Disputed Transaction - HSBC Re-debitting Me

Ellis456

Hello everyone,


On the 25/08/2011 my HSBC debit care was used fraudulently for the sum on £157.44 the site entropay.com A site I have never used or authorized.

I rang HSBC to make them aware and to get my card canceled, the money was debited to my account while the investigation was running, today I received a shocking letter informing me that this transaction was authorized by me! and that in 7 days they will be re-debiting the amount!.

I thought the investigation would have atleast got an email address or ip address of the offender etc?.

I am just stunned, I have rang hsbc and have told me the centre is closed and to ring tomorrow.

Any advice guys??.

Thankyou.

chambta

If you're correct then complain using HSBC's own complaints procedure. Ultimately if not resolved through those channels take further.

ihateyes

Ellis456 wrote: »

Hello everyone,


On the 25/08/2011 my HSBC debit care was used fraudulently for the sum on £157.44 the site entropay.com A site I have never used or authorized.

I rang HSBC to make them aware and to get my card canceled, the money was debited to my account while the investigation was running, today I received a shocking letter informing me that this transaction was authorized by me! and that in 7 days they will be re-debiting the amount!.

I thought the investigation would have atleast got an email address or ip address of the offender etc?.

I am just stunned, I have rang hsbc and have told me the centre is closed and to ring tomorrow.

Any advice guys??.

Thankyou.

have you been onto the site? noone in the house has used the card?

id be asking what proof do they have it was used by you?

Ellis456

ihateyes wrote: »

have you been onto the site? noone in the house has used the card?

id be asking what proof do they have it was used by you?

All I have is the letter revived today with a bad photocopy of some "visa detail report", this tells me nothing as to what there investigation entailed. I live alone and no one knows my card details except when it's used on line or a shop.

I am currently out of work and cannot afford to spend £157, I already have a paypal account and dont need this entropay.com virtual visa card which my card was used for.

I dont understand why they havent contacted entropay.com and got details of who registered my card, there name and address and there ip address etc.

Thanks for your help guys above.:money:

Ellis456

I've just been to entropay.com and looked at there sign up procedure and looks like you need a date of birth and name address etc!. I can't fathom why this hasn't been included in the investigation, I will be defiantly taking this further, im not letting myself be robbed of £157 no way that's my money.

James

Why not Give Action Fraud a call (Free Phone 0300 123 2040)

Click here for Action Fraud

Seek their advice/help and tell us all how you got on.

Good luck.

pqrdef

They don't care who made the purchase. If it looks like you must have given that person your card details, they'll hold you liable.

The Visa report probably shows that the transaction was authorised using your Verified by Visa password. That's as far as the bank will look.

jalexa

Ellis456 wrote: »

I received a shocking letter informing me that this transaction was authorized by me! and that in 7 days they will be re-debiting the amount.

According to the rules you cannot be found "responsible" unless the bank has compelling evidence. Now that the bank has found you responsible, ask then to provide the "evidence".

If they decline (likely) raise a Complaint asking for the provision of the evidence. If you are not satisfied on "deadlock" or after 8 weeks, whichever occurs first, refer the issue to the Financial Ombudsman Service.

Specifically on the possibility of the transaction being authorised with your Verified by Visa password, that in itself need not be "compelling" if there were previous password etc changes consistent with VbV being hacked. It is not (in itself) gross negligence to have been the victim of a "man in the middle" internet hack.

Ellis456

Ok today I rang HSBC to dispute this investigation, i've asked them why they cant get detaisl of the person who registered my card or what they used it for!, HSBC say because someone has used my password it must be me!, unbelievable,. I don't know how the hell they have got my password and card details but they are smart ill tel you that. Im awaiting a call from that fraud website and I made a complaint against HSBC.

tagq2

It is relatively trivial to change the VbV password, isn't it? You just need a few bits of information about the card holder and on the card. A hack into a site where you have given a reasonable amount of information about yourself is sufficient. Consider the recent Lush attack where afaict site software was maliciously modified - this would have allowed all details entered, including the card's CVV, to be exported.

Does your VbV password still work? If not, as above. If yes, they've got hold of it somehow, so you need to audit the security on your own machine then change the password. Make sure you're not using the same password anywhere else.

VbV shifts some responsibility from the merchant to the bank, which then shifts to you. Don't let the bank argue as if the VbV password were proof of authorisation like a PIN. PINs travel only through trusted systems under the bank's control. VbV passwords are entered on your own computer and subject to man-in-the-middle attacks (every school pre-NT had a kid who'd create an enhanced login procedure...).