Just Eat

[RobM]

I have been one of many 'victims' of credit card fraud by Just Eat charging my card for £35 for food at the beginning of the month. I have had to cancel my credit card and now I have an 8 week process to recoup the money. However I don't even have an account with them and haven't been to uk for years. So my questions are: is this a UK only company and anyone know of any other delivery companies who might share data with them? I'm trying to find out how they got my info and wondered if anyone has had the same issues with them?
The article that made me realise I wasn't alone was https://www.bbc.com/news/uk-48719098
You might want to check your balances if you used them in the past.

 

[dazc]

I'm trying to find out how they got my info and wondered if anyone has had the same issues with them?

If you've used your card abroad the chances of your number being collected and used for fraud is much higher than in the UK.

However, my card has been used fraudulently at a restaurant/take-away. As I understood it, it was just a random card number they used because no other authentication was required, not the expire date or the 3-digit code, nothing.

The bigger question, I guess, is why credit card companies allow these transactions to be processed in the first place since it requires a degree of diligence on behalf of the card holder to ensure nothing slips through the net.

 

[RobM]

Yeah I suppose it's the risk of using a card for online transactions. I just wonder who is storing the cvv details as well that fraudsters would need. I'll have to look through and see which companies I've used that processed the payment themselves as opposed to using a processor like worldpay, paypal, etc. Unfortunately that includes a few domain related companies so one of them has either shared the data or been compromised.

 

[Ben Thomas]

Some companies (oddly) don't need the CVV to process payments. This is fucking odd to me, Amazon being one of them. It really makes me uneasy.

 

[RobM]

But in this case my card was used I guess online as I think Just Eat are an order/delivery service (we don't have them here)? They don't have my card physically. That means they got the cvv from wherever they got the details - which in turn means someone who shouldn't be is storing cvv details. I'll never know.

 

[Ben Thomas]

CVV doesn't add any extra layer of security, which is why companies like Amazon don't request it. If someone has stolen your debit card/billing details, they have the CVV code anyway, so requesting it at checkout doesn't do much apart from reduce payment conversions. (Most payment declines on payments charges for legitimate uses come from the wrong CVV being entered by accident.)

Not really, people can steal your payment information without having your card. It was introduced as an anti-fraud measure, so how exactly does it not add an extra layer of security? I don't think having to enter a CVV reduces conversions either, I think that's a bunch of shit. If your product is good, people will buy it. If it's not good, people will find any excuse not to buy it.

 

[WHM]

If you've used your card abroad the chances of your number being collected and used for fraud is much higher than in the UK.

I don't think that's really the case, I have one card that I use exclusively overseas, must have had 10K+ transactions on it over the last 6+ years. Not had any fraud from that card.

On the other hand, 2 other cards I've hardly used but all most all transactions were for UK online purchases have had to have to be reissued 3 times because of random fraudulent transactions.

Just my 2 pence but online shopping is far worse than overseas transactions for fraud.

 

[dazc]

Just my 2 pence but online shopping is far worse than overseas transactions for fraud.

Perhaps so, I am quite paranoid about giving random sites my credit card details though and tend only to buy from amazon and such?

 

[RobM]

Plenty of places online store your card details but not your cvv. They then ask for it in future transactions and it is passed through to the payment processor so they never even see it. That way if their database gets hacked, or info leaked, people can't use the data. So it's not useless - it just means that someone I used stored *all* the data and it was compromised. You can buy card info (without ccv) easily on the net. Any decent place is going to ask you that info on an online purchase - it's the difference between being able to commit fraud or not.

 

[RobM]

Lol ok. Try not to let our lack of expertise worry you though.

 

[Ben Thomas]

My bank has already started implementing SCA, which makes it nigh on impossible for someone to use my card details for fraudulent purposes. Unless of course, they make a purchase with my details through a company I have already approved beforehand and that now has continuous payment authority. Like, probably Amazon lol.

EDIT: Anyway, point is, that I think SCA will eliminate loads of fraud, and everyone should use it ASAP. I'm with Starling Bank, anybody else bank with them? Really good, non-high street bank.

 

[RobM]

Just tried to pay my nominet invoice...wrong cvv...wasn't approved. Lucky they asked for that. I'll email them now and tell them it's an irrelevant piece of information and they don't need it.