Completely unused bank card details stolen and used for online shopping - FNB explains how it happens

Jan

Who's the Boss?
Staff member
Joined
May 24, 2010
Messages
6,285

Hellhound105

Executive Member
Joined
Jun 5, 2018
Messages
6,864
“I believe within the bank or where the cards get printed or put inside the envelope, there are bad actors that are taking down card details and are then trying to use it for transactions a couple of months later,” he said.

“To help minimise the risk of fraud, we recommend that consumers use trusted websites for online shopping,” said Ramdhani.

So what, where they print the cards is the problem or untrusted websites?

To help minimize the risk, seems we need to print our cards somewhere else.
 

GhostSixFour

Username approved by US Airforce
Joined
Nov 9, 2009
Messages
15,288
“I believe within the bank or where the cards get printed or put inside the envelope, there are bad actors that are taking down card details and are then trying to use it for transactions a couple of months later,” he said.

“To help minimise the risk of fraud, we recommend that consumers use trusted websites for online shopping,” said Ramdhani.

So what, where they print the cards is the problem or untrusted websites?

To help minimize the risk, seems we need to print our cards somewhere else.

The first quote was said by the customer. And is merely a suspicion on his part. The second quote was the guy from FNB, so likely covering his ass.

Also, BS, this is not new, has happened to my grandmother years ago, same thing, card unused in the envelope, but being used for transactions.
 

McGuywer

Executive Member
Joined
Jun 28, 2006
Messages
7,139
Happened to a friend that banks with Standard Bank.
He never collected the card, only used the account online (sort of savings account but is a current account).
He started getting OTPs and finally transactions went off...

Standard Bank said they will refund him but the account is now locked.
 

lordnokon

Senior Member
Joined
Sep 6, 2007
Messages
866
I had the same problem with FNB 5 times over a period of 8 months (with brand new cards each time, not even opened)... All my transactions took place between 1am-3am which said Itunes... They would clear out the entire amount of my card in one go...

Lucky for me FNB, refunded me every time in full...
 

backstreetboy

Honorary Master
Joined
Jun 15, 2011
Messages
28,813
Why I prefer Capitec bank. They print your card there and then and you just walk out.

When he received it, he had already started using a secondary bank card. He told MyBroadband he always had two cards, keeping a spare should his main card get damaged.
You need an Aluma wallet available at Game, Dischem etc... Never had a card get damaged.
1629793149005.png
 

Leno

Expert Member
Joined
May 15, 2005
Messages
2,122
Don't FNB charge for declined transactions? did they refund him?
 

Pineapple Smurf

Pineapple Beer Connoisseur
Joined
Aug 2, 2016
Messages
39,605
Cards must fall
Bring back the chequebook

How to deal with a misplaced cheque book? | Live A Great Life Guide &  Coaching with Dr Prem & Team | Carve Your Life
 

puddaphut

Active Member
Joined
May 14, 2010
Messages
87
Why I prefer Capitec bank. They print your card there and then and you just walk out.

You need an Aluma wallet available at Game, Dischem etc... Never had a card get damaged.
View attachment 1133000
You don’t seem to understand how the fraud works.
It doesn’t matter who owns the card. Or whether it’s been printed yet.
Fraudsters simply run procedurally generated card numbers against escalating MMYY and random CVV.
Every bank is at equal risk.

I reckon the fraud is more noticeable on personalised cards that are sitting in their envelope. For instant issue type cards, people are probably not even seeing the transaction.
 

PAYBACK

Expert Member
Joined
Aug 5, 2003
Messages
2,098
Please. So you telling me guys delivering cards to customers are not skimming them in transit in the hope that people activate them without changing default pin?

I have never had issue with credit card fraud "Amazon Video" until I moved to FNB 8 years ago.
 

backstreetboy

Honorary Master
Joined
Jun 15, 2011
Messages
28,813
You don’t seem to understand how the fraud works.
I was talking about the first time they were successful.
His predicament started a few months ago when his card was being charged for a Netflix subscription that he had not signed up for.

He called FNB and after the bank investigated the matter, they refunded him and confirmed it was not Netflix but another service that was using Netflix as a description in its payment details.
Every bank is at equal risk.
Not at all. With Capitec you can print the card at the branch. No need to involve a third or even fourth party...
 

r00igev@@r

Executive Member
Joined
Dec 14, 2009
Messages
7,574
I though the vax was going to allow banks to use the chip it implanted for this? :ROFL: :popcorn:
 

neoprema

Executive Member
Joined
Jan 12, 2016
Messages
6,042
Are the envelopes carrying your unactivated card RFID-shielded? Whats to stop you pulling out a run-of-the-mill scanner and scanning it for the card number? I know there is encryption at play but I think thats only for transacting, it will give out its card number at least without authentication?
 

Groggyme

Well-Known Member
Joined
Apr 10, 2015
Messages
275
Simplest solution to this problem seems like someone is stealing card numbers and CVC numbers as they are printed. Doubt its delivery as delivery people would need to see the CVC and you cant get that from rubbing (CVC is not raised). Either that or someone out there has figured out the encryption on CVCs and is just brute forcing card numbers and its only a matter of time before a valid card in use gets hit.
 

PAYBACK

Expert Member
Joined
Aug 5, 2003
Messages
2,098
Have started using Apple Pay exclusively now. Added layer of encryption and no physical card transaction.
 

Thestealth

Expert Member
Joined
Mar 22, 2007
Messages
2,317
Are the envelopes carrying your unactivated card RFID-shielded? Whats to stop you pulling out a run-of-the-mill scanner and scanning it for the card number? I know there is encryption at play but I think thats only for transacting, it will give out its card number at least without authentication?
Doubt it. I don't see any SA bank investing in shielded envelopes. It would push up the branding costs significantly.
 

duckgray

Senior Member
Joined
Sep 28, 2013
Messages
547
Happened to me back in 2013. Had fraud on my card which was then cancelled and a new card order was placed.
On the same day that the new card was meant to be delivered, there was fraud on it before the card had been delivered to me.

Never actually got a proper reason on how this happened.
 

RandomGeek

Expert Member
Joined
May 14, 2015
Messages
2,193
"Ramdhani explained that the fraudster was able to generate the card number but not the CVV number." Not sure if this is still the case, but it used to be the case that when you needed a replacement card, FNB literally just incremented the PAN and adjusted the Luhn digit accordingly. So if someone had your old number, guessing the new PAN was not hard. It would have a new expiry date and the CVV would be totally different...which would save the day
 

RandomGeek

Expert Member
Joined
May 14, 2015
Messages
2,193
Doubt it. I don't see any SA bank investing in shielded envelopes. It would push up the branding costs significantly.
When the post office gets their 1kg minimum courier wish...every card delivery can be metal shielded ;)
 
  • Haha
Reactions: "D"

Napalm2880

Expert Member
Joined
Mar 8, 2007
Messages
2,680
Fraudsters simply run procedurally generated card numbers against escalating MMYY and random CVV.
Unlikely...

1. You need to bypass 3D secure. There are legitimate ways to do this but none that I know of that don't require rigorous amounts of documentation, KYC info, etc. Simply put, you're not going to do this anonymously.

2. A card number is 16 digits long, expiry is 4, CVV is 3. With a bit of industry knowledge, you can reduce the number of combinations but there are still a LOT!

3. You cannot simply brute force card transactions and do hundreds of transactions per second (TPS) without either the bank or the aggregator you're using noticing as each transaction requires significant CPU and memory to process.
 
Top