Debit Card Skimmed

Hippodrome Song Owl

https://www.boards.ie/discussion/comment/121602867#Comment_121602867

No I don't see any way to see the full card details on AIB app.

The payment says VDP - that's a point of sale pin payment isn't it?

Jeff2

https://www.boards.ie/discussion/comment/121602962#Comment_121602962

VDP- can be any payment made by the card whether using the pin or not.

johnnyk29

The more common possibility is MasterCard automatic biller or Visa updater keeps throwing the new card into your card on file merchants. What this does is when you're issued a new card instead of continuously updating every service (i.e. PayPal, Amazon, gym memberships) it will pass the new card information to the recurring biller or card on file merchant. Many posts about this. On paper this is a great idea unless the fraudulent transaction itself was a recurring/card on file biller. This can create a perpetual cycle, BUT all banks have a way to stop the cycle pending you get to someone competent.

If you have Netflix, Disney plus or anyplace your card info is stored I would cancel them as soon as you can.

Hippodrome Song Owl

There are no subscriptions on the card. Just salary in and Mortgage DD. I transfer money to other accounts that have bills and payments and subscriptions linked to them. I usually only use this card to withdraw cash or online with literally three retailers - Next, M&S, and Tesco. And very occasionally in person.

I was just on to AIB there and got a much more competent person than last time.

As you said above @Jeff2 the transactions are online ones on Bolt - my mistake re VDP.

As you said @johnnyk29 Bolt were literally given the new card details because it was a subscription. She said the card was blocked but not "closed".

I am livid with AIB that the card was not 100% cancelled in the case of fraud.

I was even told that if I had any payments set up through the card I would have to go update them or they would not go through anymore. Yet Bolt was given the new details so the fraud could continue.

So another week with no card and now zero trust in AIB.

Jeff2

This is an interesting thread and I like to know how they got your card information in the first place if you figure it out.

Also the fact that they could charge you new card is news to me.

You're lucky a higher amount of money wasn't taken and I think that might be down to a text from the bank about exchange rates. If it was in euros you wouldn't have got that text.

Jim2007

https://www.boards.ie/discussion/comment/121603201#Comment_121603201

This should be a serious warning for everyone: You are responsible for ensuring you understand how the financial products you use work. You need to sit down and read the documentation you received both before and after signing up. Do not make assumptions, they could turn out to be expensive.

In particular you should understand:

• The consequences of cancelling a card
• Instructing a bank to not accept any further charges against a card
• Closing an account
• What happens to subscriptions when you do any of the above three.
• How charge backs and related issues operate

As an aside, banks sell financial products and just as you can't buy a car, you need to buy a particular make and model, you can't get a mortgage, credit card, savings account and so on. You sign up to a specific financial product, with it's own terms and conditions and indeed in some cases even terms that are specific to you. Do not assume that you product is the same as the one the guy in the pub has and expect the same treatment.

coylemj

https://www.boards.ie/discussion/comment/121602877#Comment_121602877

Is it possible the old card has not yet been cancelled and will still be considered active until you use the new card? I'd go to an ATM in a bank branch and do a balance check with the new card.

If the old card has been cancelled then your bank has some answering to do if debits are still appearing when there is no active card on the account. Typically, a new card can't be used for online purchases untill it's used in an ATM or POS terminal and the PIN manually entered. So even if someone had all the details from that new card, they can't make a purchase or do anything until you activate the card.

Hippodrome Song Owl

https://www.boards.ie/discussion/comment/121605226#Comment_121605226

What more can a person do than explicitly tell the bank there is fraudulent activity so cancel the card so there can be no further unauthorised access to the account?? I even specifically discussed with the bank's agent that payments/subscriptions set up on the card would now be cancelled and I would have to arrange to pass on the new details as necessary. And as it happens I have no payments or subscriptions on the card- but the fraudster has a subscription to Bolt and AIB allowed the new card info to be passed to them despite:

A - Bolt is the fraudulent activity, and

B - they specifically told me that would not happen (card details passed on to existing subscriptions).

AIB admit they are in the wrong. It is their error.

So I don't see how your comment is of any relevance or help to me.

Glaceon

I noticed this last year when my credit and debit cards expired. PayPal were automatically given the new expiry date. I’d much rather update my details manually than have the risk of the replacement for a stolen card being automatically updated.

Hippodrome Song Owl

https://www.boards.ie/discussion/comment/121607774#Comment_121607774

This wasn't even just a new expiry/CVV, it was a completely new card with new 16-digit number and new pin. And still updated on the fraudster's chosen subscription.

Glaceon

https://www.boards.ie/discussion/comment/121607797#Comment_121607797

And that’s what scares me, that a whole new card would still get passed on.

markpb

https://www.boards.ie/discussion/comment/121607797#Comment_121607797

This is exactly how VAU/ABU works. Merchants who store your card details can opt to receive any updates to that card (new expiry, new PAN+expiry), as long as it's issued by the same bank. What fell down here is that Bolt should not have been allowed to continue processing recurring transactions against the same account, the recurring agreement should have been stopped when fraud was flagged.

markpb

https://www.boards.ie/discussion/comment/121603201#Comment_121603201

Card issuers have to try to balance convenience against security. They could absolutely decide to block every future transaction on a card once a single one is fraudulent and they could close they account and not issue any updates through Account Updater. That would definitely put a stop to fraud on that card but it would also inconvenience a lot of customers and merchants. What if you had checked out of a hotel that day and still had a pending payment or trashed the room and they wanted to bill you for it? What if you had a recurring payment agreed with someone but your payment was declined and they added a penalty to your account? Stopping account updates would make updating your card details on tens of websites much harder for you.

On top of that, card issuers make money from every transaction on your card so it's in their interests to keep your Netflix and Disney subscriptions running and to make your next Amazon purchase as one-click as possible. They want your new card details out there so you can keep spending because when people have to think about updating their card details, they might think about not renewing those subscriptions.

That’s an appalling feature having the new card automatically updated across payments. I am with Bank of Ireland and with all its faults at least when card has been compromised I always have to update all payment types with new card details. As each payment type is used and found to be outdated all I do is update the payment method, only takes a couple of minutes and the next transaction can proceed. I would be very alarmed at automatic updating across payment methods like PayPal. It completely breaches security.

The J Stands for Jay

https://www.boards.ie/discussion/comment/121604180#Comment_121604180

It's poor form that the AIB app doesn't give a push notification every time there's a transaction on the account.

Jeff2

https://www.boards.ie/discussion/comment/121627338#Comment_121627338

I mostly use my Curve card linked to my AIB card. The Curve app gives push notification and a sound on my phone if there is a transaction. I'd guess it could have been helpful in some cases like this.

cj maxx

To answer the OP , I’ve noticed strange things on a couple of my cards , which have been cancelled or refunded . The common denominator was use in the local shop and probably more importantly using in store ATM’s . I tend to only withdraw cash on bank ATM’s now and use PayPal / Apple Pay online .

JVince

https://www.boards.ie/discussion/comment/121555360#Comment_121555360

They would need to have a qualified machine within 4cm to read the card.

Virtually unknown for card to be cloned that way.

You are correct that it is likely the details were harvested months ago and then they target a time where you may not notice multiple transactions happening quickly

The recent transaction is most likely a delayed transaction from the original card.

There's plenty of card fraud. Yours is tiny. The bank won't spend time looking into it. You'll be refunded.

Jeff2

With Curve card you can switch between bank cards like front AIB or Revolut. If you turn it to Revolut card you get notified twice if a transaction happened. Once from Curve and then from Revolut.

Just saying......

cnocbui

It seems being a dinosaur and hater of bank fees may have it's coincidental advantages. I take 1500 in cash from machines in banks and keep that as a float at home, from which I keep my wallet fed, and pay cash for everything that's in person. Online would be the only attack surface I present to the world, but I mostly use Paypal there. My last quarterly bank fees were €9.

The J Stands for Jay

https://www.boards.ie/discussion/comment/121637226#Comment_121637226

Only if it's the curve card that gets skimmed, and it still doesn't work for non-card transactions

Hippodrome Song Owl

Just to update this - no further issues with the AIB card.

However today I was forced to cancel my BOI debit card as it's now compromised. It was BOI themselves who flagged it - contacted me immediately over a suspicious transaction and blocked it. Fair play to them.

This is obviously very upsetting and concerning. I have used nothing but my credit card online or in person since the last issue in early January. Its just recurring bills on this account now so this card must be compromised since before that too.

It's much messier this time as all my recurring payments (insurance, utilities etc) are on this account. I have around 15 companies to contact. Lots of payments going to bounce due to time of the month if I don't get this sorted ASAP. I'm not even sure which payments will be affected by the cancelled card and which are linked to the account rather than the card.

OrangeLavender

https://www.boards.ie/discussion/comment/121826134#Comment_121826134

If you are worried about payments bouncing, some companies allow you to pay manually when the bill comes out and then they don't even try to take the direct debit. I'm thinking of SSE and Sky but there are probably others so if you have another card, you could do that.

cnocbui

You have had two cards 'skimmed'?

Physical skimming of two cards seems implausible. I'd be on to BOI and asking if they can provide you some clue as to how you have been compromised so you know whether it's more likely a device has been hacked. It would seem it would be in their interest to assisit you in solving the security issue.

GerardKeating

In relation to compromised cards and them being replaced.

This happended to me just before i went on vacation, the bank wanted to cancel the card and reissue, but it would/could never arrive before i travelled.

But I have the cards stored in my iPhone, and it updated on the phone in about 30 minutes, so i was able to use the new card on vacation via the phone.

markpb

https://www.boards.ie/discussion/comment/121827404#Comment_121827404

I would be fairly sure BoI wouldn’t give any detail at all in that conversation. Frauds teams eat like elephants and poo like mice.

And that’s assuming they have any information to share, the fraud notice could have come from Visa or MasterCard.

Qrt

https://www.boards.ie/discussion/comment/121826134#Comment_121826134

Your direct debits won’t be affected. I can’t imagine many utilities and insurers accepting regular payments via card, rather direct debit. Much more convenient for both parties.