Debit Card Fraud

I recently saw debit card transaction for Amazon on my bank account that I did not recognise. I reported it online and got the following email response.

Your claim is successful
I am pleased to let you know that we will refund you.

When you will get your money
One or more of the fraudulent payments are pending. This means they need to clear your account before we can refund you.

The process was very quick, but my bank balance had been reduced by the payment amount. This was not corrected until the initial payment cleared and the refund was posted four days later.

What does concern me is how this has happened. The transaction was online so how did the fraudster know my name? Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.
«1

Replies

  • edited 23 November 2022 at 12:53PM
    p00hsticksp00hsticks Forumite
    11.5K Posts
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    Forumite
    edited 23 November 2022 at 12:53PM
    RG2015 said:
    What does concern me is how this has happened. The transaction was online so how did the fraudster know my name? Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.

    Why would they need to know your name ? It's not information that's needed for a debit card transaction, online or otherwise.
    For an online card transaction there is additional protection for the retailer if they ask for and check with the card issuer the CVV number on the card (to show that the purchaser physically has the card in their possession) and the house number and postcode of the billing address (some retailers will insists that goods are only despatched to the billing address, at least for the first time).
    However I don;t think Amazon request either - presumably a market decision that they are prepared to take an increased hit on fraud in order to not force their customers throguh additional hoops - and so for the fraudster the 16 digit number, however obtained, was probably adequate (they may have needed to input the expiry date of the card as well)

    Editted to add - if you use your debit card at all I think it's far more likely that somewhere that you've used it has been hacked to provide card number & expiry date or that your card has been skimmed than that the fraudsters have just randomly generated a number
  • TadleyBaggieTadleyBaggie Forumite
    5.5K Posts
    Part of the Furniture 1,000 Posts Name Dropper
    Forumite
    Have you ever given out your card details? If so you might be part of a data beach somewhere.

    Happened to me once, someone tried to buy insurance from Direct Line and a computer from HP. Noticed the problem when my available balance was around £600 less than expected and not major transactions had been made. Called the back and was told nothing could be done until the amounts were actually taken. The Direct Line one was take a day or so later, so I reported it as fraudulent and a temporary amount was added to my balance. Some weeks later Direct Line refunded the payment, the bank took back the temporary deposit and I was back to where I should have been. The HP transaction was never taken and dropped off at 7 days or so.

    All in all a fairly painless process.
  • RG2015RG2015 Forumite
    5K Posts
    Seventh Anniversary 1,000 Posts Name Dropper Photogenic
    Forumite
    RG2015 said:
    What does concern me is how this has happened. The transaction was online so how did the fraudster know my name? Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.

    Why would they need to know your name ? It's not information that's needed for a debit card transaction, online or otherwise.
    For an online card transaction there is additional protection for the retailer if they ask for and check with the card issuer the CVV number on the card (to show that the purchaser physically has the card in their possession) and the house number and postcode of the billing address (some retailers will insists that goods are only despatched to the billing address, at least for the first time).
    However I don;t think Amazon request either - presumably a market decision that they are prepared to take an increased hit on fraud in order to not force their customers throguh additional hoops - and so for the fraudster the 16 digit number, however obtained, was probably adequate (they may have needed to input the expiry date of the card as well)

    Editted to add - if you use your debit card at all I think it's far more likely that somewhere that you've used it has been hacked to provide card number & expiry date or that your card has been skimmed than that the fraudsters have just randomly generated a number
    It would be surprising if Amazon did not check the buyer’s name with the card holder’s name.

    I suppose that the expiry date was trial and error.

    As to being hacked, the debit card has never been used and never even been out of a drawer in my house.
  • born_againborn_again Forumite
    10K Posts
    1,000 Posts Third Anniversary Name Dropper
    Forumite
    > Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.<

    They are not randomly guessed. They are compromised at some point where the card has been used. Amazon do not require CVV or name/address to process any payments.

    Was it a purchase or was it a subscription at amazon?

    As if card has been previously used there, and the main card has expired. Any subscriptions default to the next listed card. Now that can be for any account the card may have been used on.
    It's amazing how many claim fraud on amazon subscriptions & it turns out to be a family member who has the card details in their account.
    Not saying that is the case, but worth checking 👍
    Life in the slow lane
  • robatworkrobatwork Forumite
    6.8K Posts
    Part of the Furniture 1,000 Posts Name Dropper Photogenic
    Forumite
    RG2015 said:
    RG2015 said:
    What does concern me is how this has happened. The transaction was online so how did the fraudster know my name? Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.

    Why would they need to know your name ? It's not information that's needed for a debit card transaction, online or otherwise.
    For an online card transaction there is additional protection for the retailer if they ask for and check with the card issuer the CVV number on the card (to show that the purchaser physically has the card in their possession) and the house number and postcode of the billing address (some retailers will insists that goods are only despatched to the billing address, at least for the first time).
    However I don;t think Amazon request either - presumably a market decision that they are prepared to take an increased hit on fraud in order to not force their customers throguh additional hoops - and so for the fraudster the 16 digit number, however obtained, was probably adequate (they may have needed to input the expiry date of the card as well)

    Editted to add - if you use your debit card at all I think it's far more likely that somewhere that you've used it has been hacked to provide card number & expiry date or that your card has been skimmed than that the fraudsters have just randomly generated a number
    It would be surprising if Amazon did not check the buyer’s name with the card holder’s name.

    I suppose that the expiry date was trial and error.

    As to being hacked, the debit card has never been used and never even been out of a drawer in my house.
    Do you really mean the card had NEVER been used - not even by yourself online with Amazon or any other vendor?
  • eskbankereskbanker Forumite
    25.3K Posts
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    Forumite
    They are not randomly guessed. They are compromised at some point where the card has been used.
    OP clarified that:
    RG2015 said:
    the debit card has never been used and never even been out of a drawer in my house.
    My understanding is that numbers are (sometimes) effectively guessed randomly by brute force number-generating attacks....
  • edited 23 November 2022 at 2:44PM
    k_mank_man Forumite
    1.6K Posts
    1,000 Posts First Anniversary Name Dropper
    Forumite
    edited 23 November 2022 at 2:44PM
    Similar discussion here:

    https://forums.moneysavingexpert.com/discussion/comment/79633980/#Comment_79633980

    While the details may have been compromised elsewhere, the use of Amazon, a retailer that doesn't require CVV, and a card that has never been used online or in person, suggests otherwise.

    ETA: so more likely a number generator was used, against a week retailer system to brute force the expiry.

    @RG2015, which bank was this with?
    My instance was TSB, as was one of the banks in the linked thread, albeit that may just be coincidence.
  • k_mank_man Forumite
    1.6K Posts
    1,000 Posts First Anniversary Name Dropper
    Forumite
    Forgot to add, in my instance, card had never been used, including on Amazon. The purchase was on someone else's Amazon account.

    I found it on the bank account, as @RG2015 did.
  • edited 23 November 2022 at 4:04PM
    RG2015RG2015 Forumite
    5K Posts
    Seventh Anniversary 1,000 Posts Name Dropper Photogenic
    Forumite
    edited 23 November 2022 at 4:04PM
    > Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.<

    They are not randomly guessed. They are compromised at some point where the card has been used. Amazon do not require CVV or name/address to process any payments.

    1) Was it a purchase or was it a subscription at amazon?

    2) As if card has been previously used there, and the main card has expired. Any subscriptions default to the next listed card. Now that can be for any account the card may have been used on.

    3) It's amazing how many claim fraud on amazon subscriptions & it turns out to be a family member who has the card details in their account.

    4) Not saying that is the case, but worth checking 👍


    1) Purchase or subscription? I have no idea. All it has is K*M42MS47N5 , AMAZON.CO.UK GB .

    2) and 3) The card has never been used so could not have been compromised

    4) Nothing worth checking as the card has never been out of a drawer in my house. 


  • RG2015RG2015 Forumite
    5K Posts
    Seventh Anniversary 1,000 Posts Name Dropper Photogenic
    Forumite
    robatwork said:
    RG2015 said:
    RG2015 said:
    What does concern me is how this has happened. The transaction was online so how did the fraudster know my name? Surely the 16 digit number that they randomly guessed is not enough on its own to generate a payment.

    Why would they need to know your name ? It's not information that's needed for a debit card transaction, online or otherwise.
    For an online card transaction there is additional protection for the retailer if they ask for and check with the card issuer the CVV number on the card (to show that the purchaser physically has the card in their possession) and the house number and postcode of the billing address (some retailers will insists that goods are only despatched to the billing address, at least for the first time).
    However I don;t think Amazon request either - presumably a market decision that they are prepared to take an increased hit on fraud in order to not force their customers throguh additional hoops - and so for the fraudster the 16 digit number, however obtained, was probably adequate (they may have needed to input the expiry date of the card as well)

    Editted to add - if you use your debit card at all I think it's far more likely that somewhere that you've used it has been hacked to provide card number & expiry date or that your card has been skimmed than that the fraudsters have just randomly generated a number
    It would be surprising if Amazon did not check the buyer’s name with the card holder’s name.

    I suppose that the expiry date was trial and error.

    As to being hacked, the debit card has never been used and never even been out of a drawer in my house.
    Do you really mean the card had NEVER been used - not even by yourself online with Amazon or any other vendor?
    Yes. I REALLY mean the card has never been used.
Sign In or Register to comment.
Latest MSE News and Guides

Martin and MSE campaign win

April's 20% energy price guarantee hike postponed

MSE News

Childcare budget boost

More support for children from nine months and those on Universal Credit

MSE News

Energy Price Guarantee calculator

How much you'll likely pay from April

MSE Tools