We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Nat West say "Device ID" proves I'm a fraudster?
Comments
-
When you use the Sainsbury's website to place an order, they have plenty of opportunity to capture all sorts of information from your browser and PC, including MAC address, IP address, location etc etc
Not the MAC address, as unforseen says it stops at your router. Layer 2 of the 7 layer OSI stack0 -
Not according to this:
https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
If MAC addresses were visible over HTTP, then cookies wouldn't be needed!
EDIT: Yup - MAC addresses aren't transmitted over the public Internet:
https://stackoverflow.com/questions/3309122/how-can-i-get-a-mac-address-from-an-http-request
Correct. Of course, the source MAC address could be included in the payload (not header) of the data by an application running with the right privileges to get hold of it from the PC. Browser can't do that though.0 -
Your browser cannot so far as I'm aware supply the mac address of the actual computer used.
That would require an activeX add on to be run to do that - much like the memory supplier Crucial I think use when scanning your PC for what memory upgrades are compatible - which of course needs the users explicit permission to run.
They will have the IP address which which be the IP address of your home router and they will know that this IP address was used to make other purchases.
Obviously though these other purchases could have been done from a variety of devices within the home
You ISP would be able to confirm or otherwise that your home router was connected to that IP address at the time in question if you can get the IP address out of the bank.
Unfortunately for both sides in these sorts of disputes they cannot say the purchase was made from for example ipad mac ID xxxxxxxx connected through router mac ID xxxxxxx with the IP address being yyyyyyyyy
I've no idea what is the situation re IP addresses and mac ID's where mobile phones are connected via mobile data (and not connected via wifi to the home router) are being used as the purchasing instrument.
They can also use browser imprinting to increase their level of certainty so they can indeed detect and record what versions of windows, what browser/version, what addons are being used, installed fonts list, screen resolution/size (Google panopticlick and run their test to see how unique your setup is). If they see/record the same setup they can become quite certain that it was the same actual computer behind the router being used.0 -
Lots of technical information above but I can only repeat that if they are referring to a device ID then they are most probably referring to a smartphone which would imply that the order was placed over a smartphone
as I said I would not take this lying down and demand that they tell you what they are talking about0 -
I've no idea what is the situation re IP addresses and mac ID's where mobile phones are connected via mobile data (and not connected via wifi to the home router) are being used as the purchasing instrument.
It sounds like neither IOS nor Android apps can now see the device's MAC address, unless the OS version is more than 2-3 years old:
https://developer.android.com/about/versions/marshmallow/android-6.0-changes.html#behavior-hardware-id
https://www.macobserver.com/news/product-news/apps-cant-view-mac-addresses-on-ios-11/0 -
I would just tell them in the strongest possible terms that you are not a fraudster (which you clearly are not) and that they need to under the terms of the debit card to refund these fraudulent transactions to you or you will take them to the FOS.
Don't Take It Lying Down don't accept no - tell them it is fraud pure and simple and that you are protected0 -
The snag is that we can accept the OP's assurances that it was not personally them - but we don't know about who for example had access to the PC's wifi.
I would be quite possible for someone with knowledge of the property's router wi-fi access code to sit outside the property use the wifi and place the fraudulent order.0 -
You've never used your phone to buy online at Sainsburys and you have a store quite close - but, despite these things, do you have a Sainsburys online account and, if so, do you ever access it on your home PC? Please confirm.
You see, the issue isn't just that someone may have accessed your phone or sat outside your house and accessed your Wifi network (if it isn't secured by passwords etc), but that 'someone' also has access to your debit card details (including the CVV2 value), your postcode etc and has been able to use them.
Has your card been blocked and re-issued with a new number?0 -
Without casting any doubt on the OP, how many times do you think banks hear "it wasn't me" when there is a legitimate transaction someone is claiming "fraud" for?
Device ID does sound like a smart phone, and the apps rely on the ID to authenticate you. If you try to reinstall a banking app on another device, you have to deactivate the old one.
The fact the ID matches for legit and claimed fraudulent transactions doesn't look good for the OP though. Also, if transactions were over a 2 week period, why didn't the OP notice them sooner? It's very unlikely a fraudster is going to go shopping at Sainsbury's over a 2 week period!0 -
My debit card was used to make fraudulent purchases on Sainsbury's online groceries over a two week period last month. My bank (NatWest) says that I was responsible for these because Sainsbury's showed the device ID was the same for these transactions as for other legitimate transactions I made elsewhere online.
Do merchants pass on a "device ID" to the banks as part of online purchases? Does anyone know if I have to simply take their word for it or do they need to supply proof?
I've written to Sainsbury's asking them to give me any further information about those transactions (eg times of day, delivery information) so it's just possible that if I can prove I wasn't at my computer on those dates/times, but this is awful! £750!! :eek:
---
Thinking about this a bit more: they are in effect saying I'm a fraudster because I made the purchases. If so, then why don't they arrest me?
This is confusing. Is device Id the same as an ISP address? Ignoring the actual terminology used, what the bank are saying is that they have rejected the claim because they can show that this online transaction was made using the same phone/PC/whatever as your own genuine transactions made elsewhere (ie with online merchants other than Sainsubrys).
So the fraudster would not only have had to have access to whatever device you normally use but also need to be aware of all the necessary personal information and card details needed to make this purchase.
This raises the obvious question of just who this could be? Is there a member of your household or a visitor to your home who could possibly have done this? Just how many transactions were actually made?
Also £750 is an awful lot of groceries. Have you managed to establish what exactly was purchased and where it was delivered (or was it collected)?
A further point is how did this go on for two weeks without you noticing? Presumably you did not check your bank account for a period in excess of two weeks.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.7K Mortgages, Homes & Bills
- 177.4K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards