About eight weeks ago I got my wife and I Shell MasterCards from Citi to buy fuel with. This was prompted by the offer of 3% off our fuel purchases at Shell. (6% in the first 60 days from account opening).
This morning (17 November) I got a text from Citi telling me my account balance. It was £1600 more than I had expected so I tried to log on to see why. “Your account has been blocked” the screen said so I phoned instead.
“Press 1 to report your card lost or stolen” the menu said so I did. The voice which answered told me I was through to India. I gave them my card number and told them I was concerned that there were fraudulent transactions on my account since the balance
was much higher than it should be. I expected them to help. “Sorry” the agent replied, I can’t deal with this, I’m not trained on Shell Cards!”.
After a while on hold I got transferred to another agent who was trained on Shell Cards but who wasn’t from the Security Department so could only confirm that there were fraudulent transactions on my account, which were cash withdrawals on my wife’s card.
He took my details and promised to get someone to call me.
By then I had worked out what must have happened. My wife had only used her card at one filling station in Tooting. The card number and PIN must have been intercepted at the checkout there by Chip and PIN fraudsters and used to clone a cash card.
After no call-back and another call I finally got through to the Fraud Department who confirmed my suspicions that the card had been cloned and used to withdraw cash at an ATM. So despite jailing people the effects are still being felt and card data was
still being captured by the criminals in October.
Now while it’s difficult to defeat a determined criminal intent on skimming cards and PINs the whole point of Chip and PIN is to stop fake cards from being used. Why then are ATMs allowed in the UK which don’t validate PINs? I remember this type of fraud
from twenty years ago when I think we called it PAN7 the only difference is now the criminals target the non Bank ATMs in convenience stores.
On a lesser but not inconsequential note please would Banks which use touch tone call systems check that the routing makes sense and that their staff who handle lost and stolen calls are trained to handle them!
Finally you may think from my posts that I’m a particular victim of card fraud since I’ve had four or five incidents where my card details have been compromised in the last 12 months. What is really worrying however is that if this level of fraud is happening
to me what is happening out there generally? With credit card profits being hit through write offs and the recession generally the Banks and Card Associations need to start closing the gaps to fraud and that means enforcing adoption of Chip and PIN in ATMs.