Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Debit / Credit card compromised

  • 12-07-2016 10:15am
    #1
    Registered Users, Registered Users 2 Posts: 4,028 ✭✭✭


    Really strange thing developed between last night and this morning.

    Short recap - I received a text from Ulster Bank services last night inquiring about some Debit Card transactions; It's not the first time and I'm familiar with their system, which seems to be fairly effective. Normally, I would get a declined transaction and the text whenever I perform a number of successive transactions (e.g. buying something, forgetting some bits in the order and having to place a second one, or booking multi-leg flights).

    Last night, the message concerned two transactions - one done at a place called "Palms Resort", for 1.74 Euro, then a Domino's "order" of 39.80 (which was refused and triggered the warning); They happened at 22.16 and 22.17 (Irish time) respectively.

    No real damage was done (just the 1.74 to the "Palms Resorts"), had the card canceled this morning and have to give props to the Ulster Bank fraud prevention system for its effectiveness. They said they're gonna pass the details to the Police, which will then get in contact.

    I'm curious to see if anyone else experienced the same transactions - I know Domino's has been a "hot spot" for CC number thieves to test their "merchandise" out; Also, one "interesting" bit is that this card was new - just sent to me in May. I haven't used it for anything out of the ordinary, just the same venues I used all my older cards with; I also never "leave" the card with anyone (e.g. give it to a waiter at a restaurant).


Comments

  • Registered Users, Registered Users 2 Posts: 24,924 ✭✭✭✭BuffyBot


    ATMS can be compromised, online retailers have had issues, chip and pin terminals/POS systems has proven not to be foolproof ..there are a multitude of ways it could happen.

    Fraud can come about from everyday use just as easy as the extraordinary.


  • Registered Users, Registered Users 2 Posts: 469 ✭✭boege


    Had card hacked a few years back. Pattern was the same. Small hit first, usually under €5 and then a bigger hit, in my case a flight to Middle East for €3k. Was told by card fraud people that first hit was a test to avoid setting off alarms.

    You card could have compromised any number of ways, including via hacking of someone's IT systems where details were kept, which is what turned out was happened can me. Big uk hobby store had database hacked.


  • Registered Users, Registered Users 2 Posts: 4,028 ✭✭✭H3llR4iser


    boege wrote: »
    Had card hacked a few years back. Pattern was the same. Small hit first, usually under €5 and then a bigger hit, in my case a flight to Middle East for €3k. Was told by card fraud people that first hit was a test to avoid setting off alarms.

    You card could have compromised any number of ways, including via hacking of someone's IT systems where details were kept, which is what turned out was happened can me. Big uk hobby store had database hacked.

    I'm currently inclined to think it must be something along these lines. I've spent half the evening checking every single transaction I made since the end of May (the card arrived to me around that time) and it's basically all the outlets I've always used with all my older cards. Nothing new, nothing "dodgy".

    I'm also very aware about the ATMs scam, have family members and friends who underwent them, so I check for skimmers and keyboard readers every single time - I'm sure somebody is gonna call the guards on me at some point because "there's somebody trying to disassemble the ATM" :D


  • Registered Users, Registered Users 2 Posts: 84,764 ✭✭✭✭Atlantic Dawn
    M


    Were the transactions both listed as POS (Point Of Sale)?


  • Registered Users, Registered Users 2 Posts: 26,295 ✭✭✭✭Mrs OBumble


    An organisation that I belong to chose one of the largest event booking and payment providers in the country to handle their event registrations.

    A few weeks ago, members were forwarded an email from that provider saying that malware had been put onto their servers in late March this year, and that as a result many people had fraudulent transactions on their cards as a result.

    Reading your post made me realise that I've seen nothing in the mainstream media about this. Googling for a link confirms this - they seem to have got away with very little publicity. Which is surprising.

    PM will be sent in a few minutes.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 4,028 ✭✭✭H3llR4iser


    So, update - 4 months ON THE DOT and the very same happens again. This time they've been a bit more daring, tried a bigger transaction which failed.

    Which means the fraud is something more or less local, most likely involving a leak in an Irish business / payment services provider or maybe even a bank.

    I'm trying to figure out what might be such source, cross referencing payment records from the last couple of weeks and those back in July. They don't seem to match at all for now, and I have ran repeated security and network activity scans for my equipment (phone and tablet were actually wiped clean), so I'm starting to suspect either a "physical" read (e.g. ATM camera) or some absolutely gigantic leak in the banking system.


  • Registered Users, Registered Users 2 Posts: 84,764 ✭✭✭✭Atlantic Dawn
    M


    Have you used the card online on your computer? Possibly malware logging your keystrokes and then sending to a third party?


  • Registered Users, Registered Users 2 Posts: 4,028 ✭✭✭H3llR4iser


    Have you used the card online on your computer? Possibly malware logging your keystrokes and then sending to a third party?

    I'm a software engineer, plenty of security always running, there's no malware. Ran deep scans, nothing found - even a network traffic analysis comes back negative (basically, there's nobody connecting to my systems).
    Besides, after the issue in July I wiped everything (computers, smartphone, tablet) clean just "in case". Said that in the previous post :)

    I have managed to obtain some data that proves the scammer is here in Ireland...too big of a coincidence to be honest.


  • Registered Users, Registered Users 2 Posts: 84,764 ✭✭✭✭Atlantic Dawn
    M


    What I don't like is after you sign docs to say the fraud was not yours the bank never gives any feedback whatsoever as to how or who caused the fraud, it's a bloody joke.


  • Registered Users, Registered Users 2 Posts: 184 ✭✭kavanada


    Check/think back if you have uploaded your card details to any online store so as to make future purchases quicker.

    Sites like Hailo, various airlines, etc., might ask you to store your credit card numbers on their server. It's like leaving your credit card down at 20 restaurants at once.

    You might be good at protecting your card physically but how good are these companies?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 4,028 ✭✭✭H3llR4iser


    Now that I think about it, there are two - the gym and the internet provider; They both work just this way, you pay with your credit card and then keep billing you on it monthly.

    Will need to run an experiment...any info on "prepaid" cards or even "virtual ones" I can get?


  • Registered Users, Registered Users 2 Posts: 9,086 ✭✭✭duffman13


    H3llR4iser wrote: »
    Now that I think about it, there are two - the gym and the internet provider; They both work just this way, you pay with your credit card and then keep billing you on it monthly.

    Will need to run an experiment...any info on "prepaid" cards or even "virtual ones" I can get?

    Get a revolut card but don't keep to much on it. Try it that way, the card is free and you can actually order more than one. Comes in handy for purchases in £ or $ aswell


  • Registered Users, Registered Users 2 Posts: 325 ✭✭tanit


    H3llR4iser wrote: »
    Now that I think about it, there are two - the gym and the internet provider; They both work just this way, you pay with your credit card and then keep billing you on it monthly.

    Will need to run an experiment...any info on "prepaid" cards or even "virtual ones" I can get?

    My vote is for the gym. If it's a small place the security they have might not be good and could be compromised very easily. Your internet provider is going to have better security basically there are more geeks. But keep us posted if you find out anything it could help other people. :)


  • Registered Users, Registered Users 2 Posts: 4,028 ✭✭✭H3llR4iser


    tanit wrote: »
    My vote is for the gym. If it's a small place the security they have might not be good and could be compromised very easily. Your internet provider is going to have better security basically there are more geeks. But keep us posted if you find out anything it could help other people. :)

    Not very small, but still a relatively local business (chain of gyms across Dublin...you can easily guess which one it is). I emailed their support giving them heads up about a possible leak, they replied within the hour saying they're gonna run a full check this week, just to be sure...


Advertisement