Card Cloned

[tin4444]

Hi all,

So I have a credit card with major retailer W.

This afternoon I get a sms saying that to pay 905,95Euros to Turk Hava Yollari with credit card ending xxxx please insert OTP xxxxxxx.

I immediately contact the financial services who puts me through to Absa fraud division. They confirm that R1 went through saswitch, R78 went through at value rite which was reversed and then the attempt with the Euros.

So all I can imagine is that my card was cloned at a supermarket on Monday. Now if the card was cloned it is a chip card wouldnt they need the pin for the value rite swipe? And why the reversal ( not that I am unhappy about that)

How did they manage to try purchase or pay someone Euros when I have never set this account up for internet banking or was this just an online purchase? Why the OTP then? This is the first time ever I have received a OTP for this account, and I have done online purchasing in the past without OTP.

Another possibility is this same account is expiring in June and the new card is ready for collection at retailer, perhaps that card has "disappeared" and was the one being used.

My last thought is a very paranoid one where I contacted Transunion this morning to get my credit report as I am probably going to purchase a new vehicle in the next month or two and was required to send through my Id and proof of residence to them which I did, but I doubt they have access to any of the other required info to do this.
I realise this is just irrational thinking probably and trying to make sense of it all.

Maybe I should change to cash purchases, but then need to go to an atm.

What is going on with all the card fraud lately.
If its not emails its card cloning.

 

[tin4444]

Mmm seems Turk Hava Yollari is the Turkish national airlines.

 

[R13...]

Sounds like an online transaction. The OTP sounds like 3D secure, so someone copied your card details.

 

[guest2013-1]

Chipped cards carry the pin code on the actual card, it's not at the bank (the verification doesn't go through to the bank, it's done on the machine that handles the card) so it's very possible to still clone the card since if the card was stolen, it can't be used to just swipe, they'd need the pin.

The R1/R78 was tests to see if it was successful since transactions under R100 is usually not SMS'ed to you or asked for a OTP. They then use the card for online transactions, this is why verified with visa (or the mastercard equivalent) has to be setup to secure your card further (which they message you with a OTP), however, there are still online retailers that doesn't go that route, and if they don't, usually carries the cost of the fraud themselves (so most do opt in at some point)

Since the slew of fraud with ABSA (just check the front page of this site) I would highly suggest moving away from them in case you might be a victim of a sim swap. This will then enable the thieves to drain your account quite quickly.

 

[guest2013-1]

Oh, and your new card can't be the culprit since it needs to be activated and the old one de-activated first.

*edit*

Cash isn't the answer as you'd open yourself up to armed robbery and a lot of banking costs associated with it. My only suggestion would be to always have your eyes on your card when handing it over, for example, when paying for petrol, I usually let the attendant get the machine first and watch him insert my card after taking it from me, as I had my card cloned (not chipped) before. Luckily I have verified by visa switched on by default and lowered my SMS notifications to R20 transactions

 

[AfricanTech]

Hmm, ABSA again!

 

[guest2013-1]

Hmm, ABSA again!

This actually happened to my FNB account, so card cloning is a danger regardless of bank you use, it's just that some banks take security and client service a bit more seriously. I was due for a new card anyway and had one within 24 hours (which was awesome since I ordered a new one late on a Saturday evening and I could go pick up on Monday already)

It does sound like the card was cloned and used by a syndicate, but it doesn't sound like the internal crime-ring of ABSA/MTN. It might even be a pre-cursor to test how vigilant you are, and if you're not that clued up on your account and they tested it successfully, would do a sim swap and drain the main vein.

The only thing I can recommend to anyone is to keep their eyes open and take their finances seriously and not become complacent. You have no idea how much information you can extract from someone just because they're used to giving it out (like your ID number)

 

[tin4444]

After doing a bit more reading on the retailers website, it does seem to be an online purchase for the Turkish airline and luckily they were a 3D secure merchant which is why a OTP was needed.

But wouldn't they need the cvv numbers to do that purchase? Or would a card skimming device read those numbers too?

I also don't think it was the internal absa-mtn syndicate as this is only a stand alone credit card, not my main transactional bank. But perhaps as you say if it did go through without issues might have gone bigger.

 

[zippy]

Mmm seems Turk Hava Yollari is the Turkish national airlines.

Was the card ever out of your site at the retailer ? Was the card machine bolted to the till or a free standing one which the cashier used?

Most cards are cloned at resturaunts when people give the waiter/waitress their card and he/she disappears with card for a few mins. Easy to photocopy back of the card or write down the cv number.

Otherwise the cv number is captured when you purchase from a dodgy online site. Note that reputable online sites don't store credit card details. The card details used for payment and not saved.

In the UK all major retailers have the card machine bolted to the till, and you don't hand your card to the teller. You insert it. The card is in your possession at all times.

 

[tin4444]

The teller machine was fixed to the till and the card hasn't been out of my sight, am always standing right there to enter the pin even if the waiter goes to the machine, I follow them and only then give the card.

Doubt its online purchases as I last did an online transaction 6 weeks ago and before that months ago.

I suppose the cashier could notice the cvv numbers when handling the card for the purchase as I didnt put the card into the machine myself. Could have just wrote it down a few seconds later, is only 3 numbers. Perhaps I should remove those numbers on the new card.

 

[ld13]

Perhaps I should remove those numbers on the new card.

I've done this with all of my cards - committed to memory FTW
Just remember to remove it properly as it can still sometimes be visible from the other side of the card as well.

 

[zippy]

The teller machine was fixed to the till and the card hasn't been out of my sight, am always standing right there to enter the pin even if the waiter goes to the machine, I follow them and only then give the card.

Doubt its online purchases as I last did an online transaction 6 weeks ago and before that months ago.

I suppose the cashier could notice the cvv numbers when handling the card for the purchase as I didnt put the card into the machine myself. Could have just wrote it down a few seconds later, is only 3 numbers. Perhaps I should remove those numbers on the new card.

Time enough to memorise the card number, name, expiry date AND cvc number which is on the back of the card?

More likely to have been the online transaction, but you never know.

 

[ChilliGirl]

A chip card does not need the pin.....


Someone showed me, with their own card.

And it is eaSY.
Simply swipe the card, then place in chip section and amount can be entered. No pin required.

 

[ld13]

Simply swipe the card, then place in chip section and amount can be entered. No pin required.

Our merchant terminal would never allow that as it asks for a supervisor override card when you swipe a chipped card.

 

[Albereth]

A chip card does not need the pin.....


Someone showed me, with their own card.

And it is eaSY.
Simply swipe the card, then place in chip section and amount can be entered. No pin required.

And then? It doesn't go anywhere further until the pin is entered.

 

[Albereth]

I was in Nando's in Secunda he other day and the waiter there was not even allowed to touch my card. I had to insert it in the slot myself.

 

[tin4444]

I was always under the impression that the chip cards are more secure, but that doesn't seem to be the case. So I wonder what was the whole point of having the whole chip card at all.

I think all shops are eventually going to the same route after some time and public pressure.

With regards to reading the cvv numbers meant the card was cloned and then just jot down those numbers and the name and expiry date a few seconds after I left. It can't take more than 10 seconds to take note of the numbers and that info.

Well in the mean time I have lowered all my atm withdrawal limits and POS limits where possible.

A still frustrating point is that this new account for the card still doesnt have notification alerts except for OTP on 3D secure online purchases. So any withdrawals and POS transactions still go through with no messages received.

Thanks everyone, your feedback has been invaluable.

 

[lucifir]

The chip card alone would probably be a lot harder to clone, but it still has the mag strip on, so they can use that rather than the chip. I had cashiers use the mag strip before, especially when the chip cards were new and it went through without a pin

 

[Other Pineapple Smurf]

I was always under the impression that the chip cards are more secure, but that doesn't seem to be the case. ....

You can swipe and manually enter the card if Card Not Present is active on the card. CNP is also required to do online purchases at payment gateways that do not use 3D secure.

Found this out the hard way while trying to pay for some purchases with a new chip card.

CNP max transaction value needs to be set by the bank and you can ask to have it set to R 0.00

 

[patrick]

I hope for your sake you don't have a wad of cash lying in that account, or a homeloan with access linked to it... ABSA FTL.