Someone tried to use my CBA credit card online today

doperst on 16/02/2017 - 15:18

Got a text message this morning from CBA saying that there was an attempt to use my credit card online.
Fortunately, international online transactions were locked on my card so no harm was done.
I called the bank and they confirmed that there was an unsuccessful authorization from some Indian-sounding website.

I wonder how this could happen? I'm always extra careful with my cards, never leave my wallet unattended, never hand my cards over to anyone. I have only used this credit card online a few times - on Amazon, Paypal and on everydaygiftcards.com.au
I also used this card to pay for AAMI insurance over the phone a couple of weeks ago.

So I guess AAMI customer service and everydaygiftcards.com.au are my primary suspects..

Has anyone had similar problems recently?

Financial

Comments

  • canyoudoitcheaper on 16/02/2017 - 15:23
    -2

    everydaygiftcards.com.au

    Probably this. Also the Paypass on your card could have been swiped while you were on public transport or walking down the street.

    • doperst on 16/02/2017 - 15:35
      +3

      Not possible. Paypass data does not contain CVV2/CVC2 (the 3-digit security code on the back of the card).

      • canyoudoitcheaper on 16/02/2017 - 15:41
        +2

        I'm talking about RFID/NFC skimmers: https://www.youtube.com/watch?v=s3CTl2L4-Jw

        You don't need a CVV to make transactions worth less than $100.

        • eug on 16/02/2017 - 15:42

          You don't need a CVV to make transactions worth less than $100.

          Even online, as the OP said? I've never seen an online checkout that doesn't ask for it.

        • doperst on 16/02/2017 - 15:53
          +6

          CVV2 is always required for online purchases.
          You probably thinking about pin - pin is not needed to make contactless transactions worth less than $100.

          Also, RFID skimming is an urban myth. Contactless payments are actually very secure, as far as I know there are no documented cases of successful fraud with contactless skimmers.

      • djsweet on 16/02/2017 - 17:58
        +1

        I don't believe CVV is actually required, but the merchant pays less processing fees if they provide it.
        But I agree that it is unlikely due to the encryption used by the credit card.

        • doperst on 16/02/2017 - 18:59

          Yes, CVV2 is optional, it's probably at bank's discretion whether to accept transactions without it. In reality though it's almost always required.
          I only know one website that doesn't ask for CVV2 - Amazon.

  • nocure on 16/02/2017 - 15:23

    Have you shopped online at "discount drugstores" recently?

    • doperst on 16/02/2017 - 15:36

      Nope. Paypal, Amazon and everydaygiftcards only.

      • boomramada on 16/02/2017 - 16:08

        Well it could be ebay, international transaction,
        e.g. : When you shopping places like banggood via ebay, it process as international transaction.

        • doperst on 16/02/2017 - 16:13

          It can't be ebay or any other website where I pay with Paypal, as Paypal doesn't share credit card details with them.
          Also, I checked my Paypal account and there were no traces of this transaction.

        • boomramada on 16/02/2017 - 16:19

          @doperst:
          True, Paypal don't share info but
          when you shopping with places like banggood, it will be a international transaction
          and there will be no transaction history, since transaction never occur ie declined.

          This just a example. or something else, just ring your bank and ask for new card, you already done that :)

        • doperst on 16/02/2017 - 16:54

          @boomramada:
          I have some balance on my Paypal account and a different card that is set as default. So I'm pretty sure this transaction didn't come from Paypal.

  • pantsparty on 16/02/2017 - 15:26

    Even the most reputable stores and websites can have data breaches. No point speculating how it happened. I would just cancel my card and get a new one issued so whoever has your information can't send it to their mate in Australia to clone onto a card and shop with.

    • doperst on 16/02/2017 - 15:33

      Have already done that.

      • pantsparty on 16/02/2017 - 15:35
        +3

        Happy days. Issue resolved.

        • doperst on 16/02/2017 - 16:56
          -2

          Yeah, but I'm just curious.
          I was hoping someone would reply "I had exactly the same issue after I gave AAMI (or everydaygiftcards) my CC details" or something like that.

  • aussie bargain on 16/02/2017 - 16:28

    Why is the Amazon not a suspect?

    If I were you, I would say that AAMI customer service is also a suspect (assuming that they asked for your CCV then).
    Another thing that you suspect is the device/computer you used for your online transactions.

    everydaygiftcards.com.au can be a suspect as they store your credit card details automatically but supposedly doesn't store the ccv.
    However, if there was a breach on everydaygiftcards.com.au, then I would assume that you wouldn't be the only one impacted.

  • wukachuka on 16/02/2017 - 16:34
    +2

    More likely to be a keylogger on the end user computer imho.

    • doperst on 16/02/2017 - 16:43
      +1

      I'm scanning all my computers with Malwarebytes and DrWeb every few months. Actually this was the first thing I did today and found nothing.

      • WT on 17/02/2017 - 08:22
        -1

        if you use your pc every day, every few months is too long. I do mine 1-2 times a week but really should do it more often

        • doperst on 17/02/2017 - 08:52

          I can't even remember when was the last time I had a virus on my pc. At least 10 years ago.

        • Tacooo on 24/02/2017 - 10:46

          @doperst: That's the thing about good viruses; you don't know they're there.

  • anonymous01 on 16/02/2017 - 23:41

    Did you get any emails from paypal asking you to sign in your account to change details etc..? I am talking about scam emails that use real paypal logos and similar domain names that look almost authentic to untrained eye.

    • doperst on 17/02/2017 - 00:52

      I do get these scam emails from time to time but I never click links in them :)

  • anonymous01 on 16/02/2017 - 23:43
    +1

    Also you can use https://haveibeenpwned.com/ to see if any of your online accounts have had a data breach.

  • moirakutch on 17/02/2017 - 12:02

    I had my card compromised recently, one Australian transaction followed very quickly by 3 international transactions within half an hour, with the last transaction coming through as I was on the phone to report it to the bank!! Any place that may automatically renew a service or even through paypal is always at risk. My sisters was Paypal, but I like you do not know for certain where the compromise occurred.

  • INFIDEL on 18/02/2017 - 01:34
    +1

    Discount Drug Stores was hacked at least once last year, with CC details stolen. OzBargainers were affected.

    I made a purchase by CC on 23/9/16, but my card was only used fraudulently from 9/2/17. Card now canceled. Otherwise only used for PayPal.

    Another CC I used in their earlier deal (99c toilet paper) on 29/7 was fraudulently used before 7 Aug. Cancelled card.

    Hard to tell if the fraud was directly due to hacking on that site.

  • nikey2k27 on 18/02/2017 - 07:02

    That happen to me a few weeks ago. data easily stolen from you no need to stress they pick it up.

  • [Deactivated] on 18/02/2017 - 21:21

    This happened to me last year shortly (few weeks) after a transaction to Off the Back. It was the only irregular transaction that happened before the freeze (cba caught it for me)

  • charng on 19/02/2017 - 12:27

    you stored your c/c info on a website during checkout (or the website stored without telling you). the website got hacked. bang, info on the blackmarket.

    • doperst on 19/02/2017 - 13:19

      Ok, but as I said, I only used this card on 3 websites - Paypal, Amazon and everydaygiftcards.
      If any one of them was hacked, it would be all over the news.

  • PVA on 19/02/2017 - 13:25

    Could simply be from a real physical store you visited and a staff member or customer has grabbed you details and used it/ passed it on to someone.
    It doesn't have to be via an online site.

  • Schema on 19/02/2017 - 13:47

    Doesn't matter if you're doing virus scans.

    you can crypt the "virus" so that it's undetectable from virus scans, not hard to do, can get a full setup and remote someones computer / webcam / keylog data for like $20 if you want some "quality" stuff.

    It's quite possible that you've been Ratted and someone has grabbed your info that way.

    • INFIDEL on 19/02/2017 - 14:49

      Ah all these terms I don't know, like Ratted (so many lovely uses already for that term). (I only use an Android phone for my rare CC transactions.)

      So found a site with enough expletives to explain Ratted😯

Login or Join to leave a comment
Login Join