ronnietucker Posted September 29, 2018 Report Share Posted September 29, 2018 1 minute ago, Alan de Enfield said: Phew - I'm glad I did it over the phone (but I guess ASAP could still have stored my card data) and not filling in the 'boxes' on the website. Should I be safe ? It would all depend on how they do transactions offline. If it was a brick and mortar retailer then, in THEORY, they should enter the credit card info into a handheld terminal which has nothing to do with the site. On the other hand, they might have a page on the site backend where they enter credit card details as though you were online. So your details MIGHT get scooped up and sent elsewhere. In short: maybe. Link to comment Share on other sites More sharing options...
BruceinSanity Posted September 29, 2018 Report Share Posted September 29, 2018 They are using the payment services provider Sagepay, so the ASAP site should never have had your card details. Sounds like the malware is a keystroke logger, copying your input to a third party site. I got the email even though I’ve never ctually bought anything from the site and they don’t have my card details. I guess there’s a fair amount of panic going on (with the prospect of a hefty ICO fine) hence less than perfect management. Link to comment Share on other sites More sharing options...
ronnietucker Posted September 29, 2018 Report Share Posted September 29, 2018 2 minutes ago, BruceinSanity said: so the ASAP site should never have had your card details But wouldn't their site save the card details when you tick the 'save for later' box? Link to comment Share on other sites More sharing options...
Chewbacka Posted September 29, 2018 Report Share Posted September 29, 2018 (edited) 1 hour ago, ronnietucker said: Do you have any source links for that? Sounds like the malware was diverting people to a compromised payment page. This al ASAP are sharing at present https://www.asap-supplies.com/security-incident however it shows there as malware added to their page. added - something like this is possible. https://www.theregister.co.uk/2018/09/12/feedify_magecart_javascript_library_hacked/ Edited September 29, 2018 by Chewbacka Link to comment Share on other sites More sharing options...
BruceinSanity Posted September 30, 2018 Report Share Posted September 30, 2018 9 hours ago, ronnietucker said: But wouldn't their site save the card details when you tick the 'save for later' box? The Sage Pay site would hold your card details, not ASAP. The whole idea of a Payment Services Provider is that the merchant doesn’t know your card details, leaving that up to the PSP who can invest a lot more money on defences. It doesn’t look good for the way the link to Sage Pay had been set up if a malicious key logger could go on recording your input or if the ASAP site still saw your card details. Link to comment Share on other sites More sharing options...
Robbo Posted September 30, 2018 Report Share Posted September 30, 2018 12 hours ago, ronnietucker said: As do most online retailers, but my question to ASAP is: was the stored payment details encrypted? (If not, why the hell not?!) If it was, did the hackers also have access to any keys/data that might help them unencrypt the data? At some point they have to be unencrypted, even when stored encrypted you type them in unencrypted. Link to comment Share on other sites More sharing options...
WotEver Posted September 30, 2018 Report Share Posted September 30, 2018 23 hours ago, alan_fincher said: I’m now wondering if the person(s) attempting to use my card could have got details via the malware on the ASAP site. I guess probably not, because of the longish period since I last placed an order with ASAP. The most common place for card details to be stolen is at a restaurant. They have your card in their hands, with the security number on the back. Or telephone ordering anything... You simply need to check your statements every month. I had two occasions where transactions totalling a few thousand were fraudulently made with a business card. I spotted the transactions when going through the statement and in both instances the bank refunded the money instantly (after I filled in a form). Link to comment Share on other sites More sharing options...
alan_fincher Posted September 30, 2018 Report Share Posted September 30, 2018 2 minutes ago, WotEver said: The most common place for card details to be stolen is at a restaurant. They have your card in their hands, with the security number on the back. Or telephone ordering anything... You simply need to check your statements every month. I had two occasions where transactions totalling a few thousand were fraudulently made with a business card. I spotted the transactions when going through the statement and in both instances the bank refunded the money instantly (after I filled in a form). Agreed, The additional security code has become somewhat of a joke, given we regularly supply it verbally to people over the phone, along with all other card details. It has been suggested to me that if you are supplying it to someone on very poor pay in an outsourced facility, that there are actually people hanging around outside such centres offering incentives to those working in them to record and sell on details. I've no idea how commonplace this is, but it sounds a plausible way that your details can end up in wrong hands. When you got fraudulent transactions refunded, what happened to stop it continuing, please? In our case our card was instantly revoked, and we had to wait several days without one until a new one with a different number arrived. (It would have been quicker had I had a "platinum" or "black" card apparently, but now I'm just a pensioner I am without anything fancy like that! Link to comment Share on other sites More sharing options...
Robbo Posted September 30, 2018 Report Share Posted September 30, 2018 There was a time when virtual credit card numbers were a thing (numbers that can only used once), shame they not widely available by all banks. Link to comment Share on other sites More sharing options...
Guest Posted September 30, 2018 Report Share Posted September 30, 2018 (edited) 42 minutes ago, WotEver said: The most common place for card details to be stolen is at a restaurant. They have your card in their hands, with the security number on the back. Or telephone ordering anything... You simply need to check your statements every month. I had two occasions where transactions totalling a few thousand were fraudulently made with a business card. I spotted the transactions when going through the statement and in both instances the bank refunded the money instantly (after I filled in a form). I must admit I log into my back account every day to look for anything suspicious. Having had my card details cloned twice in the past ( a few years ago now) I am perhaps a bit over cautious. On line banking and banking apps. make it so easy to do that to me it's a no brainer not to check every day. The trick scammers used to employ was to do a a small insignificant transaction to test the card's validity and then hit with a bigger one later on if that went through. I think though now banking security systems a more geared to picking these up as triggers when looking for 'suspicious activity' on your account. Edited September 30, 2018 by MJG Link to comment Share on other sites More sharing options...
ronnietucker Posted September 30, 2018 Report Share Posted September 30, 2018 56 minutes ago, WotEver said: The most common place for card details to be stolen is at a restaurant. They have your card in their hands, with the security number on the back. Absolutely. I guy I worked with had his credit card 'cloned' (we'll call it) in some place he bought a carpet from. Next thing he was getting a call from his bank querying a sale on the other side of the country. The carpet place was one of the very few times he ever handed over his card which they took into the back shop to 'process the payment'. Probably jotted down his numbers. 48 minutes ago, alan_fincher said: Or telephone ordering anything... I work in hospitality and it never ceases to amaze me how often people are quite happy to give out all their credit card info over the phone to pay for something. And I mean all: card numbers, security numbers, expiry date, etc. We do, genuinely, shred the info after it's used, but I dread to think how many places probably just toss the paper in the bin. Only to be found by some nefarious ragamuffin. I also don't understand why the banks spent so much time and money drumming home the old 'chip and pin' thing to then move to contactless. Which is just asking for money to go missing! I, personally, had someone use phone banking to transfer money from my ISA to my bank account and then take the money from my account. I got my money back from the bank, but it was a performance to get there. My point to the bank was that even I didn't know the phone banking codes as I've never used it! Aren't the calls recorded/logged in some way? Seems not. But, then again, it is the TSB. Link to comment Share on other sites More sharing options...
Alan de Enfield Posted September 30, 2018 Report Share Posted September 30, 2018 16 minutes ago, ronnietucker said: But, then again, it is the TSB. The 3rd September this year was my 50th anniversary of banking with the "Toytown Savings Bank", prior to that I was with the National Provincial Bank. The bank merged with the Westminster in 1968 (and became the National Westminster) and was never the same again. No complaints about the TSB (except closing branches, but they are all doing it) Link to comment Share on other sites More sharing options...
rusty69 Posted September 30, 2018 Report Share Posted September 30, 2018 Just now, Alan de Enfield said: The 3rd September this year was my 50th anniversary of banking with the "Toytown Savings Bank", prior to that I was with the National Provincial Bank. The bank merged with the Westminster in 1968 (and became the National Westminster) and was never the same again. No complaints about the TSB (except closing branches, but they are all doing it) TSB..... Don't talk to me about TSB...... Nothing but trouble all year since their computer mayhem earlier in the year. I finally gave up with them last week and closed all my accounts, which is probably what they wanted me to do. Save them responding to my numerous complaints! Link to comment Share on other sites More sharing options...
ronnietucker Posted September 30, 2018 Report Share Posted September 30, 2018 3 minutes ago, Alan de Enfield said: No complaints about the TSB I've been with them since I was in Primary school (many moons ago). I can only assume you never use online banking? The entire TSB online infrastructure went completely pear-shaped when they did their recent IT move. Thankfully I rarely use online banking so had a bit of a giggle at their expense... Link to comment Share on other sites More sharing options...
Robbo Posted September 30, 2018 Report Share Posted September 30, 2018 1 minute ago, ronnietucker said: I've been with them since I was in Primary school (many moons ago). I can only assume you never use online banking? The entire TSB online infrastructure went completely pear-shaped when they did their recent IT move. Thankfully I rarely use online banking so had a bit of a giggle at their expense... It wasn’t just on-line banking tho was it. It was everything. Link to comment Share on other sites More sharing options...
ronnietucker Posted September 30, 2018 Report Share Posted September 30, 2018 4 minutes ago, Robbo said: It wasn’t just on-line banking tho was it. It was everything. As long as all the ATMs kept working... that's all I cared about Link to comment Share on other sites More sharing options...
Alan de Enfield Posted September 30, 2018 Report Share Posted September 30, 2018 7 minutes ago, ronnietucker said: I've been with them since I was in Primary school (many moons ago). I can only assume you never use online banking? The entire TSB online infrastructure went completely pear-shaped when they did their recent IT move. Thankfully I rarely use online banking so had a bit of a giggle at their expense... I only use online banking. Accounts are not normally checked from one year to the next. I get cash paid to me quite frequently so never need to go to the bank or cash machine. Banking is only used for transferring from account to account and for paying bills. Pension goes in the bank to pay the bills. More goes in than comes out so everyone is happy. Ebay buying & selling all goes via Paypal and the bank account We "live" on cash, from diesel, to the weekly shop to a bar of chocolate. Link to comment Share on other sites More sharing options...
Robbo Posted September 30, 2018 Report Share Posted September 30, 2018 6 minutes ago, ronnietucker said: As long as all the ATMs kept working... that's all I cared about Well if you had no money in your account due to the cox up you would have had to join the long queue. Link to comment Share on other sites More sharing options...
ronnietucker Posted September 30, 2018 Report Share Posted September 30, 2018 5 minutes ago, Alan de Enfield said: We "live" on cash, from diesel, to the weekly shop to a bar of chocolate. I also use cash-only in the real world. I obviously use Amazon, eBay, etc, but I never use my card for paying in the real world. I don't see the need to whip out my card to pay £5 for something. If it's more than that? I'll get the cash out of an ATM beforehand. I think the cards are now the cheque of the modern era. Queue hold-ups a-plenty. With a gasp of 'it should work' when it's rejected. Link to comment Share on other sites More sharing options...
Chewbacka Posted September 30, 2018 Report Share Posted September 30, 2018 5 minutes ago, ronnietucker said: I also use cash-only in the real world. I obviously use Amazon, eBay, etc, but I never use my card for paying in the real world. I don't see the need to whip out my card to pay £5 for something. If it's more than that? I'll get the cash out of an ATM beforehand. I think the cards are now the cheque of the modern era. Queue hold-ups a-plenty. With a gasp of 'it should work' when it's rejected. I thing that cash is fast becoming the cheque of yesteryear, it’s now cheaper for a shop to take cards than cash and there is even a ‘no cash’ pub. https://www.thesun.co.uk/news/7281194/first-cashless-pub/ Link to comment Share on other sites More sharing options...
Guest Posted September 30, 2018 Report Share Posted September 30, 2018 1 minute ago, Chewbacka said: I thing that cash is fast becoming the cheque of yesteryear, it’s now cheaper for a shop to take cards than cash and there is even a ‘no cash’ pub. https://www.thesun.co.uk/news/7281194/first-cashless-pub/ I bet you @mrsmelly wont drink there. Link to comment Share on other sites More sharing options...
Chewbacka Posted September 30, 2018 Report Share Posted September 30, 2018 Just now, MJG said: I bet you @mrsmelly wont drink there. I went drinking in town recently (I do this about once a year) and was amazed that nobody apart from me used cash. Much too easy to spend too much. Link to comment Share on other sites More sharing options...
ronnietucker Posted September 30, 2018 Report Share Posted September 30, 2018 7 minutes ago, Chewbacka said: it’s now cheaper for a shop to take cards than cash That is a fair point. It means that shops aren't sitting with a bundle of cash in their till drawers. But... 3 minutes ago, Chewbacka said: nobody apart from me used cash. Much too easy to spend too much. With no continual look at finances (cash in the wallet/purse) it's too easy for people to end up with nothing (while, inevitably, drunk) or in an overdraft. Link to comment Share on other sites More sharing options...
mrsmelly Posted September 30, 2018 Report Share Posted September 30, 2018 6 minutes ago, MJG said: I bet you @mrsmelly wont drink there. I will use one of the forty eight thousand other pubs that do take money. What realy suprised me that this numpty is not in London!! The south of course but still, not London. Link to comment Share on other sites More sharing options...
Chewbacka Posted September 30, 2018 Report Share Posted September 30, 2018 (edited) 3 minutes ago, mrsmelly said: I will use one of the forty eight thousand other pubs that do take money. What realy suprised me that this numpty is not in London!! The south of course but still, not London. Give it 5 years and cash will be all but gone. I used to go to an atm weekly, I doubt it’s even monthly now, apart from drinking sessions which are still cash, everything else I do is card. added - and that includes the bus which is contactless. Edited September 30, 2018 by Chewbacka Link to comment Share on other sites More sharing options...
Featured Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now