We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Thief ordered a takeaway using my current account details, card kept in a safe since it was issued.
Comments
-
Even if I did know exactly how to commit fraud in this way, it obviously wouldn't be a particularly clever idea to post the full detail on a public forum, but I was simply observing that such methods are significantly more plausible than breaches of bank security for trivial gain....robatwork said:
Interesting but can you explain the mechanism for this? So anyone can generate a valid number, but once I have that, I don't have any related info that I would need even for a low value transaction like Deliveroo. I don't have the expiry dates - albeit not hard to brute force, and I don't have the name, address or CVV. I can't order on Deliveroo without CVV.eskbanker said:
An alternative (and more likely IMHO) explanation is fraudsters generating valid card numbers (from longer lists of potential numbers) via brute force modelling - I can't recall if it was on this thread but I pointed out recently that if there really was an inside job, it would be exploited in a far more productive way than ordering low-value takeaway food from Deliveroo....robatwork said:
If your post is taken at face value, and no real reason to think you're making it up or deluded (but just for info, people on this forum are rightly sceptical about newcomers so would prefer if you had a few years of posting behind you), then this once again would point to an inside job. Someone at the bank has inadvertently or deliberately leaked your details.
Also possible is that someone in your household has the details.
Nothing else makes much sense.
Edit: yes, it was this thread: https://forums.moneysavingexpert.com/discussion/comment/78200098/#Comment_782000980 -
These frauds can’t be understood but they are happening. Lloyds fraud department couldn’t explain how it could have happened to me. Perhaps they wouldn’t do so anyway!greekpig said:Hello Yorkshire_Pud and all.
On Sunday 14th March I was contacted via my mobile by Lloyds (defo a legit Lloyds call - I gave no personal info and phoned them back using the number on the back of the card via my landline) to inform me that there had been payments from a card in my name, with one transaction from Deliveroo. I'm in a similar situation to yours. I have a Lloyds account that I opened in February 2020 to be used with a will trust (the intention is to hardly ever use it), so although the card was used fraudulently the physical card was still gummed to the Lloyds paper it came with (so the 3 digits had never been read from the rear of the card), the PIN notification remains unopened, and the card had never been activated. The card and the PIN letter were carefully filed away.
I am mystified to think how on earth this card was used fraudulently, but Lloyds reported that it was, and so I got a replacement card in the post.
On the few days leading to this incident, I received a suspicious call on my mobile which I think was saying that I was at risk from fraud and I was put through to an "officer", but there was no organisation name given so I put the phone down immediately. The call appeared to come from a mobile number, which also made me think it was 100% a scam. I received a similar call to my landline where a message was left, and have not received such calls before or since. I'm left thinking - was this part of the scam? Whatever, apart from answering the mobile, not giving any personal details and terminating the call rapidly, there is nothing they got from me at all to identify me or the account.
How can this happen? If an unactivated and never-used card can be used fraudulently, then this presumably means that all cards are at risk and we are all at risk, whatever their status or however careful we are.
I've called the FCA to see if they would like to investigate, but they have no interest.
All payments were removed from the account so I've lost nothing apart from my faith in the banking system.
What do you think?
Thanks.
They did say we haven’t been hacked.So as there is no explanation there’s no reason to suppose it won’t happen again.2 -
Three cases now reported on this thread involving Deliveroo and Lloyds banking group
Retired 1st July 2021.
This is not investment advice.
Your money may go "down and up and down and up and down and up and down ... down and up and down and up and down and up and down ... I got all tricked up and came up to this thing, lookin' so fire hot, a twenty out of ten..."3 -
..........and several million Lloyds accounts which aren't linked to a Deliveroo scam.......quirkydeptless said:Three cases now reported on this thread involving Deliveroo and Lloyds banking group0 -
And millions of Deliveroo fraud on other banks...colsten said:
..........and several million Lloyds accounts which aren't linked to a Deliveroo scam.......quirkydeptless said:Three cases now reported on this thread involving Deliveroo and Lloyds banking groupLife in the slow lane1 -
The reports about these are about to flood the MSE Forum any week now 🤣🤣🤣born_again said:
And millions of Deliveroo fraud on other banks...colsten said:
..........and several million Lloyds accounts which aren't linked to a Deliveroo scam.......quirkydeptless said:Three cases now reported on this thread involving Deliveroo and Lloyds banking group0 -
Presumably somebody knows the algorithms for generating card numbers.
0 -
It may just be that deliveroo allow many attempts of entering payment details, so by repeatedly trying random numbers, one can find a real card number. It may also explain why banks seem to be very good/fast at spotting it as fraud as it happens a lot.
Once you have got a verified real card number, it can be sold on to someone who will empty the account.1 -
Something similar happened to me (I used to bank with Lloyds) a while ago and I never figured out how did that happen. I went to Mc Donald’s in a shopping centre in Bristol and paid using my debit card. I then received a call from my bank informing me that there was something dodgy going on and card needed to be blocked. Apparently someone had used the same card to buy stuff from John Lewis shop in London only 20 mins before. Got refunded and it was easy to prove that I couldn’t physically do both the transactions as you can’t go to London from Bristol in just 20’. So weird, I decided to leave Lloyds1
-
Apparently the CVV isn't stored but a token is generated during your first payment which validates subsequent ones with the same merchant.colsten said:
They must be storing it as you don't need to enter it after the initial purchase.p00hsticks said:They should NEVER be storing the CVV - that's strictly against the the card issuer rules.
BTW, Amazon are not on their own. I just deposited £20K into my iWeb account, using the stored debit card details. I wasn't asked for a CVV, so I assume they stored it when I originally set up the payment method.2
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.6K Banking & Borrowing
- 253.8K Reduce Debt & Boost Income
- 454.5K Spending & Discounts
- 245.7K Work, Benefits & Business
- 601.6K Mortgages, Homes & Bills
- 177.7K Life & Family
- 259.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards