My dog woke me up this morning at 5:30AM for his morning walk, and as I was leaving the house I noticed I had 6 new SMS messages from last night. When I opened them, it took me a few seconds to make sense of it.
The messages all came in at around 10:58PM Kuwait time when I was already fast asleep.
- Your account has been debited with GBP 0.00 at 19:58:32PM
-
Your OTP for card ending with XXXX at Microsoft, 1249.99 GBP is XXXXX. Do not share etc..
-
There is insufficient funds in your account to authorize your transaction at 19:59:24
-
Your account has been debited with GBP 279.99 at 20:00:32
-
Your account has been debited with GBP 279.99 at 20:02:12
-
There is insufficient funds in your account to authorize your transaction at 20:03:15
Being half asleep because it was so early in the morning, I had to really work my brain to try and figure out if this was me or not. I’ve placed pre-orders before on things that get charged and shipped months later, and so I was trying to figure out if I might have ordered something from Microsoft months ago. I logged into my NBK bank app, clicked on my credit card and saw I had 0 pending transactions. I then assumed maybe this was my work’s credit card (I get those messages to my number as well) and that one of the employees might have been trying to purchase something for work.
But, I looked at the last 4 digits and it wasn’t the work credit card. Then it hit me, this wasn’t my credit card, it was my debit card! So I went back into the app, clicked on my debit card and checked under pending transactions, and sure enough there were two. This wasn’t me, so I called my bank up right away to report the fraudulent transactions.
The call lasted exactly 20 minutes which I think was a bit too long, at least for me that early in the morning while walking the dog. The first thing the bank did was lock my cards, lock my access to the app and online banking website, write a report up after asking me a bunch of questions, and then submit a request for a new debit card. In the next 24 hours, someone from the fraud claim request department is going to call me for more information.
I guess this was bound to happen eventually even though I’m really careful and smart about where I use my cards. But, I didn’t think it would happen with my main debit card since I never use that online. I don’t even use my debit card to withdraw money from ATM machine’s when I travel, I don’t even physically use it anymore since Apple Pay became available nearly 2 years ago! And thats whats confusing about all this.
If this was my credit card I can at least try and imagine how it might happened. I don’t use my credit card on dodgy websites, but I do use it online a lot so I can come up with plenty of scenarios on how someone could have gotten my credit card number. But my debit card? I have questions!
- This is a brand new card I was issued around 20 days ago
-
I don’t have my debit card number saved on any website since I use my credit card for subscriptions or online purchases
-
I just got back from a trip to Greece but I only used Apple Pay while there
-
I don’t use my cards to withdraw money from ATM machines when I travel so a card skimmer couldn’t have been used
-
Based on the messages I got, the bank requested an OTP number for the large 1249.99 GBP transaction. But the message right after says the order couldn’t go through because I had insufficient funds. Does that mean whoever tried using the card had somehow gotten the OTP number but the order didn’t go through because I didn’t have any money? Or does the bank ask for the OTP first and at the same time check to see if I have funds which is why I got both messages? I’m curious about that.
-
Finally, why did NBK allow the two other transactions without requiring an OTP or Pin code? It’s not like they were small amounts, they were 100KD+ each and I’ve been asked for an OTP for much smaller amounts
It’s really really odd, only because this was my debit card AND it’s brand new, I got it issued earlier this month. It’s the same old debit card number I’ve had for years, but with a brand new expiry date and CCV number. It’s been around 20 days since I got this new card so it isn’t difficult to know where exactly I’ve used it. Physically, like actually taking the card out and touching or inserting it into a machine, I think I’ve only used it at a couple of ATM machines, and only locally. That’s it. The rest of the time I’ve used it through Apple Pay. So, brand new debit card, with a brand new CCV number, how did they get it? I have a lot of questions to ask the fraudulent department when they call me!
Right now I’m leaning towards the idea that one of the ATM’s I used must have had a skimmer installed. I think I only used two ATM machines with this new card, a Warba machine inside a Trolley near me, and a Burgan Bank drive thru machine. So I might pass by them today and try and see if there is a skimmer installed, in case the bank’s hasn’t already found it.
Update: So I just got a call from the fraud department. The amount is still pending so they’ve submitted a claim to release it back into my account and I should get it in around a week. That’s the good news.
I then discussed how this could happen and although they’re still investigating, the person I spoke to seemed to be leaning towards the fraud happening online. He made it seem like ATM skimmers weren’t a thing anymore or at least they weren’t a thing in Kuwait because our ATM machines are newer and more advanced. I told him that it’s a new card issued just 20 days ago and I hadn’t used it online. He said he could see I used it with Talabat and PayPal. When I asked if they would inform me after their investigation where the fraud happened, he said they wouldn’t.
The bank would inform the other party about the fraud but not me. So for example if the fraud was due to Talabat having some sort of security leak, they wouldn’t tell me about it. I thought that was very odd.
Anyway, if I get more information I’ll update this post but I think for now they’ve considered the issue sorted with me. Other than my new ATM card and the amount refunded back to me, I don’t think the bank will be communicating anything else with me about this.
Update2: Looks like the issue might be with Talabat! A friend just sent me a link to an article on @dailyarabi that points to an article about a database belonging to Talabat being leaked.
Update3: I got my money back a week later.
82 replies on “I’m a Victim of Debit Card Fraud”
Oh my! I’m so sorry to hear that, Mark. Please keep us updated so we can be cautious. Thanks for putting up a blog about this.
I got a call from CBK this morning saying they have detected my Mastercard is compromised and it is now blocked and disabled by the bank. They assured nothing has been taken from the account and I will be issued new card. Be careful everyone.
hi,
i went through with the same experience a few months bac where transactions worth 950 kd was charged to my CBK debit card. Thankfully i was awake when the transactions where happening an i was able to block the card before it could go any further or else it would have ended up being way more, since i kept getting more messages with declined transactions. All my transactions where also in GBp. I contacted the bank and they also came up with the same story that i must have used the card or given out my debit card details even though i seldom use the card. Same question as you asked even i never got any otp request.
Anyways story short i raised a claim with the bank and after 2 months i was able to recover 940KD barring bank charges since i was able to track down the end source to where the funds where transferred.
These sort of fraudulent transactions are happening quite alot now and banks need to be more vigilant and investigate the issue properly.
Hope you get your money back.
I had the same last night – about 9.45pm, no OTP code needed, 350+KD. Called them straight away… waiting for my call back. I don’t use cash machines outside of the branch, only really in stores and online here in Kuwait.
May be your email is hacked and the Fraudster chose the option to receive OTP through email. Please change your email password immediately.
No, my email hasn’t been hacked. Even if I gave you my email password you wouldn’t be able to login without me approving you from my device. Plus what you’re suggesting isn’t possible since whoever got their hands on my debit card numbers would then have to figure out what my email is and then figure out how to access to it.
dude you dont know how the fraudster got you and you claim your email cannot be hacked? (:
They’re two different things. Most of my important logins require Two-Factor Authentication (2FA), either through an authenticator app that can generate one-time verification codes, or by physically approving on a secondary already logged in system.
The reason I don’t know how a fraudster got my debit card is because it’s a new card, hasn’t been used online, and the information on it isn’t stored anywhere digitally. So even if the fraudster had access to my email, my computer, and my phone, they would still not have access to my card’s details like expiry date, CCV code, or pin code.
Please advise which authenticator app to use
you can use Authy, MS authenticator or google authenticator apps.
I can’t answer specifically but as u know “fraud is a volume business” (will smith in Focus). One in a million hit is a good success rate for online fraud business. All personal information is available in online forms that people fill routinely. Data thefts are common and sold on dark web. Most Email passwords are just too simple for any program to crack.
Yeah I don’t disagree with the fact that our personal information is available online, what I’m saying is my email password isn’t and even if it was, it’s not enough to get you into my email since I use 2FA.
There are ways to bypass 2FA, it is extremely difficult but not impossible…
And?
OTP – Looking at the FAQ on NBK’s website, an OTP is only sent if the merchant’s website is 3D secure enabled (payment page shows ‘Verified by Visa’ or ‘Mastercard SecureCode’). If it isn’t, NBK will not send an OTP. This provides less security than we assume.
aha, I thought it was related to the amount being charged
So did I.
Would you be surprised if i mentioned a transaction of KD 1,700 on the Lufthansa website didn’t require an OTP when paying with an NBK Credit card? Heck it didn’t even go to the payment gateway!
Yeah in the same way a $5,000 purchase on Amazon doesn’t require an OTP. Turns out it’s not about the amount but about the website choosing to use 3D secure or not.
A friend got scammed on his card bcos a fraudster hacked into his email and chose to receive OTP by email. Email passwords are easy to hack bcos they are combinations of wives name, children’s names, their birthdays plus * or #. Everyone who fills an online form for airline or hotel reveals this details. Recommend all to change email password
I mean maybe you use names for your email password, but might isn’t a name, nor is it even words, it’s just a bunch of totally random generated letters and characters created randomly by a computer and I just memorized it.
bitwarden is a good option for that.
That’s alarming! Imagine the plight of people who are less tech savvy and less vigilant about such things. I had a similar experience with my NBK credit card and I called up the bank midnight itself to report. I had a tough time making them understand I didn’t make those transactions and they’re fraudulent. Eventually they issued a new card as replacement. Now I make sure to use Apple Pay as much as possible. It’s better to use Apple pay for ATM transactions also, but from my experience it works in card issuer bank’s ATMs only.
Yeah from my experience as well I can only use Apple Pay with my bank and not the others. Even the wireless tapping of the card, I can only do it on my bank ATM’s but not the others.
In my case the transactions were in USD and the description had ‘Facebook Ads’. No OTP involved was kind of a relief, atleast I knew my email/ phone are safe. Still I wonder how someone can get details like CVV and card expiry date without physically accessing the card!.
We had some “glitch” with Apple Pay:
https://www.cashmatters.org/blog/apple-takes-a-bite-out-of-hungarian-bank-accounts/
happened to me also NBK. same scenario. no OTP. when I complained they replaced the card and got the money back after 60 days.
Same exact thing happened to me whilst I was in Switzerland for vacation. I received a message stating ” 0.00 GBP has been debited from your account from Playstation Network” (p.s I never bought a psn gift card in my life) I ignored it and thought nothing of it and seconds later a surge of multiple transactions went through in a batch of £100’s. I logged in the NBK app to temporarily block my card and the scammer took another 100. Luckily he did this to my credit card so the money is insured and the bank returned the money in 65 days. I came up with three possibilities of credit card fraud.
– I connected to the airport WiFi in Geneva so I can use my NBK app and transfer money (bare in mind my phone was telling me the wifi was not secure)
– I connected to the hotel’s WiFi
– I used ApplePay multiple times
– or it was a skimmer from the car rental company in the airport or the hotel
I would assume its a skimmer and here’s why:
– Even if you log in to your NBK app, your credit card details aren’t all there, I can’t access it now to confirm cuz I’m locked out of the app, but I’m pretty sure my credit card number doesn’t show and the CVV definitely isn’t listed there (I hope).
– The way I understand it, when ApplePay connects with the machine, it isn’t really just sharing your card number and details, and even if it was it’s encrypted. So even if they were to wirelessly intercept the transaction between your phone and the POS, it’s not like they can get your card details https://medium.com/@sahintalha1/the-magic-behind-apple-pay-018117d973e1
– By connecting to an un-secure wifi, if there was a hacker listening in they’d just be reading all the unencrypted data being shared between you and the internet. Unless you sent over your credit card details to someone unencrypted (WhatsApp, emails, most online forms etc are encrypted), I don’t see how they would have gotten it.
Hi Mark..
I just check on the NBK app and you can see all the card details within the app, including the expiry and CCV number.
Hi Mark..
I just checked on the NBK app and you can see all the card details within the app, including the expiry and CCV number.
ah interesting, it would actually be super easy to get into the NBK app since all the person would require is your phone and phone PIN code.
If the person sees you input your PIN code to unlock your phone and then steals your phone, they can get access to your phone, launch the NBK app which I’m assuming most people have set up for facial recognition. When facial recognition doesn’t work it will just ask for your phones PIN code and then you’re in.
But then once they have the phone PIN code and your phone the NBK app is probably the least of your problems.
It happened to me yesterday as well, KFH credit card (visa) the charges were:
– USD 0.00 at Testing in United States
– EUR 0.00 at MICROSOFT*STORE in United Kingdom
– EUR 0.00 at Visa Provisioning Service in Kuwait
– OTP
– EUR 853 at Microsoft*Store in Netherlands
– EUR 840 at Microsoft*Store in Netherlands
Very weird, I also use the card online and I’m trying to figure out which website/service is compromised
Banks in Kuwait should apply location alerts! Transactions from different locations should blocks these transactions and freeze the account automatically!!
please no! lol that would mean I’d have to remember to notify the bank every time I travel that I’ve traveled.
Bank app should have option wherein the customer can inform the bank where he is travelling to and for how many days.
yeah but who wants to add another thing to their travel to do list, plus most of the transactions are online abroad so not sure if that idea would work anyway
I am doing this, calling customer services of my banks whenever I travel, because of my experiences when I am outside the country and having transactions blocked or getting notification from banks about transactions. I use Samsung or Google Pay and not my cards.
This is already available on the NBK App/Online Banking. You can notify the bank that you are travelling, to which country, which cards you will be using and the period of your travel time, so that you don’t get declined transactions due to suspicious transactions abroad.
😂😂 I’d love to crowd fund cars
If you are using the Debit card via Apple Pay, that could be the problem. I have used 2 different cards on Apple Pay (2nd time it was a prepaid card just to test), both time my cards were used for such fraudulent transactions. I did get my money back via NBK but I have completely stopped using Apple Pay now. (I removed all cards from Apple Pay).
Apple Pay is the safest thing you can use, that wasn’t your problem.
This is what I assume too. Last 7-8 years, never had these fraudulent transactions. Only after using Apple Pay recently, I had this issue (same for another friend too). For now, I will stay away from Apple Pay. Will try after 5-6 months with Prepaid Card again.
It’s not an assumption though and what you just stated is a coincidence and not a cause and effect. That’s like me accusing the company that delivered my debit card earlier this month of defrauding me because I didn’t use the card physically anywhere.
Apple Pay is extremely secure (hasn’t been hacked in the real world yet) and so the cause of your fraud was most likely through another source.
You’re on to something but it takes time for the masses to realize this. When you notice that most people who have been scammed have stated that they used Apple Pay, it needs to be covered by some analyst in an article for people to believe. Apple in itself is not as safe an ecosystem as it used to be. I cannot wait for it to be covered in the future.
So far 4 people mention that Fraudulent transactions were linked to cards registered with Apple Pay ( Ace, Solomon, Mark and Me). For me, both the incidents happened with 2 different cards while active on Apple Pay. So it is more than just coincidence. Anyway for now, I keep all my cards “disabled” from NBK app, I enable it just before any payment.
Sorry but you can’t be that daft? EVERYONE who has a card most likely has ApplePay. The chances of someone being defrauded and has applepay is very high. Thats not a coincedence and does not mean they got defrauded because of applepay. That’s like saying it’s more than a coincidence that all these people got defrauded also own cars. Like yeah obviously because the chances of people who have atm cards also have cars is very high.
Same story. Been there thru this. Lost 30 kd in debit card in just under a minute. Thankfully nbk asked for cvv number and the person couldn’t give it . Meanwhile I called and blocked the card. Though I gave a written complaint , never recovered the money. They said it was used by someone in uk to buy fb ads.
Do you have an RFID blocker wallet? People will be surprised how often they get scanned. You went to Greece and it’s pretty bad when it comes to things like that. Glad you got your money back. Another thing I learned is getting your money back from credit is much faster and better than debit. Debit is your money credit is the banks money. In some countries you have to wait months before you get your money back. It’s actually much better to use your credit card. Doggy website or not.
RFID skimming is not common at all, it’s mostly hearsay by people who don’t understand tech and worry a lot like the guy in the other comment who thinks Apple Pay isn’t secure. RFID scanning is super easy, you can buy a scanner off Amazon, it’s nothing illegal. But, if you scan your credit card you aren’t going to get your credit card numbers or details, that’s not how it works, it’s all encrypted.
Reading all this secures my belief in why i have cash instead of using a card or even keeping passwords saved on my phone. My old school skepticism is right. Pros & cons to technology & what youre experiencing is the cons of it. In the US banks give the $ back after 30 days unsure the procedure elsewhere. With global $ fraud & scams on the rise, how do banks survive when they have to pay back the clients & the bank loses ?
The bank does not loose anything. You are smart about old school but there is a limit to how much money you can keep cash and with risk of the world going digital and cash being a thing of the past and present, it would be risky to just live with cash.
I’ve been getting emails from “Aramex” saying my package has been held at customs and I need to pay KWD0.99 to release it.
It has been over 6 years since I left Kuwait so no real doubt whether or not it’s a scam. What is intriguing though is the email addresses me by my full name, which I didnt use generally use. I go by first and last and skip my middle name.
The emails started around the end of July which sort of lines up with a Talabat breach.
If this really is a Talabat data breach, and it seems true, then I’m probably affected too, and so is everybody. 1 million is customers is probably their entire records. It’s shocking no one from Talabat announced anything, or no one from the banks is being proactive and changing affected customers cards. They should have an access to that darkweb database by now and deactivate the leaked cards.
Out of curiosity, had these charges not still been reversible, would you have to eat the loss, since debit cards are not insured like credit cards? Even though you did nothing wrong. In that case how does one make a debit card not work online. can you deactivate the online feature of your debit card since you could end up holding the bag for talabat’s (or others) security failure?
According to the bank employee my debit card is protected like credit cards. If anything because it happened with a debit card I’m getting my money back in a week instead of 2 months.
I ran into this issue last year, and the payments were authorised by the bank without an OTP for EasyJet to purchase tickets for Italy and France using a Kuwaiti card LOL. I spoke to the bank but also shadowed the EasyJet accounts online to make sure they knew someone used my cards, and the issue was resolved within 10 days from the bank’s end.
The only thing I could link it back to was ApplePay, deleted the card from there and never faced this issue again.
Granted, it can happen with any other app too, but it’s stupid of the banks to not demand an OTP with larger payments when they send you one for smaller amounts..
The OTP issue is related to the website. So the two purchases were made on sites that used a Microsoft merchant payment system which doesn’t use OTP. Similar to how Amazon payments don’t use OTP.
Regarding deleting your card from Apple Pay, like I told the other guy, Apple Pay wasn’t your problem.
I never use my main debit card. I have a saving account which I top-up for my monthly spending be it grocery stores, food delivery, etc. And I just keep my main debit card for large cash or POS transactions.
You can’t rely on security measures by those online platforms.
That’s what I do, my debit card isn’t connected to my main account hence why he couldn’t do more than 2 transactions
Hi Mark, can you elaborate please how exactly is your debit card not connected to your main account? Do you mean you create accounts in different banks?
I’m wanting to secure my account, so I thought of creating a new savings account in my bank which I also have my main debit card account. Is this a good idea? I’d appreciate your advice 🙂 Thanks.
You can have different accounts within the same bank. for example a savings account, a Jawhara account, etc.. and not all accounts have a debit card
I see, thanks for explaining 🙂
I work in application support for a bank here that will remain nameless (and no not NBK) and mainly responsible for transaction processing and ATMs. So I wanted to clear couple of things.
– The first 0.00 transaction is confirming they got the card details correct
– The second that requires OTP is because its from Microsoft which is 3d secure, can’t confirm if they got correct OTP or not as sometime they place the amount on hold even with incorrect OTP since you had insufficient balance that was rejected
– The approved transactions came from non 3d secure sites so no OTP was requested. These sites were differently outside of Kuwait as OTP will be required by Knet for any amount over 25 kd
As for how it happened it can be from different reasons
– Cannot be from ApplePay as no one knows the card associated with your ApplePay token except for VISA/Mastercard and your issuer bank. ApplePay uses a tokenized card number that get decrypted by VISA so if they got your token number the transaction will have to come from VISA directly to k-net who will then enforce OTP regardless
– its not ATM skimmers as CBK enforces all banks in Kuwait to have measurements installed against skimmers and they do yearly audits to confirm this (We caught someone couple of years back who was tampering with ATMs due to these anti-skimmers)
– Most likely from online site maybe Talabat, best thing is to use pre-paid card and only top it up once its low on money so if that gets leaked then nothing worth it will be stolen
– Could be card readers that was tapped nearby your card, those don’t get full card details but they do get some
thank you for clarifying it!
So if this is the case, I’m going to cancel my knet card and get a new one because I have used it on Talabat and continue to use my prepaid CC for all things online. Everyone should do this
Check this article and the comments on Kuwait Reddit.
https://www.reddit.com/r/Kuwait/comments/1esrpe8/fraudulent_apple_credit_card_charges/
Yup looks like talabat is the culprit
This is a general advice to all, not directly related to the incident. Most customers are naive to assume that if their account is compromised, the bank will pay up everything they lost. Will u be able to prove banks negligence in a court of law? Does the police dept pay if u lost money to a robbery?. Does central bank pay if u lost cash? Does telcom company waive ur bill if someone else used ur international line? It’s ur negligence. So why would a bank pay? You will have to follow due process of law starting with a police complaint. There is no hope of recovery bcos most financial crimes are committed from overseas. Local police have no jurisdiction.
Therefore u must protect ur account as u protect ur home. Never use ur debit card bcos it’s linked to ur primary account and if compromised, u can lose everything. Use prepaid/credit card instead, at least your losses will be limited. Consider annual fee of card as the cost of a door lock you would buy.
Only in very specific instances a bank will chargeback a merchant and refund u the amount. If merchant does transaction without OTP and u register ur complain immediately. This is not a free license for disputing transactions. Merchants also can prove that ur credentials were used, product/service was delivered. Therefore u deserve no refund. A Bank is never supposed to pay from own pocket. That would be silly. it would amount to punishing shareholders and other customers to pay for negligence/crime of another. It’s supposed to report/investigate.
Everything you basically stated is incorrect and is basically fake news.
– My bank already called me and told me they will refund me the compromised amounts and other readers have reported the same
– My bank told me that my debit card and credit card are protected against fraud. So unlike you’re stating, if my cards were to be compromised, the bank will refund me the amount
– A merchant can make a transaction without requiring OTP. For example, Amazon does not use 3D Secure and so does not require an OTP
– You aren’t required to report the incident to police if your card was a victim of defrauding, the bank has their own fraud investigation team
– The bank will obviously not refund you your money back if you’re an idiot and sent someone your OTP for example
Same incident happened to me two days ago .My debit card got charged for USD 0.000 initially then immediately got charged for Eur 1370 without any OTP or whatsoever. I informed the bank and the card was blocked also the said amount was kept on hold by the bank.The astonishing fact is that the bank told me that bank has no authority to decide when the hold amount shall be released either to me or the vendor basically VISA has to investigate the case and then it will be decided. And today the amount which was on hold was released and now debited.Bank still tells me that the investigation is going on and in most cases cash will refunded will take a duration of 30 to 60 days.
I went throught that same experience with NBK yesterday. I got the OTP at around 2 AM but still they got 150 KD from my account and I rarely use it.
do you have your number saved on Talabat?
Had the same thing happen to me on the 26th as well on my NBK Debit Card.
– GBP 0.00
– GBP 739.99 at Microsoft Store Requesting OTP.
I directly opened the NBK App and Temporarily Blocked my card from further use and called NBK. They cancelled that card and froze my Credit Card and Savings Account Card as a precaution for the 24HRS.
3 Days and a New Card Later I am lucky it was during the day 5:00PM and I was near my phone to block any further Purchases.
Seems like a lot of people on here had issues starting on the 26th of August.
Did you have your number saved in talabat?
Not the Debit Card that was utilized in the Fraud. I barely use that. Just for the Gas stations who need KNET – they need to upgrade their systems.
I have my Credit Card registered on Talabat about a month or two ago. No Fraud on that though. Fingers Crossed.
This is getting out of hand. This should go viral. This all reminds me how i got 4K sucked out of my account few years ago and the Gulf Bank manager literally said to me “the hackers are always one step ahead of us” .
The best thing to do is to temporarily off your visa if you don’t want to buy something and reactivated it when you want to buy. This is what I always do in the Boubyan Bank application.
Someone on reddit faced a similar situation it’s very confusing and really scary https://www.reddit.com/r/Kuwait/s/cp787mystW
I have had a similar unfortunate experience a while ago, here is what happened to me:
On July 4th, 2024, I noticed two suspicious authorizations on my credit card: one for Apple and another for Blizzard Entertainment, each showing $0.00. Initially, I thought these were recurring subscriptions, but since I have no active subscriptions with either company, I brushed it off as a mistake.
Then, on July 6th, a $3.99 charge from Apple appeared on my account. This was odd since I don’t own any Apple devices, although my parents do, and their Apple accounts are managed by me. After checking my emails and finding no receipts, I grew more concerned.
Despite the small amount, I take my budgeting seriously and decided to investigate further, but I couldn’t trace the source of the charge. Feeling uneasy, I went to my bank, canceled my credit card, and raised my concerns with them.
Relieved to have canceled my card, I thought the issue was resolved. But the very next day, after receiving my new card, a $4.99 charge from Apple appeared out of nowhere. This new card hadn’t been used anywhere except to link with Google Pay and Samsung Pay, both secured with Multi-Factor Authentication (MFA). Thus, this time i decided to just call Apple customer complaint and resolve it directly with them, they did confirm that the NEW CARD was in fact used to purchase something, the refunded me and blocked my credit from ever being used again on their platform.
Someone, somewhere, had gotten access to my new credit card on the same day I received it. Reviewing my transactions, I noticed a few potential points of compromise, but the source remains unclear. However i suspect a skimmer device or a relay of some sort that was installed not on ATMs but POS systems at coffee places, grocery stores, as it happened during the week, and looking at my statements i can see Pret, coffee bean, and Trolley.
Hope this can help someone, I work at a bank but not in IT but i did raise my concern with my colleagues about this, hope the culprit gets caught soon.
so from my research I found out that even if someone skimmed your wireless transaction they wouldn’t be able to get your card number. Someone who works in banking IT confirmed this in another comment. Apple Pay doesn’t send your card details to the POS.
Mum kept receiving calls from a scammer for a couple of years. They had her phone number and bank account number, but not her card details.
Thing is, she bought that number specifically to register it at the bank and has zero contacts on it to this day and only kept in contact with the employees at the bank through it.
I think the call is coming from inside the house, if you catch my drift.
Just had the exact same thing. I was fast enough to report the card as stolen after two attempted 0 USD transactions and used the KFH kiosk to get a new one. I decided to take a look at my saved cards on Talabat and sure enough I had that damn card saved on there.