Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.
Hi all, please see this major site announcement: https://www.boards.ie/discussion/2058427594/boards-ie-2026

Thieving backstards (Thieves, and the bank!)

24

Comments

  • #32
    pickarooney
    Moderators, Arts Moderators Posts: 36,496 Mod ✭✭✭✭pickarooney


    When my card was skimmed a few years back the thieves used it to buy flights to several South American destinations. I had no problem proving that I couldn't possibly have been on any of the flights and was reimbursed by BOI with no quibbles. I presumed the thieves were a small tourist agency who had sold the flights on to some unsuspecting tourist for a higher price before actually purchasing them with my card and in their name. Nowadays it's pretty much impossible to purchase a flight with a card if the cardholder is not one of the people travelling.


  • #33
    forfuxsake
    Registered Users, Registered Users 2 Posts: 829 ✭✭✭forfuxsake


    dlofnep wrote: »
    You're simply wrong. It's called a VBV password, look it up!



    The money could be deposited into another account.



    Yes - they could fly. Anyone can pay for the flights of someone with their credit card. I paid for my mother's flights to Scotland with mine. All it means is that the scammers are obviously stupid and have a good chance of being caught.



    Oh jesus christ, you're as annoying as thrush. Why would I want to make it up? My brother doesn't gamble. Stop trolling.

    Well if the money was (which it can't be) deposited in another account then the name of that account holder is the name of the thief. THIS IS NOT POSSIBLE OR LEGAL DUE TO EU MONEY LAUNDERING LEGISLATION.

    Yes you can use the flights, now your brother has to contact the airline and ask for the name on the ticket. THAT'S THE NAME OF YOUR THIEF.

    If this was true your brother could find out the name of the thief in minutes.


  • #34
    Procasinator
    Registered Users, Registered Users 2 Posts: 1,311 ✭✭✭Procasinator


    dlofnep wrote: »
    I'm not sure if the pins are the same myself - I know mine are different, but I changed my own visa pin ages ago, and can't remember if it was originally the same as the ATM pin. Does anybody know off the top of their head?

    The reason why I'm asking is because judging by the card usage, they started scamming a few hours after he used a local ATM machine.

    The only system that I know of around VISA is the 3D Secure system, also known as Verified by Visa.

    http://en.wikipedia.org/wiki/3-D_Secure

    This system has been shown to have weaknesses (i.e. phishing):
    http://www.pcworld.idg.com.au/article/334105/

    The password used for Verified by Visa is only used for that scheme. The CCV and PIN are different.


  • #35
    dlofnep
    Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    forfuxsake wrote: »
    Well if the money was (which it can't be) deposited in another account then the name of that account holder is the name of the thief. THIS IS NOT POSSIBLE OR LEGAL DUE TO EU MONEY LAUNDERING LEGISLATION.

    Yes you can use the flights, now your brother has to contact the airline and ask for the name on the ticket. THAT'S THE NAME OF YOUR THIEF.

    If this was true your brother could find out the name of the thief in minutes.

    He has passed the info onto the Gardaí for them to find out. Not everyone has free time to play Inspector Gadget all day. He works 2 different jobs.


  • #36
    ejmaztec
    Registered Users, Registered Users 2 Posts: 24,369 ✭✭✭✭ejmaztec


    I'd pester the bank 24/7 until the feckers cracked, the sh1t-bags.


  • Advertisement
  • #37
    dlofnep
    Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    Procasinator wrote: »
    The only system that I know of around VISA is the 3D Secure system, also known as Verified by Visa.

    http://en.wikipedia.org/wiki/3-D_Secure

    This system has been shown to have weaknesses (i.e. phishing):
    http://www.pcworld.idg.com.au/article/334105/

    The password used for Verified by Visa is only used for that scheme. The CCV and PIN are different.

    Yup - that's the one bud. VBV (Verified by Visa)


  • #38
    Kensington
    Closed Accounts Posts: 3,683 ✭✭✭Kensington


    ejmaztec wrote: »
    I'd pester the bank 24/7 until the feckers cracked, the sh1t-bags.

    They're not going to do anything for you - it's entirely your responsibility to secure your VBV/3-D Secure password.


  • #39
    Procasinator
    Registered Users, Registered Users 2 Posts: 1,311 ✭✭✭Procasinator


    dlofnep wrote: »
    Yup - that's the one bud. VBV (Verified by Visa)

    Yes. But, like I said, this is unrelated to the ATM or other Point of Sale devices. The VBV only comes into place when purchasing online.

    Your brother was probably either exposed to a phishing attack, or someone got the details another way (password stored next to CC in his wallet or simply guessing the password he used)


  • #40
    dlofnep
    Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    Kensington wrote: »
    They're not going to do anything for you - it's entirely your responsibility to secure your VBV/3-D Secure password.

    And yet - they refund stand credit card fraud transactions. There's no difference, because at the end of the day - both cases are still fraud. One just involved an extra layer of security.

    I'd take my business elsewhere to be honest if a bank didn't protect my account against thieves, getting free one-ups IRL.


  • #41
    pickarooney
    Moderators, Arts Moderators Posts: 36,496 Mod ✭✭✭✭pickarooney


    It's quite ironic that the VBV is an opt-in system flaunted as being an extra level of security on your card and now it's apparently the very reason your brother has no comeback after being scammed.


  • Advertisement
  • #42
    cyrusdvirus
    Closed Accounts Posts: 3,752 ✭✭✭cyrusdvirus


    Penfold, this is AH, trolling is what goes on here!! :)

    Chip & PIN was brought in to protect the banks, and to put the onus on the retailers and customers.

    If a card is used and it is processed as a Non Chip & PIN transaction, the retailer is out of pocket.

    If the transaction is processed as a Chip & PIN transaction, then it is reasonable to assume that the cardholder is either present or has given their details to someone else, therefore the onus is on the customer.

    For someone to have obtained your brothers card & pin it is not unreasonable for the bank to assume there was not sufficient care being taken on the part of your brother.


  • #43
    dlofnep
    Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    Procasinator wrote: »
    Yes. But, like I said, this is unrelated to the ATM or other Point of Sale devices. The VBV only comes into place when purchasing online.

    Your brother was probably either exposed to a phishing attack, or someone got the details another way (password stored next to CC in his wallet or simply guessing the password he used)

    Yes, I was guessing a phishing attack myself. I asked him if he received any e-mails or text messages asking him to enter his pin but he said no. Still though - when people aren't that tech savvy, they simply trust technology too much.

    I'll ask him a few more questions late when he's finished work to try figure out how they got it.


  • #44
    44leto
    Closed Accounts Posts: 4,137 ✭✭✭44leto


    dlofnep wrote: »
    The scams began before he went on holidays. It's just that because he was on holidays, he didn't actually get around to checking his statements to actually notice he was being scammed.

    So your brother still had his card, as in the card was not stolen, I take it he took it on holidays with him. Because as far as I know it is not possible yet to copy the chip and pin cards.


  • #45
    dlofnep
    Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    pickarooney wrote: »
    It's quite ironic that the VBV is an opt-in system flaunted as being an extra level of security on your card and now it's apparently the very reason your brother has no comeback after being scammed.

    Yeah - that's the thing... If they just did normal purchases without the pin, he would be able to get the money back. So you're spot on.


  • #46
    Kensington
    Closed Accounts Posts: 3,683 ✭✭✭Kensington


    dlofnep wrote: »
    And yet - they refund stand credit card fraud transactions. There's no difference, because at the end of the day - both cases are still fraud. One just involved an extra layer of security.

    I'd take my business elsewhere to be honest if a bank didn't protect my account against thieves, getting free one-ups IRL.
    Yes, before they brought in VBV they would have just done it for you but since bringing in VBV, it pushes pretty much all of the responsibility back onto you for securing your credit card because it is up to you to secure your VBV password.
    Why do you think all the banks were in such a rush to roll it out? ;)

    All banks now follow the same hymnsheet so you'll be met with the same response no matter who you bank with.


  • #47
    dlofnep
    Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    44leto wrote: »
    So your brother still had his card, as in the card was not stolen, I take it he took it on holidays with him. Because as far as I know it is not possible yet to copy the chip and pin cards.

    It's VISA Debit - So I'm assuming they would only need the number of the card, and the VBV password.


  • #48
    wyndham
    Registered Users, Registered Users 2 Posts: 2,284 ✭✭✭wyndham


    pickarooney wrote: »
    Nowadays it's pretty much impossible to purchase a flight with a card if the cardholder is not one of the people travelling.

    What you talking bout? I do it all the time on Ryanair and Aer Lingus. Buying a flight is like buying anything else online. Who is travelling is irrelevant.


  • #49
    dlofnep
    Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    Kensington wrote: »
    Yes, before they brought in VBV they would have just done it for you but since bringing in VBV, it pushes pretty much all of the responsibility back onto you for securing your credit card because it is up to you to secure your VBV password.
    Why do you think all the banks were in such a rush to roll it out? ;)

    All banks now follow the same hymnsheet so you'll be met with the same response no matter who you bank with.

    I fear this is the case :(

    It wouldn't annoy me so much if I didn't know how hard my brother works. He's saving up so he can go to college. He's never asked the state for a penny. A genuinely lovely chap. It just angers me to see him done wrong by.


  • #50
    dlofnep
    Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    wyndham wrote: »
    What you talking bout? I do it all the time on Ryanair and Aer Lingus. Buying a flight is like buying anything else online. Who is travelling is irrelevant.

    Yup - I bought my mam flights to Scotland on my card without a problem.


  • #51
    Procasinator
    Registered Users, Registered Users 2 Posts: 1,311 ✭✭✭Procasinator


    dlofnep wrote: »
    Yes, I was guessing a phishing attack myself. I asked him if he received any e-mails or text messages asking him to enter his pin but he said no. Still though - when people aren't that tech savvy, they simply trust technology too much.

    I'll ask him a few more questions late when he's finished work to try figure out how they got it.

    Read the PC World article above that I had. It mentions some of the security problems with this system.

    The problem with phishing in this system is actually easier than typical.
    A iframe loads the verified by visa scheme, so the URL of where this is hosted is not visible.

    Hence, changing the IFRAME location with a malicious duplicate (either by XSS, MITM attack, etc) the user will not be able to look for the typical signs (URL and security lock) as they are not visible for the sub-page.


  • Advertisement
  • #52
    Kensington
    Closed Accounts Posts: 3,683 ✭✭✭Kensington


    dlofnep wrote: »
    I fear this is the case :(

    It wouldn't annoy me so much if I didn't know how hard my brother works. He's saving up so he can go to college. He's never asked the state for a penny. A genuinely lovely chap. It just angers me to see him done wrong by.

    Tis the way of the world I'm afraid :(

    Never write your pass down, never tell anyone else the pass, use your card only on reputable sites and for gods sake keep proper, up-to-date, anti-virus and security software on your PC and keep away from the dodgy sites ;)


  • #53
    cyrusdvirus
    Closed Accounts Posts: 3,752 ✭✭✭cyrusdvirus


    dlofnep wrote: »
    It's VISA Debit - So I'm assuming they would only need the number of the card, and the VBV password.

    Card number, Cardholder name, CVV code AND VBV password.

    Which is any 3 characters out of a minimum of 8. Which Have to be Alpha-Numeric


  • #54
    dlofnep
    Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    gatecrash wrote: »
    Card number, Cardholder name, CVV code AND VBV password.

    Which is any 3 characters out of a minimum of 8. Which Have to be Alpha-Numeric

    I'd have to imagine a phishing attack was involved to get those details. A simple ATM scam wouldn't give them the VBV.


  • #55
    flutered
    Registered Users, Registered Users 2, Paid Member Posts: 6,767 ✭✭✭flutered


    i used the credit union for banking, i have a top up card for internet shopping, not alone do i detest banks, i actually despise them as well.


  • #56
    cyrusdvirus
    Closed Accounts Posts: 3,752 ✭✭✭cyrusdvirus


    And in case i'm not coming across as sympathetic, i have been on the receiving end of people roaring abuse at, threatening to take my job and sue me for everything i was ever worth unless i refunded him his money which i had stolen from him, and kept up this tirade right up until i showed him the CCTV footage of a woman (his wife) making the purchase with the card


  • #57
    dlofnep
    Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    gatecrash wrote: »
    And in case i'm not coming across as sympathetic, i have been on the receiving end of people roaring abuse at, threatening to take my job and sue me for everything i was ever worth unless i refunded him his money which i had stolen from him, and kept up this tirade right up until i showed him the CCTV footage of a woman (his wife) making the purchase with the card

    LOL! Don't worry, I worked in customer service before too - I understand. I'd say he shut up fairly lively.


  • #58
    cyrusdvirus
    Closed Accounts Posts: 3,752 ✭✭✭cyrusdvirus


    dlofnep wrote: »
    I'd have to imagine a phishing attack was involved to get those details. A simple ATM scam wouldn't give them the VBV.

    yeah, but the phishing attack must have been quite comprehensive, as when using the VBV code it can ask for any one of those characters. And not even in the order that they are, i.e. it could be asking for the first, seventh and fourth characters.


  • #59
    cyrusdvirus
    Closed Accounts Posts: 3,752 ✭✭✭cyrusdvirus


    dlofnep wrote: »
    LOL! Don't worry, I worked in customer service before too - I understand. I'd say he shut up fairly lively.

    his exact words were That Fucking Bitch! followed by a hasty retreat!! :D


  • #60
    dlofnep
    Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    gatecrash wrote: »
    his exact words were That Fucking Bitch! followed by a hasty retreat!! :D

    One wonders if their marriage is still fresh.


  • Advertisement
  • #61
    pickarooney
    Moderators, Arts Moderators Posts: 36,496 Mod ✭✭✭✭pickarooney


    wyndham wrote: »
    What you talking bout? I do it all the time on Ryanair and Aer Lingus. Buying a flight is like buying anything else online. Who is travelling is irrelevant.

    My mistake. It happened me last year when I tried to book a flight for myself with my boss' credit card for a business trip. I can't remember the airline.


Advertisement
Advertisement