Author Topic: PBP2011 - (likely) stolen credit card details used for registration  (Read 37505 times)

Re: PBP2011 - (likely) stolen credit card details used for registration
« Reply #150 on: 13 January, 2012, 09:43:08 pm »
Ok: if all the cards have been hacked (i.e their details have been extracted from K&P & sold on) then they're all going to be hit.

What are you on about?  I think it works like this (as explained earlier in the thread):

1)  Card info is hacked

2)  Hacked info is usually passed/sold to other crims

3)  Other crims (or possibly original perps) may use some/all of the info at some time in the furure, often stringing it out over months.

Therefore, as I said earlier (and I thought was patently obvious) the fact that your details have been hacked doesn't mean that you'll all be hit (as you mistakenly claim I said), certainly not all in a short time-scale, but it does mean you are extremely vulnerable.

I'm still struggling to understand why I had my head bitten off.

Because I don't appreciate being mis-quoted/mis-interpreted when I'm trying to help sort out a problem.

The sound of one pannier flapping

AndyH

Re: PBP2011 - (likely) stolen credit card details used for registration
« Reply #151 on: 13 January, 2012, 10:12:19 pm »
Calm down, Calm down.

the last thing this thread needs is an argument. MV has agreed that cards used for PBP registration are at risk, what more does he need to say. Any YACFr who registered for PBP will have seen this thread, surely our concern should be with alerting fellow audaxers who don't use YACF?? We (YACFrs) should be telling our mates who are not on here.

And Toontra - obviously he's read the bloody thread, he's the mod.


::-) You are SO irresponsible

Re: PBP2011 - (likely) stolen credit card details used for registration
« Reply #152 on: 13 January, 2012, 10:23:59 pm »
And Toontra - obviously he's read the bloody thread, he's the mod.

You wouldn't think so from his posts.  I'm not going to let someone mis-interpret me, even if he is a mod.

Any YACFr who registered for PBP will have seen this thread,

In that case why are new people here being hit every day?  You really think the message has sunk in?

I think it's still worth shouting about, even here, even now. 
The sound of one pannier flapping

Re: PBP2011 - (likely) stolen credit card details used for registration
« Reply #153 on: 14 January, 2012, 03:09:08 pm »
It's been pretty clear for weeks that the cards used with Klik&Pay for PBP registration/extras have all been hacked.

How do you know that ?

I know that 100% because the card defrauded is my debit card. I never use my debit card to pay in shops (I have a cash back credit card I use for ALL purchases). I have never used this debit card to pay for anything online other than this payment (I only did that because for some reason that day the site refused my credit card). I have checked all statements since the card issuing date and every single transaction except this one is a credit coming in, direct debit, or cash withdrawal. I always examine cash points before putting my card in to check they have not been modified. Basically, Klik & Pay is the only possible 'leak' of this card's data. The fact that just about everyone I know who used the site have also had their card done is additional confirmation should I need it!

hellymedic

  • Just do it!
Re: PBP2011 - (likely) stolen credit card details used for registration
« Reply #154 on: 14 January, 2012, 05:31:28 pm »
Same here - £1 Apple test purchase declined by my card company, card now cancelled.

Just as a slight side issue, what I don't understand is this: on what basis will a CC company decline a transaction of a small sum. If the fraudster has the car number then how does the CC company know it is likely fraudulent and not the genuine you that is making the purchase?.

Pattern recognition, I think.
CC firms know their clients' habits. Someone who's on iTunes every day won't raise eyebrows for a small Apple transaction. Someone without an iPad/iPod/iPhone making an iTunes purchase will.

Rapples

Re: PBP2011 - (likely) stolen credit card details used for registration
« Reply #155 on: 15 January, 2012, 01:07:12 pm »

....... or just I was next on the very long list of details they are working through?

^That^ 

It's been pretty clear for weeks that the cards used with Klik&Pay for PBP registration/extras have all been hacked.  Just because you weren't hit in December doesn't mean you've got away with it.  Any and all cards used are vulnerable and it really would be easier to cancel now rather than have to go through all the bother of being hacked, speaking to the bank, sorting out the fraudulent payments from the legit ones, etc. 

It also means the scumbags don't get away with any money, whether the bank cover it or not.  It's the principle.

That seems like jolly sensible advice Toontra.  If I'd used this facility I would certainly do so immediately :thumbsup:

Karla

  • car(e) free
    • Lost Byway - around the world by bike
Re: PBP2011 - (likely) stolen credit card details used for registration
« Reply #156 on: 15 January, 2012, 02:06:31 pm »
I'm now rather grateful that I lost my card and got a new one a few months ago!

Re: PBP2011 - (likely) stolen credit card details used for registration
« Reply #157 on: 15 January, 2012, 02:26:07 pm »
In practical terms it wouldn't have made any difference, to you at least.

Banks seem very concerned with fraud prevention and detection, but not prosecution.

rogerzilla

  • When n+1 gets out of hand
Re: PBP2011 - (likely) stolen credit card details used for registration
« Reply #158 on: 15 January, 2012, 04:27:18 pm »
It's been pretty clear for weeks that the cards used with Klik&Pay for PBP registration/extras have all been hacked. 
On behalf of the forum administrators, I'd like to make it clear that this is the opinion of Toontra and not proven fact.   Circumstantial evidence may not stand up in a libel suit.
Hard work sometimes pays off in the end, but laziness ALWAYS pays off NOW.

Re: PBP2011 - (likely) stolen credit card details used for registration
« Reply #159 on: 15 January, 2012, 04:34:38 pm »


Hope you're keeping score  :demon:


Yes, it's pretty even. At the moment you are both losing.

 ;)

Re: PBP2011 - (likely) stolen credit card details used for registration
« Reply #160 on: 15 January, 2012, 07:47:58 pm »

....... or just I was next on the very long list of details they are working through?

^That^ 

It's been pretty clear for weeks that the cards used with Klik&Pay for PBP registration/extras have all been hacked.  Just because you weren't hit in December doesn't mean you've got away with it.  Any and all cards used are vulnerable and it really would be easier to cancel now rather than have to go through all the bother of being hacked, speaking to the bank, sorting out the fraudulent payments from the legit ones, etc. 

It also means the scumbags don't get away with any money, whether the bank cover it or not.  It's the principle.

That seems like jolly sensible advice Toontra.  If I'd used this facility I would certainly do so immediately :thumbsup:

I am very grateful to daniele for starting this thread.
The bank were  extremely helpful with issuing a new card although quite unconcerned in finding out more details about the potential fraud.
#makewattsnotwar

Re: PBP2011 - (likely) stolen credit card details used for registration
« Reply #161 on: 15 January, 2012, 08:04:31 pm »
When you think that credit card companies generally take a 2% cut on every transaction, the amounts stolen by succesful fraudsters may amount to small beer. As long as it continues to be small beer in relation to their massive profits, end users are unlikely to be held liable for online fraud, as doing so may well result in a massive drop in the use of cards.

Re: PBP2011 - (likely) stolen credit card details used for registration
« Reply #162 on: 16 January, 2012, 10:35:08 am »
Losing access to my own current money a week before Christmas with no new debit card on the horizon until the new year is distinctly sub optimal especially when I had no cash in my wallet at the time.

Worst case scenario is always a bunch of bounced direct debits resulting in an insurance nightmare and fees on other cards etc. who's payments are then late. It can be very hard to reclaim losses like that where they are secondary to the actual fraud. If a pet insurance payment for my epileptic dog ever bounced the company would be delighted to cancel her insurance and save themselves £3k a year for the next 10 years or so!

Re: PBP2011 - (likely) stolen credit card details used for registration
« Reply #163 on: 16 January, 2012, 11:16:28 am »
Exactly.  For the sake of a phone call, any potential loss for you, your bank or third-party companies can be avoided, and you can be issued with a replacement card in a timely manner, rather than when you may least expect or want it.

Knowing there is a great likelihood that your details have been hacked and may well be used for fraud and then not doing anything about it is pretty negligent IMO.  To say that no-one looses so "what's the fuss" isn't much better.
The sound of one pannier flapping

LittleWheelsandBig

  • Whimsy Rider
Re: PBP2011 - (likely) stolen credit card details used for registration
« Reply #164 on: 22 January, 2012, 07:41:36 pm »
It appears that the bank fraud folk have finally received notification that 'blocks of cards have been collected by fraudsters and that affected cards are being cancelled' (my vague recollection of what I was told).  My guess is that my card number got picked up from PBP registration but there has not been any fraudulent transactions on my card at any point.
Wheel meet again, don't know where, don't know when...

Re: PBP2011 - (likely) stolen credit card details used for registration
« Reply #165 on: 01 February, 2012, 09:24:01 pm »
Mine got done!  I got back from three weeks away over Christmas and found getting on for £2,000 worth of transactions on my card.  The bank has refunded me but it has been a bit of a pain to sort it out!

Re: PBP2011 - (likely) stolen credit card details used for registration
« Reply #166 on: 07 March, 2012, 06:34:38 pm »
I've come late to this topic as I am not a PBP entrant, but registered a friend without internet access and paid his registration fee with a credit card I only use for foreign currency transactions (it gives a good exchange rate).  My card was, like everyone elses, used fraudulently last week.  Fortunately the card issuer picked up the two small transactions (Apple and hotels.com) as suspicious and refused them.

The card processor should not have retained the CCV numbers on the back of the card.  This is contrary to standard security prcitice.  My friendly IT security expert commented:

 "This means the company is not compliant with PCI DSS.  If they were, they would not be storing card details, so being hacked would not be an issue.  Not surprising given the lax attitudes of the French to this security standard.

It is actually the responsibility of AUK/ACP to ensure that the companies they use are compliant."

Re: PBP2011 - (likely) stolen credit card details used for registration
« Reply #167 on: 08 March, 2012, 08:27:27 pm »
I have had similar experiences to a lot of you.  In December a few small amounts were taken from my account and once these worked they went for much larger amounts and at this point my bank contacted me.  Lost about 80 quid which is nothing compared to some of you.

I did wonder where anyone could have got my card details from as am very security conscious when using my pc to purchase anything online with a decent firewall, spyware and anti virus software in place.

Not really on topic but, have just had a parcel from Audax Club Parisien with magazine, medal etc.  I had thought I could show off and wear the medal at my next Audax but I'm sure it must weigh more than my bike and would make it impossible for me to get up the hills here in Wales!  ;)

Euan Uzami

Re: PBP2011 - (likely) stolen credit card details used for registration
« Reply #168 on: 04 May, 2012, 03:26:14 pm »
Be aware if you are due a refund to your old card. I have found that if a refund gets applied to it a card that has subsequently been replaced, it doesn't show up in your  account. If you query this with the bank, they will then apply it. You would expect them to be linked and for it to happen automatically, but no.

I queried this and asked whether it happens automatically, or they have to manually intervene - and the response was that refunds to lost or stolen cards get put into a 'suspense' account and only retrieved as and when the customer queries it.

Cheeky gits! How much interest are they making off all the money sitting in this 'suspense' account?

Andrew

Re: PBP2011 - (likely) stolen credit card details used for registration
« Reply #169 on: 04 May, 2012, 07:12:46 pm »
Cheeky gits! How much interest are they making off all the money sitting in this 'suspense' account?

Indeed! Ime, they're able to apply old charges to the new card AFTER the previous one was reported lost/stolen/hacked! So the mechanism is there, it's just being applied as best suits.