Bank Fraud - SE22

[Hazel81]

Hello!

Our household in SE22 have all be the victims of bank fraud over the past few months. It's always 200 quid from a company called Streamline (3rd party transactions). There might be a shop or a bank machine locally where this all stems from. Anyone else suffered the same?

Thanks,

H

[JohnL]

It's part of worldpay - maybe it's the businesses using it that are the issue.

I'd complain to them and then to worldpay

https://www.worldpay.com/en-gb/contact-us-uk-complaints

[EDmummy]

Has this twice in 3 months! Streamline ?200. I?m very careful where I use my card and other than TFL I use very occasionally in my corner shop. I?ve talked this through with my bank and they?re very vague

H azel81 Wrote:

-------------------------------------------------------

> Hello!

>

> Our household in SE22 have all be the victims of

> bank fraud over the past few months. It's always

> 200 quid from a company called Streamline (3rd

> party transactions). There might be a shop or a

> bank machine locally where this all stems from.

> Anyone else suffered the same?

>

> Thanks,

> H

[Renatus]

I used a cash point machine once and my card was cloned the next week, never again! It's better to use a credit card and even better if you can use Apple pay on your phone. There are lots of shops that won't take American Express but with Apple pay you won't have this problem.

If you use Apple play go settings and turn on notification so you will receive a message every time your card is used. This is the easiest way to stop fraud, if there is a problem with the payment you can stop the transaction or claim the money back. When you use a cash card it is difficult and the money will come out of your bank account almost immediately.

[Rolo Tomasi]

I've had two instances of fraud from Streamline over the last 3 months.

Luckily I use Monzo and it logs the location, both times it was attempted at a concession in Harrods. Looking back at my statement, I took out cash from the Co-op ATM on Lordship Lane exact;y 7 days days before each attempt. All the other transactions around that period were via Apple Pay.

It's being investigated by both parties.

[mrwb]

Possible the compromise is from within the bank... Not unheard of at all.

[Hazel81]

Luckily the fraud system on my card is good and the transaction was brought to my attention so they got nothing.

Interesting to know there are more people We've been trying to find the common thread between the 4 people in my home that have been defrauded the same way. The corner shop on upland x hindmans and barry road shop are in question. I'll check on the co-op cash machine with the others, I know I've used that.

[El Presidente]

Have had the same fraud attempted on my card. Blocked by bank. Use both of the shops you mention regularly too.

[worldwiser]

Someone signed us up for 4 different mobile phone contracts last year. Fraudulent transactions on our bank accounts are becoming an annual event but never once had a problem getting money refunded. Just seems to be a pretty standard part of life now. Fortunately the risk is underwritten by others.

[EDmummy]

Same local shops as me! If we?re with the same bank surely there must be an algorithm that finds a link and investigate

Hazel81 Wrote:

-------------------------------------------------------

> Luckily the fraud system on my card is good and

> the transaction was brought to my attention so

> they got nothing.

>

> Interesting to know there are more people We've

> been trying to find the common thread between the

> 4 people in my home that have been defrauded the

> same way. The corner shop on upland x hindmans and

> barry road shop are in question. I'll check on

> the co-op cash machine with the others, I know

> I've used that.

[Johnjohn]

Hazel81 Wrote:

-------------------------------------------------------

> Luckily the fraud system on my card is good and

> the transaction was brought to my attention so

> they got nothing.

>

> Interesting to know there are more people We've

> been trying to find the common thread between the

> 4 people in my home that have been defrauded the

> same way. The corner shop on upland x hindmans and

> barry road shop are in question. I'll check on

> the co-op cash machine with the others, I know

> I've used that.

Very Interesting.

I was contacted a few days ago about a suspiciois transaction on my account, only ?7 but again to Streamline Authorisation.

The bank halted the transaction and their security seems to work, but cancelled my card and new one is on its way.

My shortlist of potential places it was scanned was the Hindmans/Uplands Store and Barrys cashpoint!!

[EDmummy]

@johnjohn, I haven?t used the Barry cash machine for a very long time so that leaves Family Store BUT I only tap to pay

[Hazel81]

Apparently you can still be frauded through contactless. If the payment doesn't show up immediately it means that the card details are/can be held in the shops system until payment has been processed! Whoever has access to the system can see your details.

[micromacromonkey]

Payments to merchants (i.e. the shop) are (almost) never processed immediately. What happens is that the authorisation is done online when you tap or enter your PIN, which means that the merchant's PIN terminal contacts their payment processor (e.g Worldpay), which contacts the card issuing bank and checks that the card is good for that amount. In fact for most contactless transactions it doesn't even do that; they just assume it's OK (and will prompt youto use your PIN every now and again). At the end of that day all the merchant's transactions are batched up and sent off to their payment processor and then settlement occurs (i.e. the money is actually taken out of each buyer's account and put in the merchant's account).

At no point during that transaction are any details available to anyone to use, don't worry.

[micromacromonkey]

It's impossible to clone chip and PIN cards to another chip and PIN card. What you *can* do is to clone it to a mag stripe card, and then use that.

It's an important distinction. In a 'card present transaction' (i.e. face to face in a shop, not online) the credit card company (e.g. VISA) will assume liability for any losses, because they would have been the fault of their system. However if the cloned card is used, and the merchant allowed the person to do a signature or other less secure mechanism then it is the merchant's responsibility, not VISA or the bank or whoever.

This means that in the above case it's likely that this clone might have happened, and the merchant where the cloned card was used is most likely liable for allowing the transaction to happen with a less secure method, either because they don't understand or are actively complicit in the fraud.

In a 'card not present' (CNP) transaction (i.e. online, or over the phone) then it is also the merchant who is liable for losses, as clearly the chip and PIN security features can't be used here, and so tha tis why a lot of fraud occurs this way. Incidentally if the merchant requires 'verified by VISA' (or whatever the mastercard one is)then they are no longer liable, since this is the online equivalent of entering your PIN, in security terms at least.

[Hazel81]

Merchants have access to the card number and expiry date of contactless transactions, whether that is an online system or simply printing off a copy from the machine terminal. The fraud team don't think my card was cloned just that my card number and expire date were taken and tried in a CNP transaction.

I think if it was cloned by the machine there would be more attempts at fraud, someone pulling a few merchant receipts from a shop and trying to put through 200 quid manually on a card machine seems to be the most likely.

Family stores seems most likely!

[Sally Eva]

I was told that common fraud behaviour is to put through a small transaction to check that the card is valid and works. If that goes through alright, then the fraudster starts on bigger stuff.

the idea being that the small amount is proof of concept and if the bank account owner notices they will be puzzled rather than alarmed ("I don't remember buying that cup of coffee") and by the time they have asked their famility who borrowed their card, the account will be empty

Johnjohn Wrote:

-------------------------------------------------------

> Hazel81 Wrote:

> --------------------------------------------------

> -----

> > Luckily the fraud system on my card is good and

> > the transaction was brought to my attention so

> > they got nothing.

> >

> > Interesting to know there are more people We've

> > been trying to find the common thread between

> the

> > 4 people in my home that have been defrauded

> the

> > same way. The corner shop on upland x hindmans

> and

> > barry road shop are in question. I'll check on

> > the co-op cash machine with the others, I know

> > I've used that.

>

>

> Very Interesting.

> I was contacted a few days ago about a suspiciois

> transaction on my account, only ?7 but again to

> Streamline Authorisation.

> The bank halted the transaction and their security

> seems to work, but cancelled my card and new one

> is on its way.

> My shortlist of potential places it was scanned

> was the Hindmans/Uplands Store and Barrys

> cashpoint!!

[KalamityKel]

It's also important to point out who the "merchant" is. Not necessarily is it the shop you are in but the actual card processing company. There are many steps involved in card processing.

To say merchants, if assumed to be the shop or seller, have full card details is not quite correct. In most cases they only have minimal access to such information.

The issue is likely to come from the security of devices used ie. the chip and pin pads. If they don't meet PCI compliance then there is more risk to "hacking" to their system whether it being direct to the device or the ability to get on to secure details on a network/phone line for devices. However, not being PCI compliant does not automatically result in a retailer being subject to fraudulent activities. There are too many variables and possible people in the chain of exchanging monies electronically and typically everyone likes to blame someone else.

Unless there is solid proof someone somewhere is responsible, finger pointing and assumptions should be avoided.

[JohnL]

micromacromonkey Wrote:

-------------------------------------------------------

> Payments to merchants (i.e. the shop) are (almost)

> never processed immediately. What happens is that

> the authorisation is done online when you tap or

> enter your PIN, which means that the merchant's

> PIN terminal contacts their payment processor (e.g

> Worldpay), which contacts the card issuing bank

> and checks that the card is good for that amount.

> In fact for most contactless transactions it

> doesn't even do that; they just assume it's OK

> (and will prompt youto use your PIN every now and

> again). At the end of that day all the merchant's

> transactions are batched up and sent off to their

> payment processor and then settlement occurs (i.e.

> the money is actually taken out of each buyer's

> account and put in the merchant's account).

>

> At no point during that transaction are any

> details available to anyone to use, don't worry.

By "prompt you to use the pin" you mean they decline you and after one or two panics you realise it is part of the system. lol. I'd rather that than risk of fraud however.

My contactless transactions also sit in "pending" for a while so that fits.

[AD]

I had a different type of Bank fraud recently but Bank Fraud nonetheless.

A card was sent to my home address that I never received (annoying my bank did not say it had been sent as I expected it later) and then separate to that a pin was sent in a separate letter which again I never received.

Both letters never made it to my letter box and I received an email saying my account was overdrawn.

I contacted my bank and they informed me someone tried to take out the max they could from that account having previously checked the balance, luckily its an old account with very little in so the damage was minimal and I was re-funded.

My bank has pointed me in the direction of the post office given I do not have a shared letter box and did not receive either of the two letters with card or pin that we sent on separate days.

[ianr]

Royal mail actually. But please do report it to them asap, while the trail may be slightly warmer, and making it clear that it's already been confirmed by your bank as a double theft of mail and subsequent fraud.

Th RM website's attempts to lead people to web pages other than the contact detail ones could almost have been designed to derange. Even the copy-and-paste of their contact page URL leads to a different page. So I'm copying what is on my screen at the moment at personal.help.royalmail.com/app/contact#category-tree-after .

"Call us 03457 740 740. We're open Monday to Friday, 8am-6pm, Saturday 8am-1pm and Sunday 9am-2pm"

Email us

Send a message now https://personal.help.royalmail.com/app/webforms/contact/c/310

[i've tested this link from my preview. It does seem to lead reliably to a Contact form.]

We aim to reply within 3 working days

IMPORTANT: To complete and submit forms on our website, please make sure you have the following internet browsers:

Chrome 46 or newer, Safari 9.0, Internet Explorer 11/Edge, Firefox 41 or newer.

Alternatively, you can contact us at [email protected]

We aim to answer emails sent to this address within 10 working days."

[JohnL]

AD Wrote:

-------------------------------------------------------

> I had a different type of Bank fraud recently but

> Bank Fraud nonetheless.

>

> A card was sent to my home address that I never

> received (annoying my bank did not say it had been

> sent as I expected it later) and then separate to

> that a pin was sent in a separate letter which

> again I never received.

>

> Both letters never made it to my letter box and I

> received an email saying my account was overdrawn.

>

>

> I contacted my bank and they informed me someone

> tried to take out the max they could from that

> account having previously checked the balance,

> luckily its an old account with very little in so

> the damage was minimal and I was re-funded.

>

> My bank has pointed me in the direction of the

> post office given I do not have a shared letter

> box and did not receive either of the two letters

> with card or pin that we sent on separate days.

Watch it wasn't pulled from your letterbox if not pushed completely through when posted. One boy had the cheek to do this, ring my door and say the bank letter required my signature (he then produced a scruffy bit of paper for me to sign). I rang the bank and they said their bank cards and pins never require my signature. That,s when I insisted the bank send cards and pins to my bank branch instead.

[AD]

JohnL Wrote:

-------------------------------------------------------

> AD Wrote:

> --------------------------------------------------

> -----

> > I had a different type of Bank fraud recently

> but

> > Bank Fraud nonetheless.

> >

> > A card was sent to my home address that I never

> > received (annoying my bank did not say it had

> been

> > sent as I expected it later) and then separate

> to

> > that a pin was sent in a separate letter which

> > again I never received.

> >

> > Both letters never made it to my letter box and

> I

> > received an email saying my account was

> overdrawn.

> >

> >

> > I contacted my bank and they informed me

> someone

> > tried to take out the max they could from that

> > account having previously checked the balance,

> > luckily its an old account with very little in

> so

> > the damage was minimal and I was re-funded.

> >

> > My bank has pointed me in the direction of the

> > post office given I do not have a shared letter

> > box and did not receive either of the two

> letters

> > with card or pin that we sent on separate days.

>

> Watch it wasn't pulled from your letterbox if not

> pushed completely through when posted. One boy

> had the cheek to do this, ring my door and say the

> bank letter required my signature (he then

> produced a scruffy bit of paper for me to sign).

> I rang the bank and they said their bank cards and

> pins never require my signature. That,s when I

> insisted the bank send cards and pins to my bank

> branch instead.

I did think that but my thoughts were most letters do come all the way through and its pretty rare they are stuck in the letter box if unless its thick, also the letters were 3/4 days apart so they probably have know, this is just me guessing so I am not sure.

Also I work from home and most of the time see the postman arrive (including when the letters were supposed to arrive) and I check the letter box to see if any are in there.