Warning- Barclaycard possible security risk.

Mrs_Money

To make things clearer-
I haven't ever, and don't plan to access my credit card account on-line. I have no email contact with Barclaycard whatsoever.

DH has a separate computer to me - we both have an active virus checker and fire-wall, DS works in computer networks and DH is in computing too. I am an IT tutor of quite a few years standing and very well aware of what a phishing email is!

And, I can safely ignore all phishing emails anyway as I know for certain - woohoo!!! - I don't have any online accounts, never have, and, if I can possibly avoid it, never will.

The enigma persists - the pieces of my info that the "My Barclaycard" website requires for registration could probably only have been obtained by someone who has access to them all - not a postman, not anyone who "knows me" - who has ALL those pieces of information?
Most online retailers I have had transactions with and Barclaycard.
Edit - Actually only Barclaycard could have all those details - an online retailer wouldn't know my credit limit -(I assume!). But of course - a bit of guessing may have sufficed on the credit limit figure - who knows? Or could someone just put any figure and have it accepted - you can see now - I'm on shifting sand - only a matter of time before complete paranoia sets in!

chattychappy

To be honest, we will probably never know and Barclays (or at least customer facing staff) won't know or won't tell.

If I had to bet money on it, I'd say it's a failure at Barclays - internal to the bank, their outsource partners, or a systems failure.

An alternative is that partial details were obtained separately - eg the card skimmed whilst you were shopping somewhere. These details were then sold on to someone with access to other personal data - eg your date of birth, codeword, (when you call Barclays) if you have one, or your credit limit. In the absence of your post being intercepted, a credit limit is most likely to be from inside. But "post intercepted" doesn't mean you don't receive it - it could even be interference at the mailing centre.

Barclays willingness to accept it as fraud so quickly suggests it falls into a known pattern.

Mrs_Money

Anyway - if or when I ever find anything out I'll update everyone!

chattychappy

While I'm at it, I had £6800 put through on a NW Visa card. 2 or 3 small test transactions and then a couple of big ones. I had never used the card since receiving it. The online system hadn't been hacked as in your case.

It turned out to be staff fraud and hundreds were affected.

It may be worthwhile credit checking yourself to see if all is in order. Come to think of it, someone credit checking you would have access to your DoB + credit limit. They would only have to send off minimal information - but they would have to intercept the post coming back, though.

VictimOfImpersonation

Mrs_Money wrote:

My Barclaycard credit card has recently been used fraudulently, a few transactions went through, but fortunately not the really big one. I now have to wait for a new card as, of course mine has been cancelled. I was not informed of this fraudulent transaction - or the fact that my card had been cancelled and had to find out the worst way (days after the fraud) when I went to do the shopping.

Mrs Money, the most likely scenario is that you have been targeted
(a) Because some of your personal data e.g. DoB is in the public domain e.g. Companies House, or has been compromised, and
(b) Because your mail can easily be intercepted due to someone bent at the Post Office or because your letterbox can easily be dipped, and possibly
(c) Fraudsters have managed to get a copy of your credit report to use as their aide memoire.

(a) (b) and (c) all occurred in my case.

What is missing from your original report is that almost certainly the reason why your card stopped working is because the fraudsters (who are organised criminals) telephoned Barclaycard lost and stolen and reported your card lost or stolen. Barclaycard will have asked for certain security info e.g. full name and address, DoB, Postcode and maybe first two letters of mothers maiden name and then would have obliged with a new card in the post and maybe even a new PIN or PIN reminder.

It is this fraudulently requested and intercepted card that will have been used to register online.

Sounds like you have only been told half the story.

I was the victim of exactly this type of fraud earlier this year with some other cards. Barclaycard had been contacted exactly as I mentioned but I was too quick off the mark for the fraudsters on that one and saved Barclaycard the hassle of an actual loss. Other card issuers were less lucky. Or should I say that the retailers tricked into supplying goods to the fraudsters were less lucky.

In my case I discovered three months later that some kind of glaring security hole had appeared at the number 3 Credit Reference Agency in the UK, CallCredit. Someone obtained online MY full credit report as held by Call Credit, and the very next working day at 0830 started calling the lost and stolen lines for my cards. I have heard of two other people I know that seemed to have been attacked the same way as a prelude to calling their credit cards i.e. by first fraudulently obtaining a Call Credit full report used by the fraudsters first to decide which card companies to target (saves them making blanket calls to all the numbers on the offchance), and then once talking to your card issuers they can asnwer security questions e.g. credit limits and even the third level questions that are often used to check that it is REALLY you that is calling e.g. "I will read you Mrs Money the first names of four people you may have shared an address with in the past. Please confirm which one is correct", OR "Which one of the following counties have you ever lived in?" ....

You will hear (and have heard) all sorts of ill-informed claptrap about it being likely that there is a trojan on your computer but since must of us with a brain have perfectly adequate anti-virus and other security protection thesedays, that is not the problem.

The problem is that the easiest attacks are as I described ... they prey on vulnerable post office workers and bank workers, obtain an intercept or some partial personal data, add it to what they can find in the publc domain and then use 'boilerooms' making calls to lost and stolen using lists the gangs create without even leaving their seat. And, a personal opinion this, I believe they do indeed use CRA info illegally obtained by several methods.

I now subscribe to a CRA Alert service. Come to think of it, quite recently Barclays Bank Plc did a full Credit Search on me on an "Opt In" basis which apparently means I consented to let them do it and for them to search for any financial associates they might find linked to me. I made some calls last week but I haven't got to the bottom of it yet.

I didn't think of calling Barclaycard to ask them if it was them. I may well do that tomorrow thanks to your thread.

Meantime, I do recommend that you contact all your bank providers, especially all your credit card issuers as credit cards are more vulnerable to this type of attack. I suggest you get the rest of your families checked too.

You will be asked to set additional security. I suggest you change "Mother's Maiden Name" security in every case where it is permitted.

I sympathise with your plight.

With luck, once you are locked down, the storm will have passed.

Some variants on this involve a fraudulent change of address and the intercepts occur that way.

If your address is vulnerable, and has not been changed fraudulently, it is quite likely that after the fraudsters have moved on from attacking your accounts they might still use your vulnerable address for others of their targetted victims whose more secure address they have changed to yours in order to make the intercepts easier. So apart from worrying about your own accounts, do look out for credit card statements arriving at your address but in stranger's names and do not ignore them ... call the banks involved immediately and tell them what has happened to their client ... it happened to me ... a Barclaycard and an MBNA card - two different names - my address ... my calls to those two were the first notification that anything was wrong for those two other unsuspectng victims, even though I had notified both those companies a month earlier about my own cards having been attacked. So the fraudsters had succeeded in changing the addresses on those other victims accounts despite me having had my post intercepted and telling Barclaycard and MBNA a month previously. Sounds crazy? You bet it is. It seems sometimes that we as individuals are the only people who truly care about securing our ID and addresses against fraud. So don't just bin any statements that arrive in the post which are "not yours". Calling the senders may also help you avoid credit defaults being registered against "AN Other" at YOUR address.

I decided long ago from my own experience, talking to neighbours and reading reports on MSE that this type of thing is now rife in some areas.

Yet how often have you heard the police or the Home Office saying they know and they are on top of it? You will barely have heard this from them at all. That is because they are miles behind the curve with the types of crime which are currently the most lucrative to all those crooks who used to inflate the more traditional crime figures.

So annoying that probably thousands (of people) are so easily taken this way every week by these gangs.

Who pays?

We all do in the long run.

You will get your money back but that isn't the point. Goods are fraudulently obtained which retailers often lose out on just as surely as they had been shoplifted. Bank customers have their worlds turned upside down for a few weeks wondering how on earth it could have happened and trying to cover all the bases.

I truly believe the postal intercept version of credit card account takeover fraud has grown so fast that it's out of control but no-one will admit it.

It is also a bit worrying that there seem to have been a number of similar reports involving Barclaycard in particular on MSE in the last couple of weeks or so ... they are of course one of the biggest providers, but evenso ...

Mrs_Money

Well, small update - if it wasn't so tragic it would be amusing - on Monday morning (6 days after the fraud took place) I received a letter from Barclaycard (posted TNT) advising me that there had been some suspicious activity on my card! The letter was dated for the day of the fraud.
They suspect fraud and they write to me? It plainly wasn't even posted first class (you can't tell from the envelope) I'm surprised they didn't use the Pony Express - it may have been quicker!
Meanwhile 7 days later and 4 days after I contacted them, I am still awaiting the disclaimer they said they urgently want me to sign and return to them (saying that the transactions that went through were not mine) - suppose that''ll be in another 4 or 5 days then.
Not impressed with this customer service at all.

knightfox

Its very easy to intercept the post. it might not have been your postman, but at the sorting office. They then know so much about you.

We also had a phone call from the fraudsters who wanted to know the passwords on the cards. This was a few years ago and they wanted to buy a big purcahse and needed more details.

Whilst VictimOfImpersonation points out that we all pay for this in the end. For starters its the retailers who suffer, if they have used UK retailers.

This is very common, but cant or wont be dealt with by the banks or the police.