Tesco Credit card refund help .

Gerry1

The OP's brother should use the free card reader that NatWest issues.  It's as portable as a mobile phone but it works where there's no mobile signal.  Above all, verification by SMS is insecure: GCHQ has warned the banks that it shouldn't be used but many banks persist with this nonsense.  The card reader verifies that the user has possession of the bank's card AND knows the PIN, whereas SMS verification fails if a fraudster can persuade another mobile network to port the number over.

afis1904

He didn't use a Nat West card and just because fraud on something is possible doesn't mean it's insecure

Gerry1

afis1904 said:

He didn't use a Nat West card and just because fraud on something is possible doesn't mean it's insecure

OK, wrong bank, but the point remains valid.  NatWest's 2FA using a card reader is secure because it requires something you have (your card) and something you know (your PIN).  In contrast, Tesco's SMS verification only requires access to your phone number, which can be ported by a thief if the telco's procedures aren't watertight and / or their agent isn't strict enough.

Still, I'm sure that the amateurs at GCHQ will bow to your superior knowledge and will retract their warning.

afis1904

720 cases in a year is almost nothing and it's probably better for both banks and consumers to keep using a verification procedure that is both convenient and safe instead of using one which is just the latter. 

born_again

afis1904 said:

720 cases in a year is almost nothing and it's probably better for both banks and consumers to keep using a verification procedure that is both convenient and safe instead of using one which is just the latter. 

Banks have to work on what the customers want. As well as what their systems can cope with.
Customers as a whole hate extra devices they have to carry around to make online purchases while out and can get lost. (I lost track of the number of HSBC devices I broke due to sitting on them in my wallet)
Some customers hate mobile SMS codes because they do not have a mobile.
Email is far more insecure.
It is a balancing act of customer service over security.

Gerry1

afis1904 said:

720 cases in a year is almost nothing and it's probably better for both banks and consumers to keep using a verification procedure that is both convenient and safe instead of using one which is just the latter. 

I don't think that this consumer who lost £31,000 to SIM swap fraud would agree with you that SMS 2FA is safe.

Speedbird676

The first thing you need to do is wait.

If all three transactions are still pending, you first need to see how many actually post. If only one posts then all is solved and the two "failed" transactions will drop off his account within a few days. Tesco should not charge any over-limit fees as the transactions never posted to your brother's account - it will be like they never existed.

If more than one of the transactions posts then there are two courses of action:

1. Ask Natwest to refund the excess transactions
2. Ask Tesco why they approved two transactions that were not authenticated using their own 2FA (2-factor authentication). There is a formal process for disputing these since they were not ultimately approved by the cardholder.