I received an SMS at 10:42 pm last night from Westpac. The first thought was, is this a scam? Here's the SMS so that others know what to expect.
For security your card ending xxxx has been temporarily blocked. Please contact Westpac using the number on the back of your card to confirm recent activity.
Scammers will produce very similar looking messages. Notice that important direction to you. Contact Westpac using the number on the back of your card.
Scammers may get your number, but they need to get you to go somewhere they have control. There's no link in the legitimate SMS message. There's no number to call. You have that information on your card.
I called Westpac. Took a bit of time as I had to call multiple times. Selected the wrong options. Was this a new or existing fraud attempt. Well they know about it, so must be existing. Nope. That department's only open during the day. Got there in the end. Yep. Two online gambling and two online shopping fraudulent purchases in China. Nope wasn't me. OK. Your card has now been cancelled and we'll send you new cards. Worked out something that worked for both of us.
All good. These things happen. Now I do wonder how those people got the card details? Forever a mystery no doubt.
Kelvin Eldridge
www.OnlineConnections.com.au
Call 0415 910 703 if you're in the Doncaster/Eltham region and need IT help.
Update: 30 October 2014 - The saga continues.
OK. Sent the signed declaration. The first number provided by Westpac didn't work so tried the second number which did work. Even decided to sit there watching the fax to ensure it transferred successfully. At last all done.
Not so fast. Today I received a letter in the mail saying they'd not received my response. Ah. Didn't notice the cut-off date of the 11th. OK. That's my fault for not meeting their timeline.
They did send a reminder which I actioned I thought as soon as I received it. I find often letters from banks can take a number of days to arrive. I've seen lots of people complaining in banks about the short period they've had to pay their credit card and from my observation those complaints are warranted. But hey, I'll accept it's now up to me to follow up. And yes it's 4:45 pm and they close at 4:30 pm, unless of course you're overseas when it's 24 hours. Until tomorrow. It will be interesting to see what they've done with the fax I sent. This really is quite silly. They know it is fraud. They have the information. They've processed transactions which didn't have the appropriate information, and if it did, there's a real concern as to how that information has been obtained. There's no way I can protect myself from this occurring again because banks won't tell you how something happened.
Until tomorrow.
For security your card ending xxxx has been temporarily blocked. Please contact Westpac using the number on the back of your card to confirm recent activity.
Scammers will produce very similar looking messages. Notice that important direction to you. Contact Westpac using the number on the back of your card.
Scammers may get your number, but they need to get you to go somewhere they have control. There's no link in the legitimate SMS message. There's no number to call. You have that information on your card.
I called Westpac. Took a bit of time as I had to call multiple times. Selected the wrong options. Was this a new or existing fraud attempt. Well they know about it, so must be existing. Nope. That department's only open during the day. Got there in the end. Yep. Two online gambling and two online shopping fraudulent purchases in China. Nope wasn't me. OK. Your card has now been cancelled and we'll send you new cards. Worked out something that worked for both of us.
All good. These things happen. Now I do wonder how those people got the card details? Forever a mystery no doubt.
Kelvin Eldridge
www.OnlineConnections.com.au
Call 0415 910 703 if you're in the Doncaster/Eltham region and need IT help.
Update: 30 October 2014 - The saga continues.
OK. Sent the signed declaration. The first number provided by Westpac didn't work so tried the second number which did work. Even decided to sit there watching the fax to ensure it transferred successfully. At last all done.
Not so fast. Today I received a letter in the mail saying they'd not received my response. Ah. Didn't notice the cut-off date of the 11th. OK. That's my fault for not meeting their timeline.
They did send a reminder which I actioned I thought as soon as I received it. I find often letters from banks can take a number of days to arrive. I've seen lots of people complaining in banks about the short period they've had to pay their credit card and from my observation those complaints are warranted. But hey, I'll accept it's now up to me to follow up. And yes it's 4:45 pm and they close at 4:30 pm, unless of course you're overseas when it's 24 hours. Until tomorrow. It will be interesting to see what they've done with the fax I sent. This really is quite silly. They know it is fraud. They have the information. They've processed transactions which didn't have the appropriate information, and if it did, there's a real concern as to how that information has been obtained. There's no way I can protect myself from this occurring again because banks won't tell you how something happened.
Until tomorrow.
A little more information for those interested.
ReplyDeleteI was advised the card was blocked. Once I got through to the fraud section they said the card had been cancelled and we went through a process where I could get the card at a local branch, and the paperwork would arrive by mail. It will take a number of days before I have a credit card again. Then of course I have to go to the businesses charging my card and hope they haven't had an issue.
I was initially old there was a purchase at an online shop and the name of the shop given to me. Nope I hadn't purchased there, an in fact don't usually purchase much online at stores I don't know, and then not much. One amount was for $604.76. The purchases were made in China.
When I got through to fraud, I was told two online gambling purchases and two at bicycle shop. That's not quite the same. I'll check the statement when it comes out.
I started to think where could I have purchased that may create an exposure like this, but then I remember my mother's experience. Mum is in her late 80s. Only uses the card, mostly for groceries, and apart from that very rarely. No online purchases. No unusual places.
ReplyDeleteThat makes me think the exposure may occur in different ways. Perhaps a hacked site for one of the vendors I use. Not likely. Perhaps then card numbers can be determined. I did see one public transport authority get canned because they enabled unlimited entry of credit card numbers instead of perhaps say, three attempts. Their site became a testing ground for those wishing to check stolen credit card numbers. One you have a valid number you only need a four digit expiry date and a three digit security number. The four digit expiry date is monthly so that's just 24-36 values. The three digit security is harder, but on average it would only take 500 attempts to get the right number. If someone has worked out how to more easily use a system to test these numbers, no Visa or Mastercard is immune and the only action is for banks to cancel and reissue cards.
Perhaps someone has a greater insight as to what is happening.
I should add my mum's fraud were purchases in America. She's doesn't do online purchases and she has never purchased anything overseas.
ReplyDeleteI think I've come to the conclusion for the banks the best they can do is accept a controlled loss. They can never beat the crooks. I remember in a seminar St George stated merchants should budget for 3% loss through fraud. If they expect merchants to do that, that is what they do as well. So it isn't about stopping fraud, more about managing the loss.
ReplyDeleteWestpac sent us our new cards which I picked up from the bank on Tuesday. That's not bad service. Although the poor service is they could have been there Monday but since no one notified me they were there, I wouldn't know. I allow for that lack of service so to me it is acceptable.
The cards were activated. Would the cards work. No way for me to know. The reason is I asked about whether I should change the pin number. Best practice to me would suggest changing the pin number. So had the pin number been changed or not. Didn't know and neither did the staff member. The only way to know is when I made my next purchase. Ah well I thought.
So made a purchase last night using the pin and worked OK.
That leads me to one conclusion. No bank would issue a new card and not change the pin number if they thought that was an exposure. That would be a crazy business practice.
The transactions were most likely interent based and thus no pin number was required and thus it isn't an exposure. Personally I wanted to change my pin number. Sorry you can't. Our systems have been upgraded and that function hasn't been available for two weeks. OK. Just this branch I asked. No, all branches. So no change of pin number. Let's hope the bank has got this one right. Not sure because they now force people to provide an email address to use online banking and that to me is an exposure that isn't required. So banks often aren't as clever as they think they are.
So if all that is true, all that is between you and a crook using your card is: the ability to generate a card number (easy), the ability to work out the expiry date (relatively easy), your security code on the reverse (that takes a bit more time, but also easy).
Hence the reason I think it is about controlling and minimising the loss, but that's just my opinion.