Credit card Fraud

Paul_Varjak

negg wrote: »

I run a little website or two and accept card payments. I usually get a couple of fraudulent orders a month where the payment is accepted.

Names on the card are never checked. It's very difficult to do this if, say Adam Smith puts his name in as A. Smith or Mr A Smith - and people do. Don't think that most people actually read their card.

I feel sure that some payment processors do fully check the name as it appears on the card but, apparently, many do not!

negg wrote: »

Addresses on the card are checked (if the bank is enrolled in address verification). If you enter an incorrect address all it does is warn the seller, it does not reject the card. Note that only numbers are checked, not letters or symbols. So a card registered to "1 West Street, W2 3AB" would match "1 East Street E2 3ZX". You cannot force them to enter an exact copy of the address on their statement. You would be shocked at some of the addresses entered on my websites - I sometimes have to look up their address and amend it because they are so bad!

I find it iunbelievable that address matching can be so bad!

negg wrote: »

Addresses are difficult to block if they are incorrect since many people use a card registered at their home address to get goods delivered to the company they work for.

I assume you prompt for both ther billing and delivery addresses?

negg wrote: »

CVV codes are checked (again if the bank is enrolled) but most card issuers do not reject the card if the CVV does not match. If a fraudster uses your card and uses 123 when your CVV is 987, the payment goes through and again, the seller is warned. This also helps stop frausters using computer programs to make thousands of payment attempts to crack the number, since the first will usually go through (assuming everything else is correct).

I thought there is a requirement to check CVV codes for online transactions?

negg wrote: »

Police: You would think that the police would be interested in finding out where these goods are at least going to (or they attempt to get them to) but they are not. I reported one in 2002 and well, never again. It was a waste of my time.

Don't I know it!

negg wrote: »

Card Companies: Why don't the card companies do more to stop this from happening? Well there is no risk to them if the transaction is MOTO/Internet (any transaction where the cardholder is not present). Let's say you use a well known card provider for internet transactions whose standard fees are 4.5% and £10 chargeback fee. A fraudster buys a bike from you for £100. You pay £4.50 to the card company in the transaction fee, so they actually pay you £95.50. Now the real cardholder does a chargeback. The seller then gets this £10 chargeback fee and £100 either taken from their account or knocked off their next payment. So the it's the seller that loses out, losing £14.50 plus the bike (if they sent it).

For merchant fraud (as in my case) I think it may be the payment processor who loses out.

Paul_Varjak

property.advert wrote: »

I have a virtual credit card linked to a bank in Asia. The limit is the balance in the linked account. The trick is to have 2 accounts with the same bank and just transfer over what is needed to undertake the transaction.

Seems to be a virtual debit card rather than a credit card with no S.75 protection. But I agree that it is a good idea to have a second 'feeder' account if you choose to use a virtual debit card.

property.advert wrote: »

Years ago in reconciliations for a bank, I wrote a very lengthy spreadsheet and database in Excel to mimic human error of this sort when trying to resolve accounting breaks. Not sure what they do now but it is down to us, the consumers for sure.

Sounds an interesting exercise! Following my experience, I would agree that it is down to the consumer as these payment processors seem to have very dubious or even non-existent basic checks!

Paul_Varjak

Following this fraud I am aware of the possibility that my identity could be stolen as a result. Anyone who saw Watchdog last week will know that is very easy to redirect someone else's mail in order to perpetrate identity theft.

I will talk with my postman tomorrow and ask him to tell me if my mail is ever re-directed. Just another small way to stop such events happening!

Paul_Varjak

It seems the law was changed so that card fraud is no longer a matter fot the Police - be it credit cards or debit cards!!!

http://www.thisislondon.co.uk/news/article-23390837-fraud-victims-told-go-to-the-bank-not-the-police.do

ElkyElky

Paul_Varjak wrote: »

Following this fraud I am aware of the possibility that my identity could be stolen as a result. Anyone who saw Watchdog last week will know that is very easy to redirect someone else's mail in order to perpetrate identity theft.

I will talk with my postman tomorrow and ask him to tell me if my mail is ever re-directed. Just another small way to stop such events happening!

Your postman may not know about any redirections. If your mail is redirected to another city, it'll be done in the sorting offices, way before your postman gets his hands on it.

Once the letter goes to the senders local sorting office, their computers will detect it has to be redirected and will print the re-directed address on it, then off it goes, across the country during the night to the destined sorting office.

Paul_Varjak

I must admit I am not conversant with the mail re-direction system but one of the victims on Watchdog was actually told by his postman that his mail had been redirected.

Maybe it is not a failsafe method to ask your postman about any mail rediection, but just a little something that could help in some circumstances.

Given that Police no longer investigate card fraud at the behest of the cardholder I am afraid that identity fraud will become more prevalent as identity fraud may follow on from an initial card fraud.

The onus has always been on Joe Public to protect himself against crime but now the Police no longer investigate card fraud, Joe Public may have to become his own private investigstor too!

negg

I feel sure that some payment processors do fully check the name as it appears on the card but, apparently, many do not!

You might be right, but I don't know of any that can do this without a phone call to the payment provider.

I find it iunbelievable that address matching can be so bad!

You have to understand that address matching is very difficult to achieve. One slight mis-type (such as iunbelievable instead of unbelievable) and the address would fail! I've checked orders this month and at least one order, the customer has entered their postcode twice, once after the city and again it's own postcode box. This causes the address match to fail, but at least it didn't stop his card going through.

I assume you prompt for both ther billing and delivery addresses?

Yes, but you are looking at a high percentage (more than 50% from the small sample I have looked at) of people still put the business address as the billing address. I don't know if it is lazyness or if they think that the bill should go to the business?

I thought there is a requirement to check CVV codes for online transactions?

I have had at least one order this month where the CVV code was not checked, but the vast majority are at least checked.

For merchant fraud (as in my case) I think it may be the payment processor who loses out.

It is the payment processor/card issuer that loses out if the card was present at the time of transaction AND the PIN number was used. Otherwise, it is the seller that loses out.

puppinski

Hi guys

This is my first post so bear with me if I ramble somewhat!

Unfotunately I need to give you the full background to get someone's advice on this one.

Whilst talking with my father back in July he mentioned that he had noticed several 'rogue' transactions on his Tesco Mastercard statement. I asked to look at it and realised that they did indeed look rather dodgy, comprising of payments to websites such as PMTSUPPORT.COM in a variety of currencies such as euros and dollars all for amounts of mainly around £20 to £30. I asked to see previous statements and to my horror these payments stretched back as far as he had statements at that time for which was to 2007.

I also noticed that Tesco had issued a new card in Dec 07 and in the months prior to this there had been numerous rogue transactions that were listed on his statement which he did not recognised but had just settled.

In October 08 my father had called Tesco about rogue transactions that had appeared and they had credited some transactions back for that period and issued another card.

However it appears despite a new card these rogue transactions reappeared and unfortunately my father did not query them. I know this sounds strange but you firstly need to bear in mind he is 92 years of age and unfortunately his short term memory is not brilliant and simply assumed that if it appeared on his statement it must be his fault - he does not really appreciate how people can use your credit card details without having your card.

I wrote and complained to Tesco and what I don't understand is the following. They sent us statements going back to 2001 and asked us to identify rogue transactions which we did. (I was horrified that they totalled near £3000 which my father had continued to pay over a period of years from July 2004.) We waited over a month to then get a reply saying that they could not refund any of the transactions due to the fact that my father should have reported there appearance sooner - they quoted Mastercard rules at us. Why did they send us statements gong back to 2001 then if they could not look at transactions further back than 4 months.
Now whilst I completely and utterly appreciate that individuals have a duty of care to take responsibility for monitoring their account and that legally Tesco have the upper hand but surely Tesco Mastercard has a duty of care to their customers especially when having changed his card after reporting fraud it continues to reocccur! Am I barking up the wrong tree or does this suggest an inside job? And surely when new cards are issued an individual at Tesco looking at the transactions on a database would pick up the hundreds of very strange transactions (even without bearing in mind his age).
I feel incredibly frustrated at Tescos response especially as he is vulnerable consumer. I just wondered could anybody out there suggest a different legal approach that I could throw at Tesco to get some sort of refund for my Dad? Anybody's thoughts would be very, very gratefully received!! Fingers Crossed....

Paul_Varjak wrote: »

You have summed up my thoughts very succinctly! Credit card fraud is now very common and I am aware that lots of people MSE post about it but it is still a great shock when it happens. I really have no idea how it happened to me and that is very frustrating.

I am always vigilant when using my cards - I cover up my pin entry at ATMs and in shops and I always make sure I order only from HTTPS secure websites. I NEVER write down my PIN and I use a different PIN on my cards than I do to unlock my mobile phone etc!

I don't know what this fraudster knows about me at all. He/she may have generated my card details randomly (if I believe my bank). What I do know is that on one website someone placed three orders (for the same goods) in quick succession. My details were only used in ONE of those
transactions, so it was clearly part of a bigger scam.

elisebutt65

Paul_Varjak wrote: »

Following this fraud I am aware of the possibility that my identity could be stolen as a result. Anyone who saw Watchdog last week will know that is very easy to redirect someone else's mail in order to perpetrate identity theft.

I will talk with my postman tomorrow and ask him to tell me if my mail is ever re-directed. Just another small way to stop such events happening!

You might want to look into CIFAS registration to prevent this from happening. I nearly suffered fraud from my debit card, but Abbey are fairly on the ball and I had to ring the fraud department to check that a transaction over £200 was kosher - which it wasn't. It was for clothes worth about £500 to go to Germany. PITA to have to wait for new card and internet details but worth it not to have to lose £500!

Subsequently I signed up to CIFAS - costs £12 a year but I've already had a result as Choice (catalogue company) have already contacted me to ask about an account being opened in my name which I haven't done since I paid all my catalogues off and don't go near them now. All cancelled within minutes after a phone call and the details are already logged on my Experian account.

ElkyElky

elisebutt65 wrote: »

You might want to look into CIFAS registration to prevent this from happening. I nearly suffered fraud from my debit card, but Abbey are fairly on the ball and I had to ring the fraud department to check that a transaction over £200 was kosher - which it wasn't. It was for clothes worth about £500 to go to Germany. PITA to have to wait for new card and internet details but worth it not to have to lose £500!

Subsequently I signed up to CIFAS - costs £12 a year but I've already had a result as Choice (catalogue company) have already contacted me to ask about an account being opened in my name which I haven't done since I paid all my catalogues off and don't go near them now. All cancelled within minutes after a phone call and the details are already logged on my Experian account.

That should be free in my opinion. You are, after all, directly helping financial companies from loosing their money.