyone as no name/address checks are done to ensure the card belongs to the person moving house!

Once mail is re-directed Identity fraud takes place and one poor couple had their credit rating destroyed to the extent that they are having to sell their house!

When I renewed my house insurance policy this year my insurance company were offering Identity Theft protection and I took them up on their offer - it was not expensive given that some four million people (according to Which?) have had their identity stolen in this country!

My aunt has had her identity stolen and my cousin has also been the victim of card fraud. My best friend's partner also had his card fraudulently used in eastern Europe. It really is big business and, for some types of fraud, there is very little we can do other than ditch all credit and debit cards!

Of course, once the banks/ CC card issuers do tighten procedures to the extent they can argue there systems are 'secure' then anyone challenging their card companies in the courts will lose. This is because the burden of proof in the civil court is on the 'balance of probabilities' The fact that the card user can still win many cases today shows that the systems are pretty well insecure!

But we saw with the advent of 'chip and pin' that the tide has turned in the favour of the card issuer. When a fraudulent transaction had been made using a chip and pin' card, I think most card users lose such cases.

So, if it becomes a requirement to do name/address checks on ALL transactions, as well as the 3D checks too then if any fraud does take place, the banks will win by successfully claiming it was the customer's fault - even if it was not! That is a situation I NEVER want to be in!!!!!

Paul_Varjak

ElkyElky wrote: »

You can always block out your surname on your disabled badge by sticking a little bit of paper over it. I don't know though if that would get you into trouble with parking wardens or something.

Yes, I have been thinking about blocking out my name, although the name is on the reverse of the card and cannot be seen in normal use. But there is a trade in stolen cards and someone may break into my car, find my name and then find where I live (my name is not common).

When I lived in Cambridge, Cambridge City Council issued permits to Disabled Badge holders, allowing them to park in the city centre. That permit had the name, address and photo as well! I flatly refused to have a document left in my car with my name on and told them so. I told them I had deleted the name. They quickly saw sense and then issued permits to everyone only with a name and photo!

ElkyElky wrote: »

Sounds like a nifty car! All cars should come with a function like that.. perhaps some locking mechanism on the throttle when it's flipped up. lol I can just picture their face when they try to steal the car.

The right foot throttle is still there too - but remains up unless someone else drives the car. The other reason for lifting the left pedal out of the way when I park at night is to stop someone crashing into my house should they try to steal the car! It is very confusing driving with a left foot throttle! I think, in practice, a thief would be so confused by a missing pedal that he would not think that it could 'flip' out of the way!

BRB - I have to go out to the car to flip up the pedal...

Paul_Varjak

Well, I have finally convinced moneybookers.com that the Gigantiko website is part of the fraud! They are no longer processing payments for Gigantiko!

naijapower

Paul_Varjak wrote: »

Well, I have finally convinced moneybookers.com that the Gigantiko website is part of the fraud! They are no longer processing payments for Gigantiko!

Good work. At least you got somewhere

Paul_Varjak

As a rough estimate, I reckon the fraudulent www.gigantiko.com website has netted fraudsters around £100,000 in one month!

My account was debited by over £500 and www.moneybookers.com tell me they processed over 200 payments since the site started business last month.

negg

I run a little website or two and accept card payments. I usually get a couple of fraudulent orders a month where the payment is accepted.

Names on the card are never checked. It's very difficult to do this if, say Adam Smith puts his name in as A. Smith or Mr A Smith - and people do. Don't think that most people actually read their card.

Addresses on the card are checked (if the bank is enrolled in address verification). If you enter an incorrect address all it does is warn the seller, it does not reject the card. Note that only numbers are checked, not letters or symbols. So a card registered to "1 West Street, W2 3AB" would match "1 East Street E2 3ZX". You cannot force them to enter an exact copy of the address on their statement. You would be shocked at some of the addresses entered on my websites - I sometimes have to look up their address and amend it because they are so bad!

Addresses are difficult to block if they are incorrect since many people use a card registered at their home address to get goods delivered to the company they work for.

CVV codes are checked (again if the bank is enrolled) but most card issuers do not reject the card if the CVV does not match. If a fraudster uses your card and uses 123 when your CVV is 987, the payment goes through and again, the seller is warned. This also helps stop frausters using computer programs to make thousands of payment attempts to crack the number, since the first will usually go through (assuming everything else is correct).

One other thing that is checked is the country. If they say they are from the USA but the card has been issued and registered to someone in the UK, this also will flag up to the merchant. Again, this does not stop the card from being accepted.

Police: You would think that the police would be interested in finding out where these goods are at least going to (or they attempt to get them to) but they are not. I reported one in 2002 and well, never again. It was a waste of my time.

Card Companies: Why don't the card companies do more to stop this from happening? Well there is no risk to them if the transaction is MOTO/Internet (any transaction where the cardholder is not present). Let's say you use a well known card provider for internet transactions whose standard fees are 4.5% and £10 chargeback fee. A fraudster buys a bike from you for £100. You pay £4.50 to the card company in the transaction fee, so they actually pay you £95.50. Now the real cardholder does a chargeback. The seller then gets this £10 chargeback fee and £100 either taken from their account or knocked off their next payment. So the it's the seller that loses out, losing £14.50 plus the bike (if they sent it).

property.advert

I have a virtual credit card linked to a bank in Asia. The limit is the balance in the linked account. The trick is to have 2 accounts with the same bank and just transfer over what is needed to undertake the transaction.

A few months ago, I noticed the local currency equivalent of EUR 79.95 and checked it back. I had left more money in that account than usual and a rogue transaction was placed on the account. I had it cancelled but even this system has limits.

The other day I was expecting a credit of £179 to an account. I was credited £197. Now it is easy to see how that happened as there had been some human involvement.

Years ago in reconciliations for a bank, I wrote a very lengthy spreadsheet and database in Excel to mimic human error of this sort when trying to resolve accounting breaks. Not sure what they do now but it is down to us, the consumers for sure.