How do fraudsters get your bank details these days

robatwork

eskbanker said:

surreysaver said:

lr1277 said:

What puzzles me is that as well as guessing the card number, the whoever/whatever would also have to guess the CVV for which there are 999 possibilities. 

1000 possibilities. You are forgetting 000

Mathematically yes, but is 000 ever actually used for this purpose?

I have a working theory based on pure speculation that the algorithm that generates CVVs prevents 3 identical digits. So no 000 or 999 or similar. Anyone have a CVV that is 000, 111, 222 etc?

Come to think of it I've never had a CVV that has 2 repeating digits either. 

pseudodox

@bobblebob
I think in your case it was you that saw the fraudulent transactions on your account, whereas in mine they were spotted by the bank.  Certainly they were not on my account that morning or I, like you, would have queried them at once.  And because the bank acted so quickly they never did appear.  First I knew about it was when bank contacted me & asked if I had just tried to pay a very specific amount.  When I said no they immediately gave me the Fraud Dept number & told me to speak to them.  The wheels then went into high speed motion at their end.  I just assumed whoever the scammer was they had fallen at the passcode hurdle, but that raised a red flag.

Sounds like they immediately reversed the amount on your card as soon as they had checked it out.

I now recall I once had a strange 10 pence go off my card.  I did query it, but was assured it was a test amount on a new DD payee I had set up & within a day or so it vanished & the full correct amount was taken.

HillStreetBlues

robatwork said:

eskbanker said:

surreysaver said:

lr1277 said:

What puzzles me is that as well as guessing the card number, the whoever/whatever would also have to guess the CVV for which there are 999 possibilities. 

1000 possibilities. You are forgetting 000

Mathematically yes, but is 000 ever actually used for this purpose?

I have a working theory based on pure speculation that the algorithm that generates CVVs prevents 3 identical digits. So no 000 or 999 or similar. Anyone have a CVV that is 000, 111, 222 etc?

Come to think of it I've never had a CVV that has 2 repeating digits either. 

I've had a few 2 repeating, so they certainly do that.

Zanderman

robatwork said:

eskbanker said:

surreysaver said:

lr1277 said:

What puzzles me is that as well as guessing the card number, the whoever/whatever would also have to guess the CVV for which there are 999 possibilities. 

1000 possibilities. You are forgetting 000

Mathematically yes, but is 000 ever actually used for this purpose?

I have a working theory based on pure speculation that the algorithm that generates CVVs prevents 3 identical digits. So no 000 or 999 or similar. Anyone have a CVV that is 000, 111, 222 etc?

Come to think of it I've never had a CVV that has 2 repeating digits either. 

Sorry to bust your theory but I have a cvv that is 666. The number of the beast, so very easily remembered.

robatwork

Zanderman said:

robatwork said:

eskbanker said:

surreysaver said:

lr1277 said:

What puzzles me is that as well as guessing the card number, the whoever/whatever would also have to guess the CVV for which there are 999 possibilities. 

1000 possibilities. You are forgetting 000

Mathematically yes, but is 000 ever actually used for this purpose?

I have a working theory based on pure speculation that the algorithm that generates CVVs prevents 3 identical digits. So no 000 or 999 or similar. Anyone have a CVV that is 000, 111, 222 etc?

Come to think of it I've never had a CVV that has 2 repeating digits either. 

Sorry to bust your theory but I have a cvv that is 666. The number of the beast, so very easily remembered.

Happy to have the theory busted, and by beelzebub himself.
When people call you the GOAT, they really mean the goat!

pafpcg

eskbanker said:

surreysaver said:

lr1277 said:

What puzzles me is that as well as guessing the card number, the whoever/whatever would also have to guess the CVV for which there are 999 possibilities. 

1000 possibilities. You are forgetting 000

Mathematically yes, but is 000 ever actually used for this purpose?

Yes, 000 can be used for the CVV - my partner has such a card issued by a Lloyds-group bank last year.  We queried it in the branch and were told it's a valid three-digit number.  Fortunately, the card's purpose is only for back-up if we hit the credit limit on our main credit card - it's stored in a locked filing cabinet behind a door marked "Beware of the leopard".

born_again

friolento said:

pseudodox said:

   First 8 digits of the card number are not personal so a computer only has to compute the last 8 to get a number that works. 

The card number is not sufficient to make a purchase; at a minimum, they also need the expiry date and the CVV, perhaps also the name. Many purchases also need authorisation through the card provider's app. I can't imagine that the potential for organised crime by fraudulent credit card is very high.

When these groups get compromised card details from retailer hacks.
Exp date will be part of that & if it has expired it is a easy guess for the new one.
CVV is not required for all purchases (Amazon etc)

Card fraud is massive. Mostly due to retailers lack of security.

There is also brute force used to generate card numbers once they get a known live card.