We're aware that some users are experiencing technical issues which the team are working to resolve. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Debit Card Fraud

Options
I recently saw debit card transaction for Amazon on my bank account that I did not recognise. I reported it online and got the following email response.

Your claim is successful
I am pleased to let you know that we will refund you.

When you will get your money
One or more of the fraudulent payments are pending. This means they need to clear your account before we can refund you.

The process was very quick, but my bank balance had been reduced by the payment amount. This was not corrected until the initial payment cleared and the refund was posted four days later.

What does concern me is how this has happened. The transaction was online so how did the fraudster know my name? Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.
«1

Comments

  • p00hsticks
    p00hsticks Posts: 14,390 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    edited 23 November 2022 at 1:53PM
    RG2015 said:
    What does concern me is how this has happened. The transaction was online so how did the fraudster know my name? Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.

    Why would they need to know your name ? It's not information that's needed for a debit card transaction, online or otherwise.
    For an online card transaction there is additional protection for the retailer if they ask for and check with the card issuer the CVV number on the card (to show that the purchaser physically has the card in their possession) and the house number and postcode of the billing address (some retailers will insists that goods are only despatched to the billing address, at least for the first time).
    However I don;t think Amazon request either - presumably a market decision that they are prepared to take an increased hit on fraud in order to not force their customers throguh additional hoops - and so for the fraudster the 16 digit number, however obtained, was probably adequate (they may have needed to input the expiry date of the card as well)

    Editted to add - if you use your debit card at all I think it's far more likely that somewhere that you've used it has been hacked to provide card number & expiry date or that your card has been skimmed than that the fraudsters have just randomly generated a number
  • Have you ever given out your card details? If so you might be part of a data beach somewhere.

    Happened to me once, someone tried to buy insurance from Direct Line and a computer from HP. Noticed the problem when my available balance was around £600 less than expected and not major transactions had been made. Called the back and was told nothing could be done until the amounts were actually taken. The Direct Line one was take a day or so later, so I reported it as fraudulent and a temporary amount was added to my balance. Some weeks later Direct Line refunded the payment, the bank took back the temporary deposit and I was back to where I should have been. The HP transaction was never taken and dropped off at 7 days or so.

    All in all a fairly painless process.
  • RG2015
    RG2015 Posts: 6,045 Forumite
    Ninth Anniversary 1,000 Posts Name Dropper Photogenic
    RG2015 said:
    What does concern me is how this has happened. The transaction was online so how did the fraudster know my name? Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.

    Why would they need to know your name ? It's not information that's needed for a debit card transaction, online or otherwise.
    For an online card transaction there is additional protection for the retailer if they ask for and check with the card issuer the CVV number on the card (to show that the purchaser physically has the card in their possession) and the house number and postcode of the billing address (some retailers will insists that goods are only despatched to the billing address, at least for the first time).
    However I don;t think Amazon request either - presumably a market decision that they are prepared to take an increased hit on fraud in order to not force their customers throguh additional hoops - and so for the fraudster the 16 digit number, however obtained, was probably adequate (they may have needed to input the expiry date of the card as well)

    Editted to add - if you use your debit card at all I think it's far more likely that somewhere that you've used it has been hacked to provide card number & expiry date or that your card has been skimmed than that the fraudsters have just randomly generated a number
    It would be surprising if Amazon did not check the buyer’s name with the card holder’s name.

    I suppose that the expiry date was trial and error.

    As to being hacked, the debit card has never been used and never even been out of a drawer in my house.
  • born_again
    born_again Posts: 20,145 Forumite
    10,000 Posts Fifth Anniversary Name Dropper
    > Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.<

    They are not randomly guessed. They are compromised at some point where the card has been used. Amazon do not require CVV or name/address to process any payments.

    Was it a purchase or was it a subscription at amazon?

    As if card has been previously used there, and the main card has expired. Any subscriptions default to the next listed card. Now that can be for any account the card may have been used on.
    It's 
    amazing how many claim fraud on amazon subscriptions & it turns out to be a family member who has the card details in their account.
    Not saying that is the case, but worth checking 👍
    Life in the slow lane
  • robatwork
    robatwork Posts: 7,260 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Photogenic
    RG2015 said:
    RG2015 said:
    What does concern me is how this has happened. The transaction was online so how did the fraudster know my name? Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.

    Why would they need to know your name ? It's not information that's needed for a debit card transaction, online or otherwise.
    For an online card transaction there is additional protection for the retailer if they ask for and check with the card issuer the CVV number on the card (to show that the purchaser physically has the card in their possession) and the house number and postcode of the billing address (some retailers will insists that goods are only despatched to the billing address, at least for the first time).
    However I don;t think Amazon request either - presumably a market decision that they are prepared to take an increased hit on fraud in order to not force their customers throguh additional hoops - and so for the fraudster the 16 digit number, however obtained, was probably adequate (they may have needed to input the expiry date of the card as well)

    Editted to add - if you use your debit card at all I think it's far more likely that somewhere that you've used it has been hacked to provide card number & expiry date or that your card has been skimmed than that the fraudsters have just randomly generated a number
    It would be surprising if Amazon did not check the buyer’s name with the card holder’s name.

    I suppose that the expiry date was trial and error.

    As to being hacked, the debit card has never been used and never even been out of a drawer in my house.
    Do you really mean the card had NEVER been used - not even by yourself online with Amazon or any other vendor?
  • eskbanker
    eskbanker Posts: 36,934 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    They are not randomly guessed. They are compromised at some point where the card has been used.
    OP clarified that:
    RG2015 said:
    the debit card has never been used and never even been out of a drawer in my house.
    My understanding is that numbers are (sometimes) effectively guessed randomly by brute force number-generating attacks....
  • k_man
    k_man Posts: 1,636 Forumite
    1,000 Posts Second Anniversary Name Dropper
    edited 23 November 2022 at 3:44PM
    Similar discussion here:

    https://forums.moneysavingexpert.com/discussion/comment/79633980/#Comment_79633980

    While the details may have been compromised elsewhere, the use of Amazon, a retailer that doesn't require CVV, and a card that has never been used online or in person, suggests otherwise.

    ETA: so more likely a number generator was used, against a week retailer system to brute force the expiry.

    @RG2015, which bank was this with?
    My instance was TSB, as was one of the banks in the linked thread, albeit that may just be coincidence.
  • k_man
    k_man Posts: 1,636 Forumite
    1,000 Posts Second Anniversary Name Dropper
    Forgot to add, in my instance, card had never been used, including on Amazon. The purchase was on someone else's Amazon account.

    I found it on the bank account, as @RG2015 did.
  • RG2015
    RG2015 Posts: 6,045 Forumite
    Ninth Anniversary 1,000 Posts Name Dropper Photogenic
    edited 23 November 2022 at 5:04PM
    > Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.<

    They are not randomly guessed. They are compromised at some point where the card has been used. Amazon do not require CVV or name/address to process any payments.

    1) Was it a purchase or was it a subscription at amazon?

    2) As if card has been previously used there, and the main card has expired. Any subscriptions default to the next listed card. Now that can be for any account the card may have been used on.

    3) It's amazing how many claim fraud on amazon subscriptions & it turns out to be a family member who has the card details in their account.

    4) Not saying that is the case, but worth checking 👍


    1) Purchase or subscription? I have no idea. All it has is K*M42MS47N5 , AMAZON.CO.UK GB .

    2) and 3) The card has never been used so could not have been compromised

    4) Nothing worth checking as the card has never been out of a drawer in my house. 


  • RG2015
    RG2015 Posts: 6,045 Forumite
    Ninth Anniversary 1,000 Posts Name Dropper Photogenic
    robatwork said:
    RG2015 said:
    RG2015 said:
    What does concern me is how this has happened. The transaction was online so how did the fraudster know my name? Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.

    Why would they need to know your name ? It's not information that's needed for a debit card transaction, online or otherwise.
    For an online card transaction there is additional protection for the retailer if they ask for and check with the card issuer the CVV number on the card (to show that the purchaser physically has the card in their possession) and the house number and postcode of the billing address (some retailers will insists that goods are only despatched to the billing address, at least for the first time).
    However I don;t think Amazon request either - presumably a market decision that they are prepared to take an increased hit on fraud in order to not force their customers throguh additional hoops - and so for the fraudster the 16 digit number, however obtained, was probably adequate (they may have needed to input the expiry date of the card as well)

    Editted to add - if you use your debit card at all I think it's far more likely that somewhere that you've used it has been hacked to provide card number & expiry date or that your card has been skimmed than that the fraudsters have just randomly generated a number
    It would be surprising if Amazon did not check the buyer’s name with the card holder’s name.

    I suppose that the expiry date was trial and error.

    As to being hacked, the debit card has never been used and never even been out of a drawer in my house.
    Do you really mean the card had NEVER been used - not even by yourself online with Amazon or any other vendor?
    Yes. I REALLY mean the card has never been used.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.6K Banking & Borrowing
  • 253K Reduce Debt & Boost Income
  • 453.4K Spending & Discounts
  • 243.6K Work, Benefits & Business
  • 598.4K Mortgages, Homes & Bills
  • 176.8K Life & Family
  • 256.8K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.