We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Multiway dispute about unauthorised withdrawal
Comments
-
It would be quite stupid for a staff member to use the card in his place of work. There are easier ways for a barman to provide free drinks to his mates...
That being said, the info doesn't have to come from the till. A well positioned camera and a flick of the wrist can get snaps of both sides of the card, this still doesn't provide billing address, which is required for most transactions. But maybe adding the card to PayPal removed the requirement I don't know.
I believe the best angle here is to chase PayPal who actually took the money out of the bank account, but AFAIK they are notoriously difficult to deal with.0 -
Till rolls shouldn't have full PANs in this day and age, not since PCI-DSS came in a few years ago!
If it was that easy for customer-facing staff to access card numbers, there'd be far more card-based fraud....
While the copy a customer gets does not. I have seen far to many retailers that have the full card number on their side.
See more than enough card fraud as it is.... :eek:Life in the slow lane0 -
I'm not saying it can't happen but it would surprise me if it was anything other than an exception nowadays, hence challenging your statement that "the retailer till roll has the full card number on there" as if it was a universal truth!born_again wrote: »While the copy a customer gets does not. I have seen far to many retailers that have the full card number on their side.
See more than enough card fraud as it is.... :eek:
The retailer I worked for when PCI-DSS launched faced immediate demands from acquirers to remove/mask PANs (from merchant copies of receipts as well as customer ones) and that was many years ago....0 -
Yes, he submitted all the evidence he had to Nationwide. They said it didn't prove he didn't make the transaction. We spent about an hour on the phone with them, and they said that as far as they were concerned it was a legitimate transaction and they wouldn't do anything other than stop the card linked to the Paypal account.Has nationwide been told all this ? If so its probably time to make an official complaint, and then refer to regulator if needs be
So it's Nationwide he needs to escalate this with? That was my guess, as that's his only point of contact for the actual transaction, but I thought I had better confirm it.0 -
The legitimate transaction he made shows up on his Paypal account. That's why we're sure it wasn't done on his account.I think that what Nationwide said is wrong. The fact he used Paypal at the venue is irrelevant and he should pursue this with Nationwide.
A transaction like this would not show on your son's Paypal account by the way.
I think his problem is more likely to be due to him being on the insecure Wetherspoons WiFi than anyone shoulder surfing. I assume his card details were already linked to his Paypal account (I'll ask him when I see him).0 -
Sophisticated crooks that can execute "Man in the middle" attack and intercept payment details on a public WiFi, aren't likely to "waste" their spoils on a round of drinks here and then.The legitimate transaction he made shows up on his Paypal account. That's why we're sure it wasn't done on his account.
I think his problem is more likely to be due to him being on the insecure Wetherspoons WiFi than anyone shoulder surfing. I assume his card details were already linked to his Paypal account (I'll ask him when I see him).
What time was the fraudulent transaction made? Does your son have acquaintances that stayed in the pub after he left?0 -
Merchant receipts need to have the full card number. Clearly, most customer-facing staff are more honest than you give them credit.Till rolls shouldn't have full PANs in this day and age, not since PCI-DSS came in a few years ago!
If it was that easy for customer-facing staff to access card numbers, there'd be far more card-based fraud....0 -
I know I am probably being obtuse but why does anybody use PayPal linked to a card rather than using the card itself for things such as buying drinks in Wetherspoon etc (obviously online is a different matter).
Wetherspoons now have an online app where you can order food and drinks at your seat via your phone and pay using Paypal - no need for a card at all0 -
What do you contend mandates this?Merchant receipts need to have the full card number.
While it's true that strictly speaking PCI-DSS doesn't mandate masking of PANs, there's a requirement for compensating controls to avoid these being readily accessible to staff, so if anyone behind the bar in a Wetherspoons was able to simply read through full card numbers on a till roll then Wetherspoons would be liable for any fraudulent activity and their acquirers would probably have something to say on the matter!0 -
Your son doesn’t need to prove that he didn’t make the transaction. PSD2 requires the bank to refund all fraudulent transactions unless they can demonstrate that the transaction isn’t fraudulent. Simply highlighting an undisputed transaction does not do this.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.7K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.8K Work, Benefits & Business
- 603.3K Mortgages, Homes & Bills
- 178.2K Life & Family
- 260.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards