We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
The MSE Forum Team would like to wish you all a Merry Christmas. However, we know this time of year can be difficult for some. If you're struggling during the festive period, here's a list of organisations that might be able to help
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Has MSE helped you to save or reclaim money this year? Share your 2025 MoneySaving success stories!
Debit Card Fraud
Qyburn
Posts: 3,946 Forumite
Hi,
Both of us have a couple of current accounts that are not regularly used, set up and retained because they are or were a requirement for related savings accounts, or because there were promotions. Both of us have suffered debit card fraud related to these, mine was a one-off taken from Nationwide and the missus was a recurring Amazon subscription taken from TSB.
In both cases the money was refunded with very little formality by either of the banks.
However what concerns me is how these would have come about. Neither of the two debit cards have ever left the house, and have not been used for any transactions prior to these fraudulent one, or after come to that. The Nationwide card is needed for their Internet login, the TSB card isn't needed for anything.
So it seems to me that for someone to use our debit card details, they must have learned them from the bank. I can't see how else anyone would get them.
What do people think?
0
Comments
-
There are algorithms available that generate predicted card numbers.Qyburn said:Hi,Both of us have a couple of current accounts that are not regularly used, set up and retained because they are or were a requirement for related savings accounts, or because there were promotions. Both of us have suffered debit card fraud related to these, mine was a one-off taken from Nationwide and the missus was a recurring Amazon subscription taken from TSB.In both cases the money was refunded with very little formality by either of the banks.However what concerns me is how these would have come about. Neither of the two debit cards have ever left the house, and have not been used for any transactions prior to these fraudulent one, or after come to that. The Nationwide card is needed for their Internet login, the TSB card isn't needed for anything.So it seems to me that for someone to use our debit card details, they must have learned them from the bank. I can't see how else anyone would get them.What do people think?
Fraudsters than try the numbers against weaker payment systems (that don't lock out) to get expiry date.
Then these are used on sites like Amazon, that don't require the CVV number.
This doesn't require insiders at the bank.
My advice would be to Freeze any debit cards you don't use.
Not all banks allow you to do this, but with TSB and Nationwide you can do this in the app.
5 -
k_man said:There are algorithms available that generate predicted card numbers.
Fraudsters than try the numbers against weaker payment systems (that don't lock out) to get expiry date.
Then these are used on sites like Amazon, that don't require the CVV number.Thanks, I wasn't aware about merchants not needing the CVV. So they still need name and billing address, or do some not check all of these either?
That's good advice I didn't know you could do that. Nationwide cancelled the debit card and sent a new one, but didn't say anything about freezing it. I'll follow that up with both banks.k_man said:My advice would be to Freeze any debit cards you don't use.
Not all banks allow you to do this, but with TSB and Nationwide you can do this in the app.
0 -
It is interesting that you think it more likely that the security measures of two separate banks were compromised rather than the details being obtained closer to home.Qyburn said:So it seems to me that for someone to use our debit card details, they must have learned them from the bank. I can't see how else anyone would get them.What do people think?6 -
Debit card freezing is done in the app fir these banks0
-
I'm not convinced there are always robust checks on anything. I've had fraud where the fraudsters even used the wrong expiry date.Qyburn said:
Thanks, I wasn't aware about merchants not needing the CVV. So they still need name and billing address, or do some not check all of these either?
I believe amazon are on the hook for fraud because they don't use CVV. I assume there is some financial advantage to them doing so.0 -
That sounds sceptical. However I can't see how the details were learned from home. The transaction was made 150 miles away and the card stays in the desk drawer at home except when it's needed for an Internet login.MEM62 said:It is interesting that you think it more likely that the security measures of two separate banks were compromised rather than the details being obtained closer to home.
0 -
No, as I said those particular cards have never left the house.
0 -
Not skeptical. However, it is more likely that the security breach was a friend or family member or an establishment where the card was used. These are much more likely that then banks systems being compromised, yet there seemed to be the automatic assumption that the banks must be at fault.Qyburn said:
That sounds sceptical. However I can't see how the details were learned from home. The transaction was made 150 miles away and the card stays in the desk drawer at home except when it's needed for an Internet login.MEM62 said:It is interesting that you think it more likely that the security measures of two separate banks were compromised rather than the details being obtained closer to home.0 -
Slamming generated numbers is a practice where the fault lies neither with the bank nor the customer, but with payment systems. I have numerous debit cards that are never used and have never been used, whether physically or online. No one has access to them except me. They are frozen (in apps) where possible. Despite this, one night I suddenly received a flurry of over 20 push notifications within 30 minutes from the NatWest app (not SMS), each one informing me of an attempted transaction that was declined.MEM62 said:
Not skeptical. However, it is more likely that the security breach was a friend or family member or an establishment where the card was used. These are much more likely that then banks systems being compromised, yet there seemed to be the automatic assumption that the banks must be at fault.Qyburn said:
That sounds sceptical. However I can't see how the details were learned from home. The transaction was made 150 miles away and the card stays in the desk drawer at home except when it's needed for an Internet login.MEM62 said:It is interesting that you think it more likely that the security measures of two separate banks were compromised rather than the details being obtained closer to home.
When I phoned NatWest's fraud department, they weren't at liberty to describe the precise details of each transaction (to maintain the secrecy of their security measures), but they did confirm the correct CVV was not provided. What they did not tell me was whether the CVV was different (or even present) for each transaction.1
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.9K Banking & Borrowing
- 253.9K Reduce Debt & Boost Income
- 454.7K Spending & Discounts
- 246K Work, Benefits & Business
- 602.1K Mortgages, Homes & Bills
- 177.8K Life & Family
- 259.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards