Credit card compromised

worlds goodest teecher

Ok, my CC has been compromised for the second time in a year. It is the same person/company putting sales through on Uber Eats. I noticed it the first time and bank replaced the card. The bank noticed last week and called me. I have a suspicion which website might be doing this but they are a fairly reputable firm.

Anyone else experience similar?

swampy353

Haven't had the same experience but if you pay using Google or apple pay, they provide the merchant with a randomised card number.

If you think it's a particular website, see if your card provider does disposable cards and just use that on the website

worlds goodest teecher

Well they jumped on this one quiet fast and rang me over the weekend. I'll have to look into using Google Pay going forward.

greasepalm

What about PayPal as would that be as good.

worlds goodest teecher

https://www.boards.ie/discussion/comment/123612919#Comment_123612919

It's an option. As I say, it is Uber Eats again so it is some company that I've used before.

Glaceon

There is a mechanism where updated card details can be provided to merchants automatically. It happened to me once where PayPal got the new expiry date. It’s not supposed to be done when a card is replaced due to fraud, but it can happen. Sounds like that could be the case here.

swampy353

That's if a card expires but if there is a fraud claim on an account, they provide a totally new card number.

Peregrinus

Ok, my CC has been compromised for the second time in a year. It is the same person/company putting sales through on Uber Eats. 

Both fraudulent charges went through on Uber Eats, but how do you know they were both put through by the same fraudster?

Glaceon

https://www.boards.ie/discussion/comment/123613640#Comment_123613640

I know of at least one case where the new number was provided accidentally and the fraud continued, was a few years ago. Another new card was issued and it didn’t happen again.

swampy353

https://www.boards.ie/discussion/comment/123613651#Comment_123613651

Wow, thats fairly poor on the CC companys' part, never heard of that happening before

worlds goodest teecher

https://www.boards.ie/discussion/comment/123613642#Comment_123613642

I don't know, it's just a feeling

worlds goodest teecher

https://www.boards.ie/discussion/comment/123613642#Comment_123613642

True, it could have been different fraudsters

worlds goodest teecher

https://www.boards.ie/discussion/comment/123613640#Comment_123613640

Thats what surprised me. Both transactions from the same source a few months apart on the original card then the replacement card

Peregrinus

https://www.boards.ie/discussion/comment/123615452#Comment_123615452

But all you have is a "feeling" that they're from the same source. Have you considered the possibility that your feeling may be wrong?

When your credit card details are compromised, they generally get sold on to somone. Someone who has bought stolen CC data will usually test it by using to do a small transaction with a widely-used merchant, to find out if the card has been stopped. So they e.g. order a modest takeaway from Uber Eats; if the order is accepted, the card details are valid. They think there's a good chance that the transaction will fly below the radar; the owner of the card won't think it is suspicious.

It's a coincidence that, both times your card was compromised, the test transaction was with Uber Eats, but not an astonishing coincidence. It certainly doesn't suggest that the same fraudster did both test transactions.

Jim2007

https://www.boards.ie/discussion/comment/123615452#Comment_123615452

The pros will validate a card by downloading an ebook or something like that from a minor site such as say a website of travel book publishing company, something that does not have custom security in place. Then they will make the big purchases as quickly as possible and ideally something that can be delivered quickly to a pickup point before you cop on…..

You need to start looking closer to home! Only a fool would order a meal delivery as a way to validate a card for a big purchase! Plus someone like Uber Eats actually has strong custom security, simply because so many try it on with them, if the order came in through their site - so it really would be a bad idea to use as validation.

You could always just ring up the shop and query the order…. something vague - can't remember much about that night.. thought you were away that night etc… and see what the come back with.

kurt_angle

what website are you saying is reputable.

Seth Brundle

https://www.boards.ie/discussion/comment/123615872#Comment_123615872

boards.ie is 100% reputable, I think

worlds goodest teecher

https://www.boards.ie/discussion/comment/123615497#Comment_123615497

The thing is over the couple of days I started to think that it is a website that I use from time to time, giving out my info.

worlds goodest teecher

https://www.boards.ie/discussion/comment/123615918#Comment_123615918

Can I name it here?

kurt_angle

https://www.boards.ie/discussion/comment/123615927#Comment_123615927

If it’s a dodgy box subscription from what it sounds like then yes your card is more than likely scammed from that. pM the site if you want.

You should only use a one time generated card number on those and never enter your actual details like name and address, just something made up

Hippodrome Song Owl

https://www.boards.ie/discussion/comment/123613640#Comment_123613640

It happened to me last year. I posted here about it. AIB updated my replacement debit card details with existing subscriptions after card was cancelled due to fraud so fraudster just started again as before. It was on Bolt in a foreign currency. I was livid with AIB.

After that (January 2024) I switched to exclusively using my credit card online and in person, as I was advised it was safer. End of Feb 2024 my BOI debit card had fraudulent transactions and had to be cancelled (BOI handled it better). Then in September 2024 my credit card had fraudulent transactions of over €1000 from Boy Scouts of America!! Fingers crossed nothing since then, but it is very concerning to have this happen repeatedly. None of the banks involved had any advice for me on how it happened or how to prevent it. I am the most boring conservative shopper so it can only be a fairly short list of major reputable retailers, either online or in person

Like the OP I've had my suspicions about a couple of places (my hairdressers - a reputable chain, and a major international fast-food delivery chain). But really I'm none the wiser.

worlds goodest teecher

https://www.boards.ie/discussion/comment/123615977#Comment_123615977

It is a whey powder site that I suspect

fritzelly

Does your CC providers app not have the option for disabling online transactions etc? I know the banks apps here are archaic, its one thing I like about Revolut being able to disable that, and the stripe and chip and pin etc

Really with revelations of companies being hacked on weekly basis I wouldn't trust any of them (big or small) to be having my card details saved or being able to dip in to them for a payment.

With the Uber Eats OP one are you sure its not your account with them that is hacked? (assume you can change delivery address)

standardg60

https://www.boards.ie/discussion/comment/123615977#Comment_123615977

As someone who's never had a card compromised this is really strange to me. What I can offer is I've never had an issue with online purchases or the (very) odd tap, but the one thing I've never done is hand my card to someone else to conduct a transaction, so that's where I'd be looking.

Hippodrome Song Owl

https://www.boards.ie/discussion/comment/123616040#Comment_123616040

I never had a card compromised before that run of issues in 2024. I have never handed a card over either. In fact the BOI debit card was never used in person at all ever.

At this stage, I've given up trying to work it out. I'm still using credit card exclusively, so at least it's not actual money that's at risk. There's nothing more I can do at this stage.

Still what bothers me the most is that every online transaction on all these cards requires me to approve in app, type in codes, and passwords. Yet none of that was required for fraudsters on cards from three different banks.

TheChizler

My wife had 3 fraudulent debit card transactions with Just Eat Ireland the other night, in and around €90 each, bank caught the third and sent a text to confirm genuine. We actually thought the text from the AIB 087 number was part of a phishing attempt and reported it as spam... Luckily we checked the account.

So the fast food theory has some merit, not sure why they'd try 3 tests though.

Glaceon

https://www.boards.ie/discussion/comment/123616060#Comment_123616060

My credit card was done last year. I have no idea how, but I was out walking and on my phone when I got a random approval prompt for Lyca phone credit. I declined the transaction and called them right away, but I often wonder how they got the details in the first place.

I rarely use my debit card online and that is why. At least if my credit card gets hacked, my bank account is unaffected.

worlds goodest teecher

https://www.boards.ie/discussion/comment/123616009#Comment_123616009

It was my bank who rang me. They suspected the transaction was fraudulent

andekwarhola

If I can't use the Revolut disposable card for a online payment, I have a Revolut CC with online payments disabled which I just enable and then disable again when finished.

I dont even carry my debit card anymore, let alone use it.

standardg60

https://www.boards.ie/discussion/comment/123616060#Comment_123616060

I would wonder if this is a solely debit card issue rather than cc which is easily reversed. Debit cards are the devil's work, I wouldn't use one either.

Hippodrome Song Owl

https://www.boards.ie/discussion/comment/123616237#Comment_123616237

Well unfortunately as I said I had over €1000 fraud on my credit card last September. But the charge was cancelled soon after I flagged it. It was a little less scary than having real money spent, but tbf AIB did refund all fraudulent debit card transactions too. BOI had nothing to refund since they flagged the debit card fraud immediately themselves and blocked it. I will stick with credit card anyway but it's not immune.