We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Debit Card Fraud
Options

RG2015
Posts: 6,045 Forumite

I recently saw debit card transaction for Amazon on my bank account that I did not recognise. I reported it online and got the following email response.
Your claim is successful
I am pleased to let you know that we will refund you.
When you will get your money
One or more of the fraudulent payments are pending. This means they need to clear your account before we can refund you.
The process was very quick, but my bank balance had been reduced by the payment amount. This was not corrected until the initial payment cleared and the refund was posted four days later.
What does concern me is how this has happened. The transaction was online so how did the fraudster know my name? Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.
Your claim is successful
I am pleased to let you know that we will refund you.
When you will get your money
One or more of the fraudulent payments are pending. This means they need to clear your account before we can refund you.
The process was very quick, but my bank balance had been reduced by the payment amount. This was not corrected until the initial payment cleared and the refund was posted four days later.
What does concern me is how this has happened. The transaction was online so how did the fraudster know my name? Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.
0
Comments
-
RG2015 said:What does concern me is how this has happened. The transaction was online so how did the fraudster know my name? Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.Why would they need to know your name ? It's not information that's needed for a debit card transaction, online or otherwise.For an online card transaction there is additional protection for the retailer if they ask for and check with the card issuer the CVV number on the card (to show that the purchaser physically has the card in their possession) and the house number and postcode of the billing address (some retailers will insists that goods are only despatched to the billing address, at least for the first time).However I don;t think Amazon request either - presumably a market decision that they are prepared to take an increased hit on fraud in order to not force their customers throguh additional hoops - and so for the fraudster the 16 digit number, however obtained, was probably adequate (they may have needed to input the expiry date of the card as well)Editted to add - if you use your debit card at all I think it's far more likely that somewhere that you've used it has been hacked to provide card number & expiry date or that your card has been skimmed than that the fraudsters have just randomly generated a number1
-
Have you ever given out your card details? If so you might be part of a data beach somewhere.
Happened to me once, someone tried to buy insurance from Direct Line and a computer from HP. Noticed the problem when my available balance was around £600 less than expected and not major transactions had been made. Called the back and was told nothing could be done until the amounts were actually taken. The Direct Line one was take a day or so later, so I reported it as fraudulent and a temporary amount was added to my balance. Some weeks later Direct Line refunded the payment, the bank took back the temporary deposit and I was back to where I should have been. The HP transaction was never taken and dropped off at 7 days or so.
All in all a fairly painless process.2 -
p00hsticks said:RG2015 said:What does concern me is how this has happened. The transaction was online so how did the fraudster know my name? Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.Why would they need to know your name ? It's not information that's needed for a debit card transaction, online or otherwise.For an online card transaction there is additional protection for the retailer if they ask for and check with the card issuer the CVV number on the card (to show that the purchaser physically has the card in their possession) and the house number and postcode of the billing address (some retailers will insists that goods are only despatched to the billing address, at least for the first time).However I don;t think Amazon request either - presumably a market decision that they are prepared to take an increased hit on fraud in order to not force their customers throguh additional hoops - and so for the fraudster the 16 digit number, however obtained, was probably adequate (they may have needed to input the expiry date of the card as well)Editted to add - if you use your debit card at all I think it's far more likely that somewhere that you've used it has been hacked to provide card number & expiry date or that your card has been skimmed than that the fraudsters have just randomly generated a number
I suppose that the expiry date was trial and error.
As to being hacked, the debit card has never been used and never even been out of a drawer in my house.0 -
> Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.<
They are not randomly guessed. They are compromised at some point where the card has been used. Amazon do not require CVV or name/address to process any payments.
Was it a purchase or was it a subscription at amazon?
As if card has been previously used there, and the main card has expired. Any subscriptions default to the next listed card. Now that can be for any account the card may have been used on.
It's amazing how many claim fraud on amazon subscriptions & it turns out to be a family member who has the card details in their account.
Not saying that is the case, but worth checking 👍Life in the slow lane1 -
RG2015 said:p00hsticks said:RG2015 said:What does concern me is how this has happened. The transaction was online so how did the fraudster know my name? Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.Why would they need to know your name ? It's not information that's needed for a debit card transaction, online or otherwise.For an online card transaction there is additional protection for the retailer if they ask for and check with the card issuer the CVV number on the card (to show that the purchaser physically has the card in their possession) and the house number and postcode of the billing address (some retailers will insists that goods are only despatched to the billing address, at least for the first time).However I don;t think Amazon request either - presumably a market decision that they are prepared to take an increased hit on fraud in order to not force their customers throguh additional hoops - and so for the fraudster the 16 digit number, however obtained, was probably adequate (they may have needed to input the expiry date of the card as well)Editted to add - if you use your debit card at all I think it's far more likely that somewhere that you've used it has been hacked to provide card number & expiry date or that your card has been skimmed than that the fraudsters have just randomly generated a number
I suppose that the expiry date was trial and error.
As to being hacked, the debit card has never been used and never even been out of a drawer in my house.1 -
born_again said:They are not randomly guessed. They are compromised at some point where the card has been used.RG2015 said:
the debit card has never been used and never even been out of a drawer in my house.2 -
Similar discussion here:
https://forums.moneysavingexpert.com/discussion/comment/79633980/#Comment_79633980
While the details may have been compromised elsewhere, the use of Amazon, a retailer that doesn't require CVV, and a card that has never been used online or in person, suggests otherwise.
ETA: so more likely a number generator was used, against a week retailer system to brute force the expiry.
@RG2015, which bank was this with?
My instance was TSB, as was one of the banks in the linked thread, albeit that may just be coincidence.1 -
born_again said:> Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.<
They are not randomly guessed. They are compromised at some point where the card has been used. Amazon do not require CVV or name/address to process any payments.
1) Was it a purchase or was it a subscription at amazon?
2) As if card has been previously used there, and the main card has expired. Any subscriptions default to the next listed card. Now that can be for any account the card may have been used on.
3) It's amazing how many claim fraud on amazon subscriptions & it turns out to be a family member who has the card details in their account.
4) Not saying that is the case, but worth checking 👍
1) Purchase or subscription? I have no idea. All it has is K*M42MS47N5 , AMAZON.CO.UK GB .
2) and 3) The card has never been used so could not have been compromised
4) Nothing worth checking as the card has never been out of a drawer in my house.
2 -
robatwork said:RG2015 said:p00hsticks said:RG2015 said:What does concern me is how this has happened. The transaction was online so how did the fraudster know my name? Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.Why would they need to know your name ? It's not information that's needed for a debit card transaction, online or otherwise.For an online card transaction there is additional protection for the retailer if they ask for and check with the card issuer the CVV number on the card (to show that the purchaser physically has the card in their possession) and the house number and postcode of the billing address (some retailers will insists that goods are only despatched to the billing address, at least for the first time).However I don;t think Amazon request either - presumably a market decision that they are prepared to take an increased hit on fraud in order to not force their customers throguh additional hoops - and so for the fraudster the 16 digit number, however obtained, was probably adequate (they may have needed to input the expiry date of the card as well)Editted to add - if you use your debit card at all I think it's far more likely that somewhere that you've used it has been hacked to provide card number & expiry date or that your card has been skimmed than that the fraudsters have just randomly generated a number
I suppose that the expiry date was trial and error.
As to being hacked, the debit card has never been used and never even been out of a drawer in my house.0
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 350.6K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.4K Spending & Discounts
- 243.6K Work, Benefits & Business
- 598.4K Mortgages, Homes & Bills
- 176.8K Life & Family
- 256.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards