Okay, so today I got cyber-scammed !

Sentinel

Bionic Poster
#1
Woke up at 5:30 or so to go for a run, and checked my SMS/messages.

Someone had at roughly midnight used my Stan Chart debit card on Uber for about Rs 4500 (thats a huge amount to use on Uber). I am asked to SMS "2" to a number if i did not make the transaction, but the SMS does not go through.

Then I get another message that someone has spend Rs 79 at American Foundation 3 minutes before that (around 12:07am). Again, I am to immediately send a "2" to a number if i did not. But 6 hours have passed.

The strange thing is that my debit card is under lock and key, I have never used it at an ATM or shop, maybe only twice I have done an online purchage on Amazon (once was 3 years back). So the card has been in my cupboard all along.

My relationship manager gave me the number of the online banking, so called them and they want me to go to the cyber-crime cell (police) and lodge an FIR. (First Information Report) or something, basically a complaint. Had the card blocked immediately of course.

According to the cyber-crime website, I have to get some information (printouts) from the bank and then lodge the FIR.

So off to the bank. My mum thinks there's no point going to the police. Nothing will happen. Even i am not sure how much time and effort I should spend in chasing this amount. She was wondering if we should talk to our lawyer, ( but I know that his charges will be way in excess of the amount I have lost. )

What do you folks think ?

- Should I get involved with the cops on this ?

- Since the card is in my possession, do you think this is some flaw in the system.

- The customer care guy asked me if I had ever used this card on Uber, but the point is that the card number was used in two different locations so it does not seem like something in Uber's system.

- Also since the person did not try to clean out my account, or withdraw cash, I am wondering whether this is really someone doing something malicious. He just did two transactions, and the Uber one could be traced to him through his mobile number.

- Using the card at midnight does seem suspicious. And a tiny amount of Rs 79 at something called American Foundation at that time ???

I do keep reading of some foreigners who are scanning ATM's and then withdrawing cash from accounts and then partying in Thailand, but I have not used this at an ATM.

Thoughts ?
 

Chadalina

Hall of Fame
#3
If your debit card was locked and used, the bank is at fault. Let them do the leg work, request it be put back into the account asap.
 

Sentinel

Bionic Poster
#4
If your debit card was locked and used, the bank is at fault. Let them do the leg work, request it be put back into the account asap.
The card was not blocked. I had it locked up.

Someone stole about $50-$60 bucks? Won’t the bank just give it back to you? Even if not, are you really going to waste your time on $50?
That;s what I am thinking. Although, I am not in America, so the amount isn't that tiny too.
 

Sentinel

Bionic Poster
#5
It seems that someone in Amsterdam did this thing. At least the larger amount says Payment Uber Credit Amsterdam.

The guy at the bank said that they would issue temporary credit, and then investigate and then issue permanent credit to me (I suppose if they are able to track this down).

Yes, the amount is not large, but the guy could have cleaned me out since a few weeks back some fund/investment of mine did get credited into my account.
 
#6
Go to the cops NOW. They are capable of doing multiple transactions, I can bet they are most probably not Germans.

And if you remain vulnerable, and they end up realising that, they might take out a lot more than that.
 

Chadalina

Hall of Fame
#7
The card was not blocked. I had it locked up.



That;s what I am thinking. Although, I am not in America, so the amount isn't that tiny too.
The card is a physical represention of your account, its not the key to the safe :)

I always use my credit card, can always call and tell them to take it off, they give very little hassle. Sometimes dont even want to know why, i just say no and done :)
 
#8
I do keep reading of some foreigners who are scanning ATM's and then withdrawing cash from accounts and then partying in Thailand, but I have not used this at an ATM.

Thoughts ?
Last week, a guy knocked me down from behind and ran off with my wallet and has been using my credit cards all over the globe... I have not yet reported it to the police as he is still spending far less than my wife.

:(
 

Sentinel

Bionic Poster
#9
Last week, a guy knocked me down from behind and ran off with wallet and has been using my credit cards all over. I have not yet reported it to the police as he is still spending far less than my wife.

:(
Maybe you should propose to him :D

Go to the cops NOW. They are capable of doing multiple transactions, I can bet they are most probably not Germans.

And if you remain vulnerable, and they end up realising that, they might take out a lot more than that.
I had the card blocked. I won't have a card with Stan Chart. With them I just use check, and if need be online bank to bank transfer.
 
#11
It seems that someone in Amsterdam did this thing. At least the larger amount says Payment Uber Credit Amsterdam.

The guy at the bank said that they would issue temporary credit, and then investigate and then issue permanent credit to me (I suppose if they are able to track this down).

Yes, the amount is not large, but the guy could have cleaned me out since a few weeks back some fund/investment of mine did get credited into my account.
I did not really understand the OP. Someone got your card info and used it for relatively small online transactions?...If this was a criminal why would he not clean you out?

Did you get a look at him. Could it be saroosh ?
It was dark so I did not get a good look but he ran away with my wallet so it could not have been him. :unsure:
 
Last edited:
#13
I used to work at a big bank

Call them up and get the fraud department to fix it. They’ll cancel your card, get you a new one and reimburse the funds that were stolen.
He is lucky his fraud payment went to uber, a respectable business. Should be fine either way

Celebrate with the finest cold choc cake, it was money gone. Get some pleasure out of this :)

oops big pic
http://2.bp.blogspot.com/-dbX-0mNXbQU/Uf56OlWn7rI/AAAAAAAADaw/k6YW9o0yjH0/s1600/IMG_0714.JPG
 
#15
This could be an inside job, since you don't use your card. Methinks that someone in the Bangalore support team texted your info to one of his stoner pals in Amsterdam. I would consider suing the bank for emotional damages.
Not necessarily.
In some countries, for example in Chile, Costa Rica, where Uber is illegal, but they still operate, the transactions on the CC will be shown as Uber Netherlands.
I don't remember about Argentina, as it is a bit more complicated there, the driver must have a bank account abroad in USDs, so Uber US might pop-up while taking taxi in Argentina.
 

Tennease

Hall of Fame
#17
So if someone used it on Uber, this guy must have been able to add your debit card number, expiry date and three digit security number into his or her Uber payment.
 

Tennease

Hall of Fame
#18
Be careful when you use any free public WiFi . Don't visit online banking or online shopping with your credit card if you are on a free public WiFi!!!! Anyone in the same network can see!!!!
 

Tennease

Hall of Fame
#19
I did not really understand the OP. Someone got your card info and used it for relatively small online transactions?...If this was a criminal why would he not clean you out?



It was dark so I did not get a good look but he ran away with my wallet so it could not have been him. :unsure:
I think this criminal deliberately spends little so that it doesn't appear suspicious and to make it look like a normal day to day transaction.

My classmate in NZ once stayed in a motel there which was run by foreigners and he used the free Wi-Fi to do some online transaction. Next few days someone spent about 20 dollar with his credit card for buying a credit for a phone sim card in England.
 
#20
So if someone used it on Uber, this guy must have been able to add your debit card number, expiry date and three digit security number into his or her Uber payment.
Yes, that is all you need to make online purchases. card #, expiration
and 3 digit code.

Thief may be somewhat limited as shipments typically only go to cardholders home address? That's why he purchases intangible items and services. :unsure:

But the card was never physically used at a shop or ATM. Card was locked up in a drawer. Only used in 2 Amazon transactions 3 years ago.

How did the thief get the card info?
 
Last edited:
#21
Last week, a guy knocked me down from behind and ran off with my wallet and has been using my credit cards all over the globe... I have not yet reported it to the police as he is still spending far less than my wife.

:(
Did this coincide with your wife “visiting her mother”?
 

Tennease

Hall of Fame
#22
Yes, that is all you need to make online purchases. card #, expiration
and 3 digit code.

Thief may be somewhat limited as shipments typically only go to cardholders home address? That's why he purchases intangible items and services. :unsure:

But the card was never physically used at a shop or ATM. Card was locked up in a drawer. Only used in 2 Amazon transactions 3 years ago.

How did the thief get the card info?
Maybe Sentinel did online banking and that debit card was in the online banking. Anyone can steal anything online.
 
#25
My issue is who gets up at 5:30am for a run? Usually people in balaclavas stealing peoples debit cards.

I think you should ask yourself some pretty searching questions about where you were last night around midnight.
 

Azure

Hall of Fame
#26
You will not get anything back Senti, I have prior experience dealing with all sorts of people who've tried to cheat. My guess is that since there is no loss of the card reported, the bank is completely at fault. I suggest you directly contact the highest people in the bank. A harsh email to the MD or country head will make them realise. Threaten to post on social media. The latter works like a charm. Being nice does not help in India I am afraid. You will have to keep calling, mailing them constantly, shouting even. If you persevere they will pay. You need truck loads of patience though. Which bank is this? If this is a private bank you have chances.
 
#28
I purchased a $20 item online from a merchant based in India. It was not delivered and so I disputed the charge with VISA.

Credit card company advised me to first contact the merchant. I informed them the merchant is not responding to my emails. VISA told me they will investigate the issue and eventually reversed the charges.

Not sure if this was just a courtesy from VISA or whether VISA actually contacts the merchant to resolve the issue. The merchant relies on credit card companies to do business so maybe VISA can forced them to reverse charges or else risk losing their merchant transaction privileges with VISA.
 
Last edited:

Sentinel

Bionic Poster
#31
It was dark so I did not get a good look but he ran away with my wallet so it could not have been him. :unsure:
Excellent point. Silly of me to miss that detail.

I think this criminal deliberately spends little so that it doesn't appear suspicious and to make it look like a normal day to day transaction.
.
That's precisely what I thought. My manager told me that he first spent one dollar at the American Foundation to see if the card worked. Then immediately spent abuot 62 dollars with Uber Credit Amsterdam.
Also, taking a small amount means that I will probably let it go.

Thankfully, he did not go on spending on that card, since one investment of mine had just matured and got credited three days back, and yesterday evening it got debited to another investment. So he could have really done a lot of damage if he wanted.

Yes, that is all you need to make online purchases. card #, expiration
and 3 digit cod
Nope. Usually for online purchases they send an OTP to the registered mobile phone. The online customer care asked me if I had ever got an OTP. I did not.

What else does she arrange for you?
She advises me on investments. She visits my house and does all the paper work so i never have to visit the branch. It's called a Relationship Manager here.

My issue is who gets up at 5:30am for a run? Usually people in balaclavas stealing peoples debit cards.

I think you should ask yourself some pretty searching questions about where you were last night around midnight.
I had gone to sleep at 11pm or so.

Which bank is this? If this is a private bank you have chance
Standard Chartered.
 

Sentinel

Bionic Poster
#32
But the card was never physically used at a shop or ATM. Card was locked up in a drawer. Only used in 2 Amazon transactions 3 years ago.

How did the thief get the card info?
That is why i am assuming that either this is some screwup at the bank itself (like in their softwares) or he is one of some network of guys who hack into the banks servers and get information from there.

However, I would have assumed that the passwords and pins stored in the bank's database are one-way hashed and not encrypted, so there is no way they can reverse it. (Although I have read that there are ways that they can reverse hashes by maintaining a large database of portions of hashes -rainbow attacks I think it is called).

Another thing is that when I do make online payments often my browsers (firefox or safari) will say "this is an unencrypted connection" or something like that, "do you want to continue?". And this if often between the bank and VISA/Mastercard or the merchant and the bank, or something like that. I have no option but to continue otherwise I cannot make the payment.

I do not go to small time merchants, only 2 or 3 bigs guys like amazon, vodafone, airtel and some of the government website to pay utilities. Now even all those I do through something called "paytm"

Since all these government and even vodafone/airtel websites are pretty hard to navigate, I do all my payments through PayTM which remembers my last payments, uploads my bill, so it's all done on one touch literally.

That particular card was probably only used 2 times, once to buy my mobile phone in 2016 end, and maybe once more at most.

So i don't know whether someone could have hacked my connection three years back and then waited till now to use it.
 

Sentinel

Bionic Poster
#33
Someone stole about $50-$60 bucks? Won’t the bank just give it back to you? Even if not, are you really going to waste your time on $50?
I have just booked myself on the next flight on KLM first-class, and am carrying my shotgun and telescopic rifle. I am taking this guy out, make no mistakes.

This is personal.

There will be blood.
 
#34
They still ask for a confirmation code that is sent to your mobile. It's quite secure to be honest. My guess is that this is the bank's doing. Some crook in customer care.
The bank sending code to mobile is a great security feature.

But security is weak in online transactions with merchants. Only requires CC #, exp date, 3 digit cvv.
I often give that information to merchant employees when making purchases over the phone. That employee then has all the info he needs to make fraudulent online purchases. :unsure:

Nope. Usually for online purchases they send an OTP to the registered mobile phone. The online customer care asked me if I had ever got an OTP. I did not.
That is not the case here. Only requires CC #, exp date, 3 digit cvv.
No other verification. Amazon never sends me an OTP. Does Amazon.india do that?
 

Sentinel

Bionic Poster
#36
The bank sending code to mobile is a great security feature.

But security is weak in online transactions with merchants. Only requires CC #, exp date, 3 digit cvv.
I often give that information to merchant employees when making purchases over the phone. That employee then has all the info he needs to make fraudulent online purchases. :unsure:



That is not the case here. Only requires CC #, exp date, 3 digit cvv.
No other verification. Amazon never sends me an OTP. Does Amazon.india do that?
Amazon does not. But the bank sends the OTP.

I remember in the US i could use my card over the phone (1990's). I don't know whether that is even possible here today. But i guess maybe that guy used a phone, or maybe a fake duplicate card.

Howver, if i use my card at a shop, I only have to punch in the four digit pin. So at the very least that chap would have had to have the pin somehow.

When I shop online at amazon and my grocery store etc, I do have to punch in the expiry date and CVV number on their website before I am sent to the bank. So it is possible that amazon does store my expiry and CVV. There are some websites that even ask you if they can save it for future transactions. But I think the CVV has to still be typed in.
 

Azure

Hall of Fame
#37
The bank sending code to mobile is a great security feature.

But security is weak in online transactions with merchants. Only requires CC #, exp date, 3 digit cvv.
I often give that information to merchant employees when making purchases over the phone. That employee then has all the info he needs to make fraudulent online purchases. :unsure:



That is not the case here. Only requires CC #, exp date, 3 digit cvv.
No other verification. Amazon never sends me an OTP. Does Amazon.india do that?
I have always had to send an OTP for making a transaction on all merchant sites. Never store your card on any sites as well. Yes its faster but why take the risk?
 

Sentinel

Bionic Poster
#38
I have always had to send an OTP for making a transaction on all merchant sites. Never store your card on any sites as well. Yes its faster but why take the risk?
There is one website that allows you to store card details, but they don't do it, they do it through some other service, and you need an OTP to accessed the stored cards. I think it was airtel (my digital TV provider).
 

sureshs

Bionic Poster
#42
Standard Chartered.
That fits in well with your status of a foreign-returned guy with too much money living in an ancestral mansion with a fleet of domestic help. Ordinary folks like my father keep their money in local banks while Standard Chartered is a British multinational bank.
 

Azure

Hall of Fame
#43
That fits in well with your status of a foreign-returned guy with too much money living in an ancestral mansion with a fleet of domestic help. Ordinary folks like my father keep their money in local banks while Standard Chartered is a British multinational bank.
How much money do you think he has? Does he have a lot stashed in his Swiss account? I could do with some right now.
 
#45
I always have to use OTP when I buy something from Amazon,etc. unless I am buying from foreign websites where the transaction occurs without the need of OTP. I think there is a rule in India that OTP security feature must be used by merchants to accept payments. It is possible that some guy working at Amazon could have sold your info.
 

Tennease

Hall of Fame
#46
How Can Crooks Use My Debit Card Number Without Having the Card?

•••
By: Jane Meggitt
Reviewed by: Alicia Bodine, Certified Ramsey Solutions Master Financial Coach
Updated November 17, 2018

Your debit card may be safely tucked in your wallet, but someone could have just used it to take money out of your bank account. How might that happen? Sophisticated criminals use various methods to obtain your debit card information and steal your money. There are ways to help foil crooks, though doing so means not using your debit card in certain circumstances.

Tips
The PIN Number
Without your personal identification number, or PIN, debit card transactions shouldn't receive approval. That number is supposed to safeguard access to our account, but thieves have developed a variety of ways to discover those individual digits. Criminals can obtain the PIN when hacking into a merchant's site. Once they get your information, they can create phony cards and use them at ATMs. Clearing out a bank account is much easier for them than attempting to make purchases, as they then have to sell these items to a "fence," or an individual who knowingly purchases stolen goods for resale.

Phishing for Information
Thieves devise ingenious ways to steal information from debit card holders. Online, they might try phishing you via email, posing as your bank or another reputable agency and requesting your card information and PIN number. Always contact your bank directly – not by replying to a possibly phony email – to verify such communications.


Dishonest Employees
Crooks working in legitimate stores might set up false PIN pads that collect your information, but never send it to your bank. The employee commits fraud by putting cash in the register – so that the store doesn't detect issues with its finances – then later creates a fake card and robs your account. Another scam involves a business swiping your card more than once for a purchase. The first swipe sends the information to your bank. The second, illegitimate swipe allows the criminal employee to obtain and keep your information, which can eventually be made into a card.


Protect Yourself
Avoid using your debit card to make online purchases. It might be inconvenient, but it sure beats having your money stolen. Also avoid using your debit card to pay bar and restaurant checks because the server physically takes your card away to complete the transaction. Unscrupulous restaurant employees could steal your information, then hand the card back to you. Never reveal your PIN number to anyone, even trusted friends and relatives. Check your bank accounts online frequently – even on a daily basis. That way, you can notify your bank immediately if there's a suspicious transaction. Save all transaction receipts, then compare them with your bank statements. A receipt that never appears on the statement means you could be the victim of an unscrupulous employee.

https://pocketsense.com/can-crooks-use-debit-card-number-having-card-15390.html
 

Sentinel

Bionic Poster
#47
Avoid using your debit card to make online purchases. It might be inconvenient, but it sure beats having your money stolen. Also avoid using your debit card to pay bar and restaurant check
What are the alternatives to using a debit card for online purchases ?
 

Sentinel

Bionic Poster
#48
That fits in well with your status of a foreign-returned guy with too much money living in an ancestral mansion with a fleet of domestic help. Ordinary folks like my father keep their money in local banks while Standard Chartered is a British multinational bank.
Actually, I earlier had an account with an Indian bank only. But my CA asked me (20 yesrs back) not to keep my money in one bank. Since he had an account at SC, so he had one opened for me also.

Much earlier my first account was with Canara Bank which was the most inefficent and awful bank. My company used to also directly put everyone's salary into Canara. But my company got so disgusted with Canara that they moved everyone to ICICI and since then (early 90s) I've had an ICICI account.

And I am not "foreign returned". I was sent to the US for a year and got the smallest salary of the entire team. Then I had a few short trips of 4 weeks to the US and then Japan to get business. I wish I had stayed on for a few years, Then I would have a lot of money.

Today I have to worry about how I will get through life. I've been without a job for 15 years and it's not like the tech industry will snap me up after a long layoff.
 

Sentinel

Bionic Poster
#50
Anyway, last night I got a message from Stan Chart that they have credited the amount of Rs 4500 to my account. I suppose this is the temporary credit they said they would do.

So i suppose things are on the right track.
 
Top