Victim of Debit Card fraud again - what must I be doing wrong?

pipkin71

black-saturn wrote: »

Yes I cancelled it last time and it has been cancelled this time. I am unable to draw any money out of my account until I get a new one which could be up to 2 weeks!!!!

BS, can you take your passport into the bank to withdraw cash? When I lost my card [with Nationwide], I was able to withdraw the cash using my passport and birth certificate. They were also very quick at replacing my card as well. HTH

Pipkin xxx

black-saturn

pipkin71 wrote: »

BS, can you take your passport into the bank to withdraw cash? When I lost my card [with Nationwide], I was able to withdraw the cash using my passport and birth certificate. They were also very quick at replacing my card as well. HTH

Pipkin xxx

They said only from the branch you opened the account at. I opened the account at a branch about 45 miles away so thats no good. I'm dipping into my wedding savings at the moment and will pay it back when I get my card back. If I didn't have them I don't know what I'd do.

pipkin71

black-saturn wrote: »

They said only from the branch you opened the account at. I opened the account at a branch about 45 miles away so thats no good. I'm dipping into my wedding savings at the moment and will pay it back when I get my card back. If I didn't have them I don't know what I'd do.

Hopefully they will be pretty good at replacing the card. Mine was replaced within 72 hours.

nanana_2

In my naivety I was attempting to try to answer Black-Saturn’s original question. However I've realized from looking through several threads that this is a little out of kilter with the general responses to questions. Often it would seem that the majority of replies are of the "Ooooh me too" variety or never mind the question I'll just have a pop at someone else’s post. So now I've learned how things work on this forum I'll join in if you don't mind.

Bargains83, it's important not to confuse plausibility with possibility. Yes it's possible to generate (at least some of) a cards numbers and I’ll describe one way in which it can be done. I apologise in advance for those that are going to be bored rigid with the maths, but then you don't have to read this. Please note: None of the info that follows is in itself breaking any laws as the 16 digit number is not actually designed as a security measure as such, it's just an error detection number designed to reduce the chances of a mis-type hitting another valid number.

Anyway - on to the fun bit... The first six digits denote the organization that issued the card. The financial industry discourages public disclosure of these codes, though most are already widely known, not least by those seriously considering fraud.

The algorithm to generate a syntactically valid 16 digit card number is legally available and in the public domain. See http://www.darkcoding.net/index.php/credit-card/luhn-formula/. Any competent software engineer could code an implementation in around an hour, but s/he wouldn't bother because implementations are also freely available, see http://en.wikipedia.org/wiki/Luhn_algorithm for one in c#.

So for each syntactically valid number generated, we now need a matching expiry date and CVV2. There are 36,000 possibilities to work through (12 months a year for 3 years multiplied by 1000 (assuming there is a CVV2 number of 000 otherwise by 999) so each time our card number, expiry date and CVV2 is offered to one of your dodgy merchant's systems, on average it will take 18,000 attempts before it hits pay dirt. Well, not quite, that's only if the 16-digit card number is actually in use on a card somewhere. To continue our probability maths we need to know one more figure. How many of the possible valid card numbers are actually in use? - !!!!!! - that we can't know so well have to guess! Let’s take an each way bet and say 50 percent. Therefore for each card number that we know is potentially valid, we're back to on average 36,000 tests to get an actual real world valid card number. Note that even in a worst-case scenario where all numbers are valid we're still back at our 18,000 attempts. So to cover all bases we're somewhere between 18,000 and 32,000 attempts.

So a question: Do you really think it's LIKELY that there are merchant “validators” out there that are so poor that they will allow 18-36,000 failed automatic probes without signalling the attempted attack? And if there were such poor defences, do you think they wouldn't become widely known and hence jumped on from a great height by the financial industry? And seeing how it’s all so simple (technically) why isn’t every crim with half a brain cell using it as a licence to print money?

Now let's look at an alternative approach. Let's assume we’re crims. Let's just go down our local and put the word around we're looking for "some numbers" and let's not forget that those numbers are ALL valid bar the one's that have been stopped by an alert victim. Those we try ONCE and then discard.

So - generation as a means of fraud - of course it's POSSIBLE and I'm happy to believe it does happen, but plausible as a general means of fraud? I know which method would be bottom of my list if I were criminally inclined.

Google "major cause of credit card fraud" - I got ladies handbags!.

Sorry – nearly forgot – Black-Saturn has been hit twice in 18 months. I’m back to work now, so any mathematician out there want to calculate the odds of this happening via the “generator” root? as opposed to (for example) re-visiting the same dodgy garage or corner shop.

black-saturn

To someone who's number dyslexic that was all about as clear as mud But thanks anyway The bank told me today that my new card was ordered on friday so it should be with me soon.

newlywed

Basically nanana is saying it would take someone thousands of attempted purchases to hit upon a correct card number with its correct expiry date so is unlikely as the Visa company would surely notice someone making thousands of attempted purchases.

Have you ordered any food shopping/home delivery online in this time? Could you have any hidden program on your PC recording your details? Even if you only go to genuine Tesco.com, if you have a hidden program recording the details they might get your number that way?

someone

newlywed wrote: »

Basically nanana is saying it would take someone thousands of attempted purchases to hit upon a correct card number with its correct expiry date so is unlikely as the Visa company would surely notice someone making thousands of attempted purchases.

Yep, everything is tracked. Last year my Mum paid with her credit card online for a TV licence. She entered anything and at the last stage it said it had been declined. She phone the credit card company up and they said, you got the expiry date wrong. Changed that one thing and everything was ok

peter999

black-saturn wrote: »

OMG thats who my transactions were to. I bank with Nationwide.

Maybe it's an inside job, fraud in the bank !! :eek:
Banks employ lots of cheap labour & who knows how your account details are held/processed in the system.

Banks often make mistakes & you often cannot find out why it happened.

Why work on the outside if you can goldmine on the inside.

peter999

pipkin71

black-saturn wrote: »

To someone who's number dyslexic

Sorry, slightly O/T so apologies, but is number dyslexia professionally recognised - I mean, have you been diagnosed with number dyslexia bs or is it a term you use to explain why maths isn't your thing?

I am genuinely interested in this and would like to know, if number dyslexia is professionally recognised, what are the procedures for having it recognised?

Perhaps I should post this in discussions too

regards
Pipkin xxxx

James

Manhunt, ITV 9 pm last night highlighted the fact that skimmed cards, with valid PINs can still be used in a high percentage of ATMs in the UK.

The Programme also covered vulnerabilities in wireless networks and advised people to update to the latest routers and use passwords.

Today a BBC jounalist has exposed major security flaws at a Glasgow call centre:

The Billion Pound Bank Robbery.

A high percentage of fraud, including fraudulent use of card details is quite simple to deter.

Reducing ATM fraud tips:

Do not use PINs with a credit cards (Unless of course you wish to use them to withdraw cash at ATMs).

Only use ATMs in Branch - even then check them for loose attachments and if you do discover something, don't remove or touch it report it to the Police or Bank.

PIN use - cover your hand when you enter your PIN. (There are other ways of obtaining a PIN at an ATM, where even taking this precaution doesn't work).

More tips to follow;