Deliveroo Credit Card Cloning Query?

eskbanker

nick74 said:

dr_adidas01 said:

eskbanker said:
the prospects of either the card company or the police investigating low-value fraud is negligible.

What’s low value fraud? The fraud one I had with Deliveroo was for £127, which to
me isn’t that low a value. 

I would expect that Barclaycard would investigate where it was delivered to, especially as they refunded it to me very quickly.

You may find that they have found and prosecuted someone, it maybe that you won’t hear or know about it. 

£127 may not be low value to you or I, but to Barclaycard it's barely loose change. We once had fraud of circa £2k on a commercial Mastercard at work and Lloyds refunded it without batting an eyelid.

Fully agree with this last post - UK card fraud last year was £620 million, across 2.75 million cases, with the average therefore being £226.  I don't know how much it costs to fully investigate one but can easily see that those of less than four or five figures won't be cost-effective to chase after and will be accepted as a cost of doing business, despite some people having a fond but naive notion that card companies and the police leap into action to pursue every one....

eddddy

Spender£ said:

That is strange so i wonder how many other victims could be out there,

For Ecommerce retailers in general, up to 2% of their orders are fraudulent.  Deliveroo seem to take about 45,000 orders per day in the UK.  

On that basis, Deliveroo might expect up to 900 fraudulent orders per day.

I don't think Deliveroo use 3D Secure authentication (i.e Verified by Visa, MasterCard Secure) - so it's Deliveroo (and not the banks) that suffer the losses resulting from fraudulent orders.

Like all ecommerce businesses, they would just regard that as a cost of running an online business.

Sandtree

This isnt a case of card cloning as there is no need for a physical card to order from deliveroo.

Hackers and other fraudsters go about collecting credit card numbers, mail order log ins, app log ins like Deliveroo, McDonalds, Uber etc and there are then website you can go to to buy these details... a former colleague in counter fraud showed me one selling McDonalds log ins for £2 with a "money back guarantee" that you'll be able to use it for 30 minutes before its shut down. Have an anonymous you get deliveries to? Then get up to £40 of food delivered for £2 or get mates round, put two orders in and share the cost.

Card numbers are harvested from lots of places, cloning a card after isnt too hard to do but easier is to use the number to just buy online. 

dr_adidas01

Sandtree said:

This isnt a case of card cloning as there is no need for a physical card to order from deliveroo.

Hackers and other fraudsters go about collecting credit card numbers, mail order log ins, app log ins like Deliveroo, McDonalds, Uber etc and there are then website you can go to to buy these details... a former colleague in counter fraud showed me one selling McDonalds log ins for £2 with a "money back guarantee" that you'll be able to use it for 30 minutes before its shut down. Have an anonymous you get deliveries to? Then get up to £40 of food delivered for £2 or get mates round, put two orders in and share the cost.

Card numbers are harvested from lots of places, cloning a card after isnt too hard to do but easier is to use the number to just buy online. 

Well in my case it had to be card cloning as I never use my Barclaycard for online purchases as I have different card specifically for online purchases. 

I also don’t have an account with Deliveroo or McDonalds or Uber or Uber Eats or any similar type of organisation. 

Sandtree

dr_adidas01 said:

Sandtree said:

This isnt a case of card cloning as there is no need for a physical card to order from deliveroo.

Hackers and other fraudsters go about collecting credit card numbers, mail order log ins, app log ins like Deliveroo, McDonalds, Uber etc and there are then website you can go to to buy these details... a former colleague in counter fraud showed me one selling McDonalds log ins for £2 with a "money back guarantee" that you'll be able to use it for 30 minutes before its shut down. Have an anonymous you get deliveries to? Then get up to £40 of food delivered for £2 or get mates round, put two orders in and share the cost.

Card numbers are harvested from lots of places, cloning a card after isnt too hard to do but easier is to use the number to just buy online. 

Well in my case it had to be card cloning as I never use my Barclaycard for online purchases as I have different card specifically for online purchases. 

I also don’t have an account with Deliveroo or McDonalds or Uber or Uber Eats or any similar type of organisation. 

We are splitting hairs a little here but why do you think they copied your card details onto another physical card for it to be a "cloned card"? Why could it not be someone behind you in a queue or waitress that managed to copy the card details down?  Seems a waste of money to imprint a blank credit card with your card details if they are only going to use it online.

born_again

dr_adidas01 said:

Spender£ said:

It seems that my Barclaycard was somehow cloned recently with a company i have never used called Deliveroo.co.uk/London. Although i have had this relatively new card frozen due to this i was wondering about that transaction, Has anyone got experience of ordering from that company and if so does the London mean it was in the London area or is this just how the name comes up in any area, most of the people in my street have takeaway food so i was suspicious but i know cloning is normally the work of organised gangs. 

This is quite spooky as I’ve had this very same thing happen with my barclaycard last month, with Deliveroo. Like you I’ve never used Deliveroo or have an account. 

When I called to dispute the transaction the operator let it slip that they had recently had a lot of people call about unauthorised Deliveroo transactions. 

The last time I’d used my card was at a local Nespresso store where I buy my coffee pods from, then 2 days later the transaction for Deliveroo happened. 

So my card may have been cloned there or there is something wrong at Barclaycard (just my suspicion). 

I got the transaction refunded and a new card was sent out. 

Deliveroo & other food delivery companies are commonly used by fraudsters. 

Odds on it will not have been the last used retailer. But something from a while ago and details have been sold online.
Barclays will report this as fraud to retailer and claim the money back from them. Retailer might come back with delivery details. So it could be Barclays ask if you know the address.

So it is down to the retailer to take it forward with the police. Not the bank, as you & the bank get their money back. Who knows what the retailers do.

My best memory of this is years ago and at Christmas we saw thousands of cases where John Lewis were used by the fraudsters (many click & collect, shame they failed to check to see the card used). Funnily enough it was a year when they claimed the best sales figures over Christmas

Dr_Crypto

Years ago I got stung for about £600 in some cloning scam. I got my money back the next day. I doubt anyone ever looked into it. Chump change to them. 

Spender£

I have received my replacement (unactivated) card, no tampering with the envelope from what i can make out. I used the previous card for 2 months purchasing just eight items, chip and pin first time followed by 7 contactless purchases less than £100 in total. Having had it for only 2 months and eight transactions I'm still stunned as to how this was cloned unless i was a victim of RFID skimming which is supposed to be almost non existent.   

born_again

Spender£ said:

I have received my replacement (unactivated) card, no tampering with the envelope from what i can make out. I used the previous card for 2 months purchasing just eight items, chip and pin first time followed by 7 contactless purchases less than £100 in total. Having had it for only 2 months and eight transactions I'm still stunned as to how this was cloned unless i was a victim of RFID skimming which is supposed to be almost non existent.   

So 8 times your full card number is on a till receipt.

But if this is a card that was replaced due to fraud and the fraud is to the likes of Netflix or some of the food suppliers.
Then they can request the new card details from Visa Account Updater (Mastercard have their own version) as they are processed as CPA's.

So in effect in that case you could leave the card in the envelope unopened and they would still get the new card no.

nic_c

nick74 said:

dr_adidas01 said:

eskbanker said:

That's circumstantial and doesn't imply any wrongdoing on Deliveroo's part, it just signifies that online food delivery orders (not requiring PIN verification) are a popular choice with fraudsters accessing cloned cards, safe in the knowledge that, even though there'll be a delivery address associated with the order, the prospects of either the card company or the police investigating low-value fraud is negligible.

What’s low value fraud? The fraud one I had with Deliveroo was for £127, which to
me isn’t that low a value. 

I would expect that Barclaycard would investigate where it was delivered to, especially as they refunded it to me very quickly.

You may find that they have found and prosecuted someone, it maybe that you won’t hear or know about it. 

£127 may not be low value to you or I, but to Barclaycard it's barely loose change. We once had fraud of circa £2k on a commercial Mastercard at work and Lloyds refunded it without batting an eyelid.

From: https://www.ukfinance.org.uk/system/files/Fraud The Facts 2019 - FINAL ONLINE.pdf

"Fraud losses on UK-issued cards totalled £671.4 million in 2018, a 19 per cent increase from £565.4 million in 2017. At the same time, total spending on all debit and credit cards reached £800 billion in 2018, with 20.4 billion transactions made during the year."