MBNA - How did the fraudster get my card details

kr1233d

signed up to say that the same thing has happened to me.

have only used the card (Halifax mastercard) for BT, and never anywhere else and suddenly saw that there was a transaction that i didnt do.

puzzled!!

tonycheese

[Deleted User] said:

No, @Deleted_User wasn't missing the point at all - they are delicately saying that the transaction happened within your presence/household.

This is impossible.
The card has been in my wallet since receipt. I have an aviator wallet and it is stored at the back meaning it is difficult to get out without passing a number of other cards first.
Nobody in the house could, or indeed would try and spend £400 with air bnb.
I have not used it physcially, electronically, or any other way (can't think of any more)
The only way I could have made this more secure is if I had destroyed the card as soon as I received it.

I'll let you know what MBNA come back with, but the situation you are delicately describing is impossible.

born_again

tonycheese said:

The only way I could have made this more secure is if I had destroyed the card as soon as I received it.

I'll let you know what MBNA come back with, but the situation you are delicately describing is impossible.

All the fraudsters need is a working card number. Once they have that they can then use brute force to generate other card numbers. 
So even if you destroyed the card they could still do exactly the same. 
At one time there were groups in China who did nothing but keep typing 16 digit card numbers into websites till they found one that worked.
That was then passed on and used.

A lot of websites do not need the CVV to put a payment through. Amazon for one.

MBNA will never come back & tell you anything. I know we never do. Customer does not need to know. As there is nothing they can do to stop it.

Best advise. Forget about it & remember MBNA picked it up & stopped it.👍

brianposter

born_again said:

At one time there were groups in China who did nothing but keep typing 16 digit card numbers into websites till they found one that worked.

Are you saying that Visa/Mastercard were able to put a stop on that activity ?

redux

On a different card, I noticed on the statement I'd been charged for a rail ticket at a station I've never been to, by a rail company I've never bought a ticket from, either in person or online.

I phoned the card company, and they cancelled and refunded the transaction.

Sandtree

tonycheese said:
Nobody in the house could, or indeed would try and spend £400 with air bnb.

There goes your surprise get away!

born_again said:
At one time there were groups in China who did nothing but keep typing 16 digit card numbers into websites till they found one that worked.

That was then passed on and used.

A lot of websites do not need the CVV to put a payment through. Amazon for one.

Thankfully for the fraudsters its not really randomly typing 16 digit card numbers... the first 4-6 identify the issuing bank so and the list of those are readily available online. The last 2 (could be 1) are a checksum value and the formula for the checksum is also readily available.

Its quicker/easier to write scripts than to get people to manually type card numbers and the actual numbers they are randomly generating are much smaller than 16 digits. Scripts can more readily switch bank, card number etc more readily to ensure you dont keep hitting the same issuer who may get suspicious as someone cycles through expiry dates etc. 

MalMonroe

born_again said:

tonycheese said:

The only way I could have made this more secure is if I had destroyed the card as soon as I received it.

I'll let you know what MBNA come back with, but the situation you are delicately describing is impossible.

All the fraudsters need is a working card number. Once they have that they can then use brute force to generate other card numbers. 
So even if you destroyed the card they could still do exactly the same. 
At one time there were groups in China who did nothing but keep typing 16 digit card numbers into websites till they found one that worked.
That was then passed on and used.

A lot of websites do not need the CVV to put a payment through. Amazon for one.

MBNA will never come back & tell you anything. I know we never do. Customer does not need to know. As there is nothing they can do to stop it.

Best advise. Forget about it & remember MBNA picked it up & stopped it.👍

But amazon does operate a two factor authentication, with my account anyway. Or is that just me because fraudsters attempted to sign into my account and I was advised to set that up? Anyone can access anything at any time, seems to me. 

I have two factor authentication with all my cards (not that I have a lot) and payment methods now. It's a bit of a faff but offers a bit of extra security/peace of mind. Also I check my accounts very regularly, it's so easy with apps. 

[Deleted User]

tonycheese said:

Catsacor said:

No, @Deleted_User wasn't missing the point at all - they are delicately saying that the transaction happened within your presence/household.

This is impossible.
The card has been in my wallet since receipt. I have an aviator wallet and it is stored at the back meaning it is difficult to get out without passing a number of other cards first.
Nobody in the house could, or indeed would try and spend £400 with air bnb.
I have not used it physcially, electronically, or any other way (can't think of any more)
The only way I could have made this more secure is if I had destroyed the card as soon as I received it.

I'll let you know what MBNA come back with, but the situation you are delicately describing is impossible.

Who lives in the house with you ?

[Deleted User]

MalMonroe said:

born_again said:

tonycheese said:

The only way I could have made this more secure is if I had destroyed the card as soon as I received it.

I'll let you know what MBNA come back with, but the situation you are delicately describing is impossible.

All the fraudsters need is a working card number. Once they have that they can then use brute force to generate other card numbers. 
So even if you destroyed the card they could still do exactly the same. 
At one time there were groups in China who did nothing but keep typing 16 digit card numbers into websites till they found one that worked.
That was then passed on and used.

A lot of websites do not need the CVV to put a payment through. Amazon for one.

MBNA will never come back & tell you anything. I know we never do. Customer does not need to know. As there is nothing they can do to stop it.

Best advise. Forget about it & remember MBNA picked it up & stopped it.👍

But amazon does operate a two factor authentication, with my account anyway. Or is that just me because fraudsters attempted to sign into my account and I was advised to set that up? Anyone can access anything at any time, seems to me. 

I have two factor authentication with all my cards (not that I have a lot) and payment methods now. It's a bit of a faff but offers a bit of extra security/peace of mind. Also I check my accounts very regularly, it's so easy with apps. 

2FA is to login, not to make payments. They store your card and do not need the CVV to place an order

phillw

tonycheese said:

So how did the fraudster get my card details?

How is anyone supposed to know that?

It could be someone at HSBC, it could be someone at the card printing facility, it could be someone at the post office.

If the balance transfer was done online, then that could have been intercepted.

I don't know about airbnb, but amazon don't use CVV at all. You could just generate a random number that is in the range of your card issuer and as long as the check digit is correct then it will go through.

There is a compromise between making it impossible to commit fraud and making it possible to prove you are the card holder. It seems that on this occasion it's worked.