Debit card cloned, but how?

Manninagh

Hi Folks, I’m in need of some advice.
My bank (BoS) contacted me early AM today to report suspicious activity happening with one of my current accounts. A series of transactions were taking place in Rio de Janeiro. After confirming that it wasn’t me using the card there they will start refunding the payments to my account, while cancelling the card.
Great stuff, the BoS is on the ball and the chap I spoke with was pleasant and knowledgeable.

But, ……………… the account debit card that has been cloned has never ever been used, it resides securely in our house.
The account is one of a series of current accounts we set up with BoS & Santander to take advantage (no pun intended) of the 3% interest rates. The money in these accounts basically goes around in electronic circles, with the minimum number of Direct Debits to satisfy the terms of the accounts.

Really then, how was this card able to be cloned?
We use my home PC and occasionally my wife IPad to check our accounts online. My PC has both up to date, Malwarebytes and Eset Security suite for protection. I regularly run both, and other than the occasionally PUP I have never found anything.

Your thoughts would be appreciated.

NotRichAtAll

Key logger?
created any subscriptions with the card at unsecure websites?

kazwookie

Joined anything 'new' recently, and used that card details to pay with, and some how 'they' have cloned your details.

Are you sure the card has not been used in an ATM type machine

maninthestreet

Do they have chip and Pin in Brazil??

ghostfinder

Was it definitely BoS calling you this morning ?

reclusive46

maninthestreet wrote: »

Do they have chip and Pin in Brazil??

They have chip readers but often the chip reader is broken and they have to swipe all cards.

Manninagh

The account is one of two we opened just to get the 3% interest. We have to have two DDs a month from each account an so the money goes around in circles electronically. This is the accounts only purposes. We do have other CC accounts for living expenses.


When the accounts were opened in January we were sent two debit cards, which we had to activate this was done at the branch of the BoS we use. This is the only time the cards have ever been used or out of the house or our possession.


Thanks for your thoughts so far.


After speaking with the BoS this morning I ran an Eset antivirus scan (which I do weekly anyway) nothing found or with Malwarebytes.


Being concerned we went online to check all of other accounts. The corresponding account we opened in my wife's name in January had some small non sterling transaction that we didn't recognise.


Phoned the BoS fraud line and received some more great help. The transactions took place in San Paulo Brazil over the last couple of days.


So the only time the cards had seen an ATM was the middle of January in the middle of the day. I will be going into town on Monday to speak with the Manager to see if anyone else has had problems after using their ATMs.


The only way the cards could have been skimmed was when activating them, but we noticed nothing unusual. And are very aware of our banking procedures and security.

trix-a-belle

It is possible the numbers were sold on a list & not anything to do with a key logger or skim of the card. Unfortunately it does happen, cards get made up, tested, if one works they go for it.
I had a brand new not yet used credit card cancelled within a week or so of it arriving to me due to fraudulent activity, the card had only travelled via royal mail from Nationwide to me, no tampering of the envelope for any conspiracy theorists.

eddddy

Manninagh wrote: »

So the only time the cards had seen an ATM was the middle of January in the middle of the day.

It's possible that a skimmer was attached to the ATM

For example, see: http://www.derbyshire.police.uk/my-local-police/north-division/north-east-lpu/bolsover/news/2016/apr-8-bolsover-atm-skimming-device.aspx

agrinnall

If the fraudulent transactions were not C&P, as reclusive's post suggests is very possible, then it's most likely that the card itself has not been compromised, just that the number has been used in the way trix-a-belle describes.