Unauthorized transaction on Citibank Credit Card, who might be the possible culprit?
- 4439
- 50
-
- Last Comment
85.94 USD was spent on your Credit Card ** at TRAVEL RESERVATION.Final FX rates and charges are applicable.
8.77 USD was spent on your Credit Card **** ANCHORAGEINN *.Final FX rates and charges are applicable.
Got these messages today, Citibank CC confirmed that these are online transactions.
The first one was cancelled automatically, second one is still there but not claimed by the merchant. The card has been blocked and I was told that I would be getting a call within next 3-4 days while dispute resolution can take up to 65 days.
The card hasn’t been used much in the recent past. Last transaction was on Freecharge Mobile app on Jan 27, 2016. The card number was there in the saved cards*. Prior to that it was used on Freecharge mobile app, Amazon mobile app, Shopclues(payumoney), Mobikwik(Zaakpay) and DMRC using 3G/4G(not on any public WiFi network). There are no suspicious applications installed on the computer or mobile used for these transactions and the card has never been swiped on any POS terminal.
I am unable to understand from where the details might have been leaked, Freecharge seems to be the most likely case as some users had reported in the past about similar occurrences but the unauhorized transactions were made on the freecharge itself and not on third party websites. Any clue?
Call the customer care and ask them to log a ticket.. They will do verification..
By the way , they don’t need password or PIN for international transactions.. Thats why it happened.
@getready wrote:
Even then CVV is required right for international transactions?
Yes. it is there on card.. so not a big task to get it when they noted down the other side of the card details..
@jeevanreddy58 wrote:
Call the customer care and ask them to log a ticket.. They will do verification..
By the way , they don’t need password or PIN for international transactions.. Thats why it happened.
Yeah but most of the merchants wont allow the transactions unless the billing address provided is exactly the same one provided to the bank
@jeevanreddy58 wrote:@getready wrote:
Even then CVV is required right for international transactions?
Yes. it is there on card.. so not a big task to get it when they noted down the other side of the card details..
In that case, Card details arent leaked online
No website stores CVV
@getready wrote:
Even then CVV is required right for international transactions?
Yes. Don’t know which merchnat leaked it.
@jeevanreddy58 wrote:
Call the customer care and ask them to log a ticket.. They will do verification..
By the way , they don’t need password or PIN for international transactions.. Thats why it happened.
Yes, complaint lodged.
@getready wrote:@jeevanreddy58 wrote:@getready wrote:
Even then CVV is required right for international transactions?
Yes. it is there on card.. so not a big task to get it when they noted down the other side of the card details..
In that case, Card details arent leaked online
No website stores CVV
Card never used offline. Kept at safe place since I received it. So that aspect can be rules out. Never made any international transaction either.
@disclaimer wrote:@getready wrote:@jeevanreddy58 wrote:@getready wrote:
Even then CVV is required right for international transactions?
Yes. it is there on card.. so not a big task to get it when they noted down the other side of the card details..
In that case, Card details arent leaked online
No website stores CVV
Card never used offline. Kept at safe place since I received it. So that aspect can be rules out. Never made any international transaction either.
You are having any apps on your mobile device that tracks data usage? Like Google Screenwise panel
@getready wrote:@jeevanreddy58 wrote:@getready wrote:
Even then CVV is required right for international transactions?
Yes. it is there on card.. so not a big task to get it when they noted down the other side of the card details..
In that case, Card details arent leaked online
No website stores CVV
Not necessarily
Bigrock renewed my domains without my permission , without OTP and VbV password
thru my stored card
@getready wrote:@disclaimer wrote:@getready wrote:@jeevanreddy58 wrote:@getready wrote:
Even then CVV is required right for international transactions?
Yes. it is there on card.. so not a big task to get it when they noted down the other side of the card details..
In that case, Card details arent leaked online
No website stores CVV
Card never used offline. Kept at safe place since I received it. So that aspect can be rules out. Never made any international transaction either.
You are having any apps on your mobile device that tracks data usage? Like Google Screenwise panel
No, none These installed, none else ever : pockets, payzapp, lime, digibank, cube, Freecharge, mobikwik, opera, crownit, little, amazon, flipkart, snapdeal, zomato, Flipboard, BMS , profit club and udio.
@saikcw wrote:@getready wrote:@jeevanreddy58 wrote:@getready wrote:
Even then CVV is required right for international transactions?
Yes. it is there on card.. so not a big task to get it when they noted down the other side of the card details..
In that case, Card details arent leaked online
No website stores CVV
Not necessarily
Bigrock renewed my domains without my permission , without OTP and VbV password
thru my stored card
Yes, possible. Like in case of Magzter, Netflix etc..
@saikcw wrote:@getready wrote:@jeevanreddy58 wrote:@getready wrote:
Even then CVV is required right for international transactions?
Yes. it is there on card.. so not a big task to get it when they noted down the other side of the card details..
In that case, Card details arent leaked online
No website stores CVV
Not necessarily
Bigrock renewed my domains without my permission , without OTP and VbV password
thru my stored card
True that
Happens with subscriptions
Think where you used the card offline, particularly where it was taken out of your sight.
@getready wrote:@saikcw wrote:@getready wrote:@jeevanreddy58 wrote:@getready wrote:
Even then CVV is required right for international transactions?
Yes. it is there on card.. so not a big task to get it when they noted down the other side of the card details..
In that case, Card details arent leaked online
No website stores CVV
Not necessarily
Bigrock renewed my domains without my permission , without OTP and VbV password
thru my stored card
True that
Happens with subscriptions
You are right about transactions not being processed with the slightest mismatch in address and cvv is of course required. In case of subscriptions they would have marked it in the first instance itself that the card has to be charged on a particular date and the amount to charged. That’s the reason many of the subscriptions require you to manually cancel them so that they can send the instructions to their payment gateway about the cancellation.
Edit: Maybe someone had access to your card for a while?
@panchabhut wrote:
Think where you used the card offline, particularly where it was taken out of your sight.
NEVER used offline.
@ranjithsai01 wrote:
Edit: Maybe someone had access to your card for a while?
Always kept under lock and key
might b ur wife
Have been using the same CC since 7yrs.
Never seen unauthorised transaction.
I used it for domestic transactions online/offline.
Most probably its phishing or malware may be directly on your mob/PC or on merchants device(hacked)
@suraj886444598 wrote:
might b ur wife
Thats the problem, no wife
@caks2006407 wrote:
Have been using the same CC since 7yrs.
Never seen unauthorised transaction.
I used it for domestic transactions online/offline.
Most probably its phishing or malware may be directly on your mob/PC or on merchants device(hacked)
All transactions except one made on trusted devices. One transaction was made on an unprotected computer, but that was more than a year ago. Can’t think of any other such issue.
Does it take malware operators too long to sell this card details?
And it is surprising that only small transactions were made and one of two cancelled on own.
@disclaimer , did you recently registered this card with masterpass?
I found that they asking all details including CVV during masterpass registeration, hence i didnot registered.
@esakki raja wrote:
@disclaimer , did you recently registered this card with masterpass?
I found that they asking all details including CVV during masterpass registeration, hence i didnot registered.
Master pass registration was made months ago, when it was introduced in India. I don’t think it would have created this issue.
This is how it can happen
http://thehackernews.com/2015/01/godaddy-vulner...
https://nakedsecurity.sophos.com/2012/11/23/hac...
Similar cases
https://www.quora.com/Unauthorized-charge-on-cr...
@caks2006407 wrote:
This is how it can happen
http://thehackernews.com/2015/01/godaddy-vulner...
https://nakedsecurity.sophos.com/2012/11/23/hac...
Similar cases
https://www.quora.com/Unauthorized-charge-on-cr...
Informative.
Charge is a small one, so would be reversed in any case. Will avoid using international cards on Freecharge, mobikwik etc. Better to use payzapp which is a domestic card and has provision for temporary locking by the customer himself.
@getready wrote:BTW, Uber does (For internation Credit Cards)@jeevanreddy58 wrote:@getready wrote:
Even then CVV is required right for international transactions?
Yes. it is there on card.. so not a big task to get it when they noted down the other side of the card details..
In that case, Card details arent leaked online
No website stores CVV
KG to all!
I know this sounds unbelievable…But the last txn which I had done on payumoney was done without giving the CVV..
It was a week ago, i guess.
Dear otp is Indian invetition.
You can make international purchase without otp
All you need is card no. ,, date, cvv . only these three
You card details got in wrong hand..this is possible if some person saw your details or you entered details on untrusted website
Better use a debit card like SBI debit card and push money in b4 purchase
Even then CVV is required right for international transactions?