Attempted fraud on Bank of Ireland credit card

Peanuts20 said:
It's actually very easy to guess the 16 digits
  1. the first 6 digits signify the bank and the card issuer. You can look those up online in about 5 seconds for each bank
  2. the last digit is a checksum digit
so therefore you need only guess 9

The 16 digits adhere to an alogrythm called a Luhn alogrythm so with a competent number generator hooked up to a Luhn algorythm, it would be easy to work out card numbers. If you actually understand how the algorythm works (and it's not rocket science and after all, this is a fraudsters livelihood) you could probably work it out by hand or on excel in a few minutes. I used to work in a bank and if we got a damaged cheque, sometimes we'd have to work out account number by hand if you were missing a few digits. It's not hard (although in the case of a cheque it is only 14 digits, 6 digit sort code, 8 digit account, so easier)

the harder thing to guess is the expiry date (one chance in 36) and the CVV number (one chance in 999) but again, bots can try things automatically. Hence the growing complexity of captcha's and MFA.

I'm not encouraging fraud here by the way!!
Click to expand...

I know that but the chances of guessing the correct card number together with the correct expiry date together with the correct CVV numbers would require billions of attempts. Add in the the fact that one couple using 4 different cards were targeted 4 times in three months makes this statistically impossible. Add in the fact that no payment processor will allow brute force attacks like that. The card details are being compromised in some way. Or else someone really wants a spotify account and doesn't want to admit it to the other person....
 
Sunny said:
I know that but the chances of guessing the correct card number together with the correct expiry date together with the correct CVV numbers would require billions of attempts. Add in the the fact that one couple using 4 different cards were targeted 4 times in three months makes this statistically impossible. Add in the fact that no payment processor will allow brute force attacks like that. The card details are being compromised in some way. Or else someone really wants a spotify account and doesn't want to admit it to the other person....
Click to expand...

there is almost certainly at least one retailer that the OP does business with leaking details, whether that retailer are even aware of it is another question. That might not even be an online retailer, plenty of example out there of card details being harvested as POS terminals.

In most cases, the full details of an online transaction should be masked. My point is that it is a doddle for a competent fraudster to work out the 16 digits if they only have partial details and the rest are not that difficult either, especially if you throw a bit of computer power at it. It's no different to the robot calls from Amazon we are probably all plagued with these days. Fraudsters know 99.9% of their efforts fail, they make their living on the fraction that gets through.
 

circle said:
If you have the card registered to apple pay / wallet, you benefit from getting the new card available to use on your phone immediately, with no waiting for a card to be sent out, which is great here, invaluable if you were travelling. Not sure if similar is available via google pay or other banks?
Click to expand...

Thanks Circle. Didn't realise that replacement card could appear on my Google Pay before the physical card arrives in the post. I haven't tried to use the new G-Pay card yet but looks like it's there if I need it. For now I've reverted to cash.
 
Peanuts20 said:
there is almost certainly at least one retailer that the OP does business with leaking details, whether that retailer are even aware of it is another question. That might not even be an online retailer, plenty of example out there of card details being harvested as POS terminals.

In most cases, the full details of an online transaction should be masked. My point is that it is a doddle for a competent fraudster to work out the 16 digits if they only have partial details and the rest are not that difficult either, especially if you throw a bit of computer power at it. It's no different to the robot calls from Amazon we are probably all plagued with these days. Fraudsters know 99.9% of their efforts fail, they make their living on the fraction that gets through.
Click to expand...
The odd thing is that my spouse's card has been compromised the most. It's inactive, hasn't been used online, offline or anywhere else for year, so there's no data trail for fraudsters to get their hands on. This suggests it's just pot luck and random number generation, which was BoI's explanation.
 
Lucius Lamb said:
It's inactive, hasn't been used online, offline or anywhere else for year, so there's no data trail for fraudsters to get their hands on.
Click to expand...
Has it literally never been used? If it was used years ago the data could have been stored and recently compromised.
 
Lucius Lamb said:
The odd thing is that my spouse's card has been compromised the most. It's inactive, hasn't been used online, offline or anywhere else for year, so there's no data trail for fraudsters to get their hands on. This suggests it's just pot luck and random number generation, which was BoI's explanation.
Click to expand...
Bear in mind that the breech could have occurred over a year ago and the details have just recently been sold on the dark web as part of a broader cache of numbers
 
Lucius Lamb said:
The odd thing is that my spouse's card has been compromised the most. It's inactive, hasn't been used online, offline or anywhere else for year, so there's no data trail for fraudsters to get their hands on. This suggests it's just pot luck and random number generation, which was BoI's explanation.
Click to expand...
I think for this to happen that many times in such a short period of time seems a bit odd to say the least
My thinking would be where is the CC during the day, is it always on or with your spouse??
 
Lucius Lamb said:
The odd thing is that my spouse's card has been compromised the most. It's inactive, hasn't been used online, offline or anywhere else for year, so there's no data trail for fraudsters to get their hands on. This suggests it's just pot luck and random number generation, which was BoI's explanation.
Click to expand...

Have either of you ever held a Spotify account?
 
Cervelo said:
I think for this to happen that many times in such a short period of time seems a bit odd to say the least
My thinking would be where is the CC during the day, is it always on or with your spouse??
Click to expand...
Card is buried somewhere in spouse's purse, which thankfully hasn't been robbed or interfered with to our knowledge.
 
You must log in or register to reply here.
Back
Top