Xiaomi Mi Mix 2 review
Someone tried to use my debit card to spend £800 at an online shoe store today!
I was alerted by Lloyds TSB email telling me my online ClickSafe password was changed.
The transaction had already been blocked as "not fitting my spending profile", so I'm hopefully not going to be out-of-pocket now card cancelled.
I had initially dismissed the bank's email as a scam and it was some time before they could convince me I really was speaking to Lloyds!
I used to get annoyed by the ClickSafe screen, but can now see its value!
Be aware, there's a fraudster out there with an expensive taste in shoes.
so I know how it feels. Thank goodness for the bank's software - it spots things like this and saves your life.
Did they actually have your debit card or had it been cloned? If it had been cloned how had they managed to acquire your PIN? (I assume it was a chip and pin card)
I like to think that I am extremely careful how I use my cards, but it would seem that no matter how careful you are you can be caught by this.
If it has happened to our Forum Editor then is anybody safe? I was under the impression that chip and pin was a very secure technology!
The attempt to use it was online. I don't know how the fraudster would have obtained my details.
To use a card online all you need is sight of the card. So you have the name/number /dates/ and code on the signature strip
(Delivery may be a problem - but that is probably surmountable - call after order to say "can i change the delivery address"? Customer Service Training! )
The chip/pin thing is irrelevant
Is clickSafe like securecode ?
- where you get asked for an additional password (which works well on a my Internet Credit Card - when I can remember where I wrote it down - I dont really! )
As time progresses things will get worse. Encrypted data is getting easier to crack given time and CPU power - eg WEP on routers (and it seems that doesnt need much)!
I think we need to move to the types of systems employed at work.
2 part key. 1 fixed, 1 changes every 30 seconds.
Plus - very secure
Minus - convenience/cost
For me I would prefer to accommodate the minus to benefit from the plus....
But increasingly these days people want cheap and simple.
If you dont believe me ask the "important" folk who didnt (re)set their voicemail pin or used something imaginative like 8888
People out there are trying to get you, they have the tools.... being careful soon wont be enough!
Oh yes I am paranoid
at least it is in theory, but it's actually possible to fool a terminal into thinking that the PIN has been verified when it hasn't.
Nevertheless, it's vastly more secure than a signature verification.
Online card use is fraught with problems, because anyone can use your card, many suppliers will happily deliver to an address other than the one registered to the card account. Added security in the form of a bank's server-side verification system, whereby you are taken to your bank's secure site to enter an additional personal pass code before the transaction can be verified is certainly doing a lot to reduce the number of fraudulent transactions.
I suppose that in the area of financial security it is the same as in all other areas of "digital life" when somebody invents a protection, then somebody else finds a way around that protection.
The banks are very reticent about how much money they lose to card fraud each year, understandably so really, because it probably runs into the many millions of pounds!
It seems strange to me that this isn't always invoked.
When I do my online grocery shopping at Tesco using my Tesco Mastercard, sometimes it goes to the Verification site and sometimes not. I thought perhaps it was something to do with the value of the payment like in the old days when the retailer would have to phone if the bill was over a certain amount, but it seems not. I have sometimes had to verify for small and large bills, and sometimes not. It seems to be random.
I use the Sandander system when shopping online, you have to enter your password details, and then they send you a code to your mobile phone (which you have to register with them). You have a few minutes to enter this code, otherwise the transaction is cancelled, and you recieve an Email advising you of the fact.
So unless someone has your card,Pin code, password and your mobile phone. The transaction cannot go ahead.
How do you cope?
Not for me.
This thread is now locked and can not be replied to.