Jump to content

Scammed on Wise, how did this happen?


Recommended Posts

I have an online account with Wise bank (UK), and this has operated just fine since I opened it last year.

 

Since I am currently in the UK, I was eligible to get a Wise ATM 'real' card.  I requested this on the Wise website a few days agoand selected a 4-digit PIN to use with the card, and confirmed this using the 2-step OTP to my mobile phone. The Wise website confirmed that the card was being sent to my UK address.

 

Fast-forward to today, and no sign of the card in the post.  But when I logged into my Wise account, I was horrified to see 3 separate transactions using that new card!  The first was an Uber Taxi transaction for zero pounds, to check if the card was activated, the second was about 6 pounds from Uber Eats and the third was about 170 pounds (big meal!) from Uber Eats.

 

Naturally, I notified Wise immediately, froze the ATM card and transferred the remaining balance in my Wise account to my bank account in Thailand.  I hope that Wise refunds me for these fraudalent transactions.

 

But how was it even possible to charge that card?  Surely it needs the authorisation PIN?  Surely Wise don't send a 'live' card by unregistered post?

 

Perhaps someone who has a UK Wise ATM card can tell me if one needs to provide the PIN to buy Uber Eats etc......

 

I've checked my laptop for a keylogger, viruses etc, but nothing found.

 

 

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

You certainly don't need the card PIN to make an online purchase.  Just the card number/name/expiry/security code, those should be enough to initiate the transaction but the app should then ask you to authorise the individual transactions, either by the app password or biometrics.

 

It doesn't really matter if you have the "live" card or not, as soon as they issue a card number the details are on the app and it can be used whether you actually have received it or not.

 

I don't think any of this is only applicable to a Wise card.

  • Like 2
Link to comment
Share on other sites

12 minutes ago, Upnotover said:

You certainly don't need the card PIN to make an online purchase.  Just the card number/name/expiry/security code, those should be enough to initiate the transaction but the app should then ask you to authorise the individual transactions, either by the app password or biometrics.

 

It doesn't really matter if you have the "live" card or not, as soon as they issue a card number the details are on the app and it can be used whether you actually have received it or not.

 

I don't think any of this is only applicable to a Wise card.

Thanks - it would make sense that these fraudalent charges didn't require the PIN/OTP etc.  In that case, either the postman stole the card or the slimy youth who is employed at this guesthouse where I'm staying - I suspect the latter....

 

I hope I get my money refunded from Wise.

Link to comment
Share on other sites

2 minutes ago, simon43 said:

Thanks - it would make sense that these fraudalent charges didn't require the PIN/OTP etc.  In that case, either the postman stole the card or the slimy youth who is employed at this guesthouse where I'm staying - I suspect the latter....

 

I hope I get my money refunded from Wise.

The app should still have asked for your authorisation - that seems to be a security flaw.  Hopefully someone will ask Uber where they delivered this feast to.

Link to comment
Share on other sites

15 minutes ago, asf6 said:

Are you able to view the location of the Uber Eats delivery or the restaurant? 

Unfortunately no.  The large transaction actually says 'Uber Eats Pending'  which sounds to me that it isn't yet authorised.  But below on the transaction details it says 'spent' which suggests that the purchase has been completed.  At no time was any OTP or 'click to approve' push message sent to my mobile phone. I certainly will forgo the convenience of having this ATM card if the security is so lax that anyone can charge their big fat Uber meal to my account.....

Link to comment
Share on other sites

You can easily turn on and off different payment types for the card to restrict it only to ATM withdrawals for instance, as well as limiting the maximum transaction values.  Or freeze it at all times except when you want to use it.  This does of course require that all these security features actually work, which is by no means certain.

  • Like 1
  • Thumbs Up 1
Link to comment
Share on other sites

3 hours ago, simon43 said:

Naturally, I notified Wise immediately, froze the ATM card and transferred the remaining balance in my Wise account to my bank account in Thailand.  I hope that Wise refunds me for these fraudalent transactions.

Most big banks in the USA immediately return the money, freeze the card and send a new card. If they use MC/VISA network, by US Federal law, a consumer is not responsible for more than $50 of  any fraudulent activities. Not sure about UK laws and UK banks. That is the main reason I never deal with any fintech financial institutions for keeping my money in their custody. 

  • Like 1
  • Thumbs Up 1
Link to comment
Share on other sites

Another reason to use cards that will protect you and not hold you liable if someone scams your account or even fools you into thinking the purchase is legit.  Instead, use a CC with no international transaction fees, and use the app or web portal from your home country bank and pay the card's balance every month.  Have a back up, and maybe two or three backups to pay from.  

  • Like 2
Link to comment
Share on other sites

Never had an 'active' card sent, or asked to assign a pin to it before it arrives.  That's just bad business.  One to stay clear of.   Hope they have better security measures when transferring 1000's from one account to another.

  • Like 1
  • Confused 1
Link to comment
Share on other sites

Just checked my card and it appears to be bristling with security its due for renewal soon and now alerted!

if you are forced to choose a pin before the card arrives its active to tap and go and that's not wise at all even more so if the over £50 transaction is successful .. keep us informed please ???? 

  • Confused 1
Link to comment
Share on other sites

1 hour ago, iaminwa said:

The Wise physical card I received needed to be activated.

 

Activation PIN was in the App. So, even if the card was stolen from home mailbox, does not add up.

 

Same here. Card was sent to my address in Europe and then send via Fedex by my friends to me in Thailand.

 

After that I had to activate the card on the website / app.

 

Suggestion for the OP.

 

Change your Password on the Wise App.

And then follow these steps

 

https://wise.com/help/articles/2932125/how-do-i-set-up-step-login

 

Set up app-based 2-step login is the best thing to do

Edited by MJCM
  • Thumbs Up 1
Link to comment
Share on other sites

I am a bit surprised, but once you establish a PIN, only who knows what transpires.  It is hard to believe that in the same breath of requesting an ATM Card anyone would ask you for the PIN you want to use, AND would not request that once you received the card, you would have to activate.  (Almost sounds like your phone had been hacked and they were monitoring your calls or your access to WISE's internet connection, at least the ones that provided them insight into your financial transaction, bank, Wise, etc.)

 

At least in the USA, once one requests a card, the bank sends you a separate letter with their defined PIN.  Most times the PIN letter arrives before the card.  Once you get the card, you have to contact the bank using the phone number (or an internet address) provided to activate the card.  Then, if you want, you can change the PIN, but you have to use the original PIN they sent you for that initial access.

  • Like 1
Link to comment
Share on other sites

1 hour ago, MJCM said:

Same here. Card was sent to my address in Europe and then send via Fedex by my friends to me in Thailand.

 

After that I had to activate the card on the website / app.

 

Suggestion for the OP.

 

Change your Password on the Wise App.

And then follow these steps

 

https://wise.com/help/articles/2932125/how-do-i-set-up-step-login

 

Set up app-based 2-step login is the best thing to do

To confirm, I only access my Wise account using my laptop, not my phone.  I have 2-step authorisation set up and have never had any security issues receiving/sending funds to/from Thailand etc.

 

When I requested the ATM card on the Wise website it specifically asked me to choose a 4-digit PIN number, which I did.  The website made no mention that the card would need to be activated upon receipt and there is nothing on the website under 'My cards' that mentions entering an activation code or whatever.  I find that very strange.... 

 

Anyway, I'm waiting for the response from Wise.

  • Like 1
Link to comment
Share on other sites

@simon43

 

It is already a long time since I have that Card, but Wise choose the pin code for me, but maybe this has changed 

 

IMHO install the App on your phone and then a authorization goes through your phone. Only caveat is that it needs internet connection 

  • Like 1
Link to comment
Share on other sites

18 minutes ago, FritsSikkink said:

Why did you choose a pin number while you didn't have a card yet?

Because that was required on the Wise website.  After I clicked to request the card it then asked me to enter a 4-digit PIN for the card.  I did this and I then received an OTP on my mobile phone to confirm this PIN.  This was not a phishing website - it was the real Wise website because I had just used it in the same session to send funds to my Bangkok bank account.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...