Dad has been hacked

Zanderman

Teapot55 said:

If @R200’s Dad hasn’t got internet banking then the only way to see the bank statements is when they arrive in the post. On the statement for each transaction (payment out or money in) it says date first, in the first column, then, usually, the second column will be transaction type. 

So that will be
DD for direct debit
SO for standing order 
DEB for debit card payment etc

although it might be different codes on Co-op Bank statements. 

Have you seen the statement with the dodgy payments on yet @R200? If you have, what are the  two- or three-letter codes next to who it says got the three payments made to them?

For online, on the Coop bank website anyway, debit card payments are simply 'payments' transfers are 'transfers and DDs and SOs are DDs and SOs respectively. Printed statements may have less information, but I (and others) had been assuming, up to OP's most recent posts, that there was a login to online banking (as that had been 'compromised' - as in post one).  Now it seems that dad does not have use internet or email so there is, presumably, no login at all, let alone one to be compromised. In which case the most likely scenario, assuming everything we've been told is all there is to know, is that the debit card has been compromised in some way. But I'm now giving up on this thread! 

R200

I can’t seem to post on the last thread that discussed this for some reason.

So it seems now last time we talked to a woman at the bank dealing with this, that one time his card was used at a fuel station or someplace it was scanned.

She said criminals buy packages of scanned cards and then make a load of blank ones to commit fraud.

I think that was the just of what she was saying.

This is how so many withdrawals and purchases were made from my dads account before the bank locked it for suspicious activity.

So we said if that is the case it’s not our fault at all this could happen to anyone?

My question is why did it take so long for the bank to lock the account? I wish they did it earlier?

sausage_time

So now we know what has happened @R200 (which is what many people were asking - how were the payments made).   What is the bank doing about it?  I assume refunding the payments (if they were ever taken - perhaps they were blocked before they hit the account) and replacing the card?  If so, your father can move on.

R200

Still not refunded yet

elsien

Your last thread was closed, because it got to the point where due to the information being provided or not provided, it was being a bit circular and not achieving anything.
 You need to be careful with this one that it doesn’t go the same way - clear non-contradictory information. 

MattMattMattUK

R200 said:

I can’t seem to post on the last thread that discussed this for some reason.

So it seems now last time we talked to a woman at the bank dealing with this, that one time his card was used at a fuel station or someplace it was scanned.

She said criminals buy packages of scanned cards and then make a load of blank ones to commit fraud.

I think that was the just of what she was saying.

This is how so many withdrawals and purchases were made from my dads account before the bank locked it for suspicious activity.

So we said if that is the case it’s not our fault at all this could happen to anyone?

Yes, cards can be cloned, it happens. The only point where the account holder would be deemed at fault is if they received authorisation messages via text/app and they approved them.

R200 said:

My question is why did it take so long for the bank to lock the account? I wish they did it earlier?

You have not defined "so long", hours, days, weeks? Some transactions are also processed "offline" that means that they do not immediately seek authorisation via the card networks but are batch processed hourly or daily, TFL being an example of that in the UK, where they are processed at the end of the day.

R200 said:

Still not refunded yet

It is not unusual for refunds of this kind to take 30 days to be processed. 

kaMelo

I thought, from what you said in the other thread, there were transfers to accounts in China?

Teapot55

It’d be helpful to know how many payments there were that added up to the £1200 that went out of the account. 

eskbanker

R200 said:

I can’t seem to post on the last thread that discussed this for some reason.

For anyone wanting to catch up with how it went, it's at https://forums.moneysavingexpert.com/discussion/6465858/dad-has-been-hacked/p6 but was probably closed because of the difficulty in establishing what had actually happened, resulting in endless but unproductive speculation, and misleading information.

R200 said:

So it seems now last time we talked to a woman at the bank dealing with this, that one time his card was used at a fuel station or someplace it was scanned.

She said criminals buy packages of scanned cards and then make a load of blank ones to commit fraud.

I think that was the just of what she was saying.

This is how so many withdrawals and purchases were made from my dads account before the bank locked it for suspicious activity.

So this does sound like debit card fraud, rather than "withdrawals" or "payments to Chinese accounts"?  This is relatively encouraging, in that the onus is on the bank to prove that the account holder authorised the transactions, rather than the account holder having to prove that they didn't, so the transactions should be refunded unless the bank has any evidence that the account holder was complicit in any of the transactions, or negligent.

R200 said:

Still not refunded yet

Theoretically the bank should refund immediately:

If you didn’t authorise a payment, you should ask your bank for a refund. This refund should be in your account by the end of the next business day, along with any charges and interest you paid because of the transaction.

[...]

Your bank can only refuse to refund an unauthorised payment if:

• it can prove you authorised the payment
• it can prove you acted fraudulently
• it can prove you deliberately, or with 'gross negligence', failed to protect the details of your card, PIN or password in a way that allowed the payment
• you only told your bank about the unauthorised payment 13 months (or more) after the date it left your account 

https://www.fca.org.uk/consumers/unauthorised-payments-account

born_again

R200 said:

I can’t seem to post on the last thread that discussed this for some reason.

So it seems now last time we talked to a woman at the bank dealing with this, that one time his card was used at a fuel station or someplace it was scanned.

She said criminals buy packages of scanned cards and then make a load of blank ones to commit fraud.

I think that was the just of what she was saying.

This is how so many withdrawals and purchases were made from my dads account before the bank locked it for suspicious activity.

So we said if that is the case it’s not our fault at all this could happen to anyone?

My question is why did it take so long for the bank to lock the account? I wish they did it earlier?

Couple of things on this.
If a card is scanned at a garage etc, while they can make a card, it only has the mag stripe, which can not be used to make a cash withdrawal in the UK. As UK atms require a chip to be read.
So these tended to be used by oversea's groups where they may not require a chip. But not seen this type of fraud for a long time.
Used to be standard weekend fair on fraud lines.

So the mention of "withdrawal's" is confusing.

Most fraud is now spending online.