Argh, transaction from dodgy loan company has just appeared on my bank account. Bank surprisingly helpful and have refunded money, but HOW did this happen in the first place? I'm very careful about shredding all paperwork and receipts and never give my bank details to anyone. This was apparently done with my card details (card now cancelled and replacement on it's way).

I've bought things online ever since it was possible to do so, but nothing within that time frame from any companies that I haven't used many times before without incident.

Harrumph.

Have you used your card over the phone? The last TWO times I have bought over the phone, with two different companies and two different cards my details have been cloned, so I think it must be a very insecure way of buying things. (Local theatre and school uniform supplier, so what i would assume were reputable companies).

Agreed: I am wary of giving details over the phone, even with reputable companies. All it takes is one dodgy employee who leaves with a list of customer details in his/her pocket....

Unfortunately, even if we are careful about shredding our paperwork, it only takes one company with our card details to NOT be careful about their paperwork to make this happen.

I very rarely leave my credit card number on file when I order something but I didn't want a delay, so I left it at what I thought was a large reputable department store.

Two weeks after, I got a call from my bank about a fraudulent transaction, so I suspect that someone at the store had just looked through the orders scanning for card numbers.

I'll not be doing that again. This is the only time I've ever had this happen. I do use my card online a lot but usually with things like Paypal where you don't have to give the card number to the buyer.

Whoever is using your card must also know your address and post code, as card terminals will only accept 'customer not present' transactions if the numbers from the customer's post code and house number are entered.

This is also supposed to prevent mail order companies from dispatching to any other address, although in practice most will dispatch anywhere provided the card details match.

If somebody is using a card terminal fraudulently, it should be easy for your bank to find out which terminal was used, and to shut it down.

SB

Thanks for that - i reckon that's convinced me it was the department store, as they had my address with the order.

There are strict rules about storing credit card numbers, and businesses using card terminals have to agree to abide by them. (The so called PCI Compliance.) There are various levels, so for example, a small mail order business without online ordering might only be allowed to store card numbers that it reasonably needed on paper - but not on computer.

For retailers offering an on-line card service there are certain tests that must be carried out periodically to make sure than hackers cannot gain access to card details via the internet.

You will also note that the three digit security code on the reverse of your card is NOT printed on the Merchant Copy of card receipts, so whoever scams your card must also have this information from somewhere. The transaction cannot be completed unless this information is provided, (unless of course the customer enters their PIN number into the terminal).

I think it may be possible to process a payment without postcode and address numbers (we have never had to do so yet), but your card company will know from their records whether this security check was overridden. This check exists to protect the retailer as much as the card holder, and if either the address number of post code verification fails, the terminal will ask whether we want to continue with the transaction.

SB

I have had credit cards cloned in the past and it is a royal pain to carry on in anything like normal fashion until replacement cards arrive. While I was working, I had two personal credit cards, one of which I used for business costs and the other for personal. The business card got cloned (in a London restaurant, I am sure ) and stopped, so I had to use the personal one for a couple of weeks. Its first use was to check into a London hotel, only to get a phone call from the card company querying why I was doing it - at least their surveillance systems worked!