Contactless debit card skimmed in Dundrum Town Centre

fiachmachale

Just a warning. I don't know if skimmed is really the correct verb for this. I was down in Dundrum Town Centre yesterday and I bought trousers. Then this morning I received a call from a lady from my bank. There were a lot of extra purchases on my debit card. All online purchases. None made by me. They were made without a pin. I didn't know this was possible.

The purchases made were from:

AirBerlin (Flights I assume)
Abercrombie and Fitch
E-flow
and an attempt to buy from Saville Row online that failed.

I'm certain this happened in the Shopping Centre there as it was the only busy place I went yesterday. After researching about it with google I've made a little foil wallet that sits in my card case. It's not clear if this really will prevent whatever device it is being used to steal card details. There are varying reports of success/failure with this method.

Anyone know anything about this or know of a foolproof method?

(By the way, bank has refunded all the purchases very quickly. which is nice)

Ron DMC

Moved from South Dublin County forum.

enda1

You don't use a pin for online shopping. Sometimes you use a password but never your pin.

For online shopping all you need is a photo of the front and rear (front only for AMEX cards) of the card. You don't need any of the actual electronic data. I don't think that the data needed (name, card number and CVV) is contained in the contact-less information.

What's most likely is that the card was passed in front of a camera at some point either at a till or restaurant. Try to remember when you last handed the card to someone. This is one of the major reasons that you're not meant to hand the card to anyone any more when paying.

galwayjohn89

Don't really know a fool proof method. I'm not overly worried about it being read contactlessly, there is always going to be some risk whether its skimmed when being used at an ATM, Shop, Internet fraud, statement theft etc.

RosieJoe

I presume that the card needs to be in close proximity of a reader to be "skimmed"? I'd hope that they cannot be read as you walk about

KTRIC

RosieJoe wrote: »

I presume that the card needs to be in close proximity of a reader to be "skimmed"? I'd hope that they cannot be read as you walk about

Theres a very small window where the contact works, its like a square inch above the reader. So unless someone had their wallet in their back pocket and the skimmer was basically touching their arse its not going to happen.

galwayjohn89

They say up to 45cm (I reckon its much less) but that is normally without any obstacles between card and reader e.g. Wallet, Jean Pocket/Bag etc. Also, needs to be relatively steady to pick up the details.

MarkR

Your details could have been acquired ages ago. And these things need to be in very close proximity. We're not talking drive by scanning, someone is going to pretty much have their hands on your card.

enda1

The card was not skimmed!!

Read the OP, the card visible data was used for onlline transactions. If it was skimmed it would have been used for (almost) untraceable cash withdrawals.

And if the contactless data was captured, at worst a contactless clone could have been made but no personal data could have been captured like that.

galwayjohn89

enda1 wrote: »

The card was not skimmed!!

Read the OP, the card visible data was used for onlline transactions. If it was skimmed it would have been used for (almost) untraceable cash withdrawals.

And if the contactless data was captured, at worst a contactless clone could have been made but no personal data could have been captured like that.

Surely it could have been skimmed at an ATM/POS and then used online?

hfallada

Well how ever used the card I imagine will be caught. Using it to pay for an eflow transaction. If they paid for their own car the Garda have a reg and will be so easy for them to find the person. But also buying an airline ticket so they have their name.


Aib cards are pretty hard to use fraduantly. You have to use your unique password for online purchases. But I imagine who ever used your card will be caught

RosieJoe

hfallada wrote: »

Well how ever used the card I imagine will be caught. Using it to pay for an eflow transaction. If they paid for their own car the Garda have a reg and will be so easy for them to find the person. But also buying an airline ticket so they have their name.


Aib cards are pretty hard to use fraduantly. You have to use your unique password for online purchases. But I imagine who ever used your card will be caught

The eflow one is odd as it is easy to trace to a registration plate. My guess is that it was done to test the water & see if they could get the transaction through.

fiachmachale

I went to use the contactless funtion at the register, but the lady said no and held her hand out for the card. I gave it to her and she swiped it and handed it back. She didn't use the contactless function (isn't that only for purchases under €15?). I had to enter my pin and I got cashback after she asked me If I wanted it. This was the only time I used the card yesterday. I have no reason to suspect this lady.

If it is the case that my card was passed in front of a camera, I realise now that it may not have happened yesterday. Just that the purchases were made online yesterday. Just after i had been in the shopping centre...

I'll now have to be watching like a hawk when i hand my card to be swiped. This is almost worse than the thief with the magical device...

L1011

enda1 wrote: »

The card was not skimmed!!

Read the OP, the card visible data was used for onlline transactions. If it was skimmed it would have been used for (almost) untraceable cash withdrawals.

And if the contactless data was captured, at worst a contactless clone could have been made but no personal data could have been captured like that.

Bold, and incorrect, statement to make there.

Skimmed cards where they don't get the PIN are only of any use online.

homer911

45cm
http://www.bbc.co.uk/news/technology-24743920

payment errors
http://www.bbc.co.uk/news/business-22545804

coylemj

LIDL have recently announced that they will accept contactless payment using Visa, Mastercard and Maestro debit cards ....

http://www.lidl.ie/cps/rde/SID-6E31B23F-9BD8F933/www_lidl_ie/hs.xsl/3988.htm

ted1

fiachmachale wrote: »

I went to use the contactless funtion at the register, but the lady said no and held her hand out for the card. I gave it to her and she swiped it and handed it back. She didn't use the contactless function (isn't that only for purchases under €15?). I had to enter my pin and I got cashback after she asked me If I wanted it. This was the only time I used the card yesterday. I have no reason to suspect this lady.

If it is the case that my card was passed in front of a camera, I realise now that it may not have happened yesterday. Just that the purchases were made online yesterday. Just after i had been in the shopping centre...

I'll now have to be watching like a hawk when i hand my card to be swiped. This is almost worse than the thief with the magical device...

it could have happened long before yesterday.

Lister1

hfallada wrote: »

Well how ever used the card I imagine will be caught. Using it to pay for an eflow transaction. If they paid for their own car the Garda have a reg and will be so easy for them to find the person. But also buying an airline ticket so they have their name.

My card was skimmed about 3 years ago. They purchased a ticket(s) on the Eurotunnel, made an eflow payment and also bought something from a Gardening centre somewhere in England. I contacted Eflow myself and was able to get the reg of the vehicle and could then check the motor tax online site to check what type of vehicle it was. Couldn't get any information with regards to the Eurotunnel tickets due to the Data Protection Act(despite it being bought on my card!!!) and said the request would have to come from the Police. I reported it all to the Gardai and a case was raised but I never heard anything else about it which was disappointing as it would have been a pretty easy case to solve...

enda1

MYOB wrote: »

Bold, and incorrect, statement to make there.

Skimmed cards where they don't get the PIN are only of any use online.

Simply wrong. The ccv data is not contained in the magnetic strip.

All we can tell is that someone nephrarious had access to the front and rear of the card. Not that a card was ever entered even into a device.

L1011

enda1 wrote: »

Simply wrong. The ccv data is not contained in the magnetic strip.

All we can tell is that someone nephrarious had access to the front and rear of the card. Not that a card was ever entered even into a device.

Plenty of websites that don't require CVV still. You were "simply wrong" with your rather pointlessly bolded statement.

I would imagine it was cloned when in-use in a store regardless though.

galwayjohn89

enda1 wrote: »

Simply wrong. The ccv data is not contained in the magnetic strip.

All we can tell is that someone nephrarious had access to the front and rear of the card. Not that a card was ever entered even into a device.

As stated by MYOB plenty of shops do not require the CVV code for online transaction or transactions done over the phone.

enda1

MYOB wrote: »

Plenty of websites that don't require CVV still. You were "simply wrong" with your rather pointlessly bolded statement.

I would imagine it was cloned when in-use in a store regardless though.

The ones from the OP do.

Why is it everyone wants to assume skimming when the much simpler alternative is the most likely?

Can we agree that the information was definitely not obtained from contact less interrogation?

Can we agree that skimming a card would not supply enough information to have made the mentioned transactions?

Can we agree that someone needs solely the visually available on the card in order to make the mentioned transactions?

OP for what it's worth, I'd say it was someone you know who used the card as it seems an awful stupid criminal who would use it for airplane or etoll use.

Fred Swanson

This post has been deleted.

Del2005

Lister1 wrote: »

My card was skimmed about 3 years ago. They purchased a ticket(s) on the Eurotunnel, made an eflow payment and also bought something from a Gardening centre somewhere in England. I contacted Eflow myself and was able to get the reg of the vehicle and could then check the motor tax online site to check what type of vehicle it was. Couldn't get any information with regards to the Eurotunnel tickets due to the Data Protection Act(despite it being bought on my card!!!) and said the request would have to come from the Police. I reported it all to the Gardai and a case was raised but I never heard anything else about it which was disappointing as it would have been a pretty easy case to solve...

I know someone who had their card details taken years ago. Person bought a flight from Dublin Airport and had a nice surprise on check-in as the Gardaí arrested a woman.

Vuzuggu wrote: »

As stated by MYOB plenty of shops do not require the CVV code for online transaction or transactions done over the phone.

I was actually surprised this could still happen when I bought some bushes for my car without even giving my name over the phone, I'd assumed they where taking the details if I didn't collect.


If Contactless is scanned would the €15 limit not be attached to the details?

Fred Swanson

This post has been deleted.

garhjw

Eflow is usually the first thing they try with a skimmed card. They enter a random registration. If it goes through they know the card can be used for buying stuff.

VISA explained this to me when my card got skimmed last year.

Mick Murdock

At a guess I'd say it's unlikely the card was compromised in Dundrum shopping centre. Unless they are extremely stupid, they generally wouldn't steal your details and use your card hours later.

Having worked in retail management for 10 years I doubt anybody has installed a camera in any shop in DTC. Maybe I'm underestimating camera technology nowadays but I think it would be difficult to do it any reputable shop.

Skimming is just as/more likely if you ask me.

My card was skimmed at an ATM in Dún Laoghaire about 2 years ago. Pretty sure a lot of others were too as the ATM was closed off for a week or so afterwards.

galwayjohn89

Mick Murdock wrote: »

Having worked in retail management for 10 years I doubt anybody has installed a camera in any shop in DTC. Maybe I'm underestimating camera technology nowadays but I think it would be difficult to do it any reputable shop.

Skimming is just as/more likely if you ask me.

As far as I know quite a lot of shops have cameras in them in DTC. I know our one does but it can only be seen by DTC security. Also, Butlers have one above each till if I remember correctly.

Edited to add think I misunderstood you, I'm guessing you mean any third party installing a camera!

Mick Murdock

Yes. I mean an employee installing a camera in order to steal card details.

Atlantic Dawn

Contactless sales can only be to a maximum value of €15 or less so even if they did get the data this way they would only be able to run similar contactless payments up to around 7 or 8 €15 transactions before they would then be asked for the pin. All online sales you mentioned require the 3 digit number on the back of the card so I would be thinking they physically must have either skimmed or got hold of your card in some way.