Card Details Theft Problem

burkey38

With my Dad's permission I used my father's Northern Bank Visa card to buy a memory card on ebay, payment for which was processed through paypal.

My father received his card statement yesterday and as well as the purchase I made there were two other transactions on the card, one made on JohnLewis.com and the other from M&S.

Obviously I nor he know nothing about these transactions. He cancelled the card yesterday and was told to go into his local Northern Bank branch tomorrow to advise them of whats happened and to see if there are any other unknown transactions that might appear on the next statement.

My feeling is that it's something to day with a paypal employee who has access to cardholder's details. This card had not been used through paypal for a long time and the suspicious transactions appeared the day after my ebay purchase.

The same thing happened to my uncle at Christmas when he made a purchase through paypal for the first time and then his card was used the next day for £700 of goods he knew nothing about.

These tranactions were investigated by the card company and reversed.

When my father contacted John Lewis about the purchase made from their website, all they could tell him was that it was delivered to a postal address in the South of England.

My nagging doubt is this. If my father goes to his brach tomorrow to discuss what's happened and he tells them that he let me use the card for a paypal payment will they say oh thats too bad, you shouldnt have done that and theres nothing we can do?

Any advice appreciated.

SCO

did it get delivered to the address the card is registered?

He would be better saying he made the transaction as the bank will see it as a breach of [EMAIL="T@C's"]T@C's[/EMAIL] letting someone else use the card.

Saints2011

Im pretty sure the bank would take the view of that hes broken his T&C, and hasnt taken reasonable measures to protect his details therefore we cannot help.. may want to re think what you actually tell them..

meer53

The transactions may not be anything to do with the Paypal purchase, card details can be compromised months before they are used by fraudsters. Paypal are a reputable company, your card details are much more likely to be compromised at your local petrol station ! Could just be a coincidence. Your suspicions could apply to every retailer where you use your card.

rb10

I very much doubt that Paypal had anything to do with it.

Atom

Most likely scenario is the card details where already skimmed from some dodgy online shop your dad used and the fraudster has just got round to using it - or maybe dad not being the computer type you thought oh hey wait a minute i could get some items sent to my friends house and make out to dad that it must have been a paypal employee who stole the details..

Am just playing

MrsTinks

I have to say I find it highly unlikely it's anything to do with Paypal - when you went to pay for your purchase on Ebay did you follow a link to pay in an email or did you follow the link from within Ebay itself? When you entered the card details did you check the URL started HTTPS rather than HTTP? If it was from within Ebay and the URL stated HTTPS then it was genuine paypal and as for it being a paypal employee... sorry but not likely... employees do not have access to peoples card details like that. The encryption that goes on at the end of paypal and other online retailers is pretty impressive - often when people "won't give you more details" it's because they can't - the system is so encrypted that the security level within the company has to be high to access it.

BTW what anti-virus software is installed on the machine and when was the last update and full scan - if this was a decent software and was up to date then any "dodgey" sites should have been spotted by the software...

Atom

The dodgy sites wouldn't be spotted unless they where well known phishing/scam sites - alot of online shops use common open source software such as oscommerce being the most used i would imagine - it just takes someone to compromise a site in one of many many ways, through software exploits, server exploits or a user being key-logged from his/her own machine, shops that may seem secure to YOU does not mean they are, and even with them being SSL/HTTPS does not mean those places are safe... maybe from the middle man but not from other attacks.

Another thing - because some software uses encryption to encrypt cc data into there databases it does not mean this data is safe either, you know the forms you use to fill in on online shops could have some malicious logging code within the file without the actual company even knowing, so the hacker is logging this data BEFORE it's encrypted and stored in the database - all this done without any knowledge of the company and client - eBay and paypal however i would feel are pretty safe, the card has been caught before you used it most likely.

And get eset - decent AV with fast definitions everyday

burkey38

purchase on ebay was not through a link, I went straight onto ebay.co.uk and then followed the normal payment procedure to pay for the item through paypal.

The paypal theory only cropped up because the same scenario happened to my uncle recently as stated.

Just a coincidence then?

MrsTinks

Atom - the dodgey sites are easier to spot than you think - the technology to spot them is actually pretty sophisticated and looks at a lot of things, including where the site is hosted etc... Never heard of eset personally - I'd recommend Trend Micro, but hey what do I know... I only worked in AV and security for years before moving into telecoms

Atom

Hey MrsTine i know what your saying i was just trying to point out that legit online shops can be compromised and hackers can use them to skim cards from them so people would not know what was going on.

I currently work in IT security myself for a long time.. Eset is pretty good you should maybe check it out since your with Trend