Debit Card Details Breached...

[Afasoas]

My card has been used in a hotel in USAinia.

I'm suspecting it's not even worth trying to find out how my details have leaked, but I'm curious. How would I go about determining how my details have fallen into nefarious hands?
I would suspect that the leading possibilities are:

• One of the few on-line retailers I use have been compromised
• MITM attack during an on-line transaction
• Malware running on one of my machines
• A compromised PDQ machine/point of sale terminal
• ATM skimming

Are there any other likely possibilities I should consider? I can't think of any...

I've had the card for just over a year. If I compiled an exhaustive list of all places where I've used the card, and scoured the interwebs for news concerning data breaches affecting any of those places, am I likely to turn up a link?

Part of me would really like to know how it's happened - and if my bank don't refund my losses, investigate the possibility of reclaiming my losses and associated costs. That said, I know there's probably higher liklehood of a lottery win, rather than finding out!

[hellymedic]

I have vague memories of several people having debit card misuse issues a few years ago after using an online cycling store.

Details escape me. (Or never entered!)

[hatler]

I think that was Ribble. I got done and the nice woman at my card provider explained that the breach isn't necessarily at the retailer, but elsewhere, but by targeting one particular retailer it throws suspicion at them.

[Polar Bear]

Try to never use a debit card online.   Always use a credit card as it's not your money missing.   Much easier to manage.

Cards get used quickly when compromised so look at transactions immediately prior to the fraud.

[Jaded]

I think that was Ribble. I got done and the nice woman at my card provider explained that the breach isn't necessarily at the retailer, but elsewhere, but by targeting one particular retailer it throws suspicion at them.

It was Wiggle. My card got done at that time. I've used other suppliers since.

[hatler]

My "I think that was Ribble" above was me thinking it was the scam which caught many people. I certainly did get done, and it was Ribble. And it was confirmed by the cc people (that a number of others had been done as well). I hadn't heard that some Wiggle customers had the same experience.

[Ham]

Add to the list "handing over card in restaurant/petrol station etc"

It sounds as if it was used in person, which suggests it was just cloned, chip/pin is still far from universal in the states.

[Mr Larrington]

Add to the list "handing over card in restaurant/petrol station etc"

It sounds as if it was used in person, which suggests it was just cloned, chip/pin is still far from universal in the states.

From what I gather, chip & pin is not going to become universal in USAnia either chiz, which can make buying petrol something of an annoyance.

[MikeFromLFE]

I'm talking credit card here - but I've been seriously impressed by Barclaycard who spotted a couple of 'out of character' transactions and contacted me.
One was an attempted mobile phone top up, and the other was a 'trial purchase' with Ocado (ie setting up a new account).
I want to believe that the breach happened when I used the card in Zambia, but in that case, why were they UK transactions?
Either way 10/10 to Barclaycard

[rafletcher]

I think that was Ribble. I got done and the nice woman at my card provider explained that the breach isn't necessarily at the retailer, but elsewhere, but by targeting one particular retailer it throws suspicion at them.

It was Wiggle. My card got done at that time. I've used other suppliers since.

Yes it was. And it was an employee, not the company at fault. I've used them many times since with zero issues.

[Jurek]

Card readers are widely available, commercially.
Anyone can buy one.

Their sale or use is neither controlled or licensed.

[Mr Larrington]

Card readers are widely available, commercially.
Anyone can buy one.

Their sale or use is neither controlled or licensed.

Combining two topics, I get a fair amount of card reader-related spam.

I'm still at a loss to figure out the business with mine last year - it was used fraudulently before I'd even used it myself and did not appear to have been molested in transit.

[ian]

Bear in mind large lists of a credit and debit card numbers are in circulation. They don't all get used immediately, after all until they're used, there's no ground for suspicion. Mostly, I'd expect they're leaked by employees, staff on a minimum wage with access to valuable data, well you do the math. Despite travelling the world all my issues with stolen card details seem to have been, as far as I could speculate, the US.

[Afasoas]

Two transactions.

One in Washington (USA) for a tiny amount.
One in Manchester (UK) for a larger amount.

Both were card holder not present.
Doesn't look like I'll be liable for either, which is good news.

I've never let the card out of my sight.
I realise the details could have been stolen a month or even a year ago.

Thanks for your thoughts.

[Jaded]

The tiny amount checks whether the card works. Then the bigger amounts start.