Tesco Bank

hoc

That latest (long) text seems to have gone to all customers.

Old or new card doesn't seem matter, my card was over 2 years old without previous issues and reading here and elsewhere some had fairly new cards.

[Deleted User]

Nationwide8 wrote: »

Even if you haven't had money taken out of your accounts if you can it seems a no brainer to move money out until Tesco provide a credible explanation why some accounts had fraudulent use on them...you can always move the money back at a later date.

I agree. I've moved all money out to accounts with other banks. However I'm £242 down on one of my two current accounts. Balance says £242 and available balance £0.90. The system won't let me move the £242 (I've moved the rest of the £3K I kept in that account).

JuicyJesus

HornetSaver wrote: »

Am I reading too much into this to come to the conclusion that the problem is most likely something to do with contactless? Normally when there's medium-to-large scale spike in fraud, it's because a specific weakness has been exploited.

I can guarantee that it will have 100% nothing to do with contactless whatsoever, and I'm not sure how you came to that conclusion at all because it's nowhere near reasonable.

Ed-1

TheBanker wrote: »

My original Tesco account and card are over a year old.

I recently opened a second account but never activated its card.

The fraud has occurred on the first card. The second account looks fine.

Even now the messages are contradictory. My card has been blocked and I need to wait for a replacement says one message, the other says I can still use it as Chip and PIN.

I think the best thing to do is send in a letter of complaint (about the awful response, not the fraud its self) and see what they do about it.

In terms of the third party - there can be other parties involved in processing Tesco's Visa transactions and managing the card infrastructure, where the compromise could have occurred. It isn't necessarily the manufacturer. They should really tell people and let us know what other data has potentially been compromised.

Clearly, no-one can make a payment with debit card details that haven't been activated and Tesco debit cards need activating so all affected accounts will have had active debit cards.

hoc

HornetSaver wrote: »

Am I reading too much into this to come to the conclusion that the problem is most likely something to do with contactless? Normally when there's medium-to-large scale spike in fraud, it's because a specific weakness has been exploited.

I was specifically asked if I had used contactless in the last 24 hours. I have never used contactless with this card (my TSB card gives 5% cashback). It doesn't really add up. If a retailer had been compromised it wouldn't just be Tesco cards. If it was a card skimmer or contactless hack it would be isolated to an area and involve far fewer.

I think they may require chip and pin for additional security against physical cloning of the cards with stolen info.

[Deleted User]

I'd guess at Magstripe misuse rather than Contactless - especially in less developed countries.

Although I accept there are many processors etc involved in debit card transactions - many people affected have never used their card. So the only people that should have the details are Tesco Bank and the Manufacturing facility? And with it now appearing old cards are also, only just, affected - Tesco must be looking internally.

Although they are Visa cards, it seems a massive lapse of security to have any lists elsewhere (e.g. Visa or payment processors) of 'valid' cards, especially those unused - I'd have thought only Tesco Bank would hold that data, and others only get hold of it when a cardholder finally makes a transaction.

That's one of the big selling points of AndroidPay/ApplePay - the 'virtual account number' is nothing like your card or account number, so if there are any lapses in security during processing of day to day contactless payments, your actual details are never exposed (and it can all be sorted without messing up your 'actual' card, sending a new one etc)

jem16

Nationwide8 wrote: »

Even if you haven't had money taken out of your accounts if you can it seems a no brainer to move money out until Tesco provide a credible explanation why some accounts had fraudulent use on them...you can always move the money back at a later date.

I agree with regard moving money out of the Current Accounts as it's a debit card issue. Is it really necessary to move money out of Internet Saver accounts though?

gazza007

I have 2 current accounts which are used to max out savings of 3% which were both opened within a week of each other & been operating for many months.
My cards were used once in ATM to change PIN's to memorable numbers and are locked away.

Following the text I received after I got off a plane last night, I checked my online banking & they didn't show any transactions apart from normal interest payments and correct balances.
After over 1.5 hours waiting Customer Services told me that an attempted transaction of over £1k was attempted on one of my accounts while I was airborne.

I have concluded that there has been a serious data breach of some kind. The fraudsters have obtained full card data by accessing Tesco's Systems or persons within Tesco have assisted in providing the card data either at manufacture point or from their IT systems.

The fraudsters have then made coordinated online & telephone purchases within a short space of time. Sadly many of these will have been successful and left people out of pocket today.
I am very disappointed that Tesco communications arm last night did not get enough out on social media and main stream news as I guess some will have thought that the texts and emails were a phishing scam. Lots of explanations and lessons to be learned here.

norm_

I'm surprised Tesco hasn't suspended online banking until they find the source of the breach??

bluehydrangeas

I got a text message at 1.30pm today from Tesco advising me of suspicious activity on my account. It was the same text others have received in this thread. I have logged into my Tesco online banking and both my accounts appeared normal with £3000 balance and available balance in both. However I am unable to withdraw money from my first account. When I try to transfer money to my main account with another bank or to one of my Tesco Internet Savers, I get a message saying "We have been unable to complete this transaction. Please try later". I was able to withdraw the full balance from my second account. I'm about to call them to see what's going on.