Guys and gals. If you use ebay you probably send parcels. If you do there a couple of well known companies who offer discounted parcel services. I won't name either here.

One of those companies I placed an order with last week. I used a brand new card with a brand new bank, so nobody else in the world had the details. The parcel was duly collected and delivered. However a call from the bank on Saturday revealed that there had been some crazy spending from my acount with airlines in Singapore.

The only way these fraudsters could have got my details was via this online courier company. I just thought you should be aware.

The bank has been exceptional and have reversed all the transactions, stopped the card immediately and are sending me another one. I hope this helps someone. If anyone actually wants the company name, by all means ask me by PM. I cannot be 100% sure that is what happened, but as I haven't taken the card from the house once and have only made a single purchase with it, it does look very suspect to me.

Glad you got yours sorted.


I have just had someone spend £1200 of my money in moscow using my debit card.

I don't sell on ebay and I only buy from secure online websites and yet still this happens.



Could you pm me the compnay who you used.

:)

It's highly unlikely the courier company has anything to do with your loss, they almost certainly have had no access to your details. When you pay by credit card over the web, you are usually diverted to a payment solutions provider, such as Worldpay, Netbanx, and Streamline etc. Since the portal to these third party sites are usually customised to give the 'look and feel' of the client site, it often goes unnoticed by the buyer, who remains unaware they're on a different site. These payment solution providers have incredible security levels, and it's unlikely they are involved in any way either. The most likely security breach is using the card in a filling station, restaurant, or shop etc, where a fraudster has physical access to your details and/or can swipe the card through a reader. Another possibility is the details have been discovered through a carelessly disposed of C/Card statement, which may have happened years ago. I've just reread your post and noticed it was a new card, but to assume no one has had access to the details is incorrect, there will be bank staff who have access and some people involved in the card manufacturing process. The last time I was involved in a case of credit card fraud (as a victim) the culprit was a young female bank employee, who had fell for a 'bad boy' criminal. I had my money refunded by the C/Card company, and had the pleasure of seeing them sent down.

It's highly unlikely the courier company has anything to do with your loss, they almost certainly have had no access to your details. When you pay by credit card over the web, you are usually diverted to a payment solutions provider, such as Worldpay, Netbanx, and Streamline etc. Since the portal to these third party sites are usually customised to give the 'look and feel' of the client site, it often goes unnoticed by the buyer, who remains unaware they're on a different site. These payment solution providers have incredible security levels, and it's unlikely they are involved in any way either. The most likely security breach is using the card in a filling station, restaurant, or shop etc, where a fraudster has physical access to your details and/or can swipe the card through a reader. Another possibility is the details have been discovered through a carelessly disposed of C/Card statement, which may have happened years ago.

I though he said no one else would have the details?

Agreed I get nervous handing my card over in Restaurants, Pubs, Filling Stations--

Over to you Woody;)

CRAZY K

I though he said no one else would have the details?

I think what Pe7e is saying is that while you think you may be giving your card details to an online merchant, in actual fact you are giving them to a payment processor (paypal, worldpay, secpay, paypoint etc. etc. are all payment processors) who do the work of authorising the card all the merchant gets from them is a "pass" or a "fail".

Very few online merchants take the card details themselves. The most they can usually get is the last 4 digits, address, country of origin etc., which they can do nothing with.

There's so much to go through if you're going to take payments yourself - SSL connections, PCI compliance, audits etc. etc. that most (except the very largest) online merchants let a payment processor handle the "taking the details" side of things, and never get the card details themselves.

Of course this doesn't apply if you phoned them and gave them your number over the phone - most merchants will have a machine or terminal for "cardholder not present" transactions and the human trust factor comes in to this whenever you hand over your card or give someone your details - basically it's probably MORE secure to do it online than over the phone!

EDIT: When entering your payment details online ALWAYS check the address starts with HTTPS and is a familiar address (usually not the merchant - will be something like paypoint, worldpay, securetrading...the usual suspects!).

OK, as a merchant myself and having an online business I do undertand the processes. I appreciate your comments PE.

I will say again. this is a brand new bank account and a brand new card. I don't even have the pin number yet so there is no posibility of using it anywhere other than over the phone or online. I have only made two transactions with the bank in total. One was paying cash in over the counter (without that card) and the second was this single transaction online.

I apreciate what you guys are saying also. I am fairly well up on how the processes work as I also have a merchant account and take cards myself. In this case the online company do still have a responsibility. They may not have given the details out but their agent has, someone is to blame. If they employ a poor company that is their issue not mine.

The main purpose of the post was to make people aware that this still is happening.:)

Could you have a trojan un YOUR computer?

Not unless it has bypassed the anti-virus software that is running 24/7.

Don't worry about it guys. Just thought I would mention it.

Not unless it has bypassed the anti-virus software that is running 24/7.

Don't worry about it guys. Just thought I would mention it.

Some do, it's happened to me before.

Well a second card of mine has been compromised, thats 2 different cards in 3 weeks. So it looks like I have a trojan and I'm overly paranoid about security (somethings got through) This time 3 payments to Shang Hai totalling £800. I've ran several scanners and can't seem to find the culprit trojan. So is reformatting my best option?

Sounds like the best way Mark!

Well a second card of mine has been compromised, thats 2 different cards in 3 weeks. So it looks like I have a trojan and I'm overly paranoid about security (somethings got through) This time 3 payments to Shang Hai totalling £800. I've ran several scanners and can't seem to find the culprit trojan. So is reformatting my best option?

Try running the Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner), it's usually pretty good.

Also, the Spybot S&D forums (http://forums.spybot.info/forumdisplay.php?f=22) are always very helpful if you think you are infected, be sure to read all the stickies and the rules, though, and you'll need to get something called "HijackThis" and post a log...but they are very helpful.

Try running the Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner), it's usually pretty good.

Also, the Spybot S&D forums (http://forums.spybot.info/forumdisplay.php?f=22) are always very helpful if you think you are infected, be sure to read all the stickies and the rules, though, and you 'll need to get something called "HijackThis" and post a log...but they are very helpful.

Thanks Marc, I'll get on it

Not unless it has bypassed the anti-virus software that is running 24/7.

Don't worry about it guys. Just thought I would mention it.

I thought a firewall was supposed to stop things getting in to your computer where as an antivirus scans the computer for things like viruses, spyware ect ect.???

I constantly remind my family not to put anything on a computer you don’t wish for anyone else to see. As for antivirus software etc it is great for the job it does but never assume it is 100% because it is not. I personally know people that can turn off your antivirus from another computer and search through yours and then turn it on again when they are finished. But saying that, they wouldn’t waist their time searching through Joe bloggs computer. Most thefts from credit cards are done via ATM machines or an office worker etc. Some credit card companies allow you to put an online security code to beat the fraudulent web sites.

Could you have a trojan un YOUR computer?

I'd agree with Theo that this is the most likely cause.

It could be a keylogger that sends the information you type in to your computer to another person/computer, highjacker which has redirected your browser to a phishing site, or another piece of malware that has somehow obtained your details.


Not unless it has bypassed the anti-virus software that is running 24/7.

A/V software is always playing catchup to the malware. It needs to be identified before it can be fought. Some A/V packages are pro-active and monitor the behaviour of files that it suspects of being malware. Not always 100% safe unfortunately.


I thought a firewall was supposed to stop things getting in to your computer where as an antivirus scans the computer for things like viruses, spyware ect ect.???

Firewalls block the communication ports on your system that your system tells it to. Some ports have to be open otherwise you wouldn't be able to connect to a network/the web. Also, some sites (including payment and banking sites) insist that you have certain ports open so that it can leave cookies on your system. This makes your system more vulnerable to malware attacks.

Whilst we can all take steps to secure the computers we use from malware attacks, due to the highly advanced tactics of internet criminals I don't believe we can ever be 100% safe.

Happened to me paying for PLI Insurance using an electronic cheque system. :eek:

It was the only debit card transaction for months and I can only summize that possibly someone got my details from that transaction, although I cannot be 100%.

I always use spybot search and destroy, with Avast Anti-virus (updates very hour) and I have process explorer running in the background to check if any dodgy processes start up. After a while you get to know what should be normally running on your system. And just for good measure I use hijack this to spot anything dodgy. I also don't rely on the firewall in the router as they are pretty lame. I use a software firewall.

Also when going on sites to make payments always make sure that they are secure when making financial transactions by looking for the locked symbol on the browser task bar.

I was lucky the bank fraud dept picked up an unusal spending pattern on the first hit so they declined the transaction. 10/10 for them!

Good Luck