Credit Card Fraud

[jayboy]

I would like to seek opinions on a credit card fraud relating to my credit card issued by a Thai bank (I would prefer not to say which one).

 

The card in question had only been issued for a month and had very minimal use by myself - no overseas transactions at all.I then noticed from the online statement that my account had been charged Baht 65,000 for a transaction in Florida, USA which was unknown to me. Obviously a fraud and to cut a long story short the bank went through the established procedure and eventually the amount was removed from my account.

 

What leaves me unsatisfied is that I remain mystified how my card details were stolen in the first place. My credit card company say they don't know.Any clues how this sort of thing happens?

[Crossy]

Anyone with access to both sides of the card can make "card not present" transactions. So if the card has been out of your sight (fuel station, restaurant) it could have been photographed.

 

Do you have dual-factor authentication (SMS and OTP) enabled? If not then enable it.

 

It won't stop dicey outlets manually keying the card details of course, but it should frustrate online transactions.

 

[lopburi3]

14 minutes ago, jayboy said:

and eventually the amount was removed from my account.

Did you mean returned to your account?  Or are you on the hook for 65k?

[Moonlover]

Are you talking specifically about a credit card? Some folks get confused between credit cards and debit cards and I do have a reason for asking.

[jayboy]

15 minutes ago, lopburi3 said:

Did you mean returned to your account?  Or are you on the hook for 65k?

Removed from my account.Not on hook.

[jayboy]

8 minutes ago, Moonlover said:

Are you talking specifically about a credit card? Some folks get confused between credit cards and debit cards and I do have a reason for asking.

Credit card

[jayboy]

23 minutes ago, Crossy said:

Anyone with access to both sides of the card can make "card not present" transactions. So if the card has been out of your sight (fuel station, restaurant) it could have been photographed.

 

Do you have dual-factor authentication (SMS and OTP) enabled? If not then enable it.

 

It won't stop dicey outlets manually keying the card details of course, but it should frustrate online transactions.

 

 

Card was never out of my sight.SMS/OTP was enabled. With my current card I am able to temporarily lock it which I now always do, opening it for a transaction and locking it down afterwards.

[Crossy]

6 minutes ago, jayboy said:

Card was never out of my sight.SMS/OTP was enabled. With my current card I am able to temporarily lock it which I now always do, opening it for a transaction and locking it down afterwards.

 

Decidely odd then.

Inside job?

[jayboy]

1 minute ago, Crossy said:

 

Decidely odd then.

Inside job?

 

It had crossed my mind since that's where the logic leads.The other possibility is a "leak" through an online purchase with a very well known Thai retailer.

[Moonlover]

This sounds to me that it was a bank or accounting error, rather than card fraud. I suspect that because of the neat round figure of 65,000 Baht. In Florida! How did a fraudster manage that? It's too much of a coincidence.

 

And reading the precautions you take, card fraud is highly unlikely. Many years ago, 10,000 GBP disappeared from my UK bank account, leaving me stunned, mystified and nearly broke! It turned out to be a 'banking error' and was rectified 24 hours later without explanation.

[mvdf]

(very) thankfully my two credit card issuers in Germany provide apps which, for security reasons, allow cardholders to "switch off" countries where the cards are not permitted to be used. I can also choose to turn off certain functions such as online payments or ATM withdrawals or retail store payments or all of them (by simply suspending the card and unsuspending it when needed).

 

A veritable nightmare I would never want to happen to me.   

[mvdf]

5 hours ago, jayboy said:

SMS/OTP was enabled.

 

Very strange. How could this have happened then? Online transactions will not be approved without the correct OTP. 

 

Unless you colluded with a fraudster.

 

[chilly07]

What excuse did the card company give for not returning your 65k? If you followed through their fraud procedures they must have given a reason for not refunding you?

[Salerno]

1 minute ago, chilly07 said:

What excuse did the card company give for not returning your 65k? If you followed through their fraud procedures they must have given a reason for not refunding you?

 

Huh?

[jayboy]

16 minutes ago, mvdf said:

 

Very strange. How could this have happened then? Online transactions will not be approved without the correct OTP. 

 

Unless you colluded with a fraudster.

 

 

I didn't get an SMS for the USA transaction so could not supply an OTP. Please also bear in mind, in respect your last comment, that the charge to my account (suspended while the matter was investigated) was dropped.

[chilly07]

1 minute ago, Salerno said:

 

Huh?

Bank credit cards are backed by CC companies such as Visa MasterCard Union etc. They have fraud reporting procedures you can access on their websites. If you didn't do this then you should. The bank itself will not have the infrastructure to take up your claim

[jayboy]

7 minutes ago, chilly07 said:

What excuse did the card company give for not returning your 65k? If you followed through their fraud procedures they must have given a reason for not refunding you?

 

The 65 k was never debited to my account.It sat there in suspense while the matter was investigated according to established procedure involving the various parties (banks and merchants).Finally it was dropped but I didn't get any real detail on background.

[Salerno]

2 minutes ago, chilly07 said:

Bank credit cards are backed by CC companies such as Visa MasterCard Union etc. They have fraud reporting procedures you can access on their websites. If you didn't do this then you should. The bank itself will not have the infrastructure to take up your claim

 

Which doesn't clear up the confusion from your post - OP has had the 65K returned.

[jayboy]

3 minutes ago, chilly07 said:

Bank credit cards are backed by CC companies such as Visa MasterCard Union etc. They have fraud reporting procedures you can access on their websites. If you didn't do this then you should. The bank itself will not have the infrastructure to take up your claim

 

I had wondered about that but it would really just be satisfying my curiosity.

[chilly07]

Sorry-when you say the 65k was dropped from your account you mean the charge was cancelled in your favour and your balance reduced to nil.  I misunderstood! Yes most frauds are clear based on timing geography and item purchased. In that the transaction was in another country it is clear your card or account was cloned as fraudsters typically use the cloned card on the other side of the world by criminals who purchase your details on line knowing there is little chance of them getting caught. 

Edited June 24, 2021 by chilly07

[jayboy]

2 minutes ago, chilly07 said:

Sorry-when you say the 65k was dropped from your account you mean the charge was cancelled in your favour and your balance reduced to nil.  I misunderstood! Yes most frauds are clear based on timing geography and item purchased. In that the transaction was in another country it is clear your card or account was cloned as fraudsters typically use the cloned card on the other side of the world by criminals who purchase your details on line knowing there is little chance of them getting caught. 

 

Yes that's exactly what I meant.Your hypothetical outline of events is also the most plausible explanation I've heard.It leaves of course the question of how my details were stolen in the first place.The whole episode has left me (I accept not completely logical )with a distrust of security levels of my Thai credit card provider and a determination to restrict use to minimum, combined with the facility I mentioned earlier of blocking the card when I don't need to use it.

[wprime]

57 minutes ago, mvdf said:

 

Very strange. How could this have happened then? Online transactions will not be approved without the correct OTP. 

 

Unless you colluded with a fraudster.

 

 

NFC scanner near his card, can easily be done if he makes payment with the physical card. That will get name, cc number, and expiry. Remember the 3 digits at the back of the card, then use the details to create a duplicate card which will work at any merchant.

 

This can happen with any bank, not just Thai banks.

Edited June 24, 2021 by wprime

[sqwakvfr]

Easiest place to steal credit card information is the institution(specifically any employee that has access to this information)  that issued the card.  Second place would be any merchant that was paid with the card.  

[Eindhoven]

As an aside, another member here has reported a fraudulent International charge on a card only used for online transactions with Lazada and use at AEON ATM.

 

So do be careful out there.

[peetje]

I had a situation whereby I received a new credit card to replace the one that was almost out of date. The card was delivered in a sealed envelope by EMS. I activated it via the Bank mobile App. The card never left my house and was not used for any purchases. 3 days later in the very early morning purchases were made in Bangkok up to a total of just under 50,000 baht. We informed the credit card company almost immediately and they have been very helpful the costs have since been removed from my card and a new card with different number issued. So, inside job?

[CharlieH]

"Although banks claim that RFID chips on cards are encrypted to protect information, it's been proven that scanners—either homemade or easily bought—can swipe the cardholder’s name and number. (A cell-phone-sized RFID reader powered at 30 dBm (decibels per milliwatt) can pick up card information from 10 feet away. "

 

https://www.webroot.com/us/en/resources/tips-articles/credit-cards-protection

[Outbackoz]

A possibility how it happened  if your card contains RFID chip it may have been skimmed. The card doesn't have to leave your possession and can be skimmed by a passer by. Skimming devices are readily available these days and all the operator has to do is put it in a backpack cruise about through the crowds and head off to his digs and download all the skimmed credit card info from the device. The only real way to prevent this is to create a faraday cage around your card to minimise the possibility.   Have attached a pic of one for example

[CH1961]

7 hours ago, jayboy said:

I then noticed from the online statement that my account had been charged Baht 65,000 for a transaction in Florida, USA

 

I didn't get an SMS for the USA transaction

 

The 65 k was never debited to my account

You had an account movement for a transaction that you have never authorized but have not been debited either. 

 

Somerhing fishy in this tale. 

 

[jayboy]

10 minutes ago, CH1961 said:

You had an account movement for a transaction that you have never authorized but have not been debited either. 

 

Somerhing fishy in this tale. 

 

 

Definitely something fishy but not for the reason you mention.When I became aware of the fraudulent transaction I immediately advised my credit card provider that the transaction had nothing to do with me.Thereafter the charge concerned was held in suspense pending the outcome of an investigation.This all took place offshore and I don't think the Thai provider got involved at all.When the investigation was completed the amount was removed altogether from my account.

[hugocnx]

Some companies have my credit card data. That includes the security code. So if someone wants to fraud, it should be easy.

My card was abused in the USA and GBR by two taxi companies while I only use my card here in Thailand for shopping online and.......for taxi rides. Funny right?

Okay, the fraud was intercepted by my CC bank in Europe, so kudoo's for them.

Any banking card without a double check option is worthless.

Many people give their CC to e.g. a waiter and all they do is sit and wait in order to sign.

Meanwhile all card data could have been copied.

Edited June 24, 2021 by hugocnx