How to prove credit card fraud???

Jimby509

There are a total of 9 transactions on my wife credit file from Oct 2024 totalling around £3000 which were taken fraudulently.  The credit card company claim that the transactions were made via our IP address therefore they will not class it as fraud and we will have to pay off the total.

A bit of background....

We have had issues with 3 CC that have had fraudulent transactions/attempts on them.  I would love to know how this happened as 2 of the cards do not physically exist as I destroyed the cards and they were used over a year ago.  However someone got their details, they must have been taken from when the card was used online all that time ago.

Card 1 had numerous large transactions stopped on them by the card security.  We closed the card account.  No damage done.

Card 2 had about £120 of transactions ( £7.50 at subway and £30 at ASOS ect) made online from random places in the UK that we have never been.  The credit card company decided defo fraud and gave the money back.  They added a credit alert to my wife's credit file to make it harder for someone to apply for credit in her name.

Card 3 I tried to use for car insurance in Oct but the transaction declined so I tried several times further.   In the end I used a different insurance provider.  I tried to log on to this CC but there was a security prevention and I was guilty of forgetting about it. 

Re card 3 I noticed the minimum payments via DD were quite large for what I thought was about a £500 balance.  My wife called and the card support confirmed there were a total of 9 extra transactions of up to £500 in Oct to random companies overseas in various currencies.  We did not make these.  

They investigated and said the transactions were made via our IP address and on at least one transaction we were sent a security code from our phone to confirm.  Due to this they would not cover the fraud.

Since then they have issued a new card due to the issues. 

We have had spam text reporting to be from the card company asking us to confirm details.  I called the card company and they confirmed it was not them who sent the text.

We also received a very unpleasant call from someone who knew our names and address reporting to be from the credit card in question.  He said the card had been compromised and wanted security details, he sounded VERY convincing.  I asked for proof he was actually was from the company and he switched and became abusive and said 'You are lucky to be alive' before putting the phone down.

I have reviewed our internet and security has been too lax.  Email and passwords found in data breaches.  I know we got hacked.  I also see that someone has logged on go my google account from a random location several times on a device we don't recognise.

I did try and make a payment in Oct but was lead to understand it did not complete.  We certainly did not get anything for it or any other of the transactions.

What do I do next?  I have tightened up security but still have this £3000 of fraudulent transactions on a credit card.  I know we have been hacked.  But the transactions went through our IP???  How do I begin to prove fraud to the credit card company?

Also I 100% know it was not anyone else in the house.  

Thanks for reading

pennyfarthing66

@Jimby509 I don't know if it will help or not, but you could try contacting

https://www.actionfraud.police.uk/

and reporting the matter to them.

SiliconChip

By all means report it to Action Fraud, a crime number may be useful when dealing with the card issuer (it would be helpful to know who the issuer is) but don't expect any action to actually be taken.

If you haven't already done it you nead to make a formal complaint to the card issuer, so that if they don't resolve the issue to your satisfaction you can escalate it to the FOS.

Jimby509

pennyfarthing66 thank you .  I will do this now

@SiliconChip I will get an crime number.  The card issuer is MBNA.

I will be making a formal complaint but feel as though I need evidence that it was fraud or they will just fob me off.

COIAHLGW

If they are correct that these transactions really did come from your IP address, is there a computer in the house that may have malware on it that needs to be scanned?
Also, ask MBNA what the IP address that the transactions came from, so you can independently verify that yourself.

sausage_time

As part of tightening your security, make sure all accounts have strong unique passwords.  Use 2FA for all accounts that support it (I use an authentication app for the sites that support it). 

For more advice (virus scans etc) this looks a useful resource:

https://www.getsafeonline.org/

Olinda99

Also you may want to delve deeper into what mbn a mean by coming from your IP address i.e unless you have a static IP address there is no such thing as 'your' IP address

You may want to post the IP address question on the techie board

eskbanker

Olinda99 said:

Also you may want to delve deeper into what mbn a mean by coming from your IP address i.e unless you have a static IP address there is no such thing as 'your' IP address

You may want to post the IP address question on the techie board

Surely they're just saying that the transactions reported to be fraudulent were made from the same IP address as others that weren't disputed?  Many consumer routers, etc, will retain the same IP address for extended periods of time even if not technically static as such.

Having said that, the burden of proof is on the credit card provider to show that the transactions were authorised by the cardholder, rather than the latter having to prove that they weren't, so IP address in itself ought not to be sufficient, in the same way that passwords or PINs aren't:

Credit card payments and overdrawn accounts 

If the unauthorised payment was made on a credit card, or from an overdrawn account, your bank can only refuse a refund if:

• You, or someone acting on your behalf, authorised the payment, or
• The person who used your payment card (including virtual cards) had it with your consent. 

The use of your password, card or PIN might not on their own be proof that you authorised a payment. 

https://www.fca.org.uk/consumers/fraudulent-payments

Olinda99

Yes agree your router will have one IP address but a router can support many devices, and just because your device made an undisputed transaction it does not mean another device could not have made an unauthorised one.

lr1277

I don't know if this is far-fetched but perhaps someone from outside your house was using your wifi, assuming your didn't have a password or it was an easy to guess password.

But that would mean they were in close proximity to your wifi and had your card details. Do you shred any papers/statements that contain card details before putting them in the bin?

Jimby509

Thank you for all of your help.  Lots of good suggestions.

The card itself was destroyed months before.  Cut into small pieces and no paper statements.  

I think MBNA mean that the same IP address was used as other legitimate transactions.

Someone would have to get the details from an online transaction?  Spyware? Also they have our phone number and address. 

I have reported to Action Fraud and they have generated a crime number.

Just collating all this before calling MBNA again.  Quite a miserable use of time.

Thanks for the help!