Hi OZBargainers,
I just found 3 of my Coles Prepaid MasterCard have been compromised (I have checked 26 cards in total which were purchased before when there were promotions at Coles).
They were compromised since 25/09/2021 and were used to purchase Google Play credits in USD on 28/09/2021 through out the day, from 13:00 to 22:00 from my records.
Here are the screenshots for transaction histories.
https://imgur.com/a/EhY9rYN
The first card had a Google auth transaction on 25/09, and then was used to purchase several Google Play credits for US $5, $10 ,$10 and $10 on 28/09.
The second card had no auth transaction but directly paid for US $5 Google Play credits on 28/09.
The third card was only used to do an auth transaction on 28/09, as it only had around $2 balance left at that time.
Probable Cause
From the discussion below, this huge compromise should be a because of the brute force attack.
Merchants like Google/Amazon and potentially many more that does not check CVV on the cards.
All these Coles gift cards have got the same name and specific expiry dates eg. 08/25 06/26, 09/26.
The only thing the fraudster needs to guess is the 6 random digit numbers and once they get one right they'll just keep using it while there's still a balance on it.
Suggestions
- Do not stock these cards, only buy them when you gonna use them quickly after the purchase.
- If you still have a lot of balance, you can prepay your utility bills, convert to other types of cards, say Prepaid EFTPOS or buy other gift cards like Amazon and Prezzee Gift cards or other gift cards via ShopBack (this card is not accepted by CashRewards).
More than welcome for any other ideas and suggestions.
Thanks for reading!
Credit to:
@meowsers for bringing up the contact details.
@Eugklng, @cwongtech, @NoGiveJustTake for the explanation of this compromise.
@thekensai for providing updates.
And all other OzBargainers that spread this post, provide updates and make contributions here.
Update 1
A couple of OZBargainers have confirmed the same situation. So it’s nothing to do with how we used the card. This is a systematic issue.
Update 2
A friend of mine found an unused card got compromised as well. So no card is safe now. Make sure you check all you cards and spend them as soon as possible and report immediately if you have losses.
Update 3
From @thekensai: Coles Financial Services is calling back and asking for account details to provide refund.
Lol there's your first mistake, buying something through SB and not using it straight away