Credit Card Fraud

[Dirk Z]

Just to counter any bias: I have had 4 credit cards from 4 different banks in Thailand for more than six years. Never any problem. My best experience was with an American express card in 1978 when Singapore airlines forgot to send in the slip of a sum equivalent  US$ 920. 

[Khun Ron]

I had the same experience several years ago in the US where a credit card that I had NEVER used nor taken out of my pocket was hacked. In that case, I believe that the scammers used a portable card reader device that only needs to be close to the credit card in question and can read the card details remotely. I think these devices are called skimmers.

The way to protect the card contents from being read is to carry your credit cards in an RFID protective wallet. The metal encasement of the wallet prevents the remote device from being able to read your credit card details.

[flossie35]

3 or 4 years ago my Bangkok Bank credit card had all available credit removed (an amount below my 10,000 baht limit) to pay 2 UK Vodafone bills and 2 bills from Barking Borough Council. I've no idea how this happened. I have no connection with Vodafone or Barking. I think I was in Thailand when this came to light though I remember a telephone conversation about it with the Bank from Spain so I would have been in UK round about then. But I never use the card in Europe.

The bank deleted the payments from my account; and it can't have been very difficult for Scotland yard to catch the perpetrator given the trail he'd left on my bank statement.

The card had never left my possession (though I could have handed it to waiter in Chiang Mai) so could have been computer fraud? Or a waiter with a relative in Barking? Whoever it was in Barking wasn't very bright; the trail would not have defeated Clouzeau.

This not a very helpful reply to the OP!

[Dirk Z]

19 minutes ago, Khun Ron said:

I had the same experience several years ago in the US where a credit card that I had NEVER used nor taken out of my pocket was hacked. In that case, I believe that the scammers used a portable card reader device that only needs to be close to the credit card in question and can read the card details remotely. I think these devices are called skimmers.

The way to protect the card contents from being read is to carry your credit cards in an RFID protective wallet. The metal encasement of the wallet prevents the remote device from being able to read your credit card details.

This seems true for a single card. If you have multiple cards packed together I don't see how a skimmer could get the details of just one of the cards, or are the devices so sophisticated that they give you the whole list?

[sanuk711]

44 minutes ago, hugocnx said:

Many people give their CC to e.g. a waiter and all they do is sit and wait in order to sign.

There was a suggestion on here some time ago that I thought was good--- you should remove the number on the back of your card (after photoing it--or copying) then although it may be stolen in an online transaction-- it wont be taken from the above  scenario-which most are.

[natway09]

Happened to me twice very strange, almost same amounts, both out of the USA , if you have an OTP set up with a credit card it is pretty fool proof...

I was rung by KTC on both occasions (once I was in Jakarta, which they knew)

Neither attempted charge was ever posted to my account, although they insisted that I change cards, which I did

 

[swm59nj]

     I actually only had this type of experience when I was still living in the USA in 2016.  The bank would not give me any information other than deleting the charges from my account.  But the bank did have an online security breach in 2014 where customers information was effected.  

     First my debit card had a charge of $37 USD from a supermarket I never been to.  Then also had a charge of $89 USD at a restaurant I never been to.  I then contacted the bank when I spotted it.

     About two weeks later I had a charge for a little over $300 USD from an online company. This was on my credit card from the same bank as the debit card. This was a strange one. I contacted the company also.  This company had a government contract.  The only people that could order merchandise had to work for the Department of Defense.  Or be active or retired military. Which I was not one of these. And they told me the names on all orders are checked on a database.   So the person that did this obviously had my credit card information. Plus information from another person that fit the requirements to place an order. 

     It was also suggested by my bank to file a police report. I had to go to the State Police. My town did not have its own police force.  The trooper told me that even high school students go on the web and can purchase stolen credit card numbers for $20 USD.  

      About a week prior I was walking around a major mall near my home. I read that people go around with RFID readers I believe its called. . They can walk by people and it scans your credit card and store the information.  Since the incident I always buy RFID proof wallets.

[bangkok19]

I had 2 unauthorised transactions on my Credit Card made here in Sydney whilst I had the card (in my possession) in Germany.  The transactions were both online purchases (under $400) with a local Sydney Dept. Store.

 

I was baffled as to WHY only 2 transactions....   why not go on a spending spree???

 

The financial institution eventually cancelled those illegal transactions (after an investigation) so I wasn't "out of pocket". 

 

I was very curious to find out how the 'offender' carried out these transactions without my card.

When I rang back the financial institution weeks later for an update on their findings they wouldn't tell me anything 'for privacy reasons'.  But, they did say it was a common occurrence.

 

You would think they would've told me what (and if) I did anything wrong to prevent it happening again..  they probably didn't even know themselves!!!!  

[HighPriority]

25 minutes ago, bangkok19 said:

I had 2 unauthorised transactions on my Credit Card made here in Sydney whilst I had the card (in my possession) in Germany.  The transactions were both online purchases (under $400) with a local Sydney Dept. Store.

 

I was baffled as to WHY only 2 transactions....   why not go on a spending spree???

 

The financial institution eventually cancelled those illegal transactions (after an investigation) so I wasn't "out of pocket". 

 

I was very curious to find out how the 'offender' carried out these transactions without my card.

When I rang back the financial institution weeks later for an update on their findings they wouldn't tell me anything 'for privacy reasons'.  But, they did say it was a common occurrence.

 

You would think they would've told me what (and if) I did anything wrong to prevent it happening again..  they probably didn't even know themselves!!!!  

I had a similar occurrence about 4 years ago, my bank actually cancelled my card and contacted me (as they detected the transactions first) they told me that sometimes it is just computing power generating cc type numbers until they get one to work… ????????‍♂️
Other than a few days without my cc it was no dramas for me. 

[Dan O]

21 hours ago, jayboy said:

 

Card was never out of my sight.SMS/OTP was enabled. With my current card I am able to temporarily lock it which I now always do, opening it for a transaction and locking it down afterwards.

This can happen a few ways. If you used it close to the time of the fraud charge then the merchant you used it at may have been hacked or they may have an employee that skimmed your card and sold the info.   The bank that issued the card could have a  bad employee that skims cards as well. You can also be scanned and skimmed just waking down the street. They have skimmers that can read your card just by being close to you. I would not just lock the card but request a replacement card if you haven't already

Edited June 24, 2021 by Dan O

[wavodavo]

16 hours ago, jayboy said:

 

Yes that's exactly what I meant.Your hypothetical outline of events is also the most plausible explanation I've heard.It leaves of course the question of how my details were stolen in the first place.The whole episode has left me (I accept not completely logical )with a distrust of security levels of my Thai credit card provider and a determination to restrict use to minimum, combined with the facility I mentioned earlier of blocking the card when I don't need to use it.

If this happens in australia

 

16 hours ago, Eindhoven said:

As an aside, another member here has reported a fraudulent International charge on a card only used for online transactions with Lazada and use at AEON ATM.

 

So do be careful out there.

In australia, if this happens when you contact your bank they immediately cancel the card and issue a new one. They also have a system if a transaction appears on your account the bank will call you and if you live in Thailand and the charge was made in USA they will hold it  and check whether it was actually you that used the card. So if you are going to another country you just advise the bank before you go. It has happened to me 3 times   .

[Iron Tongue]

As an international business traveller, I encounter this all the time, sometimes to great annoyance because I sometimes get declined while trying to make a legitimate transaction.  While sometimes it is a small-time criminal trying to use your stolen info, it is usually organized crime responsible.  They have networks set-up to quickly steal & sell your CC data and maximize the theft before you or the CC issuer becomes aware.

I remember one time when I used my card at a bar for drinks and being notified the next day that it had already been used on charges in Moscow as well as almost US$1,000 in Lyft rides in Brooklyn, NY.

 

Never had any problems getting these charges removed.

[Ron jeremy]

Be very careful using a card in Thailand!

[CH1961]

All these horror stories remind me of my time in the USA.  

Check out at the hotel.  No, I did not use the pay tv.  

With a red head, the wife next to it.

[p414]

App 10 years ago  I  used my English credit card to buy a golf driver from a shop on Pattaya 3 rd near to the driving range.

As the dealer was processing my card I stupidly looked at some putters .When I turned back he was coming out of a back room...3 days later I checked my card with my bank..300 pounds had been removed for something bought in Japan...I put a stop and called my bank...I never got the result but the bank removed this transaction from my account..

[hugocnx]

18 hours ago, sanuk711 said:

There was a suggestion on here some time ago that I thought was good--- you should remove the number on the back of your card (after photoing it--or copying) then although it may be stolen in an online transaction-- it wont be taken from the above  scenario-which most are.

Yes, I did so.

[thailandusauk]

here we go again...

in 2021 people still do not know that you don't need to even touch the credit card to be able to clone it...

so it's too late for you to learn, right ?

 

[HashBrownHarry]

On 6/24/2021 at 8:12 AM, Crossy said:

Anyone with access to both sides of the card can make "card not present" transactions. So if the card has been out of your sight (fuel station, restaurant) it could have been photographed.

 

Do you have dual-factor authentication (SMS and OTP) enabled? If not then enable it.

 

It won't stop dicey outlets manually keying the card details of course, but it should frustrate online transactions.

 

How do you get round SMS and OTP security if you're overseas?

 

Will they send to overseas phone number?

[JimGant]

On 6/24/2021 at 4:07 PM, hugocnx said:

Many people give their CC to e.g. a waiter and all they do is sit and wait in order to sign.

Meanwhile all card data could have been copied.

.... except the CVV data on the back of the card, which prudent folks etch out first thing upon receipt of a new card (well, second thing -- first is to record that CVV number somewhere handy, as it will be needed for "card not present" purchases). The CVV number is NOT needed for "card present" purchases, so scratching it out won't present a problem.

[JimGant]

On 6/26/2021 at 2:33 PM, thailandusauk said:

in 2021 people still do not know that you don't need to even touch the credit card to be able to clone it...

so it's too late for you to learn, right ?

You can copy the card data, including CVV, for online purchases, most still not using OTP security, at least in my experience. But, you can't physically clone a chipped card that will function in a merchant's "chip only" reader. However, some merchants can program their machines to fall back to the magnetic strip, which can be cloned. Thus, some crooks build cards with chips (which can't be read), but which trigger the fall back to magnetic strip option. However, most merchants now just program their card readers as chip only. So, again, yes,your lost stolen chipped card can be used by crooks -- but they can't clone your chipped card to be used for physical purchases.

[Lacessit]

On 6/24/2021 at 3:23 PM, Outbackoz said:

A possibility how it happened  if your card contains RFID chip it may have been skimmed. The card doesn't have to leave your possession and can be skimmed by a passer by. Skimming devices are readily available these days and all the operator has to do is put it in a backpack cruise about through the crowds and head off to his digs and download all the skimmed credit card info from the device. The only real way to prevent this is to create a faraday cage around your card to minimise the possibility.   Have attached a pic of one for example

Agree, my son gave me a Faraday cage about 4 years ago. Carrying cards in one's pocket is not safe anymore.

[JimGant]

Pertinent link:

https://elie.net/blog/security/how-to-physically-secure-your-credit-card/