Yet Another Cycling Forum
General Category => Audax => Topic started by: daniele on 11 December, 2011, 06:31:13 pm
-
TO: PBP2011 RIDERS
Dear all,
apologies for the disturbing news.
Please check the balance of the credit/debit card that you have used to register for PBP2011.
It seems that several PBP participants have found bad surprises on their accounts, all around the world.
Some japanese and australian riders have started to talk about it on some Google forums:
http://bit.ly/ulFr8O (http://bit.ly/ulFr8O)
http://bit.ly/uxOv4G (http://bit.ly/uxOv4G)
A long list of italian riders have suffered losses and discussing the matter here (sorry, in italian only):
bit.ly/u5gu02 (http://bit.ly/u5gu02)
The provider of the payment service for PBP was "KlikandPay.com" and it is likely that your details are still on their servers.
An account with your address/card details was automatically created at the time of (pre-)registration.
(from the following link:
http://www.klikandpay.com/clients/index.cgi (http://www.klikandpay.com/clients/index.cgi)
you can recover your password by asking to send it to your registration email address by following the link "forgotten your password?" on the menu on the right);
I have deleted mine today, but it seems too late now...
Good luck to everyone.
Kind regards,
Daniele (AUK G6624)
-
Cheers. :thumbsup:
Just deleted my account, I think. ???
I went into "My details" or whatever it was, deleted all the info in all the boxes, clicked the "update" box. It still had my info of my PBP transactions. So I logged out, then did the "forgot my password" thing again, typed in my email address and it said that it didn't recognise it.
I reckon job done.
-
I pre-registered but did not qualify so did not ride. But in May I was contacted by my bank and told that a small payment by my credit card had been turned down. It seems small payments are attempted to see if the card is valid, then larger sums are stolen. I had that day been to the dentist and made a credit card payment so informed them. My old card was destroyed and a new one issued. I assumed it was the dentist's payment system. Now I'm not so sure.
-
In the help pages there is a reference to the 'close account' page but I could not find it. I've emailed for advice.
-
Fraud was attempted on mine towards the end of November but the bank blocked it. I had to go through the PITA of getting the card cancelled and reissued.
-
Mine went on simonp's card so I can't blame my most recent card fraud episode on this (the 3rd in a year on that card!) :-[
-
The links given by Daniele are worth looking at. The Italian one seems to have only three or four people commenting in it, and contain an interesting English summary of a request by the ACP for more details, which people may be able to supply. The Australian one is a warning from the Japanese. So we have a handful of people commenting. My Italian is not up to a decent translation but I bet someone will be along in a minute who can do it. My next question is whether the numbers complaining about being affected are greater than those normally affected by credit card fraud, and what the evidence is tjat PBP registration is a cause. And come to think of it, I'd be surprised if a payment company suffered this sort of fraud as they would instantly be out of business, for ever. But still, it's always worth looking at the credit card bills, innit?
-
The links given by Daniele are worth looking at. The Italian one seems to have only three or four people commenting in it, and contain an interesting English summary of a request by the ACP for more details, which people may be able to supply. The Australian one is a warning from the Japanese. So we have a handful of people commenting. My Italian is not up to a decent translation but I bet someone will be along in a minute who can do it. My next question is whether the numbers complaining about being affected are greater than those normally affected by credit card fraud, and what the evidence is tjat PBP registration is a cause. And come to think of it, I'd be surprised if a payment company suffered this sort of fraud as they would instantly be out of business, for ever. But still, it's always worth looking at the credit card bills, innit?
CRC is not out of business. I had my debit and credit card out of commission simultaneously last year just before Christmas leaving me unable to do Christmas shopping because of the fraud carried out by their ex-employee. I've since then never used my debit card online other than when forced to, i.e. to renew VED, because you cannot pay any other way.
-
ummmm....well it might be related, but I got a call on Friday morning before I left for work asking if I'd authorized payments for five thousand pounds to a company called X in the last 2 days. "Eh, no, I don't recall that". Logging into my account as I spoke to the woman on the end of the fraud line it was clear to see I'd just had the entire contents of my account emptied in the last 2 days. I keep about 5k in there for work purposes. They put a couple of small payments through first to see that the card was active then wallop, went in for the whole lot! Totally cleaned out.
I am so not on the case with anything related to finance, I would never have noticed until the cashpoint started saying no!
What was perplexing, looking back over the past few weeks of purchasing history, there was the absolutely nothing suspicious. Really odd. Same petrol station, Sainsburys, wood yard, Wickes, Amazon etc so I assumed that people can get access to card details further down the line, deep into the dark recesses of data storage, whatever that might look like.
Thanks for your post Danille, that might [possibly] be mystery solved :)
[Note to self: wake up and get a credit card for online activity]
-
I canceled my card (and had a new one reissued) for other reasons anyway so it won’t affect me. :)
Anyone who paid on Egg Money will be safe as their cards were replaced by Barclaycard in early Nov (assuming the fraud was recent).
-
Got the same problem with my credit card in Germany.
My bank noticed the irregularities and got a new card without loosing of money.
-
Cheers. :thumbsup:
Just deleted my account, I think. ???
I went into "My details" or whatever it was, deleted all the info in all the boxes, clicked the "update" box. It still had my info of my PBP transactions. So I logged out, then did the "forgot my password" thing again, typed in my email address and it said that it didn't recognise it.
I reckon job done.
did you do that on the pbp website or the klikandpay website?
What account did you close... ?
I can't find any way to log in to the pbp website.
-
Well, I went in to my details etc. and there were no bank details quoted anyway,
So I put a load of rubbish in to make sure, remied my name etc.
-
Another one done! I'd been especially careful (I'd thought!) with this card since my details being hacked when using Wiggle, CRC, Paypal and 2 other non-cycling companies - i.e. 5 times in 4 years. My CC company rang last week to say someone had tried to use my details - this explains it!
-
It's always worth checking your card, but I'd be a little wary of saying that it is definitely the PBP card processor's fault. 5000 people entered PBP, there's a reasonable chance that if you take any group of 5000 people who travel and use their cards online then quite a few will be subject to card fraud.
The Japanese group may well have had other things in common - e.g. using the same travel agent, staying at the same hotel in France, using the same restaurant/bar pre/post ride, even using their cards at the same place on one of their qualifiers in Japan (assuming that there are not that many 600s running in Japan).
The PBP card processor may be at fault, but they may be completely innocent.
-
I'd only used that particular card for 3 transactions, so there's a 33% chance of it being KlikandPay. With the above information I'm inclined to increase the odds to nearer the 100% mark.
I suggest that people keep an eye out for unusual activity on the account they used for this. With the CRC fraud earlier this year it was many weeks after the compromise that accounts started to be hacked.
-
It's always worth checking your card, but I'd be a little wary of saying that it is definitely the PBP card processor's fault. 5000 people entered PBP, there's a reasonable chance that if you take any group of 5000 people who travel and use their cards online then quite a few will be subject to card fraud.
The Japanese group may well have had other things in common - e.g. using the same travel agent, staying at the same hotel in France, using the same restaurant/bar pre/post ride, even using their cards at the same place on one of their qualifiers in Japan (assuming that there are not that many 600s running in Japan).
The PBP card processor may be at fault, but they may be completely innocent.
+1
I travel a fair bit and I fairly often get fraudulent transactions; one hotel in Cologne I now avoid as it always resulted in a new card being needed.
Just the luck of the draw I'd say. Select 5000 random people in Paris in a given week and no doubt a fair few will get their cards cloned.
-
Similar story here. The Friday before last I got a phone call from the bank - "Did you just request a large money transfer from your credit card account?". Account blocked, new cards issued.
-
I heard the same thing from a friend in Audax Kanagawa. A dozen or more Japanese riders had the credit card numbers used for PBP registration stolen.
-
Whilst I didn't do PBP, I did pay for Fungus.
Klik&Pay does not have details for any of my e-mail addresses I could have used. Any ideas?
On the phone to Barclaycard, I suppose.
-
Thanks for the heads up!
Just changed my pwd (the idiots mail it to you in plain text....aargh) and deleted my email address.
Of course, this doesn't actually guarantee that the details are gone from their server, there's probably an audit table or backup somewhere.
-
K&P have come back to me to confirm my account is closed.
They are aware of English & German Audax users closing their account, commenting, "Klik & Pay is processing payments since 10 years without any trouble and we present all guaranties for a payment gateway. We are PCI/DSS, Verified by MacAfee. We are also ISO 27001 and the gateway is under Thawte certificate. All these securities are the guaranty of non hacking of information on our gateway."
I'm not aware of any issues with my credit card account but feel it is good housekeeping to close the K&P account. The only reason for opening the account was to enable PBP payment and it is unlikely I will use it for another four years.
-
One issue may be that KlikAndPay sent out the login info & password by email, in the same email. That's not exactly secure...
-
I paid the PBP for myself and a friend with the card that someone got some flight tickets with last week - without prior testing the waters, which I find a bit odd. Caught it myself two days later when checking my bank balance and had the card invalidated right away.
-
Well, I went in to my details etc. and there were no bank details quoted anyway,
+1. I removed my address details but there's no financial info there. No obvious way to delete the account though
-
i used my Credit card with klik and pay and I don't see any trace now of the CC number, issue date etc etc on the klik and pay site
-
The links given by Daniele are worth looking at. The Italian one seems to have only three or four people commenting in it, and contain an interesting English summary of a request by the ACP for more details, which people may be able to supply. The Australian one is a warning from the Japanese. So we have a handful of people commenting. My Italian is not up to a decent translation but I bet someone will be along in a minute who can do it.
I haven't read the Italian forum but an Italian chum emailed me today saying 'almost 90% of our riders who went to paris had their credit card's stolen online'. Make of that what you will.
(Nothing untoward has happened to mine since I had my pocket picked in Buenos Aires - they extracted my wallet, took the CC, replaced the wallet in my pocket, then went on a £3000 spending spree.)
-
If the fraudsters have your details then closing the account with the payment company will be a bit like closing the stable door after the horse has bolted. I think it might be best to just change your credit cards.
-
This is interesting. Just last week, my card was used for a series of fraudulent transactions. Happily, the bank spotted it :-)
-
Yes, I was done too, last week. There were no bank details on klik and pay site, but have removed everything I could.
-
Yup!
There was an attemt to use my details last week.
New card on the way.
Nothing to remove from Klic & pay site in the way of card details.
Unless they have already been syphoned off.....
Looks like quite a scam - card details from all over the world.
I suppose this thread has higlighted the common denominator......
-
I had a look on Klik and Pay and there were no details on the card I used etc. - but it looks increasingly likely that something in their world has been compromised.
I garbled up my details, and then possibly deleted my account.
For some reason, and I never do this normally, I think it was because I was instructing someone on the phone when I did my registration, I used my debit card on my main current account :facepalm: - so, seeing so many people being hit, I've cancelled the card as I am away from Internet for the next few weeks and can't be checking the account regularly.
I just hope all of those that have been hit get things sorted out easily enough (especially VB). Bloody awful thing to happen.
-
nothing suspicious on my account (yet), i've deleted my details from klik&pay yesterday, might be too late if these details are already in wrong hands.
-
Have emailed my bank to advise them/ask advice, so will be getting a new card I suppose. No untoward activity so far on the DR card. However I also used the credit card (for the balance payment) so will contact them asap.
-
To follow up. There WAS an unauthorised payment on my credit card last Friday, (£200) so I have asked for a new Cr card number....
-
Deleted my details yesterday but clearly not before £30 had been taken, as a test I suppose. Card now cancelled.
-
Me too. Call came in from the CC company a couple of hours ago. Already knew what they were going to say before they started.
Test transaction for 34p followed by a couple of £900ish charges. All declined and a new card is on its way.
Rob
-
I emailed Klik&Pay and suggested they review their security. I also got the fob-off reply asking for large amounts of data which will probably put any potential litigants off (it certainly has me!).
I hope they go down the CRC route and offer goodwill payments.
-
I don't think that deleting your details now will make any difference (though it won't do any harm). The records will have been stolen ages ago. When one of my cards was done a year or two ago their anti-fraud people told me it was usually several months between the use of the card with a particular retailer and the fraud (while they wouldn't confirm it to me, it was fairly clear they knew where the breach of security had occurred). Whether this is how long it takes to sell the records on, or whether it is a tactic to make it harder to trace the theft I don't know.
I assume you are all telling the relevant card companies what you believe to be the source of the problem?
-
I assume you are all telling the relevant card companies what you believe to be the source of the problem?
Yes
-
Thanks all
Nothing apparent yet and have alerted my credit card company suggest all do same.
-
2 or 3 'pending' items I may not recognise (certainly don't recognise the 2 x £1) .
Card cancelled just in case.
Anyone care to take a bet on the fraudsters waiting for the Christmas rush when most people won't recognise the extra spending until they check their January statement? Very poor odds available............
-
From: <inscription@paris-brest-paris.org>
Date: 2011/12/13
Subject: PBP 2011 - Fraude cartes de credits
We would like to inform you that some PBP entrants informed us about a fraud (November and December 2011) with their credit card used during their registration. There is no formal link between PBP and these frauds. We have no data about credit cards and our provider, Klik & Pay, is processing payments since 10 years without any trouble. He presents all guaranties for a payment gateway.
Nevertheless, if you suspect a fraud, please contact us at: info@paris-brest-paris.org
-
I've been done too two bookings @ 526€ to western union....Klik & Pay obviously isn't the most reliable partner >:(
-
My statements look OK. As it happens my K&P CC expired in November and the impression here is the fraudulent transactions date from December?
-
in Germany you have to press charges to get you're money back from the CC company, it takes at least six months before the get around to processing your claim.
-
A quick count on this thread shows about 20 AUKs have had their cards done but nothing showing up on my card yet. Phoned my credit card provider this morning and explained the situation but they seemed pretty relaxed about it, not seen anything abnormal so didn't see any reason to change my card.
I'll be checking my online statement every day for the next wee while. ::-)
-
I haven't noticed anything untowards so far but am keeping a close eye on my account.
Has anyone experienced problems with a debit card or has it ony been credit cards?
How does one delete the K&P account? There is mention of a cancellation site in the Q&As but I have yet to find it.
-
Is there any alphabetical or dossier number link to these incidents? Should those with higher numbers or later initials be wary for longer?
-
I was just checking through statements etc. and I had a little conspirational thought on other possibilities for the fraud. The only other common denominator might have been Maindru - the photo people?
I'm not making the suggestion that it was - but it's another possibility. Of course, if anyone that has been hit didn't buy the photos, then that shuts that idea down pretty quickly.
However it happened, it's clearly a large breach and needs a bit more of an open response from PBP other than 'it's not us and K&P have been fine for 10 years'. Just something along the lines of 'we're looking into it' would be a little less defensive!
-
... The only other common denominator might have been Maindru - the photo people?
...
I bought a couple of photos from Maindru, but on a different card which hasn't been hit (yet)
-
I didn't buy any photos so Maindru is probably not involved.
-
That's (sort of) good news - I just thought it could be the only other common denominator.
-
in Germany you have to press charges to get you're money back from the CC company, it takes at least six months before the get around to processing your claim.
Wrong bank (Postbank?). Mine removed the wrongful claim while I was on the phone to them (noticed it myself), I was just asked to send am additional written and hand signed statement about this.
I did not buy any photos from Maindru either. The only other thing I paid for with the card while in Paris was the hotel.
-
Datameister's cc looks to have been hit by 2 or 3 small transactions (SORRY mate!!) :-[
So nothing to do with anyone other than Klik & pay.
Just checked my debit card account & it looks ok so far, I'll keep an eye on it over the next week or so. My klik & pay log in has been disabled - not that it makes any difference.
-
in Germany you have to press charges to get you're money back from the CC company, it takes at least six months before the get around to processing your claim.
Wrong bank (Postbank?). Mine removed the wrongful claim while I was on the phone to them (noticed it myself), I was just asked to send am additional written and hand signed statement about this.
I did not buy any photos from Maindru either. The only other thing I paid for with the card while in Paris was the hotel.
it's not really the bank's fault (Sparda) it's Mastercard. I didn't buy any Maindru photos either.
-
Is there any pattern to the purchases made by fraudster?
I can't spot anything suspicious (apart from someone making lots of purchases on Wiggle...but I'm the prime suspect I think)
-
cancelled my credit card - although it had not been hit so far.
-
Is there any pattern to the purchases made by fraudster?
I assume the card details get sold to lot's of different people who then make the bookings. I can only hope the money was used to feed hungry mouths in East Africa and not buy weapons or drugs :-\
-
I tried to delete my details from Klik+pay.
Worryingly enough, I only got 2 shots at trying to enter my password at login before their system locked me out. Should have been allowed 3 goes, so perhaps someone else had already tried before me? :o
So, cancelled my Mastercard 5 mins ago!
-
I think I'd wait to see if I had a problem before cancelling a card.
It's not a major hassle; if it's a UK credit card then you get a refund PDQ. In fact the biggest part of the hassle is cancelling the card and waiting for a new one. Happens to me once a year, on average.
-
I haven't noticed anything untowards so far but am keeping a close eye on my account.
Has anyone experienced problems with a debit card or has it ony been credit cards?
How does one delete the K&P account? There is mention of a cancellation site in the Q&As but I have yet to find it.
I would be more concerned about possible debit card fraud than cr card-after all, its your actual cash they could clear out. This has happened, see earlier entries in this thread. I was concerned but my bank assures me that I had a new card issued in July (with new numbers), so the DR card number they hacked ( along with the CR card number that had a fraudulent charge last Friday) is no longer valid, as the number was changed after I paid the deposit for PBP in March.
For peace of mind I would at least email your bank, and maybe consider requesting a new card number.
It is only possible to delete your address details from K&P, as far as I know. The Cr card details are hidden. anyway, its too late as the data theft has already happened.
-
Another 'victim' here - same pattern as the rest of you, except no small initial transactions i can see, just one attempted payment to Universal Studios in the US for around £800. It was a credit card payment and flagged as a potential invalid transaction, then subsequently declined once I'd spoken to them. This was all last week, I ordered a new credit card and thought nothing more about it.
Then, I got an email from the PBP organising committee about this, around the same time as I found this thread.
Looks pretty certain now that this is a Kilk and Pay security issue. As the previous poster states, credit cards are better protected in cases such as this, debit cards appear more vulnerable. Oddly, i used my Company Credit Card
to pay for this - not sure what i'm going to claim it as for tax purposes...entertainment?, travel?
-
I haven't noticed anything untowards so far but am keeping a close eye on my account.
Has anyone experienced problems with a debit card or has it ony been credit cards?
How does one delete the K&P account? There is mention of a cancellation site in the Q&As but I have yet to find it.
I think Von Broad (p1) was a debit card
-
I haven't noticed anything untowards so far but am keeping a close eye on my account.
Has anyone experienced problems with a debit card or has it ony been credit cards?
How does one delete the K&P account? There is mention of a cancellation site in the Q&As but I have yet to find it.
I think Von Broad (p1) was a debit card
Yes, that'll teach me. [That's my pension fund in there :D ....really :facepalm:]
The entire £5350 was removed [paid back on Monday].
Must Will get a CC sorted.
Mine you, rather naively I was under the impression that you had the same protection with a DC as you do with a CC when making online purchases. The woman from the card fraud department kind of confirmed my assumptions on this but I forgot to ask her other questions I've had knocking about.
One thought I had was: the first £280 that they took to test the account would have gone unnoticed by me, [had they known the kind of person they were dealing with they could easily have bled me dry very slowly before I began to notice anything suspicous], so if the software doesn't pick up the smaller fraudulent transactions, what kind of time period have you got [both with a DC and a CC] before the bank/CC company turns round and says, "sorry, that was months ago, can't do anything about that now".
Kind of fascinating really, both from the point of view of an aspect of modern criminality and the software used by the Banks to monitor spending activity of each and every one of us. Some mind boggling stuff going on down those phone lines!
-
Phoned the bank today and, after explaining the situtation, got the advice not to do anything for the time being and to keep an eye on my account.
Makes you a bit nervous though.
-
This has reminded me of a precaution that I used to take in the early days of online purchasing, which is that I had a credit card with a low limit on it (in those days £300), which I used only for online or phone transactions. I might re-visit that idea, albeit with a higher limit.
I got the idea from my old boss - the first chairman of the Financial Services Authority!
-
How does one delete the K&P account? There is mention of a cancellation site in the Q&As but I have yet to find it.
I logged on to the website and used the 'contact us/mail' facility to request the account to be closed. They got back to me next day confirming the account had been closed..
-
How does one delete the K&P account? There is mention of a cancellation site in the Q&As but I have yet to find it.
I logged on to the website and used the 'contact us/mail' facility to request the account to be closed. They got back to me next day confirming the account had been closed..
Worth a try, but they've probably allready got the information they need.
If you have a debit card, like me, then they are very easy to cancel. I just cancelled mine, having just discovered my account is a bit light and seeing some paymetns that I certainly didn't make. I phoned the 24 hour "Lost or Stolen" number from my statement.
I'll have a new card in about 5 days. Apparently, I could draw out cash over the counter at a bank.
I'll take it on the chin and as a prompt to get a credit card, like I should have done years ago.
It does make me wonder who takes these payments when they can't have had a physical card with them, unless they had a clone. I usualy need a password for on-line shopping with my card. It was used for T-Mobile and a restaurant. Maybe they got my on-line password too.
I can possibly understand an on-line payment for T-Mobile, but not a restaurant. I'd have thought that would be paid via a Chip'n'Pin machine. ???
I wonder if the police would be interested in collecting evidence? It seems like a pretty big criminal organisation to me.
-
This has reminded me of a precaution that I used to take in the early days of online purchasing, which is that I had a credit card with a low limit on it (in those days £300), which I used only for online or phone transactions. I might re-visit that idea, albeit with a higher limit.
I got the idea from my old boss - the first chairman of the Financial Services Authority!
That's what I do. PO Mastercard is a good one to use as it still doesn't have additional currency charges, so it's useful for payments overseas. Run by Bank of Ireland, and (from my one experience of such things so far) their anti-fraud is pretty good. Replacement cards arrived very quickly, too.
-
I fired off a quick reply to ACP's email, and recd this reply, plus questionnaire form asking me where else I had used my credit card around the time of PBP. Not sure I can remember that - I was probably too sleep-deprived... :)
Hello,
Thank you for your kind answer.
We manage this issue very carefully to know the number of people involved and to identify possible sources of fraud. For now, misuse on our side looks impossible because the Audax Club Parisien has never had access to credit card numbers and our service provider is subject to strict security checks. But we must be open to any solution.
Could you please complete the attached form to help us solving that issue?
Best regards,
Jean-Gualbert FABUREL
Audax Club Parisien
2 rue des aulnes
78920 ECQUEVILLY
+33 1 34 75 98 57
www.audax-club-parisien.com
www.paris-brest-paris.org
-
It turns out that whilst there was dodgy looking "pending" stuff on my credit card, these were 'holding' transactions used by some online retailers when the final payment amount is not fully known.
All transactions on my card (regrettably or not) look like they are mine, and with my card being now cancelled and reissued I can hope that I have dodged this particular bullet.
On the other hand, it could be an indication that the PBP registration might not have been the culprit, but another retailer possibly close to all those starting (or finishing, or riding along the course of) PBP? Being a lazy git, my card didn't physically get near PBP at all.
-
Oddly, i used my Company Credit Card to pay for this - not sure what i'm going to claim it as for tax purposes...entertainment?, travel?
"Training" surely?
-
On the other hand, it could be an indication that the PBP registration might not have been the culprit, but another retailer possibly close to all those starting (or finishing, or riding along the course of) PBP?
I don't think so. It seems increasingly clear that it's the PBP registration client (Klik&Pay) that were compromised, as I and many others didn't use any other services associated with PBP.
Anyway, PBP are doing the right thing and doing detailed analysis of what happened. I have also filled in and returned their analysis form, and suggest others do the same if asked to do so.
-
This has reminded me of a precaution that I used to take in the early days of online purchasing, which is that I had a credit card with a low limit on it (in those days £300), which I used only for online or phone transactions. I might re-visit that idea, albeit with a higher limit.
I've tried to get both my AmEx and Mastercard constrained to a low limit in the past. But the idiots who think they know better keep upping the credit limits on them. In the end, I gave up arguing with them, despite this being for their benefit, as much as mine!
As they said, they are the one's with the insurance so they'll reimburse me. OK by me, as I pay the cards back in full each month, but those succumbing to the high AER credit rates are really the ones who pay for this.
Now I just keep one current/debit account open solely for online use, with a zero overdaft limit, a very low balance and top it up only when I expect to need it, or to use it to transfer to PayPal. Or only use the credit cards online. Sometimes, such as now whilst I'm awaiting my new Mastercard, you need to keep some options open. :-\
-
A quick count on this thread shows about 20 AUKs have had their cards done but nothing showing up on my card yet. Phoned my credit card provider this morning and explained the situation but they seemed pretty relaxed about it, not seen anything abnormal so didn't see any reason to change my card.
I'll be checking my online statement every day for the next wee while. ::-)
Don't need to check my statement any more - CC company just phoned to ask if I'd try to use the card to buy something worth £500 from Woolworths.co.uk. I hadn't - I didn't even know Woolies still existed. Card cut up and new one in post. Bit of a nuisance as I'm going on holiday soon and I'd like to have a credit card to take with me.
-
Just phoned with my bank. They directly transfered me to the fraude department ;). Had a long conversation with the guy there, no strange transfers from my creditcard, luckily. Despite that my cc was repaced this summer as a regular replacement he advised me to block my card and they're going to send me a new one. In fact he was glad that I contacted them before any harm was done.
-
VeloYellow's card was hit to the tune of about 400 GBP. More than 10 other Australian PBP entrants also (that I know of). All in December. VY's was Australian mobile phone shops and I think an electronic store. Card now cancelled.
-
I've had a call from my bank today - someone tried to use my card for over £400. Luckily it was stopped.
If they're going through the alphabet they must be on 'W' by now!
-
add me to the list, got the phone call today several attempts made to buy goods in the last 48 hours,
but seeing this thread a couple of weeks ago i'd already shifted my money elsewhere !
-
Today I tried to use my debit card and found it was blocked, and couldn't even get any cash out with it. Checking the account there are 3 payments in the last 4 days I haven't made:
PWR events £211
Odeon Bookit £14.70
Paypal RCG Ltd £498
I had thought that the card I had used to add the Gillet to my PBP order had been my Egg Money card that has since been replaced by a BarlayCard anyway, but on checking back statements I see a payment in June I made for £17.99 to AUDAX CL. It is actually the only payment on that account in the last 6 months that is not a direct debit, cash withdrawal or credit, so there is absolutely no doubt whatsoever where this fraud has originated from. Cahoot did a pretty good job of spotting the fraud and blocking the card, there was a large overdraft facility on the account that could have let someone pocket 3 grand at worst.
-
My new card just arrived. I had it blocked just in case...
-
i went into klik and pay and scrambled my personal details, though there werent any bank details that I could see (which I took as a good thing).
I check my bank and credit card statements online pretty regularly anyway.
-
Checking mine everyday at the mo & will cancel the card once Chrimbo is out of the way >:(
-
2 payments to Interflora - about £150 each. !.
It's a joint card, but in N's name, so she had to ring back and confirm the fraud. You can imagine the conversation that N had with the (female) fraud clerk ...
-
I think I'd wait to see if I had a problem before cancelling a card.
And, I do. Ryanair tickets plus a raft of mobile phone topups, all UK-based
-
2 payments to Interflora - about £150 each. !.
It's a joint card, but in N's name, so she had to ring back and confirm the fraud. You can imagine the conversation that N had with the (female) fraud clerk ...
She believed you? Nice one! :thumbsup:
-
^^^^^^
;D
-
The Nationwide intercepted and stopped several small payments to itunes & a taxi firm yesterday on my PBP card - card now cancelled. Am I the only person on the planet who doesn't have an itunes account?
-
2 payments to Interflora - about £150 each. !.
It's a joint card, but in N's name, so she had to ring back and confirm the fraud. You can imagine the conversation that N had with the (female) fraud clerk ...
She believed you? Nice one! :thumbsup:
The trick is to spend faaaar more than she's ever known me spend on flowers. I can't lose ;D (although, to be safe, I might have to switch to jewelry next year ... )
-
And another one bites the dust!
Clever, the way they spot unusual spending. I've been annoyed with it in the past when they've stopped me using the card in -say- Istanbul but now I like.
-
The Nationwide intercepted and stopped several small payments to itunes & a taxi firm yesterday on my PBP card - card now cancelled. Am I the only person on the planet who doesn't have an itunes account?
Probably. I bought my partner an iPad for his birthday, so I have one...
...I don't think he has one though.
-
The Nationwide intercepted and stopped several small payments to itunes & a taxi firm yesterday on my PBP card - card now cancelled. Am I the only person on the planet who doesn't have an itunes account?
I have neither a credit card nor an iTunes account.
-
People should stay vigilant, been checking daily but got the call today.
itunes (dont have one either so they spotted that)
taxi company addison lee (So presumably London based)
large paypal transaction
apple computer
They blocked a few but not all so will be a case of trying to re claim it. Anyone had any experience of how long it takes to be re credited? 6 working days without a bank card works out to about 10 or 11 with the bank holiday, lesson learned, don't use your bank account online.
-
this is rotten. Im lucky enough not to have suffered (yet) but am checking online every day.
Out of interest were any of the victims cards registered for 3D secure or equivalent? (*)
I'm just wondering if it (3D) actually makes any difference in terms of preventing this kind of fraud.
(*) where in addition to normal details [16 digit number, expiry, 3 digit number on back] any online purchases go through another level of security where part of an additional PIN is required to complete the transaction.
http://en.wikipedia.org/wiki/3-D_Secure
-
After reading JJ's post, I've been galvanised into taking action
so I have finally put some money in the account. New card on the way
-
in addition to normal details [16 digit number, expiry, 3 digit number on back] any online purchases go through another level of security where part of an additional PIN is required to complete the transaction.
I have a 2nd level approval system on the card I used (a Crédit Lyonnais debit card) and so far - touch wood - so good. I'm checking every day too.
If I use my card online, I'm asked to key in my phone number and I get called with a 4 digit authorisation code to input to complete the transaction.
-
this is rotten. Im lucky enough not to have suffered (yet) but am checking online every day.
Out of interest were any of the victims cards registered for 3D secure or equivalent? (*)
I'm just wondering if it (3D) actually makes any difference in terms of preventing this kind of fraud.
(*) where in addition to normal details [16 digit number, expiry, 3 digit number on back] any online purchases go through another level of security where part of an additional PIN is required to complete the transaction.
http://en.wikipedia.org/wiki/3-D_Secure
I have an equivalent system from HSBC and have not (touch wood) had any suspicious transactions as yet.
Looking at pattern of reported hacks - over a long period of time and a number of different styles of initial purchases - am wondering if the initial villain has sold on the credit card details - and we're now facing fraud from those who have bought the passed on details??
-
was rung yesterday by the bank, which had refused payment on two small deals, one on a phone top-up and another at HMV. So both were refused.
I think this was the card used for pre-registration, although I may have used the one referred to in an earlier post. TBH not sure.
New card on the way, but old card is cancelled which means until the new one arrives I am without one. So have asked bank for a second card and if in future one card is compromised, I can use the other one until a replacement arrives.
-
Just got back from 2 weeks holiday, checked accounts this morning and 5 small UK transactions totalling £55 that are not mine. A trip to my branch revealed they all happened at 1.25AM on 29th, whilst I was thousands of miles away. This was the card used for PBP registration, but if that is the source then it lends credance to the idea that the card details have been sold.
Thankfully card stopped & transactions refunded
-
I received my replacement debit card yesterday although am still awaiting a new PIN so cannot use it still. Cahoot have now re-credited the £750 that the fraudsters spent, it only took a few days for them to do this and they had temporarily increased my overdraft limit just in case any direct debits bounced in the interim period. Cahoot handled the whole thing very well IMO. Their fraud department wanted to know more details about the suspected source of the fraud so I told them what I knew.
-
Just had a call from bank to check some transactions. One was for Western Union (a dead give-away), the other was for some sort of software company and another for TDM Billing (?).
I used to expect this to happen on a yearly basis, but it hasn't happened for two or three years. A minor inconvenience. PBP registration again, and just makes me pleased that I never use my debit card online.
-
I've also had a phone-call from the CC company regarding two fraudulent transactions. They didn't seem that interested when I rang them three weeks ago to check my statement and mentioned this. When I mentioned the previous phone call they said it was probably done generating random numbers. I'm not convinced.
-
I hope the same thing doesn't happen when apply by credit card for the semaine federale.
-
I had the call tonight - apparently I was buying a Dell computer - so I'm doubly insulted.
I think I will be getting a credit card with a small limit to enter overseas events in future.
-
I had the call tonight - apparently I was buying a Dell computer - so I'm doubly insulted.
I think I will be getting a credit card with a small limit to enter overseas events in future.
Looks like I was also buying a DELL, plus a travellodge booking, some online shopping at Sainsbury and clothes. The bank picked up on these transactions and rang me. So now card cancelled, and the above TX noted.
-
You'd have thought that some of these things would make it very easy to trace who is using the card details and go after them to try to trace it all back to find the source. Things like having a laptop shipped to a drop house rather than a real address is fairly easy, but grocery deliveries and airline tickets should be pretty easy to trace to the recipient.
Perhaps this does happen quietly in the background.
-
I was a victim of 2 false payments just before the25th- t mobile and sony computers
-
You'd have thought that some of these things would make it very easy to trace who is using the card details and go after them to try to trace it all back to find the source. Things like having a laptop shipped to a drop house rather than a real address is fairly easy, but grocery deliveries and airline tickets should be pretty easy to trace to the recipient.
Perhaps this does happen quietly in the background.
When I mentioned to my banks fraud department that a number of people who had done PBP having these frauds (common source) they were not interested. Said that a separate department would be investigating.
AJB
-
I apparently spent 1 pound at apple computers, 15 pounds at O2, and then bought quite a lot of insurance totaling several hundred using the card I entered pbp with. All completely unbeknown to me which I confirmed. Have requested a new debit card as well even though that hasn't been done, and will only use credit card online in future.
-
I have now got my new debit card and new PIN, and emailed ACP (info@paris-brest-paris.org) to tell them about it as they had requested. I received back a document with a questionaire to fill in which I have now done too. If anyone else here hasn't yet done this it sounds like it might help the ACP demand answers from Klik & Pay!
The email:
Hello,
Thank you for your answer.
We manage this issue very carefully to know the number of people involved and to identify possible sources of fraud. For now, misuse on our side looks impossible because the Audax Club Parisien has never had access to credit card numbers and our service provider is subject to strict security checks. But we must be open to any solution.
Could you please complete the attached form to help us solving that issue? It’s interesting to have information like yours with no other online transaction.
We would like to receive as many information as possible. More complaint we receive, more we will be able to ask Klik & Pay for explanation. So, I will be very pleased to receive the same document from your 20 friends.
Best regards,
Jean-Gualbert FABUREL
Audax Club Parisien
2 rue des aulnes
78920 ECQUEVILLY
+33 1 34 75 98 57
www.audax-club-parisien.com
www.paris-brest-paris.org
-
Whilst I've already cancelled my PBP reg payment card, I may have been stung in a different way. 2 or 3 weeks after PBP, I got an email offering more event jerseys for sale at 40 euros. Gullibly enough, I ordered one (in case the 30 euro one I'd got on entry falls apart from over/misuse). That was September.
November: no jersey. Emailed Paris and was told they'd be sent out "pendant Decembre", delayed because of the requests for extras.
January: still no jersey. Will email again but not holding out much hope.
Anyone else ordered stuff and still waiting? Or received goods as ordered?
-
See this thread (http://yacf.co.uk/forum/index.php?topic=52223.0). They seem to be gradually arriving now.
-
I've been had too :( fortunately Santandar noticed the transactions were not normal so no actual money has been taken. The transactions were £1 with apple as a test & £895.45 with fordobbin.com (farm machinery) & £312.98 with clippers holloway.
Just gotta wait for a new card & pin now, could be worse though seeing as its a debit card.
-
I got mine as a Christmas gift.
£400 of Irish insurance on Christmas Eve, then £415 to some Chinese company on Boxing Day.
No great problem, creditcard so no money lost, but twice in the same year is a new record (I also got done in the CRC hack in about April).
-
I've been had too :( fortunately Santandar noticed the transactions were not normal so no actual money has been taken. The transactions were £1 with apple as a test & £895.45 with fordobbin.com (farm machinery) & £312.98 with clippers holloway.
Just gotta wait for a new card & pin now, could be worse though seeing as its a debit card.
Which indicates that the problem at least existed at pre-registration, since that is the bit that your card was used for. I shall never know (I hope) whether the registration itself was a problem as I replaced my Barclaycard as a precaution.
-
I've been had too :( fortunately Santandar noticed the transactions were not normal so no actual money has been taken. The transactions were £1 with apple as a test & £895.45 with fordobbin.com (farm machinery) & £312.98 with clippers holloway.
Just gotta wait for a new card & pin now, could be worse though seeing as its a debit card.
Which indicates that the problem at least existed at pre-registration, since that is the bit that your card was used for. I shall never know (I hope) whether the registration itself was a problem as I replaced my Barclaycard as a precaution.
Personally I didn't pre-register because I couldn't. My actual registration went on simonp's card (which got re-issued in the Barclays takeover of Egg in October so we don't know if it would have been effected), but I then went in and added the payment for the hi-viz in June which must have been what got me. I suspect that Klik and Pay were somehow hacked in early December which is why we have had all this fraud only since then, and everyone's card is potentially in the compromised database so long as it hasn't expired since.
-
Whilst I've already cancelled my PBP reg payment card, I may have been stung in a different way. 2 or 3 weeks after PBP, I got an email offering more event jerseys for sale at 40 euros. Gullibly enough, I ordered one (in case the 30 euro one I'd got on entry falls apart from over/misuse). That was September.
November: no jersey. Emailed Paris and was told they'd be sent out "pendant Decembre", delayed because of the requests for extras.
January: still no jersey. Will email again but not holding out much hope.
Anyone else ordered stuff and still waiting? Or received goods as ordered?
Mine arrived last week.
Wrong size though. Or that's was I thought at first anyway. Was I really a size M when I ordered it?
I am sure it'll fit again in the Spring :)
-
I got mine as a Christmas gift.
£400 of Irish insurance on Christmas Eve, then £415 to some Chinese company on Boxing Day.
No great problem, creditcard so no money lost, but twice in the same year is a new record (I also got done in the CRC hack in about April).
Insurance, on a stolen credit card? I just don't get this. What possible use could that be, unless the transaction was completely traceable? (I'm struggling to think what sort of insurance doesn't have name & address of the insured written into the contract).
Personally I didn't pre-register because I couldn't. My actual registration went on simonp's card (which got re-issued in the Barclays takeover of Egg in October so we don't know if it would have been effected), but I then went in and added the payment for the hi-viz in June which must have been what got me. I suspect that Klik and Pay were somehow hacked in early December which is why we have had all this fraud only since then, and everyone's card is potentially in the compromised database so long as it hasn't expired since.
The earliest reports from Japanese riders linked in the OP were 26 November, what 7 weeks ago now. With the credit card companies showing such little interest, it's not surprising there's so much CC fraud about.
-
This is probably only the tip of the iceberg, I assume Kilk & Pay have been compromised rather than ACP, and there will be a large number of other fraudulent transactions outside of PBP.
-
Insurance, on a stolen credit card? I just don't get this. What possible use could that be, unless the transaction was completely traceable? (I'm struggling to think what sort of insurance doesn't have name & address of the insured written into the contract).
The only scenario I could think of was insuring a stolen car. The transaction would go through for a few days before the creditcard company stopped it, and possibly this is enough to stop the car appearing on the uninsured list if spotted by a patrol car?
-
Insurance, on a stolen credit card? I just don't get this. What possible use could that be, unless the transaction was completely traceable? (I'm struggling to think what sort of insurance doesn't have name & address of the insured written into the contract).
The only scenario I could think of was insuring a stolen car. The transaction would go through for a few days before the creditcard company stopped it, and possibly this is enough to stop the car appearing on the uninsured list if spotted by a patrol car?
Crikey. If true this would be moving the issue of hacked cards to a whole new level!
-
Crikey. If true this would be moving the issue of hacked cards to a whole new level!
Not really. Lists of hacked cards are passed and sold between criminals, some of whom will be gangs involved in organised crime. Nothing that they do with the info would surprise me!
-
I assume Kilk & Pay have been compromised rather than ACP
ACP have pointed out that they never had the credit card details. All payment stuff was handled by K&P.
I must admit that at the time of registration, I wasn't too keen on having to create an account with K&P as part of the payment process... but what choice did I have?
-
When I first read this thread I immediately deleted my personal details as suggested. I then noted a couple of users had problems. My reaction was to immediately contact my credit card provider and told them of a potential international fraud problem and requested a new card with new number. “No problem we will action this immediately” was the reply.
I waited about a week for a new card during which time I minimised any purchasing action and simply used cash/debit card. Somewhat surprised that everyone did not take this action rather than wait for a call from the card provider.
Some people have a card that is only used for particular transactions, particularly online ones. I might take this path.
-
The only scenario I could think of was insuring a stolen car.
Probably some stupidly fast chavvy Honda Civic.
;D ;)
-
Found online with a little googling:
"In fact, Mr Ewen explains that "people can go online and use a stolen credit card to set up a policy under a fake name for a car whose registration they have invented and the minute that is accepted they can claim against that vehicle. The insurer may go back to them and say the vehicle doesn't exist and they can say 'that's your problem, you have written the policy and I was hit by that car'.
Read more: http://www.postonline.co.uk/post/analysis/1558537/a-brighter#ixzz1jC9TbXKK
”
Though I would have thought the insurers should be doing some basic checks on ownership etc these days?
-
The only scenario I could think of was insuring a stolen car.
Probably some stupidly fast chavvy Honda Civic.
Being driven like its stolen through a Dorset village near you. O:-)
-
Found online with a little googling:
"In fact, Mr Ewen explains that "people can go online and use a stolen credit card to set up a policy under a fake name for a car whose registration they have invented and the minute that is accepted they can claim against that vehicle. The insurer may go back to them and say the vehicle doesn't exist and they can say 'that's your problem, you have written the policy and I was hit by that car'...”
Though I would have thought the insurers should be doing some basic checks on ownership etc these days?
Bloomin' 'eck! No wonder my car insurance premiums have just gone thru' the roof. :o
Having turned 50 yrs of ancien-ness, I was expecting premium reductions, not the jump from £400 to £700 that I was quoted for my old Honda Accord chav-mobile. (Ditched the broker and got it down to £500 thru' being confused-dot-com).
(Any Chav's out there wanting to buy a cheap X-plater with 139K on the clock for about £500 - need to act v. quick. Auto-emocion awaits me on S(e)at-urday. :smug:)
-
Some people have a card that is only used for particular transactions, particularly online ones. I might take this path
Have done that since my first ever internet purchase. :smug:
-
Somewhat surprised that everyone did not take this action rather than wait for a call from the card provider..
There's no real benefit in doing that; if the credit card is abused then you can quickly stop it when that happens and get a new one, and it takes no longer than doing it pre-emptively. And since it's not clear that everyone's card is going to be affected there may be no need to do anything at all. If you used a debit card then OK, pre-emptive action might be wise.
Some people have a card that is only used for particular transactions, particularly online ones. I might take this path.
It's prompted me to get round to filling in that application for a Waitrose credit card in addition to me usual one, then at least I'll have 2 (which is finer 'til; I lose my wallet) :)
My experience over the years, BTW, has been that my card has been cloned/copied several times in hotels, restaurants & once in a petrol station, and only once (this time) have I had any trouble with an online transaction.
-
Just a word of warning to the unwary - Simon's link above really is as very work-unsafe and probably illegal as it sounds.
Sorry, wasn't my intention to create a link. Forum SW did that. I've deleted it.
-
Well today was my turn for a bogus transaction on my credit card, a purchase made for an apple product on the same card I used for PBP registration.
Card company rang and said the transaction was declined anyway and have canceled the card
Could it be coincidence or just I was next on the very long list of details they are working through?
-
Same here - £1 Apple test purchase declined by my card company, card now cancelled.
-
....... or just I was next on the very long list of details they are working through?
^That^
It's been pretty clear for weeks that the cards used with Klik&Pay for PBP registration/extras have all been hacked. Just because you weren't hit in December doesn't mean you've got away with it. Any and all cards used are vulnerable and it really would be easier to cancel now rather than have to go through all the bother of being hacked, speaking to the bank, sorting out the fraudulent payments from the legit ones, etc.
It also means the scumbags don't get away with any money, whether the bank cover it or not. It's the principle.
-
It's been pretty clear for weeks that the cards used with Klik&Pay for PBP registration/extras have all been hacked.
How do you know that ?
-
My experience over the years, BTW, has been that my card has been cloned/copied several times in hotels, restaurants & once in a petrol station, and only once (this time) have I had any trouble with an online transaction.
That mirrors my experience
It's been pretty clear for weeks that the cards used with Klik&Pay for PBP registration/extras have all been hacked.
How do you know that ?
Isn't it becoming a more than reasonable assumption?
-
Dunno, that's why I was asking.
400 or so UK entrants; how many people do we know have had problems ?
-
Seems like a very reasonable assumption to me.
It's the first time I've had any trouble. I often book hotels on line and buy things on line. Enter events, not just cycling events and book tickets for entertainment and travel.
A bit of a coincidence, that the only time I've had trouble was when I entered an event which many others have who also had trouble.
400 or so entrants. Not everyone has had trouble, but maybe many more will. How many have had trouble? I don't know. Not everyone uses YACF. Not everyone on YACF will fess up or possibly even know about or bother to read this thread.
-
I just question the wisdom of making such a definitive statement in public without the data to back it up, for reasons that I hope are apparent but which I'm not sufficiently stupid to state explicitly.
-
Just for the record, I've been hit by this, too. Again it appears very likely the fraud is directly connected to my PBB entry as I don't use 'proper' credit cards online apart from when there is no other option. In 2011, the card was only used for PBP and for hiring a car, twice. I got the call from the bank a week before Christmas.
-
How do you know that ?
If that's a serious question and you really want to know the answer, go back read the thread from the start thread. On page 1 (early December) I explained why I was almost certain it was a Klic&Pay issue at that early stage. Every subsequent victim (from all over the world!!!) made me personally 100% sure by mid-December.
Or maybe you are just being rhetorically rude, in which case don't bother. Are you really more concerned about possible defamation of a company who have probably allowed their system to be hacked than you are about the welfare of your fellow audaxers?
-
It was perfectly serious question.
I agree that it's likely Klic'n'pay; my question was the basis for the statement that everyone was going to be hit
I am not remotely concerned about defamation. I am concerned about fellow audaxers
-
I agree that it's likely Klic'n'pay; my question was the basis for the statement that everyone was going to be hit
But I didn't say that. I actually said: "Any and all cards used are vulnerable..."
I really think you should have read the whole thread and my post you quoted in particular before quipping in. You input isn't adding to the thread, which is actually about safeguarding audaxers and their banks from being ripped off and trying to do something to prevent it if possible in a timely manner - not semantics.
-
you actually said that the cards used with Klik&Pay for PBP registration/extras have all been hacked, which is rather different from them all being vulnerable. There is rather more to that distinction than semantics.
I really think you should have read the whole thread
You know, I did.
You input isn't adding to the thread
Did you read my PM explaining my concerns ?
I'm not sure what I've done to deserve this sustained attack by the way ???
-
Same here - £1 Apple test purchase declined by my card company, card now cancelled.
Just as a slight side issue, what I don't understand is this: on what basis will a CC company decline a transaction of a small sum. If the fraudster has the car number then how does the CC company know it is likely fraudulent and not the genuine you that is making the purchase?. Large transactions and those made abroad without prior warning I can understand, because they go against your profile. But smaller amounts you would think would pass through undetected, provided they have all the right information of course.
In my case it was a debit card and the bank let the first two payments go through, £30 and £281, it was only when things got obviously crazy that they stepped in. [Not that I'm complaining, I was grateful they were more attentive than I was about my own money!].
-
you actually said that the cards used with Klik&Pay for PBP registration/extras have all been hacked, which is rather different from them all being vulnerable. There is rather more to that distinction than semantics.
You are conflating two things. I said: "It's been pretty clear for weeks that the cards used with Klik&Pay for PBP registration/extras have all been hacked". That is my reasoned opinion and based on the information contained in this thread (and other places) and personal experience.
I then said: "Any and all cards used are vulnerable...".
I'm wondering how you go from those two statements to: "...my question was the basis for the statement that everyone was going to be hit".
There is a big difference in implication and I can't think for the life of me why you would want to mis-interpret me and add confusion. Maybe you can explain and we can all relax. In plain English, a card can be hacked without the victim losing a dime - but they are undoubtedly extremely vulnerable to fraud. I don't know how I can make it clearer.
If my post was alarmist then that was it's intention. Several new victims are posting almost daily. It really think it's time people took action rather than passively waiting. My bank lost several hundred £. Maybe other people's banks can be protected from the same fate.
-
(http://i0.kym-cdn.com/photos/images/masonry/000/220/149/Hey-Guys-Itis-an-Internet-Fight.jpg)
-
(http://i0.kym-cdn.com/photos/images/masonry/000/220/149/Hey-Guys-Itis-an-Internet-Fight.jpg)
Hope you're keeping score :demon:
-
I'm still struggling to understand why I had my head bitten off.
Ok: if all the cards have been hacked (i.e their details have been extracted from K&P & sold on) then they're all going to be hit. I don't think we know that (yet). I was merely questioning how you know that the details of all the cards used for PBP have been stolen.
-
Ok: if all the cards have been hacked (i.e their details have been extracted from K&P & sold on) then they're all going to be hit.
What are you on about? I think it works like this (as explained earlier in the thread):
1) Card info is hacked
2) Hacked info is usually passed/sold to other crims
3) Other crims (or possibly original perps) may use some/all of the info at some time in the furure, often stringing it out over months.
Therefore, as I said earlier (and I thought was patently obvious) the fact that your details have been hacked doesn't mean that you'll all be hit (as you mistakenly claim I said), certainly not all in a short time-scale, but it does mean you are extremely vulnerable.
I'm still struggling to understand why I had my head bitten off.
Because I don't appreciate being mis-quoted/mis-interpreted when I'm trying to help sort out a problem.
-
Calm down, Calm down.
the last thing this thread needs is an argument. MV has agreed that cards used for PBP registration are at risk, what more does he need to say. Any YACFr who registered for PBP will have seen this thread, surely our concern should be with alerting fellow audaxers who don't use YACF?? We (YACFrs) should be telling our mates who are not on here.
And Toontra - obviously he's read the bloody thread, he's the mod.
(http://i0.kym-cdn.com/photos/images/masonry/000/220/149/Hey-Guys-Itis-an-Internet-Fight.jpg)
::-) You are SO irresponsible
-
And Toontra - obviously he's read the bloody thread, he's the mod.
You wouldn't think so from his posts. I'm not going to let someone mis-interpret me, even if he is a mod.
Any YACFr who registered for PBP will have seen this thread,
In that case why are new people here being hit every day? You really think the message has sunk in?
I think it's still worth shouting about, even here, even now.
-
It's been pretty clear for weeks that the cards used with Klik&Pay for PBP registration/extras have all been hacked.
How do you know that ?
I know that 100% because the card defrauded is my debit card. I never use my debit card to pay in shops (I have a cash back credit card I use for ALL purchases). I have never used this debit card to pay for anything online other than this payment (I only did that because for some reason that day the site refused my credit card). I have checked all statements since the card issuing date and every single transaction except this one is a credit coming in, direct debit, or cash withdrawal. I always examine cash points before putting my card in to check they have not been modified. Basically, Klik & Pay is the only possible 'leak' of this card's data. The fact that just about everyone I know who used the site have also had their card done is additional confirmation should I need it!
-
Same here - £1 Apple test purchase declined by my card company, card now cancelled.
Just as a slight side issue, what I don't understand is this: on what basis will a CC company decline a transaction of a small sum. If the fraudster has the car number then how does the CC company know it is likely fraudulent and not the genuine you that is making the purchase?.
Pattern recognition, I think.
CC firms know their clients' habits. Someone who's on iTunes every day won't raise eyebrows for a small Apple transaction. Someone without an iPad/iPod/iPhone making an iTunes purchase will.
-
....... or just I was next on the very long list of details they are working through?
^That^
It's been pretty clear for weeks that the cards used with Klik&Pay for PBP registration/extras have all been hacked. Just because you weren't hit in December doesn't mean you've got away with it. Any and all cards used are vulnerable and it really would be easier to cancel now rather than have to go through all the bother of being hacked, speaking to the bank, sorting out the fraudulent payments from the legit ones, etc.
It also means the scumbags don't get away with any money, whether the bank cover it or not. It's the principle.
That seems like jolly sensible advice Toontra. If I'd used this facility I would certainly do so immediately :thumbsup:
-
I'm now rather grateful that I lost my card and got a new one a few months ago!
-
In practical terms it wouldn't have made any difference, to you at least.
Banks seem very concerned with fraud prevention and detection, but not prosecution.
-
It's been pretty clear for weeks that the cards used with Klik&Pay for PBP registration/extras have all been hacked.
On behalf of the forum administrators, I'd like to make it clear that this is the opinion of Toontra and not proven fact. Circumstantial evidence may not stand up in a libel suit.
-
(http://i0.kym-cdn.com/photos/images/masonry/000/220/149/Hey-Guys-Itis-an-Internet-Fight.jpg)
Hope you're keeping score :demon:
Yes, it's pretty even. At the moment you are both losing.
;)
-
....... or just I was next on the very long list of details they are working through?
^That^
It's been pretty clear for weeks that the cards used with Klik&Pay for PBP registration/extras have all been hacked. Just because you weren't hit in December doesn't mean you've got away with it. Any and all cards used are vulnerable and it really would be easier to cancel now rather than have to go through all the bother of being hacked, speaking to the bank, sorting out the fraudulent payments from the legit ones, etc.
It also means the scumbags don't get away with any money, whether the bank cover it or not. It's the principle.
That seems like jolly sensible advice Toontra. If I'd used this facility I would certainly do so immediately :thumbsup:
I am very grateful to daniele for starting this thread.
The bank were extremely helpful with issuing a new card although quite unconcerned in finding out more details about the potential fraud.
-
When you think that credit card companies generally take a 2% cut on every transaction, the amounts stolen by succesful fraudsters may amount to small beer. As long as it continues to be small beer in relation to their massive profits, end users are unlikely to be held liable for online fraud, as doing so may well result in a massive drop in the use of cards.
-
Losing access to my own current money a week before Christmas with no new debit card on the horizon until the new year is distinctly sub optimal especially when I had no cash in my wallet at the time.
Worst case scenario is always a bunch of bounced direct debits resulting in an insurance nightmare and fees on other cards etc. who's payments are then late. It can be very hard to reclaim losses like that where they are secondary to the actual fraud. If a pet insurance payment for my epileptic dog ever bounced the company would be delighted to cancel her insurance and save themselves £3k a year for the next 10 years or so!
-
Exactly. For the sake of a phone call, any potential loss for you, your bank or third-party companies can be avoided, and you can be issued with a replacement card in a timely manner, rather than when you may least expect or want it.
Knowing there is a great likelihood that your details have been hacked and may well be used for fraud and then not doing anything about it is pretty negligent IMO. To say that no-one looses so "what's the fuss" isn't much better.
-
It appears that the bank fraud folk have finally received notification that 'blocks of cards have been collected by fraudsters and that affected cards are being cancelled' (my vague recollection of what I was told). My guess is that my card number got picked up from PBP registration but there has not been any fraudulent transactions on my card at any point.
-
Mine got done! I got back from three weeks away over Christmas and found getting on for £2,000 worth of transactions on my card. The bank has refunded me but it has been a bit of a pain to sort it out!
-
I've come late to this topic as I am not a PBP entrant, but registered a friend without internet access and paid his registration fee with a credit card I only use for foreign currency transactions (it gives a good exchange rate). My card was, like everyone elses, used fraudulently last week. Fortunately the card issuer picked up the two small transactions (Apple and hotels.com) as suspicious and refused them.
The card processor should not have retained the CCV numbers on the back of the card. This is contrary to standard security prcitice. My friendly IT security expert commented:
"This means the company is not compliant with PCI DSS. If they were, they would not be storing card details, so being hacked would not be an issue. Not surprising given the lax attitudes of the French to this security standard.
It is actually the responsibility of AUK/ACP to ensure that the companies they use are compliant."
-
I have had similar experiences to a lot of you. In December a few small amounts were taken from my account and once these worked they went for much larger amounts and at this point my bank contacted me. Lost about 80 quid which is nothing compared to some of you.
I did wonder where anyone could have got my card details from as am very security conscious when using my pc to purchase anything online with a decent firewall, spyware and anti virus software in place.
Not really on topic but, have just had a parcel from Audax Club Parisien with magazine, medal etc. I had thought I could show off and wear the medal at my next Audax but I'm sure it must weigh more than my bike and would make it impossible for me to get up the hills here in Wales! ;)
-
Be aware if you are due a refund to your old card. I have found that if a refund gets applied to it a card that has subsequently been replaced, it doesn't show up in your account. If you query this with the bank, they will then apply it. You would expect them to be linked and for it to happen automatically, but no.
I queried this and asked whether it happens automatically, or they have to manually intervene - and the response was that refunds to lost or stolen cards get put into a 'suspense' account and only retrieved as and when the customer queries it.
Cheeky gits! How much interest are they making off all the money sitting in this 'suspense' account?
-
Cheeky gits! How much interest are they making off all the money sitting in this 'suspense' account?
Indeed! Ime, they're able to apply old charges to the new card AFTER the previous one was reported lost/stolen/hacked! So the mechanism is there, it's just being applied as best suits.