Fraudulent transactions
Comments
-
If the online gambling site offers poker, you sit at the same table as your fraudster mate and deliberately lose to him. Your mate has used a legit card on the site, so he can withdraw the funds he's won from you back to his card.This does of course raise the usual question of how the fraudsters would have got their hands on any winnings from this gambling activity as any winnings would have been paid to the debit card used and back into your own bank account.0 -
born_again wrote: »If the transaction has been through VbV. We have access to a system that gives you the IP address, type of device & country. This also includes a unique device ID, which we were told is fixed to the device.
In these cases.....
The bank etc will have access to your IP address at the point of transaction
This will be of your home router if you are there.
so if a dodgy claimed transaction is found to be from the same IP address as previously done transaction which had no issues the bank will be rather wary of wary of refunding without question.
It gets more complicated if your ISP is running CGNAT if they are running out of IP address blocks when a single IP address is shared out by fast computers swapping time allocations between users so it appears to the user that they are the only user on the IP address. Much like old fashioned mainframe computers managed 100 or so user terminals at once - by sequentially swapping very fast between them.
CGNAT make crime detection difficult as you need to know to the milli-second which router was connected to determine who was downloading the illegal stuff.
Now the actual device ID behind the IP address is more difficult as all the devices in the house will share the same ip address - being that of the router.
To get the device's unique MAC address cannot be done without getting you to run an activeX type program within the browser which would need specific each time permission from the browsers user to proceed.
(Crucial used to use such a active X prog to inspect your computer when you wanted to buy memory upgrades from them and they need to see what was there to start with)
They could be using browser imprinting as pseudo ID. By this I mean what fonts you have installed,what browser version, what OS, what cookies are stored, screen resolution, what addons you have etc all of which is accessible to the bank/VISA/Mastercard and can used to "sort of ID" the device the used within a certain degree of confidence.0 -
GDPR 15 relates to personal information - that is information about you.
However, you have told the bank that you did not make those transactions (so presumably, another person made them). So you have no right to information about those transactions..
You do if the data is associated with your account - you have a right to know the information that an organisation holds about you, even if it is inaccurate.0 -
You will not be given details of how this crime has been committed and I would think that the reasons why would be pretty obvious.
The OP isn't asking for details of *how* the fraud was comitted, they're asking for the point of intrusion/method of authentication - if known. Which would give an indication of which parts of their personal details are compromised.
This is the same as asking the police how the burglars broke into your house*. You're asking "Did they pick the lock or jemmy the window?", you're not asking "How do you pick a lock?".
*Clearly, in real life it would be obvious how - it's an analogy, go with the flow....0 -
So I have just been notified of fraudulant activity on my Santander account. Amongst which was a £300 transaction to Novigroup Ltd. Whilst Santander said that one payment had been stopped an earlier one had gone through and would be reported to Santander's fraud team. Whilst I am expecting this process to find in my favour and the money to be refunded Santander could not tell me much about the transaction other than it was an online payment. They could not say what data was processed to authenticate the transaction, such as Name, Address, 3 digit code, verified by Visa, OTP. This is information that I require to be able to ascertain if and where my own data could have been compromised and what further steps I need to take to other than requesting a new card.
It also raises the question of who sets the standard when it comes to processing any transaction, be it online, over the counter or by telephone. Can the retailer say "who cares, card number and three digits will do" or is it the Bank or Visa that set a minimum authentication requirement to process £300 from ones account.
From my experience online payments seem to be processed differently dependant on the retailer, the amount and who your card issuer is.
But returning to my first point can anyone recommend who I should approach to find out more detail about the transaction. It would appear that the Novigroup, Santander, Visa and the card processor (not sure who this is at the moment) would all potentially hold some or all data pertinent to the processing. Should this be a GDPR request or some other request under FCA guidelines?
Any advice greatly appreciated.
At present, most banks won't be able to tell you what method of authentication was used for an online card transaction. This is because the card processors don't pass this information on to the banks - they just say if it passed or failed.
However, under the up-coming PSD2 legislation, banks (and other card providers) will have to report to the FCA on (amongst other things) the value and volume of all online card transactions, including a break down of if they where stepped up (under SCA) or if they were exempt (and if so, what was the exemption reason).
This legislation was meant to be going in this year, but the roll out has been delayed (in part because many of the card providers weren't able to provide the banks with the information they needed to report on this). Once it's in place the banks should have more information to hand about how a particular transaction was authenticated. Whether or not they will be willing to pass this information on to customers is another matter....0 -
At present, most banks won't be able to tell you what method of authentication was used for an online card transaction. This is because the card processors don't pass this information on to the banks - they just say if it passed or failed..
Not quite true.
As we can see this as the card provider has to authorise the transaction. So things like correct CVV etc are known.
Its all shown in the security system. Incorrect CVV will prompt a decline, or a block on the security system.
I would fully expect Santander to know exactly what details were used.Life in the slow lane0
This discussion has been closed.
Categories
- All Categories
- 343K Banking & Borrowing
- 250K Reduce Debt & Boost Income
- 449.6K Spending & Discounts
- 235.1K Work, Benefits & Business
- 607.8K Mortgages, Homes & Bills
- 173K Life & Family
- 247.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards