As human-beings, we always think things only happen to “other people” until they actually happen to YOU!!!
That was the wake-up call for me this morning when I noticed a bunch of strange amounts being charged to my account.
On further investigation it became apparent that “someone” had been fraudulently making payments on my petrol card, which as of today, totaled over R800!!!
I immediately phoned my bank and had the offending card cancelled. It looks like I will eventually be reimbursed – after cutting my card up into tiny little pieces and signing various affidavits – but the inconvenience of being without a card and the trust I’ve lost in the system will remain with me for a while.
I still have so many questions such as: How was this possible when the card was in my possession at all times? Where did the “scam” where my details were originally stolen take place? How should I protect myself in future so that this doesn’t happen again? And why did the merchants accept an unauthorised signature in the first place… why why why?
UPDATE: FNB phoned me back within seconds of me turning my current petrol card into pretty confetti. It seems that the offending card was not in fact my current petrol card, but an earlier one that was linked to a credit card that I cancelled months ago. The petrol card had gone missing, but I assumed it would be made invalid after I cancelled my credit card.
This effectively means that most of the “How & Why?” has now been answered, but I’m still confused as to how the old card found it’s way into a criminal/s hands, who only started using it a week ago, and why that amount was allowed to be charged to my new account in the first place when it deleted over a month ago?
1 Nic May 24th, 2007 at 11:53 amDude, that sucks!! It is astonishing how they could get hold of the details to do that. I have a petro card to, how, how is that possible??
When you know, blog it!!
2 Colin Daniels May 24th, 2007 at 12:44 pmNic – Don’t think you need to start stressing too much just yet. Posted more details under “update”
3 Gregor May 24th, 2007 at 11:10 pmUhhhh, the plot thickens!!!!!
4 Dominic White May 25th, 2007 at 5:30 pmIt really isn’t that hard. All they need is your number, exp and 3 digit CVV number for a “card not present” transaction. This is the same for credit cards. It’s not like anyone checks your signature, or you enter a PIN number.
In truth, it seems the bank is at fault for not cancelling the card, but you may want to check you actually told them to.
You’re lucky it was only R800, people can and do clear accounts of much more money than that.
5 Simon May 25th, 2007 at 11:35 pmColin – don’t think for a minute that they need your card. Got back from SA to find R3500 spent fraudulently on my credit card. Probably cloned when paying at a restaurant!!
6 Colin Daniels May 27th, 2007 at 9:37 amSimon – I’m sorry to hear that. Really puts a bad-taste in your mouth doesn’t it? I hope you get your money back…
It looks like banks are going to need to come up with better security measures to combat the conniving new tricks that criminals are coming up with, but it seems they are always one step ahead of technology?Maybe its finally time for retina scans and voice recognition?
7 Dominic White May 28th, 2007 at 2:33 pmThey don’t need your card. Card not present (CNP) transactions are used all the time (e.g. buying stuff over the phone, internet purchases etc.). I recommend you register for MasterCard SecureCode or Verified by Visa (scroogle for them) for that added protection. Although, you aren’t liable for much, as the CC companies/banks have deliberately allowed fraud to be fairly easy on these cards as they make more money than they loose (i.e. risk based business decision).
Also, did you cancel your credit card (physical plastic) or the account. I found out there is a difference. Also, make sure you destroy all cards you are no-longer using. A big magnet on the strip and a paid of scissors usually does the trick.
8 Noto Modungwa May 29th, 2007 at 11:14 amHi Colin et al,
A few advancements have been made (or at least in the process) regarding card fraud. These are EMV for your offline- cardholders present and 3D Secure more online / cardholder not present transactions.
EMV, is a joint initiative between Europay, Mastercard and Visa, where cards have a chip and will not require a signature but will function much like your debit card, where you enter a PIN to authorise the transaction. This should surely reduce this type of fraud /me thinks….
3D secure, pretty much the same thing but for the electronic / online world where the cardholder is not always present.
One implementation example is where after giving your card details (telephonically) you would receive an SMS which requires a response to authorise the transaction.
Another could be when entering the card details on a webstore, simply put, a url redirect to your acquiring bank occurs where you will provide the PIN directly to the bank and presto! tx autorised…
How far is S.A. ?
It’s good to know that SA banks are ready from an infrastructure point of view.
MWEB has been ready for a while too. So is UCS from a Point Of Sale switching solution side of things…
I have a copy of a 3D presentation by bankserv if anyone is interested.
…what a mouthfull…
Ever wondered how to protect yourself from ID theft and manage your credit identity? Catch me on liberatingconcepts.co.za where I will be posting related articles..
9 Dominic White May 30th, 2007 at 7:17 pmNota is right about 3D secure (the MasterCard SecureCode or Verified by Visa, I mentioned are implementations of 3D Secure). However, the problem is not all merchants will implement it, allowing the bad guys to make fraudulent transactions on non-compliant sites (in terms of the current URL redirection model).
As for the EMV, this has done well in preventing individual card fraud in the UK, but it has seen a marked increase in hacking, and given the poor state of SA merchant security, that would scare the hell out of me.
I’m off to go read, Nota’s site, sounds interesting.
10 Noto Modungwa Jun 1st, 2007 at 3:47 pmDominic, Agreed!
However if memory serves me well, the merchant takes the risk if they are not “3D Secure”. Not sure as off when exactly…
Same for EMV and vice versa for the banks. If a bank is not EMV ready but the merchant is, the bank will take the risk.
BTW it’s Noto not Nota :-)
L8r!
11 koowo Jul 1st, 2007 at 6:06 pm真是太喜欢了ï¼
very good!
12 Neon Sep 4th, 2007 at 9:08 amThere are ways to protect yourself from credit card fraud. All EMV or 3D-Secure does not help when you use your credit card online.