# debit card fraud € 10,000 withdrawn from current account



## breffni (5 Jul 2009)

hi,

my wife receive a letter on a Monday from AIB bank saying that, someone was trying to access her account, we immediately checked her internet banking and saw some unusual transactions in US dollars,we immediately cancelled her card and saw the balance,up to 4000 was withdrawn from her account.
we immediately went to garda station and lodged a complaint.
next morning when we went to the bank we figured out that upto 10000 was missing from her account, she was totally in a shock.

the bank gave a complaint form and said if the fraud is proved she would get her money back into her account, and it would take upto 60 days for the whole process.

she only used her card 4 times in last 2 years
1.pay her o2 bill 2. tescos 3. pay board gais bill
4.in a restaurant

she is surprised why the bank did not cancel her card immediately when the bank found out some unusual transactions were happening on her account rather sending a letter by post on a Thursday evening which we only received on monday. gave the person whole weekend to withdraw money.

she is completely depressed all our hard earned money, which we were saving for a purpose is gone, and don't know if its going to comeback(young family with a two year old)

please suggest if anybody has faced a similar situation and what is the best way to handle the whole thing


----------



## pansyflower (5 Jul 2009)

I have a relative who received a phonecall from AIB c. 2 years ago re some shenanigans on his Visa account. If they could use the phone then why not now!!!!?


----------



## breffni (5 Jul 2009)

yes, they mentioned about it, they rang her but unfortunately her contact number details were not updated, that was the only fault from our side.


----------



## becky (6 Jul 2009)

There was €20 taken from my current account a few years ago and I did have to report it.

A girl who use to work in the bank told me that the banks are insured against this but they need to make sure that you are not trying to defraud them.

Once you prove that you were not neglectful with your details you should get all your money back.


----------



## breffni (6 Jul 2009)

becky said:


> There was €20 taken from my current account a few years ago and I did have to report it.
> 
> A girl who use to work in the bank told me that the banks are insured against this but they need to make sure that you are not trying to defraud them.
> 
> Once you prove that you were not neglectful with your details you should get all your money back.



Thanks a lot for the info.
 the bank assured that all the money would be back once it would be proved, and we were not negligent anywhere, as i mentioned  she hardly used her card as was always in safe place where nobody had access to the card.

just wondering how can any body get her pin number which she only used twice in last two years, and she exactly knows where it was used,

I guess it could only be done by the bank employees, who might sell all the clients information


----------



## Mpsox (6 Jul 2009)

breffni said:


> Thanks a lot for the info.
> the bank assured that all the money would be back once it would be proved, and we were not negligent anywhere, as i mentioned she hardly used her card as was always in safe place where nobody had access to the card.
> 
> just wondering how can any body get her pin number which she only used twice in last two years, and she exactly knows where it was used,
> ...


 
There is also the possibilty that your wife had a PIN which was easy to access, eg 0000, 9999, her date of birth or something like that, 

Most bank staff would not have any access to your wife's pin

I accept that your wife may have only used her PIN a couple of times but unless you are very careful they can be easily spotted by people looking over your shoulder at an ATM or by a shop assisitant

Another simple lesson for the future, don't leave €10k in a current account, unless you transferred funds over to pay for something as a once off. It's dead money and you'd get a much better rate of return in a savings account


----------



## breffni (6 Jul 2009)

Mpsox said:


> There is also the possibilty that your wife had a PIN which was easy to access, eg 0000, 9999, her date of birth or something like that,
> 
> Most bank staff would not have any access to your wife's pin
> 
> ...



I take your advice but the pin was very unique no sequence of 4 numbers it was not easy to find even. The pin number was never even told to me she was that careful. Yes 10K in current account is a lumpsum amount but we have moved our regular saver money 8K to current account so that we can open an online Fixed account for €10k it was all a co-incidence I should say that money on advice from bank official being moved to current account to open fixed account and the fraud it was shocking and after 10days of the incidence she still feel so depressed. Everything was going on well and we were advised to do that by the professional at the bank and never expected this to happen.


----------



## moneyhoney (6 Jul 2009)

breffni said:


> I take your advice but the pin was very unique no sequence of 4 numbers it was not easy to find even.



Do you mean by this that she had the PIN written down somewhere??


----------



## markpb (6 Jul 2009)

Mpsox said:


> There is also the possibilty that your wife had a PIN which was easy to access, eg 0000, 9999, her date of birth or something like that



There's no reason to suspect her PIN or card were involved at all. They could be card-not-present transactions or duplicated magstripe cards. Since the transactions were in US dollars, the chip wouldn't be used even if they hard the card.


----------



## NovaFlare77 (6 Jul 2009)

I had about €200 taken out of my account last year. AIB were on the phone to me within 12 hours of it happening and I had the money back in my account within a few days, even before I had the form sent back.

They may take a bit longer in your circumstances, due to the large sum of money involved, but the money will probably still be refunded.

My bank (AIB at the time) never told me where it happened, but based on a newspaper report that came out about 2 weeks after the fraud, it seems that crime gangs paid staff in a high street shop to copy card details and take note of PIN numbers as they were entered. The article didn't mention the shop name (so therefore I won't), but I was able to make a supposition based on places I'd used the card around the time the skimming would have happened.


----------



## breffni (8 Jul 2009)

breffni said:


> it seems that crime gangs paid staff in a high street shop to copy card details and take note of PIN numbers as they were entered. The article didn't mention the shop name (so therefore I won't), but I was able to make a supposition based on places I'd used the card around the time the skimming would have happened.



in that case, my wife exactly knows where the card was used,since 2 years. so it would be easy to figure out where the fraud might have happened[/quote]


----------



## breffni (8 Jul 2009)

Do you mean by this that she had the PIN written down somewhere?? 

it means the pin number was not easy to guess


----------



## breffni (8 Jul 2009)

moneyhoney said:


> Do you mean by this that she had the PIN written down somewhere??



No the pin was never out anywhere except her brain.


----------



## deniz (11 Jul 2009)

This is what happened to me two months ago. 
On Saturday we went shopping at local butcher and nowhere else that day. That night I checked online my BOI account ( i do this usually three times a week). I see extra 3 transactions of 30 euros each. Phoned emergency BOI number stating I have suspicious activity on my account. They say - nothing to do - just get in the branch on Monday. Sunday again I see new 3 transactions of 30 euros. Went to branch on Monday- they immediately canceled my Laser card and filled form for new one. On Wednesday they see these 6 transactions as O2 top-up (they needed to wait two working days for computer system to process weekend data). That means someone used my Laser card number without need of PIN. On Wednesday they finally filled form for internal Fraud team and asked me to report to Gardai and to phone back to bank with name of Gardai, which I did. Amount of 180 euros was returned in two weeks by the bank.

What is crucial:


Bank should canceled my Laser on Saturday - they didn't and they have reported their employee at emergency department for missing this task.
Bank do not automatically cancel suspicious activity for current account. *They wait for you to report it*. For credit card they monitor everything and are quick on informing you and canceling and invoking new credit card.
Bank also said that no one from Fraud team will ever contact me about this, so I will never know who and how they got info on my account details. That way I do not know how to protect my account in future. After all, how difficult is to check O2 and to get details on transaction and IP address of computer used.
*Continue in future to check online your transactions*. I suspect in my case they wanted to hid money  by taking 30 euros each time at different time of the day. So if I did not check my account online, when I see my bank statement next time, I would briefly look at it and definitively skip 30 euro transactions. Plus they are counting on the fact that people shop a lot on Saturdays and Sundays so no one will see suspicious activity.
Bank will definitely return your wife's money - it is an insured account.


----------



## breffni (12 Jul 2009)

fhanks deniz


----------



## bond-007 (12 Jul 2009)

> After all, how difficult is to check O2 and to get details on transaction and IP address of computer used.


Data Protection act prevents o2 from disclosing information that may identity the fraudsters. Mad I know.


----------



## shanegl (12 Jul 2009)

Using stolen card details to buy phone credit online in multiple transactions seems to be a common scam.


----------



## bond-007 (12 Jul 2009)

Yes it is. The phone companies don't care so it keeps happening.


----------



## Complainer (13 Jul 2009)

bond-007 said:


> Data Protection act prevents o2 from disclosing information that may identity the fraudsters. Mad I know.


It doesn't stop them disclosing info to the Gardai, if the request is made under a warrant.


----------



## bond-007 (13 Jul 2009)

They need a court order to disclose. 

Tbh, the banks won't report this incident to the Gardaí. Prepaid phone, fake details to register, phone only used for 1 or 2 days and then dumped. Very hard to nail anyone.


----------



## lebide (6 Oct 2009)

Anyone's PIN number can easily be obtained by a fraudster using a doctored terminal.  So no matter how careful you are with your PIN, if you use your card in a non-legitimate terminal, a fraudster has your PIN and card details.  They can then bypass your purchase and put through a much larger amount, and it will be verified by PIN.  The Banks will not cough up for this fraud, as they say the PIN was used, and the customer can't prove that they didn't do the large transaction.  The Banks know about this security flaw, but their Terms & Conditions that were introduced with Chip and PIN ensure that the customer will always be liable for this.

This type of fraud is unlikely to happen in Ireland/UK as few high street shops or businesses will be fraudsters.  However it is much more likely to happen abroad, for example in some Eastern European countries. This has happened to Irish people, and I know AIB and BoI have not refunded the money.

Way around it?  Never use a debit card abroad, always use a credit card.  While the same fraud can happen, the bank takes the hit on a credit card, so you will not be left out of pocket if this happens to you.  

If anyone doubts that PIN's can be intercepted, watch the BBC's Watchdog investigation and Newsnight report, both on YouTube.


----------



## markpb (6 Oct 2009)

lebide said:


> Way around it?



There is a way around it but the banks chose the cheap EMV option which doesn't prevent it.


----------



## huskerdu (6 Oct 2009)

It is true that banks do not report suspicious activity on Laser cards. However, you can be lucky. 

A relative of mine had her card stolen. Thieves saw her PIN as she used the card in a supermarket and followed her out of the shop. They dipped her bag and look her wallet.  ( It is clear that this is what happened, the number was not written down, and they used the card with the PIN immediately)

An hour later, before she had even realised that it had happened, she got a call from the bank. A shop assistant refused a card because the card was being used by a man, and the name of the card was a womans name and rang the bank immediately. 

So thanks to the very vigilant shop assistant for saving the day. Some money had been taken, but not a lot before this happened.


----------



## pjmn (6 Oct 2009)

breffni said:


> I guess it could only be done by the bank employees, who might sell all the clients information



Unbelieveable accusation....


----------



## roker (6 Oct 2009)

Question: 
If a card is skimmed and the PIN is also obtained, will the skimming work if the card is a Chip and PIN?
Is it possible that the original post had their details obtained via online banking? by a keylogger?


----------



## Crunchie (6 Oct 2009)

roker said:


> Question:
> If a card is skimmed and the PIN is also obtained, will the skimming work if the card is a Chip and PIN?



I don't think so. Skimming copies the magnetic strip but not the chip. As the chip is required to operate chip and PIN you would also need to somehow clone the chip.


----------



## pjmn (6 Oct 2009)

roker said:


> Question:
> If a card is skimmed and the PIN is also obtained, will the skimming work if the card is a Chip and PIN?


 
It won't work in Ireland or any country that has introduced chip and pin, but it will work in non chip & pin countries, e.g. Italy or Canada.


----------



## AlbacoreA (7 Oct 2009)

A cc company locked my card over a €1 transaction.


----------



## bond-007 (7 Oct 2009)

That is a common one. Scammers tend to do small test transactions to see if a card is good, before making a much bigger one.
Banks tend to be very suspicious of small transactions for that reason.


----------



## AlbacoreA (7 Oct 2009)

Yes but it was a genuine one. You'd think they'd notice 10k out of a account with almost no transactions.


----------



## Blackberry (7 Oct 2009)

The banks are not insured for this type of loss.  Complete rubbish.


----------



## markpb (7 Oct 2009)

AlbacoreA said:


> Yes but it was a genuine one. You'd think they'd notice 10k out of a account with almost no transactions.



I've heard of a few people who've had money taken from their Laser cards and in all cases, either the owner of the card or the Gardai informed the bank. Anytime there have been suspicious transactions on my credit card, Visa has informed the bank and cancelled the transaction before I noticed. I don't think Laser has the same level of security as credit cards (or indeed debit cards such as Visa debit) because it goes directly to the issuing bank and not via the Visa security center. I could be wrong though.



Blackberry said:


> The banks are not insured for this type of loss.  Complete rubbish.



Even if they weren't, absorbing those losses is part of the cost of doing business for them. If people get worried that their cards aren't safe, they'll stop using credit cards and the banks will lose a big cash cow.


----------



## roker (7 Oct 2009)

I do not understand why people use their cards for small amounts; it makes it difficult when you check your statement because your memory will always fail you if you have a lot of transaction on your statement. I personally withdraw large sums from the ATM and pay by cash.
AlbacoreA why would you want to make a €1 transaction?


----------



## markpb (7 Oct 2009)

roker said:


> I do not understand why people use their cards for small amounts (...) I personally withdraw large sums from the ATM and pay by cash.



I find that if I withdraw cash, a) I have no idea what I spent it on and b) I spend it on impulse because it's in my pocket. It also stops me losing cash too. I've never made €1 transactions but €5 - €6 for a small shopping would be common.


----------



## AlbacoreA (8 Oct 2009)

roker said:


> I do not understand why people use their cards for small amounts; it makes it difficult when you check your statement because your memory will always fail you if you have a lot of transaction on your statement. I personally withdraw large sums from the ATM and pay by cash.
> AlbacoreA why would you want to make a €1 transaction?


 
Got a new credit card, old one expired. Same number new date. Online company when updating my details with the new card, did a test transaction. €1. CC company locked the account. I didn't find out for about a week. I thought the new card was dodgy. Seems weird but at least it worked. eFlow 10 months later still couldn't get it corrected on their system. The CC company said it was common enough for companies to test changes to cc details like this. News to me.


----------



## bullworth (8 Oct 2009)

*Re: debit card fraud € 10,000 withdrawn from current account*



pjmn said:


> Unbelieveable accusation....



Yes what an outrageous idea especially because its AIB !


http://news.bbc.co.uk/2/hi/business/2358463.stm


*cough cough*


----------



## pjmn (8 Oct 2009)

Firstly - I have absolutely nothing to do with AIB - don't bank with them, never have...

If I understand your 'cough cough' post correctly, are you saying that because Rusnak did what he did, that it's proof positive that AIB staff perpretrated/or were personally involved in the fraud being discussed here - if so, I'd stand over my original post, and say that's a terrible accusation....  IMHO


----------



## bullworth (9 Oct 2009)

*Re: debit card fraud € 10,000 withdrawn from current account*



pjmn said:


> Firstly - I have absolutely nothing to do with AIB - don't bank with them, never have...
> 
> If I understand your 'cough cough' post correctly, are you saying that because Rusnak did what he did, that it's proof positive that AIB staff perpretrated/or were personally involved in the fraud being discussed here - if so, I'd stand over my original post, and say that's a terrible accusation....  IMHO



It's not terrible because it hasnt been directed against anyone guilty or innocent in particular. You said its ''unbelievable'' as though AIB  was some kind of special company above any form of corruption. Given the stench of corruption and scandals in all of the banks I doubt  anyone buys that.
Do you still find it ''unbelievable'' that AIB staff are just as likely to be sinners as the rest of humanity ?


----------



## dereko1969 (6 Nov 2009)

huskerdu said:


> It is true that banks do not report suspicious activity on Laser cards. However, you can be lucky.
> 
> A relative of mine had her card stolen. Thieves saw her PIN as she used the card in a supermarket and followed her out of the shop. They dipped her bag and look her wallet. ( It is clear that this is what happened, the number was not written down, and they used the card with the PIN immediately)
> 
> ...


 
This has just happened to my mother, except unfortunately no shop assistant intervened.
The scam involved a woman hopping into the passenger seat with a map in her hands outside a supermarket looking for directions, then a minute later the 'husband' knocked at the driver window and asked my mother to give him the directions, while this distraction occurred the woman took my mother's laser card out of her purse. My mother didn't realise anything untoward had happened until 12 hours later.

She then rang the bank to cancel the card and €3k had already been spent, another €1,5k was spent over the weekend.

The bank have now come back to state they won't be re-imbursing any of the money as the PIN was used, my mother didn't have the number written down, it wasn't an obvious number so either she was observed putting in her PIN at the counter or someone in the shop skimmed the number.

To date the Gardai have not bothered to view the CCTV footage of the supermarket, the supermarket are aware that the incident took place so to date have not deleted the material (as far as we're aware).

The official in the Bank who informed my mother that the money would not be re-imbursed advised her to go to the Financial Ombudsman but from reading here previously I thought she would have to exhaust the internal appeals system in the bank? They have also not indicated why money spent following the phonecall cancelling the card has also been refused re-imbursement, nor if any non-PIN transactions were used and if so why these aren't being re-imbursed.

Normally my mother wouldn't have anywhere near that amount of money in her account but she had just come into some money the week before and hadn't transferred it all to savings account.

Any advice on how to challenge the Banks actions?


----------



## TheShark (6 Nov 2009)

A simple software update [SIZE=-1]could [/SIZE][SIZE=-1]change a 4-digit PIN to a 6-digit PIN. The POS terminal would prompt the [/SIZE][SIZE=-1]customer to enter 3 digits at random [/SIZE][SIZE=-1](ie.1st , 3rd , 6th)[/SIZE][SIZE=-1], [/SIZE][SIZE=-1]con[/SIZE][SIZE=-1]cealing the other 3 making it impossible for the PIN to be [/SIZE][SIZE=-1]comprimised in the manner described.
Simple , minimal cost to implement , and 100% effective.
[/SIZE]


----------



## AlbacoreA (6 Nov 2009)

Rather than protecting people the PIN seems to be a get out clause by the banks.


----------



## bond-007 (6 Nov 2009)

Indeed it is. It was never about protecting the consumer.

[broken link removed]


----------



## markpb (6 Nov 2009)

TheShark said:


> A simple software update could change a 4-digit PIN to a 6-digit PIN. The POS terminal would prompt the customer to enter 3 digits at random (ie.1st , 3rd , 6th), concealing the other 3 making it impossible for the PIN to be comprimised in the manner described.
> Simple , minimal cost to implement , and 100% effective.



That wouldn't be a simple change at all and AFAIK would require reworking of the EMV standard and all POSs.


----------



## TheShark (6 Nov 2009)

Its the way it should have been set-up when the banks moved to chip and PIN. The 4-digit PIN is flawed and too open to being comprimised.


----------

