AIB keeps letting criminals spend money from my account

xboxdad

I believe AIB is violating my rights and privacy by giving my debit card details to companies without my consent.

Short summary of what happened:

• I noticed criminal activity going on on my account in early February
• Around 1500 EUR was stolen from my account, fragmented across dozens of smaller transactions
• These transactions went to Facebook, Netflix, Apple and other companies in various countries (in USD and other currencies)
• AIB said my debit card was compromised somehow so they cancelled the card and disassociated it from my account
• I got all money refunded, fragment by fragment
• I got a new debit card issued

Then I thought it’s all behind me.

• Exactly one month later, on the same day of the month, Netflix deducted money from my account again
• I called AIB and asked them about why did they still approve the use of my old card they already deactivated
• They said, it was my new card and it’s normal because big companies like Netflix will automatically get my new card details from the bank if I cancel my original card (“they can push payments over to your new card” - as they said)
• So this means all the original companies involved in the fraud from a month before can possibly deduct money from me again and again as they’re big companies so getting a new debit card will not stop them from charging me - and AIB will happily assist (they claim this is normal)

I was really angry about this and told AIB that I’ll switch to another bank if this happens ever again. ..but since they say it’s all normal, I don’t believe this can possibly stop.
All they did was to block my new card against Netflix. Which is not a solution. The solution is not to give my new card details to anybody without my consent.

My questions are:

• Does AIB really have an obligation to give out my new card details to companies who were involved in the fraud one month ago?
• Does AIB not have to keep my new card details secure and private?
• Will switching to another bank resolve the issue or Netflix/Facebook/Apple/whoever these criminals subscribed at will always find and charge me in any EU bank?
• Is there any law that'd protect my privacy / card details so that AIB can't just give it to companies?

Thank you.

AndrewJRenko

Did AIB tell you in writing that they hand over details of new cards?

xboxdad

AndrewJRenko wrote: »

Did AIB tell you in writing that they hand over details of new cards?

They didn't commit to anything in writing.
When they told me it's normal that some companies can just "push payments over to your new card", I asked them on the phone to provide me with a list that consists of the following:

• A list of companies that were involved in the original fraud a month ago
• A star/mark next to those companies' names that have this ability to switch to my new card automatically

They said they don't know any of this and they're only going to send an email to the fraud department to block my new card against Netflix.

.......

This post has been deleted.

FishOnABike

Close the account and open a new one, either with the AIB or another bank. The payments taken are probably linked to your account either directly or indirectly through your card.

pilly

xboxdad wrote:

Does AIB really have an obligation to give out my new card details to companies who were involved in the fraud one month ago?Does AIB not have to keep my new card details secure and private?Will switching to another bank resolve the issue or Netflix/Facebook/Apple/whoever these criminals subscribed at will always find and charge me in any EU bank?Is there any law that'd protect my privacy / card details so that AIB can't just give it to companies? Thank you.

You're accusing Netflix for example of being involved in fraud, they're not.

beauf

I don't think I would trust that account number after that. I'd close it and open another.

3_BOoYA_X

pilly wrote: »

You're accusing Netflix for example of being involved in fraud, they're not.

This is correct, someone tried to fraudulently use your old card details for a free trial /subscription. It's a visa issue not specific to your bank

https://usa.visa.com/dam/VCOM/download/merchants/visa-account-updater-product-information-fact-sheet-for-merchants.pdf

xboxdad

....... wrote: »

This post has been deleted.

The companies took the money because criminals stole the original card details and subscribed to services here and there. (in a hugely fragmented way ranging from 0.98 EUR to larger sums across multiple companies, countries and currencies).

This is not about direct debits.

xboxdad

FishOnABike wrote: »

Close the account and open a new one, either with the AIB or another bank. The payments taken are probably linked to your account either directly or indirectly through your card.

The payments are not linked to the account directly.
AIB itself told me a month ago that it's 100% about the compromised debit card and nothing else needs to be done as the payments won't go through once they deactivate my card and issue a new one.
These are not direct debits.

xboxdad

pilly wrote: »

You're accusing Netflix for example of being involved in fraud, they're not.

I'm sorry, I didn't mean Netflix is stealing.
I mean Netflix was involved in the original fraud case in a way that criminals spend my money on Netflix.
Since AIB confirmed this (and many other transactions) was due to a compromised debit card, letting Netflix or any other company seamlessly migrate to my new card defeats the purpose of issuing a new card.

xboxdad

3_BOoYA_X wrote: »

This is correct, someone tried to fraudulently use your old card details for a free trial /subscription. It's a visa issue not specific to your bank

https://usa.visa.com/dam/VCOM/download/merchants/visa-account-updater-product-information-fact-sheet-for-merchants.pdf

That original issue was already resolved a month ago.

The current issue is:

Despite the fact that I limited my debit card use to the extend that my life became pretty uncomfortable my new debit card details are still leaking out into the world via AIB itself. That's not what you need after you just went through a 1500 EUR fraud case weeks ago.

L1011

Allowing updated credit card numbers to be provided is a function of the card (and gets mentioned here a lot, when bad advice to "just cancel the card!" is given). The bank should have informed the providers in question to stop the subscriptions completely when refunding but clearly didn't.

They're still responsible for the cost, but the function is not going to be able to be disabled.

dudara

Moved to Banking & Insurance & Pensions

dudara

Fred Swanson

This post has been deleted.

.......

This post has been deleted.

Alun

Fred Swanson wrote: »

This post has been deleted.

Can they though? Isn't it down to Visa's processes, not AIB's?

_Kaiser_

Alun wrote: »

Can they though? Isn't it down to Visa's processes, not AIB's?

Maybe so, but at the end of the day the customer banks with AIB who issued the cards and the account he's having these problems with. It's up to them to resolve it.

It's not up to the customer to chase the back-end problems AIB have with their providers/suppliers. If he actually rang VISA they'd no doubt send him back to AIB anyway.

xboxdad

L1011 wrote: »

Allowing updated credit card numbers to be provided is a function of the card (and gets mentioned here a lot, when bad advice to "just cancel the card!" is given). The bank should have informed the providers in question to stop the subscriptions completely when refunding but clearly didn't.

They're still responsible for the cost, but the function is not going to be able to be disabled.

Thank you, this is very good new information for me.
Doesn't make me too calm though. Looks like I'll have to live with a pair of eyes on the back of my head from now on.

Lux23

FishOnABike wrote: »

Close the account and open a new one, either with the AIB or another bank. The payments taken are probably linked to your account either directly or indirectly through your card.

He shouldn't have to do this.

xboxdad

Fred Swanson wrote: »

This post has been deleted.

Well, this is exactly the opposite of what I was told when the original issue happened.
Customer service told me that they did detect the suspicious activity and tried to text me, but the SMS didn't go through. (I'm on the same bill pay account since 7 years now, so that issue wouldn't have occurred on my side either) ..and that they will have to cancel my card and issue a new one to stop this.

xboxdad

Lux23 wrote: »

He shouldn't have to do this.

Yeah, thanks for your understanding. It would be a major pain.. It was messy enough to deal with the card change itself.

xboxdad

_Kaiser_ wrote: »

Maybe so, but at the end of the day the customer banks with AIB who issued the cards and the account he's having these problems with. It's up to them to resolve it.

It's not up to the customer to chase the back-end problems AIB have with their providers/suppliers. If he actually rang VISA they'd no doubt send him back to AIB anyway.

Yes, and let's not forget that the theft was fragmented into dozens of different transactions. What I saw in my account (plenty) wasn't even the whole picture. They kept reading transactions into the phone for a pretty long time I never heard of / did.
An ordinary person wouldn't be able to deal with this.

Anyways, this first phase went very smoothly and I was grateful for their help.

But the second part of the story is just daunting.

The full story is like:

- Hey, we need to change your password as someone stole it and strangers are using it now!
- Huh, thanks a lot, please do it!
- Done, have a nice weekend.

Then someone uses the same password again and it still works for them...
Then you ask them:

- How is that possible that some of the original ppl successfully got in using my old password?
- Well, we gave your new password to them because they knew your old password.
- Hey, please stop doing this! Don't give my new password to anybody!
- Why not? It's normal procedure, as they can't use your old password anymore.

Makes zero sense and it does not protect me.

xboxdad

....... wrote: »

This post has been deleted.

That's what you'd expect from your financial institution.
Please see my later comments and other comments. I'm hoping it makes it all a bit more clear.

d9oiu2wk07blr5

OP, you need to escalate this to head office, the data protection commissioner and the financial regulator.

scamalert

well obvious issue with new card was that once you get new card your account number still remains the same,so whatever crap someone signed onto subscriptions would still go out whenever debit it due,so thats a clear lack of any security from AIB in this case since they should of blocked all debits.


as for case someone getting into your bank account second time it truly doesnt make sense,since well at least with other banks you have to give few secret questions before they unlock your account.Thus shows total lack of any protection,if someone pretending you, gave them a call and got password for new account.

Id be moving banks in such case,since they failed twice to notify you or do anything,to prevent it.Which given access to account is quite serious,since someone skimmed your details and will def target you again.

Also try to get cc card while its expensive option but money and security wise they actually care more when suspicious transfers are made thus usually getting call within same day to inquire if buying smth

AndrewJRenko

Lilliana Magnificent Striker wrote: »

OP, you need to escalate this to head office, the data protection commissioner and the financial regulator.

Certainly, OP needs to put the complaint in writing and get a written response, rather than working off unconfirmed information from a call centre agent.

d9oiu2wk07blr5

AndrewJRenko wrote: »

Certainly, OP needs to put the complaint in writing and get a written response, rather than working off unconfirmed information from a call centre agent.

Exactly, and I'd be contacting the financial regulator for advice before writing that complaint.

http://www.citizensinformation.ie/en/consumer_affairs/financial_services/financial_products/protection_of_consumers_of_financial_services.html

Yourself isit

It's a flaw in the process for sure. It's clearly a convenience to have your credit card monthly payments still work after an upgrade but not after a cancelled card.

TaurenDruid

Yourself isit wrote: »

It's a flaw in the process for sure. It's clearly a convenience to have your credit card monthly payments still work after an upgrade but not after a cancelled card.

This, exactly! When a card expires, it's really convenient to have utility companies carry over the subscription automatically to the new card. When a card is cancelled, that's an entirely different story!

It sounds to me as if a bank employee essentially 'ticked the wrong box' on this one and the wrong process was applied.

xboxdad

TaurenDruid wrote: »

This, exactly! When a card expires, it's really convenient to have utility companies carry over the subscription automatically to the new card. When a card is cancelled, that's an entirely different story!

It sounds to me as if a bank employee essentially 'ticked the wrong box' on this one and the wrong process was applied.

Update: I got charged again by Netflix today. So now I have to call AIB on every working day it seems. AIB told the same thing again. Automatic process. It's the Visa Account Updater program that does this to me. Even if the card was stolen/compromised, it does kick in and update your new details in all participating merchant's systems. So it's an auto-leakage of personal details with no opt-out option apparently.

..they also told me that closing my account won't help. Once that card existed, it's me who owes money and I'll be charged one way or another.

So I called Netflix and asked them directly. They did find two accounts using both the old and new (few weeks old) cards. They were very helpful and nice.

The only issue is: I'd need to call companies in Egypt, US, whereever else and find nice/cooperative customer service in each of them to make sure this all stops. Extremely badly designed system driven by VISA/Mastercard and banks. The more I learn about this, the more I feel that my privacy and rights are being violated to no end.