We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
OTPs
stevemul
Posts: 22 Forumite
Can I do a straw poll please?
How many people think that an OTP ie One Time Passcode for an Applecard purchase on line is a “One Transaction Passcode” ie to make that particular purchase only?
I’m asking because it apparently isn’t!
It apparently gives the vendor permission to use your Applepay whenever they want!
Did you know that?
How many people think that an OTP ie One Time Passcode for an Applecard purchase on line is a “One Transaction Passcode” ie to make that particular purchase only?
I’m asking because it apparently isn’t!
It apparently gives the vendor permission to use your Applepay whenever they want!
Did you know that?
0
Comments
-
I guess it depends on a few things
Firstly what sort of purchase the OPT is authorising - a one off item or a subscription to something
Also exactly how Applepay use OTPs - perhaps they'll use one only if a purchase is over a certain value or if it's the first time you've bought something from a particular vendor ....
I think it's not that the OTP is being used more than once, but rather that, for whatever reason, there is not a OTP being sent at all for subsequent transactions...1 -
I would see it as an additional authentication method when setting up a new payee. Once you've authorised the payee you shouldn't need to re-authorise it each time.stevemul said:Can I do a straw poll please?
How many people think that an OTP ie One Time Passcode for an Applecard purchase on line is a “One Transaction Passcode” ie to make that particular purchase only?
I’m asking because it apparently isn’t!
It apparently gives the vendor permission to use your Applepay whenever they want!
Did you know that?
And it certainly doesn't give a vendor permission to use your applepay "Whenever they want", that would be absurd.1 -
If you are talking about subscriptions then yes of course they can & it is part of your agreement with both parties.stevemul said:Can I do a straw poll please?
How many people think that an OTP ie One Time Passcode for an Applecard purchase on line is a “One Transaction Passcode” ie to make that particular purchase only?
I’m asking because it apparently isn’t!
It apparently gives the vendor permission to use your Applepay whenever they want!
Did you know that?
It's just the same as a card payment being set up as continuous payment authority, where retailer does not request authorisation for payment. It is simply taken.
They can even request new card details should you lose your card & get a new one, or even if your card expires. All part of the card regulations.Life in the slow lane0 -
The OTP is used to authenticate yourself to Apple, so they know it is you who is requesting the transaction. They may choose to not authenticate you every time, but a OTP is only used for a single instance. That single instance however, might be where you set up a continuous payment authorisation (CPA) allowing a merchant to charge your card on a continuous basis going forward. If you want to stop the payments then you can ask your bank to revoke the authorisation and by law they must do so, but it doesn't stop the merchant from chasing you for payment if you entered into a contract to pay them.1
-
Following on from my original post I have a follow up question please.
So an online " purchase" is made ( which according to previous answers to he original question may turn out to be a "subscription" ) using Applepay set up on my iphone with a Mastercard Debit Card linked to my First Direct current account. First Direct send an OTP which apparently is entered by me.
No acknowledgement of a purchase is made by the website or email received. No website shows on my Google or Safari history. I have no recollection of making a purchase and cannot recall entering the sent OTP. I do make occasional online purchases but cannot recall such a purchase.
3 weeks later, 7 transactions of €200 appear on the same day in my FD current account. Each transaction is exchanged by the bank to £166.98. Each transaction shows as a purchase from a reputable electronic retailer in Portugal which I have never used, never visited on line and certainly never made a purchase from.
I contact First Direct immediately who say that because I entered an OTP, I am liable for all of the debits.
Can anyone offer advice please?
I have reported the fraud ( as I see it) to the Police Fraud Service who have only given me a case number.
Applepay say they only facilitate the transaction.
As I received no goods, do Mastercard have a responsibility ie am I covered?
0 -
It's not clear from your posts how you became aware of the original purchase/subscription you describe as having been made with an OTP sent to you. Was it described to you by FirstDirect when you reported the fraudulent transactions?
Were they able to give any details of this original authorisation/purchase, like who was the other party?0 -
Yes, when I reported the unauthorised transactions FD told me that an OTP was sent to me and entered by me on the 6th November. There is indeed such an OTP text message on my phone but I have no recollection or knowledge of it or what it relates to. FD are refusing to investigate unless I tell them who or what it relates to and refuse to tell me what they know or have on record. Surely they can check for who instigated the OTP whether or not I entered the number?0
-
Do you have your phone linked to any computers? E.g., with Android you can have text messages sent to your Windows PC and with Apple iPhones your Mac and iPad. Could someone have entered your number on a website and then seen the text message on another device?stevemul said:Yes, when I reported the unauthorised transactions FD told me that an OTP was sent to me and entered by me on the 6th November. There is indeed such an OTP text message on my phone but I have no recollection or knowledge of it or what it relates to. FD are refusing to investigate unless I tell them who or what it relates to and refuse to tell me what they know or have on record. Surely they can check for who instigated the OTP whether or not I entered the number?1 -
Having a OTP sent to your phone is not really the issue here, the bank are claiming that this code was then entered as a response to an authorisation request. To get this code your phone (or its contents) must have been available to whoever entered it elsewhere (and elsewhere could be anywhere in the World with an internet connection).
Do you have Phone Link installed (or whatever the Apple version is called) that allows your phone's contents to be viewed on another device?
Live alone or with others? Workplace has colleagues? What's the timestamp on the OTP text message?0 -
Could anyone else who has had this problem please respond. This has just happened to me. I was in Berlin and received a few messages from Currensea, 2 of them containing a OTP code. As I hadn't instigated this I ignored it. A few weeks later 5 x £99.99 was spent in the UK using Applepay. I reported it immediately and the bank 'Investigated' and stated that the only way someone could use Applepay is if I had passed on the OTP code received some weeks ago. I didn't and as the code supposedly is only valid for 5 minutes, there is no way anyone could have accessed this. The bank will not refund the money as they say I am liable. The main concern is that I can see others are having this same issue but the banks are ignoring it.0
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.4K Banking & Borrowing
- 252.9K Reduce Debt & Boost Income
- 453.3K Spending & Discounts
- 243.4K Work, Benefits & Business
- 598K Mortgages, Homes & Bills
- 176.6K Life & Family
- 256.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards