Computer Software > Security

How widespread is compromised accounts, card cloning etc?

(1/3) > >>

Chrysalis:
I feel it is much worse than is publically announced, the amount of companies revealing its happened to them years after the fact as well.

So my story today is an hour ago I got an email from Paypal, payment declined on the debit card.  The account has a healthy balance.  But on the paypal system if you have a bank account linked to paypal, its not also linked to your card automatically, so if the paypal balance isnt high enough it wont use paypal funding sources.

I logged into paypal, and I see no details of the declined transaction, but I do see a pending transaction which I know is not me.  THREE-TOPUP(IVR).

Here is some more information.

Payment type: In-store purchase
Funding Source: PayPal balance
Funding Source: -£35.00 GBP - PayPal Business Debit Mastercard ending in x-XXXX

This card has never been used physically.

Paypal have no 24/7 fraud team, and I cannot dispute online, so in limbo hoping more transactions are not about to be done.

So where has the card been used?

Amazon UK
Twitch (linked to Amazon pay).
Asda and Morrisons online
and here it comes.
A small company I used to buy a UPS power cable from 2 weeks ago.  I wont name them, because its speculation that I think they may have a compromised payment system.

I already had started using disposable virtual cards (single time use) for any unknown companies (from revolut).  But didnt when i got the cable.

Can a physical card be cloned from online purchase data?

tubaman:
I'm pretty sure you can call Paypal 24/7 as I've spoken with them late evenings before.
If you go to https://www.paypal.com/uk/smarthelp/contact-us?locale.x=en_GB and then "Disputes and account Limitations" > "Disputes" > "Dispute a Payment" > "Call Us"
 :)

d2d4j:
Hi Chrysalis

That's not good but happens and yes, many systems can be compromised but I thought you had to register with ICO for PCI compliance as well as conforming to the law due to peoples details been held.

I would suspect your paypal account has been hacked rather then cloning cards or using your card details from an online store.

The reason I think this are as follows:

All stores used for purchases are online (no physical card needed and no CVV number needed if a trusted agreement exists between stores/MA-gateway)

I think all stores mentioned allow payment by Paypal

3DS2 and PCI require no CVV details can be held on payment system used (even MA-gateways do not store CVV) (we have this issue with our MA-gateway and API, which is why we cannot currently undertake autopayment unless a scheduled Monthly rate is set for a set period of time)

I would check no monthly payments have been created in paypal and turn on OTP text to mobile but also ensure no other mobile number have been created/changed and same with email accounts etc...

I am sure paypal would fully refund all fraud transactions

Many thanks and sorry I think you already know the above so apologies if you did

John

meritez:
You can purchase that Three Top Up voucher directly off Paypal's website: https://www.paypal.com/uk/gifts/brands/three

sevenlayermuddle:
I’m aware that nobody is supposed, or allowed, to store card CVVs.  But that didn’t stop BA’s massive breach leaking full card details, with CVV, in 2018.   I was affected by that one, having very recently booked a flight. :'(

https://www.cnbc.com/2020/10/16/british-airways-fined-20-million-for-data-breach-by-ico.html


Reminded me of one of my favourite movie quotes, from Dr Strangelove...

President to General:  “I was under the impression that I was the only one in authority to order the use of nuclear weapons.“

Response:   “That's right sir. You are the only person authorized to do so. And although I hate to judge before all the facts are in, it's beginning to look like General Ripper exceeded his authority.“

 :D

Navigation

[0] Message Index

[#] Next page