OT you can be sure of Shell ??

This site contains affiliate links for which LandyZone may be compensated if you make a purchase.
D

Derek

Guest
The alert amongst us will have heard that the wonderful fraud proof chip and
pin cards have been compromised and the facility has been withdrawn from
Shell stations.
Today I get a letter advising me to call my banks fraud section it seems
that the engineers of the idiot system Maestro think my card may have been
cloned. My bank obviously want to cancel my card urgently for reasons of
security but are happy to wait till I phone them ( not the other way round )
to do so instead of them phoning me this leaves me on a friday evening with
no access to my current account but the twelve year old I spoke to advises
me I can withdraw money over the counter- yes that helps if they are going
to open the bank specially just for me on saturday. Am I being over critical
or would normal folk have sent out the replacement card as soon as the
problem was identified to minimise inconvenience and then tried to phone
before sending a letter out??? or is the word banker mispelt?
Derek


 
Derek wrote:
> The alert amongst us will have heard that the wonderful fraud proof chip and
> pin cards have been compromised and the facility has been withdrawn from
> Shell stations.
> Today I get a letter advising me to call my banks fraud section it seems
> that the engineers of the idiot system Maestro think my card may have been
> cloned. My bank obviously want to cancel my card urgently for reasons of
> security but are happy to wait till I phone them ( not the other way round )
> to do so instead of them phoning me this leaves me on a friday evening with
> no access to my current account but the twelve year old I spoke to advises
> me I can withdraw money over the counter- yes that helps if they are going
> to open the bank specially just for me on saturday. Am I being over critical
> or would normal folk have sent out the replacement card as soon as the
> problem was identified to minimise inconvenience and then tried to phone
> before sending a letter out??? or is the word banker mispelt?
> Derek

A friend has had £3k stolen from his bank account in the past month
after he used his card at our local Shell garage and it was cloned.
Fortunately the bank are refunding his money, but it's a pretty bad
situation. He only actually found out when he couldn't withdraw
money from the cash machine and he went into the bank to find out why.

Matt
 

"Derek" <[email protected]> wrote in message
news:[email protected]...
> The alert amongst us will have heard that the wonderful fraud proof chip
> and pin cards have been compromised and the facility has been withdrawn
> from Shell stations.
> Today I get a letter advising me to call my banks fraud section it seems
> that the engineers of the idiot system Maestro think my card may have been
> cloned. My bank obviously want to cancel my card urgently for reasons of
> security but are happy to wait till I phone them ( not the other way
> round ) to do so instead of them phoning me this leaves me on a friday
> evening with no access to my current account but the twelve year old I
> spoke to advises me I can withdraw money over the counter- yes that helps
> if they are going to open the bank specially just for me on saturday. Am I
> being over critical or would normal folk have sent out the replacement
> card as soon as the problem was identified to minimise inconvenience and
> then tried to phone before sending a letter out??? or is the word banker
> mispelt?
> Derek
>

It happened to me for the first time only a couple of weeks ago.
Reading my monthly bank statement and saw that 5 transactions totalling £138
had been used for coach trips from National Express in Birmingham.
This was also on a Friday evening.
I was straight on the phone to Nat Express who were actually really
helpful,But said it was down to the bank to refund me.
I then sent the mrs down to the cashpoint to withdraw the maximum allowance
while i phoned the bank to cancel the card.
After a lengthy call to the bank and the police i got a crime number.
I had a letter from the fraud investigating team saying there is nothing
more that they can do(Even though they had a name and address for the
bookings)And my card was more than likely cloned.
I am still waiting to be refunded.
In my job im sometimes away all week,And i use service stations cashpoints a
lot,And chip and pin.
I didn't know that Shell had now stopped this,Thanks for the info.
Its probably now safer to carry a wad full of money to see you through,Than
using these so called safe gadgets and risk losing the lot.


 
On 2006-05-19, Derek <[email protected]> wrote:

> The alert amongst us will have heard that the wonderful fraud proof
> chip and pin cards have been compromised and the facility has been
> withdrawn from Shell stations.

This happened some time ago, I'm not sure on the details but I suspect
it's the same issue that's hit some stores in the US; when you enter
your PIN number into the little machine at the checkout, that number
is not supposed to be stored, in a similar manner to the three-digit
code on the signature strip that you're often asked for when making
telephone purchases with a credit card.

Despite instructions that neither of these bits of info should be
stored, many credit-card processing systems do store them, with the
end result being that when the system gets hacked, not only does your
normal card details get leaked, but your PIN number does too, allowing
thieves to walk up to cashpoints and withdraw your money, not
something they were able to do before "chip and pin".

--
Blast off and strike the evil Bydo empire!
 
In message <[email protected]>
Ian Rawlings <[email protected]> wrote:

> On 2006-05-19, Derek <[email protected]> wrote:
>
> > The alert amongst us will have heard that the wonderful fraud proof
> > chip and pin cards have been compromised and the facility has been
> > withdrawn from Shell stations.
>
> This happened some time ago, I'm not sure on the details but I suspect
> it's the same issue that's hit some stores in the US; when you enter
> your PIN number into the little machine at the checkout, that number
> is not supposed to be stored, in a similar manner to the three-digit
> code on the signature strip that you're often asked for when making
> telephone purchases with a credit card.
>
> Despite instructions that neither of these bits of info should be
> stored, many credit-card processing systems do store them, with the
> end result being that when the system gets hacked, not only does your
> normal card details get leaked, but your PIN number does too, allowing
> thieves to walk up to cashpoints and withdraw your money, not
> something they were able to do before "chip and pin".
>

The software on our terminal was completely updated last weekend,
which would seem to confirm that it was a terminal software issue.
The way the transaction is handled has also been completely
re-vamped.

Richard

--
www.beamends-lrspares.co.uk [email protected]
RISC-OS - Where have all the good guys gone?
Boycott the Yorkshire Dales - No Play, No Pay
 
On or around Fri, 19 May 2006 21:34:29 +0100, Ian Rawlings
<[email protected]> enlightened us thusly:

>On 2006-05-19, Derek <[email protected]> wrote:
>
>> The alert amongst us will have heard that the wonderful fraud proof
>> chip and pin cards have been compromised and the facility has been
>> withdrawn from Shell stations.
>
>This happened some time ago, I'm not sure on the details but I suspect
>it's the same issue that's hit some stores in the US; when you enter
>your PIN number into the little machine at the checkout, that number
>is not supposed to be stored, in a similar manner to the three-digit
>code on the signature strip that you're often asked for when making
>telephone purchases with a credit card.
>
>Despite instructions that neither of these bits of info should be
>stored, many credit-card processing systems do store them, with the
>end result being that when the system gets hacked, not only does your
>normal card details get leaked, but your PIN number does too, allowing
>thieves to walk up to cashpoints and withdraw your money, not
>something they were able to do before "chip and pin".

well, I used the chip and pin in Shell yesterday...

as to notifying etc. if the bank know your card has been cloned, then their
best option (and yours, really) is to kill the card ASAP. If they wait
several days to notify you, then either you or they are gonna lose money.

mostly, the banks seem pretty good at refunding when this happens - I know
that if you lose or steal the card, then you're liable for losses up to the
point that you notify the bank.
--
Austin Shackles. www.ddol-las.net my opinions are just that
"My centre is giving way, my right is in retreat; situation excellent.
I shall attack. - Marshal Foch (1851 - 1929)
 
Austin Shackles wrote:
> On or around Fri, 19 May 2006 21:34:29 +0100, Ian Rawlings
> <[email protected]> enlightened us thusly:
>
>> On 2006-05-19, Derek <[email protected]> wrote:
>>
>>> The alert amongst us will have heard that the wonderful fraud proof
>>> chip and pin cards have been compromised and the facility has been
>>> withdrawn from Shell stations.
>>
>> This happened some time ago, I'm not sure on the details but I
>> suspect it's the same issue that's hit some stores in the US; when
>> you enter your PIN number into the little machine at the checkout,
>> that number is not supposed to be stored, in a similar manner to the
>> three-digit code on the signature strip that you're often asked for
>> when making telephone purchases with a credit card.
>>
>> Despite instructions that neither of these bits of info should be
>> stored, many credit-card processing systems do store them, with the
>> end result being that when the system gets hacked, not only does your
>> normal card details get leaked, but your PIN number does too,
>> allowing thieves to walk up to cashpoints and withdraw your money,
>> not something they were able to do before "chip and pin".
>
> well, I used the chip and pin in Shell yesterday...
>
> as to notifying etc. if the bank know your card has been cloned,
> then their best option (and yours, really) is to kill the card ASAP.
> If they wait several days to notify you, then either you or they are
> gonna lose money.
>
> mostly, the banks seem pretty good at refunding when this happens - I
> know that if you lose or steal the card, then you're liable for
> losses up to the point that you notify the bank.

Makes me glad we're so far behind the technology here in Oz ... no chip &
pins here

Karen

--
"I'd far rather be happy than right any day."
- Slartibartfast


 
On Sat, 20 May 2006 08:46:07 +0100, Austin Shackles wrote:

> if the bank know your card has been cloned, then their best option (and
> yours, really) is to kill the card ASAP.

How can they *know* a card has been cloned. They can have a pretty good
idea, but not *know*. A suddenly stopped card would really **** of a
customer, especially if they got it wrong.

The bank should, IMHO, make serious effort to contact the card keeper but
that has problems. I will not give personal information to anyone that
telephones me, how do I *know* who they are? Especially a cold call. They
could me ask to call their Customer Service Center and maybe give me a
verification code (not that that is worth much) but I wouldn't call any
number they gave me unless I could independantly verify it. Could be
anyone...

> If they wait several days to notify you, then either you or they are
> gonna lose money.

It may take several days before their automated systems pick up on a
pattern of use change. Just because a card suddenly leaps from it's
"home" area to Paris doesn't mean it's cloned, unless the time between
transactions is too short for the card to have physically done the
journey.

> mostly, the banks seem pretty good at refunding when this happens - I
> know that if you lose or steal the card, then you're liable for losses
> up to the point that you notify the bank.

They do, just as well. What I don't like is that they tend to tell you to
wait for your statement then you have to tell them which transactions you
didn't make. They cancel them but still expect full payment (inc the
fraudulent ones) if you don't make full payment you get lumbered with
interest and another loop getting that back.

--
Cheers [email protected]
Dave. pam is missing e-mail



 
On Fri, 19 May 2006 21:34:29 +0100, Ian Rawlings
<[email protected]> wrote:

>Despite instructions that neither of these bits of info should be
>stored, many credit-card processing systems do store them, with the
>end result being that when the system gets hacked, not only does your
>normal card details get leaked, but your PIN number does too, allowing
>thieves to walk up to cashpoints and withdraw your money, not
>something they were able to do before "chip and pin".

Chip and Pin was introduced for the convenience of the wunch of
bankers who only have limited vision - there is no way - in reality,
that it is safer than a sig - it's cheaper to maintain and administer,
though.

Our systems do not store the number or CV2 code - they pass them
directly (encrypted) to the clearing bank for an instant verification
or denial, however we've lost count of numerous on-line systems where
the details, although passed via SSL, are stored locally - in one case
in an open text file. Other systems make a big show of how secure
their site is - then send the card details via unencrypted email to
the office for manual processing!

The simplest way is to have an account with a debit card seperate from
your normal bank account. Transer only enough money into the new
account for your use - then when it gets cloned you're limiting your
exposure.


--
I love deadlines, especially the Whooshing noise
they make as they pass. Douglas Adams 1952-2001
 
On 2006-05-20, Mother <"@ {mother} @"@101fc.net> wrote:

> The simplest way is to have an account with a debit card seperate from
> your normal bank account. Transer only enough money into the new
> account for your use - then when it gets cloned you're limiting your
> exposure.

Personally I only use my debit card for cash withdrawal these days,
and use the credit card for everything else. Every saturday I do the
finances, which includes paying off the week's credit card purchases.

The idea is that the credit card offers the facility to question stuff
that appears on the account, but a debit card sucks it straight out.
Also it's easy to change credit card, so if you are worried about the
amount of places that have your card details, you can cancel the card
and get another one with a different card company.

--
Blast off and strike the evil Bydo empire!
 
On Sat, 20 May 2006 12:19:59 +0100, Ian Rawlings
<[email protected]> wrote:

>The idea is that the credit card offers the facility to question stuff
>that appears on the account, but a debit card sucks it straight out.
>Also it's easy to change credit card, so if you are worried about the
>amount of places that have your card details, you can cancel the card
>and get another one with a different card company.

One of the credit card companies was offering a 'one off'
autogenerated number to use for online transactions - can't remember
who, offhand, may have been EGG.

Have to say though, I am a fan of analogue transactions (CASH). If I
go to a show with a couple of hundred quid in my pocket I know what
I'm spending. With a card it's all too easy to get carried away - and
exponentially increase the risk of someone with a paper swipe machine
misappropriating the card details.


--
"We have gone from a world of concentrated knowledge and wisdom to one
of distributed ignorance. And we know and understand less while being
increasingly capable." Prof. Peter Cochrane, formerly of BT Labs
In memory of Brian {Hamilton Kelly} who logged off 15th September 2005
 
On or around Sat, 20 May 2006 10:03:31 +0100 (BST), "Dave Liquorice"
<[email protected]> enlightened us thusly:

>On Sat, 20 May 2006 08:46:07 +0100, Austin Shackles wrote:
>
>> if the bank know your card has been cloned, then their best option (and
>> yours, really) is to kill the card ASAP.
>
>How can they *know* a card has been cloned. They can have a pretty good
>idea, but not *know*. A suddenly stopped card would really **** of a
>customer, especially if they got it wrong.

I assume they know it's cloned if they get 2 transactions in 2 places at the
same time, but I suspect there's more than meets the eye - could be there's
some kind of checksum or something that isn't cloned right and shows up but
isn't checked by the machine on the street. They can also get it from
transaction patterns. Try doing something off the wall with your card like
making a succession of max withdrawals or huge purchases and I bet you get
the bank on asking if it's you.

I reckon there is something by which they can identify a cloned card though
- I know someone who had it happen and was notified almost before they got
home.


>
>The bank should, IMHO, make serious effort to contact the card keeper but
>that has problems. I will not give personal information to anyone that
>telephones me, how do I *know* who they are? Especially a cold call. They
>could me ask to call their Customer Service Center and maybe give me a
>verification code (not that that is worth much) but I wouldn't call any
>number they gave me unless I could independantly verify it. Could be
>anyone...
>
>> If they wait several days to notify you, then either you or they are
>> gonna lose money.
>
>It may take several days before their automated systems pick up on a
>pattern of use change. Just because a card suddenly leaps from it's
>"home" area to Paris doesn't mean it's cloned, unless the time between
>transactions is too short for the card to have physically done the
>journey.
>
>> mostly, the banks seem pretty good at refunding when this happens - I
>> know that if you lose or steal the card, then you're liable for losses
>> up to the point that you notify the bank.
>
>They do, just as well. What I don't like is that they tend to tell you to
>wait for your statement then you have to tell them which transactions you
>didn't make. They cancel them but still expect full payment (inc the
>fraudulent ones) if you don't make full payment you get lumbered with
>interest and another loop getting that back.
--
Austin Shackles. www.ddol-las.net my opinions are just that
"Remember that to change your mind and follow him who sets you right
is to be none the less free than you were before."
Marcus Aurelius Antoninus (121-180), from Meditations, VIII.16
 
On or around Sat, 20 May 2006 12:19:59 +0100, Ian Rawlings
<[email protected]> enlightened us thusly:

>On 2006-05-20, Mother <"@ {mother} @"@101fc.net> wrote:
>
>> The simplest way is to have an account with a debit card seperate from
>> your normal bank account. Transer only enough money into the new
>> account for your use - then when it gets cloned you're limiting your
>> exposure.
>
>Personally I only use my debit card for cash withdrawal these days,
>and use the credit card for everything else. Every saturday I do the
>finances, which includes paying off the week's credit card purchases.
>
>The idea is that the credit card offers the facility to question stuff
>that appears on the account, but a debit card sucks it straight out.
>Also it's easy to change credit card, so if you are worried about the
>amount of places that have your card details, you can cancel the card
>and get another one with a different card company.

the scumbags can put their cloning machine on the front of an ATM though.
--
Austin Shackles. www.ddol-las.net my opinions are just that
"Remember that to change your mind and follow him who sets you right
is to be none the less free than you were before."
Marcus Aurelius Antoninus (121-180), from Meditations, VIII.16
 
In message <[email protected]>
Mother <"@ {mother} @"@101fc.net> wrote:

> On Fri, 19 May 2006 21:34:29 +0100, Ian Rawlings
> <[email protected]> wrote:
>
> >Despite instructions that neither of these bits of info should be
> >stored, many credit-card processing systems do store them, with the
> >end result being that when the system gets hacked, not only does your
> >normal card details get leaked, but your PIN number does too, allowing
> >thieves to walk up to cashpoints and withdraw your money, not
> >something they were able to do before "chip and pin".
>
> Chip and Pin was introduced for the convenience of the wunch of
> bankers who only have limited vision - there is no way - in reality,
> that it is safer than a sig - it's cheaper to maintain and administer,
> though.
>

There's considerable evidence to refute that. Speaking as a retailer,
C&P is a hell of a lot simpler to use, and any doubt about signatures
is removed (it's always the retainlers fault, so we used to take the
hit every time). Now they either know the PIN or they don't which
is nice and tidy.

<snip>


Richard
--
www.beamends-lrspares.co.uk [email protected]
RISC-OS - Where have all the good guys gone?
Boycott the Yorkshire Dales - No Play, No Pay
 
Dave Liquorice wrote:

|| On Sat, 20 May 2006 08:46:07 +0100, Austin Shackles wrote:
||
||| if the bank know your card has been cloned, then their best option
||| (and yours, really) is to kill the card ASAP.
||
|| How can they *know* a card has been cloned. They can have a pretty
|| good idea, but not *know*. A suddenly stopped card would really ****
|| of a customer, especially if they got it wrong.

Depends on the customer. I was once away from home and bought a new camera
in a branch of Jessops where they had some interesting special offers. I
walked out of the shop, and then realised that I had Di's Xmas present sewn
up if I went back in. I did so, and my card was refused. I called the bank
and they let me know they had spotted two biggish transactions about 250
miles from where I normally do my spending. After some really deep security
questions, they unblocked the card. The guy at the bank was really
apologetic, as he assumed I would be majorly ****ed off, but I was
delighted, and I told him so. To recognise an unusual pattern of
spending/location and block the card within about 3 minutes was bloody
marvellous IMO. Getting the card unblocked was a minor inconvenience,
compared to what might have happened if I had had my card stolen or cloned
and they had waited 24-48 hrs to inform me.

--
Rich
==============================

I don't approve of signatures, so I don't have one.


 
On Sat, 20 May 2006 12:19:59 +0100, Ian Rawlings wrote:

> Personally I only use my debit card for cash withdrawal these days,
> and use the credit card for everything else.

I've always operated like that, but then Debit Cards are a new fangled
thing and I don't like the way the money goes straight from my account.
The only place that I use my Debit Card is CostCo but only because they
don't take Credit Cards and I hardly ever remember to take my cheque
book.

> Every saturday I do the finances, which includes paying off the week's
> credit card purchases.

Thats a bit keen, but I do cross check all statements fairly soon after
they arrive. So far I've only found (or rather not found) purchases that
I have made that have never turned up on my statements. B-)

--
Cheers [email protected]
Dave. pam is missing e-mail



 
On Sat, 20 May 2006 13:16:41 +0100, Austin Shackles wrote:

> I assume they know it's cloned if they get 2 transactions in 2 places
> at the same time,

Yes further down I said "unless the time between transactions is too
short for the card to have physically done the journey." Which is
actually a bit more open than "the same time".

> - could be there's some kind of checksum ...

The last two digits of a card number are a checksum for the card number.
Fairly simple algorithm, was (and probably still is) available on the
'net. VAT numbers also have a built in checksum.

> or something that isn't cloned right and shows up but isn't checked by
> the machine on the street.

The vast majority of card transactions are online these days, very few
are not checked with the banks computer before being authorised. If there
was something like this cloned card fraud would be much harder.

> They can also get it from transaction patterns. Try doing something
> off the wall with your card like making a succession of max withdrawals
> or huge purchases and I bet you get the bank on asking if it's you.

This is the major part of it and it appears is "real time", at least for
some cards. TBH I'm not surprised most of us are creatures of habit and
have pretty predictable spend patterns. Mind you they are tightening up,
got a flyer with one of my statements asking me to tell them before I go
abroad, dates & locations etc. I guess the hidden meaning is that *any*
foreign stuff appearing on my account could lead it to being blocked.

--
Cheers [email protected]
Dave. pam is missing e-mail



 

"Dave Liquorice" wrote ((snip))
> This is the major part of it and it appears is "real time", at least for
> some cards. TBH I'm not surprised most of us are creatures of habit and
> have pretty predictable spend patterns. Mind you they are tightening up,
> got a flyer with one of my statements asking me to tell them before I go
> abroad, dates & locations etc. I guess the hidden meaning is that *any*
> foreign stuff appearing on my account could lead it to being blocked.
>
Every time we go to France for the day to buy red wine and stuff, after the
first transaction the next purchase gets the instruction "Phone Card Issuer"
on the terminal. Of course nobody in the shops ever does, they just ask for
another card, so the computer then stops the original card automatically.
Ended up with three cards stopped between us a couple of weeks ago.
Eventually got a call on the mobile from a person and they went through my
last few transactions one of which was Eurotunnel for the tickets, now I
would have thought that would have given them a starter for ten but we are
talking about a computer, at least they unstopped that card. Didn't get the
other cards unstopped until back in UK.
We have even phoned beforehand to warn them we will be shopping abroad but
still have the problem, thank goodness for mobile phones.

The fault isn't with the Bank, they are just trying to protect both of us,
it's the shops for being lazy and not phoning when asked.
--
Regards
Bob Hobden
17mls W. of London.UK


 
On 2006-05-20, Austin Shackles <[email protected]> wrote:

> the scumbags can put their cloning machine on the front of an ATM though.

Sure, but I rarely draw money out of any ATM other than the one near
my house, I work from home so not much call for getting money out
elsewhere. Also you can keep your eyes open for such things, all in
all much less risk than trusting your details to countless shoddy
software implementations all over the place that you can't assess in
any way shape or form.

--
Blast off and strike the evil Bydo empire!
 
On 2006-05-20, Dave Liquorice <[email protected]> wrote:

>> Every saturday I do the finances, which includes paying off the week's
>> credit card purchases.
>
> Thats a bit keen,

TBH the main reason I pay off the credit card every week is because
otherwise I'll end up owing thousands again, done that already, still
paying it off! :-( Paying the balance weekly means I can keep it in
hand much easier. Some of us have no self control (he says, looking
out at driveway where 6-wheeled monster is sitting).

--
Blast off and strike the evil Bydo empire!
 
You must log in or register to reply here.

Similar threads

K
L322 L405 market - I’m sure I’m in the same boat as a lot of you l322 owners?
Replies
11
Views
4K
domino
domino
S
How tolerant of leaks can you be?
Replies
14
Views
2K
steveyorks
S
tina2709
octagon...wot a joke!!!
Replies
4
Views
1K
tina2709
tina2709
Saint.V8
  • Sticky
200TDi Timing Belt Change and Cylinder head Refurb How To....
Replies
5
Views
15K
IamRobbie
IamRobbie
Saint.V8
200TDi Timing belt change and cylinder head refresh HOW TO...
Replies
6
Views
9K
toms3
T
Back
Top