Posts Tagged ‘fraud’

Gwyn Headley

by Gwyn Headley

Managing Director

Last Saturday I went to Lord’s to watch the third day of the England New Zealand test match, which was neatly wrapped up by England on the following day. Well played, Broady!

I was sitting with three old friends, and one of them — let’s call him David, as he values his privacy — told me this astounding story of how he had been scammed out of some £4,000. David is an intelligent and sophisticated man, a successful corporate advisor and business planning consultant. He is nobody’s fool. This, in his own words, is what happened to him:

I was sitting at my desk in London on the evening of Thursday, 9th May, when my telephone rang. A man introduced himself as DCI Harris from Holborn Police Station. He gave his number as EK 457. He said that two Eastern European men had just been apprehended on the suspicion of credit card fraud. They had details of various people that they might have been targeting and I was one of them. He gave me an incident/crime number (No. 29121575665) and advised me to get in touch with my credit card company and have a block put on my account(s).

I rang off and then looked at the back of my Barclaycard Visa debit card for the Barclaycard Customer Services contact number. I dialled the number and got through to a Customer Services lady (who later said that her name was Louise White) and I told her about DCI Harris’ advice. She took the details of my Barclaycard debit card and then proceeded to ask me some questions to verify that I was who I said I was. Among these questions were my date of birth and my mother’s maiden name. She also asked me to give details of a direct debit on my account, including the payee, the amount paid and the time of month that it was paid.

She appeared satisfied about my identity and then asked when I had last used the card. I said that I had withdrawn £100 from a bank in Essex on the previous day. She said that she could see that transaction, but she then mentioned four further transactions that had taken place that evening near to Oxford Circus. I said that these certainly were not my transactions. She said that my card must have been compromised.

She then said she was going off to see if she could get hold of DCI Harris to see if these might be transactions carried out by his suspects. She said that it was important that I stayed on the ‘phone while she did this, so that she was sure of my whereabouts. She returned a little while later to say that the police thought that they might have a suspect who was actually using a card with my number on it. He was later reported to have got away.

She then asked if I had any other credit or debit cards. I said that I had a Barclaycard Visa credit card and a Barclaycard Mastercard credit card. She asked for details of these cards and she looked up the activities on them. She read out a list of recent transactions on them and these were in the West End that evening. I said that none of them were anything to do with me. She asked me if there was anyone in my household who could have copied my cards. I said that there was only me, my cleaning lady and my brother, who had stayed overnight recently, and I was sure that they wouldn’t have done anything.

She then said that she must speak to her boss and again said that I must stay on the line while she was away, emphasising that I might be considered to be a suspect in a fraud. She came back to say that a special team in Surrey was working on this sort of fraud and they wished to have my cards to examine and contrast them with some counterfeit ones. They were going to send a courier to collect them. She would therefore put a block on my cards and would then ask me to put them in a sealed envelope for collection – it was important that only my recent fingerprints were on them.

She then went through the process of putting a block on each of the cards – this ended with me having to tap my pin number on to my telephone keypad. During the time that the courier was coming up from Surrey, she asked if I had any other credit cards and I said that I had an American Express card. She said that she would be able to ask American Express if there had been any recent activity on that card. I therefore gave her the card number and she came back with a list of very recent transactions. These had nothing to do with me. She therefore advised me to put a block on this card as well and went through the same procedure. She suggested that this should also be sent to the Surrey experts.

There then followed a period during which the courier was coming up from Surrey. While we were waiting, the Barclaycard lady said that she needed to write a report on this whole event for her boss. She asked me which phases I could remember and we constructed a report together. The courier then arrived in uniform, collected the envelope of cards and left. I didn’t get a view of any vehicle.

The Barclaycard lady wanted me to stay on line in case there were any further queries. I inadvertently dropped the receiver a short time later and was planning to ring the lady back, but couldn’t find her number. Without her pressure, I was able to think what I had done and realised that there could well be a scam here (although I had never doubted the ‘Barclaycard’ lady during our conversations). I thought that I would go down to Notting Hill police station and ask whether DCI Harris existed. They were very busy with other things at the station, but they took time to tell me that I was undoubtedly the victim of a scam and lent me their telephone to call the real Barclaycard. My respondent there confirmed that money had been withdrawn from each of my Barclaycard accounts in the last hour or two. I then realised that I had been completely hoodwinked.

I now realise that the key element in the scam was my telephone. When I rang off initially, the ‘policeman’ stayed on the line and the scammers were able to create a dialling code when I lifted my receiver and appeared to get through to the ‘Barclaycard’ lady. She kept my attention and confidence very cleverly throughout the rest of a very long conversation.

If you get a call like this, call your card company on a different phone, as per the last paragraph. If this can happen to David, then it can happen to any one of us. Fraudsters used to be relatively easy to spot — Dere valued Natwest customer pliz give me yore pin numbre now, yours in the Lord — but now they are getting smarter than us. David got his money back from the banks, of course, although American Express seem to be reluctant to settle. And the scammers have got away with £4,000 plus. And the banks will want to recover that somehow, so gradually they’ll get it back from us, in higher costs.

We all suffer.

Share
Gwyn Headley

by Gwyn Headley

Managing Director

… and Pennsylvania, and Indonesia …

Once upon a time (early this morning, actually) there was a photographer who came across a lovely website called fotoLibra.

“Gosh,” he thought. “If I sign up I can upload my pictures to fotoLibra and if they sell I’ll make some money.” So he uploaded two pictures for nothing.

This very same morning a nice lady in New York found the same lovely website.

“Gee willikins,” she thought. “I’ll sign up, and what I’d like to do tonight is buy a photograph of some guitar strings, for 5000 corporate CDs in Europe.”

Within minutes another nice lady in Pennsylvania also discovered fotoLibra and signed up. “Now, let me see,” she mused, “I think tonight I’ll have a photo of some guitar strings on my commercial internet site for a year. Ah! Here we are! The very thing!”

And both ladies, by fortunate happenstance, had hit upon the same photograph, uploaded by our lucky new member in Indonesia only moments before.

What joy! Two satisfied customers and one happy photographer! And they all signed up within 30 minutes of each other! The picture was uploaded and sold twice before it had been online for half an hour. Job done by fotoLibra!

But then, far away on the other side of the world, a new day dawned, and deep in her feculent pit the great JACQUI NORMAN stirred. She pointed one terrible eye at the computer screen and in an instant spotted the improbability of such transactions.

“FF RR AA  UU DD !!” she bellowed slowly and heavily, shaking the sere and devastated land around her lair.

As I write, there is no happy ending. The money — a fair amount, paid by credit card — will be deposited in the fotoLibra account by close of play tomorrow. In 30 days we have to pay the photographer.

And in four or five months HSBC will slowly realise there has been a fraudulent transaction and will remove the entire amount from our account without informing us first.

So maybe we won’t be paying this gentleman from Indonesia in 30 days. We’ll just hold on to the money for a little while, and see what happens.

We could be wrong.

But we don’t think so.

Share

Having been ripped off by a Nigerian scammer (details here) we asked our local MP Elfyn Llwyd (Plaid Cymru) if there was anything he could do to help.

He was as outraged as we were that the issuing bank knew of the fraud two months before coming to HSBC and demanding that $800 be removed from the fotoLibra account, by which time of course we had disbursed the money. He said he would write to the Chairman of HSBC.

Which he did. He received a reply from David Lewis, Head of HSBC Customer Relations, absolving the bank of any responsibility and arguing that it was fotoLibra’s fault for accepting ‘cardholder not present’ transactions. This amazing statement ignores the fact that 10.7% of all retail sales* are now made via the internet, every one of which is a ‘cardholder not present’ transaction.

Mr. Lewis concluded

There are some steps the merchant/retailer can take to minimise the possibility of fraud, for example asking for the numbers in the post code of the card holder and only delivering to that address (as fraudsters often ask for the goods to be sent to another address other than that of the registered cardholder).

That might have been relevant if fotoLibra delivered boxed goods to physical locations. But we don’t. We permit the download of digital images to an email address. There’s no connection to any part of the credit card.

Maybe a credit card could be linked to a fixed email address which would form part of the verification process? No, that’s probably far too simple. Isn’t it?

We are most grateful to Mr Llwyd for his concern and his response. That’s exactly what MPs are for. Full marks.

*Office for National Statistics, February 2012
Share

Credit Card Scam

January 31st, 2012
Gwyn Headley

by Gwyn Headley

Managing Director

The perceived risk of buying and selling using a credit card on the internet was the biggest single barrier to the growth of the World Wide Web.

In the eighteen years since I launched my first web site, that fear has largely been allayed. Internet users who now won’t buy with credit cards are a tiny minority. If your card is compromised in any way, the banks and card companies will refund your money and issue a new card.

But what protection is there for the merchants? The punter must be recompensed — but the financial organisations aren’t going to be the ones who lose. Someone has to pay. It’s going to be the merchants.

Here’s the Dramatis Personae of our little play:

  • Innocent Punter
  • Evil Fraudster
  • Innocent Merchant
  • Innocent Photographers
  • Innocent Credit Card Company
  • Innocent Bank

This is what happened to us. On Nov 17 Evil Fraudster used Innocent Punter’s credit card details to buy six images — over $800 worth — from us, the Innocent Merchant, and download them to Innocent Punter’s apparent email address.

On Nov 25 Innocent Punter signed an affidavit to say his card had been used in a fraudulent transaction, i.e. the purchase of $800 worth of images from fotoLibra. Innocent Merchant isn’t told of this, either by the bank or the credit card company. All we know is that $800 has been paid into our account and the images have been downloaded.

The $800 payment appears on our next bank statement. Christmas intervenes, and we make all the payments to our photographers on Jan 21. The $800 payment is still visible in our bank statements.

This morning, Jan 31, we receive a letter through the post from the bank telling us there has been a fraudulent transaction involving a credit card payment on Nov 17 and they are removing the $800 to pay for it. So the status quo of the Dramatis Personae is now as follows:

  • Innocent Punter — unscathed
  • Evil Fraudster — 6 digital images the richer
  • Innocent Merchant – $800 poorer
  • Innocent Photographers – $400 richer
  • Innocent Credit Card Company – unscathed
  • Innocent Bank – unscathed

My questions are

  1. Who benefits from this fraud? Evil Fraudster gets 6 images (which haven’t been used as far as we can tell). Innocent Photographers get $400. Assuming the photographers aren’t linked to Evil Fraudster, they’re doing better than he is.
  2. We pay the credit card companies substantial annual fees for the privilege of using their service. If they authorise a payment, we have to take their word for it. We cannot check every individual credit card transaction ourselves — that’s what we pay them to do.
  3. So why is Innocent Merchant the only loser in this scenario? If the bank and the card company says ‘Here’s the money — spend it wisely’, how come they can snatch it back nearly three months after they’ve given it to us?
  4. Most importantly, if the fraudulent transaction was reported on Nov 25, why weren’t we informed till Jan 31? That is OUTRAGEOUS.

Damien our IT guru has traced the route the transaction has taken. Unsurprisingly it trails back to those bastard Nigerians again. They’re not doing their country any favours at all. Could anyone ever trust a Nigerian nowadays?

Obviously the villain of the piece is the rogue Nigerian, but I fail to see how he can benefit from the scam. Can anyone enlighten me?

The end result is that we’ll just have to wait longer paying photographers after making a credit card sale from someone we haven’t dealt with before. 99% of credit card sales made through fotoLibra are perfectly legit. In fact, this is only the second one that’s gone wrong. The first one was such a blatant blag that even I could see through it — someone in Brazil signed up as a photographer and uploaded 4 photographs. The following day someone else from Brazil signed up as a buyer and bought the four images for £2,000. We then should have paid the Brazilian photographer £1,000. But we had our suspicions. We waited. And the bank claimed back the money after three months. We were not compensated.

But I cannot figure this scam out.

Share