Found someone has/is committing CPA fraud after gaining my Debit Card Details

[dx100uk]

well if even more money has been taken by CPA on cards then you really need to up the complaint to HSBC.

and log in to google settings and disconnect all logged in devices 

[elainecll]

i really stop everything, but the hacker never let go...... basic on the bank statement i didnt see those facebook charge but on facebook i can see it, 

 

Edited April 9, 2021 by elainecll

[elainecll]

I got a feedback from them now

 

Thank you for your email dated 17 March regarding the disputed transactions that debited your HSBC Bank Account.

 

I am sorry you had to appeal to us, but thank you for giving me the opportunity to look into the issues you raised and carry out a thorough review of your claim, and for your patience whilst I have investigated this matter.

 

If I understand matters correctly, you are disputing a number of online transactions that took place between 4 November 2020 and 3 February 2021 for the total amount of £2,621.44. The disputed transactions took place using four of your HSBC Debit Cards.

 

The debit card ending 0297 was created on 23 August 2019 and was sent to the address we hold on file. The card was stopped on 17 December 2020.

 

You were then issued with the debit card ending 0140 and this card was sent to the address we hold on file. The card was stopped on 7 January 2021.

 

The debit card ending 4801 was created on 7 January 2021 and was sent to the address we hold on file. This card was stopped on 10 January 2021.

 

You were then issued with the debit card ending 0627. This card was also sent to the address we hold on file and this was stopped on 4 February 2021.

 

Our Review

I have reviewed the disputed activity and note that this has taken place across four of your debit cards. Whilst I appreciate your comments that you have not divulged any of your debit card details, I fail to understand how an unknown third party fraudster has obtained your debit card details each time a new debit card was issued to you.

 

I would like to mention that an unknown third party fraudster would not have known that you were expecting new debit cards and immediately start making transactions each time a card was issued to you. You have also mentioned that you updated your mobile telephone and changed your passwords, but disputed transactions still took place. Whilst I appreciate your comments on this, for the transactions to have been made online the debit card details would have had to of been registered with the disputed retailers.

 

I note you mentioned that you received an email which showed all of your debit card details, but when you went to look at this again you no longer had the email. Thank you for providing us with this information, but I fail to understand how your debit card details were known if there has been no point of compromise. I would also like to mention that there has been no compromise of your debit card information by the bank.

 

You have mentioned that hackers have been able to make contactless transactions to O2. I have reviewed the disputed transactions to O2 and can confirm that these were not contactless transactions. These transactions were made over the telephone for a mobile phone top up. This means the card details would have been registered with O2. I fail to understand how an unknown third party fraudster has obtained your debit card details and also known the three-digit security number on the reverse of your card to make the disputed transactions.

 

I have reviewed your account and note you have reported transactions to PayPal and you also have undisputed transactions to them. As you do have a genuine relationship with PayPal then I fail to understand how you have identified the disputed ones to be fraudulent.

 

The activity of the disputed spend does not match that of an unknown third party fraudster. I would have expected the disputed usage to have taken place more frequently and for higher value amounts. I also note you have mentioned that you do use Ebay and some of the disputed transactions that have been made to them do not show on your Ebay account. I understand your comments on this, but you have not provided us with any evidence to support this statement.

 

You have advised that you contacted Google Pay and they confirmed that your direct debit with them had been cancelled since January 2021. If you had been using Google Pay prior to January 2021 then I would question, why you have disputed transactions before this date and how you have identified these as being disputed. You have also not provided us with any evidence that Google Pay confirmed this with you. All transactions after this date would have meant the new debit card details would have been registered with Google Pay.

 

You have disputed transactions to a company called Roblox, but have mentioned that you do allow your son to make transactions to this company. Roblox can be used on all Android or IPhone devices, and as you have mentioned you also have associations with this company, I do not believe that these transactions were made by an unknown third party fraudster.

 

You have a genuine transaction on 1 February to Samsung Electronics. The IP address used to make this transaction is the same IP address that has been used to make some of the disputed transactions. An unknown third party fraudster would not have access to your IP address to be able to make these disputed transactions.

 

Your debit card ending 0627 was stopped on 4 February 2021 and on the same day there were a few attempts to use the debit card again. I should mention that after 4 February 2021 there were no further attempts to use the debit card again. An unknown third party fraudster would not have known the cards status and I would have expected to have seen further transaction attempts.

 

I would like to apologise for the conflicting information that you were provided with regarding the cancellation of your direct debit.

 

Conclusion

The Bank is not responsible for identifying the person who made the disputed transactions, but where the liability should rest based on how the transactions could occur.  With this in mind, I am satisfied the correct decision was previously communicated to you, and you will not be receiving a refund for these transactions.

 

While I appreciate my decision not to refund the amount of the disputed transactions may come as a disappointment to you, I trust I have satisfactorily clarified the Bank’s position. 

 

You have the right to refer the complaint to the Financial Ombudsman Service, free of charge, but you must do so within six months of the date of this response. The Ombudsman is the independent body that looks into disputes between consumers and financial businesses. It looks at what's happened and gives an independent view on the situation. For a copy of the Financial Ombudsman Service consumer leaflet please refer to "Your complaint and the ombudsman" (www.financial-ombudsman.org.uk/businesses/resolving-complaint/ordering-leaflet/leaflet) and for further information please refer to the Financial Ombudsman Service site. Please let me know if you’d like a paper copy of this response and the Financial Ombudsman Service leaflet.

 

If you do not refer the complaint in time, the Ombudsman will not have our permission to consider the complaint and so will only be able to do so in very limited circumstances. For example, if the Ombudsman believes that the delay was as a result of exceptional circumstances.

 

 

Yours sincerely,

 

Joanne Logan

Fraud Appeals Officer

 

 

[dx100uk]

that's because everything was done via Continuous Payment Authorities set up using the original card when it was still active.

cancelling a card and issuing a new one does NOT cancel CPA's.

 

not too sure how many more times i need to say this.

 

there were no existing Direct Debits that played any part in the mass fraud.

[The GodMother]

So they are still not recognising CPAs and recognising these as CPAs. I think it is clear u need to go back stating you have taken advise and been told this are CPAs and that as result they dont cancel when changing card only when the bank account is closed down. 

 

So they are still not recognising CPAs and recognising these as CPAs. I think it is clear u need to go back stating you have taken advise and been told this are CPAs and that as result they dont cancel when changing card only when the bank account is closed down. 

[elainecll]

HSBC already say google pay is NOT CPA, DD= CPA, and they said the system not allow them to stop any google pay.

 

DX is not i dont want to listen to you, but they insist said anything set on phone is NOT CPA. 

 

when i change the new card but the info on phone still keep old info, I did try before, i couldnt pay anything via the phone, so where gone wrong?

[dx100uk]

sadly both yourself and HSBC do not understand how the hacking works.

google pay IS CPA its not a DD. if it was a DD , where is the copy of the Direct debit mandate you signed...there isn't one ..

 

last break this down..

 

disputed payments - 4 November 2020 <> 3 February 2021 for the total amount of £2,621.44. The disputed transactions took place using four of your HSBC Debit Cards. - i doubt you said using 4 cards at all.

 

notice carefully they fail to mention what the you stated in post 1at ALL.

 

in November of last year, as when I was out shopping I found out my card had been suspended by HSBC. I was then contacted by the bank informing me that the account had been hacked, so HSBC then issued to me a replacement card.

 

but have said: The debit card ending 0297 was created on 23 August 2019 and was sent to the address we hold on file. The card was stopped on 17 December 2020  ...they are hiding something here ..a fatal bank mistake.

 

nothing HSBC has put actually means anything, it's all twaddle proving they have never even thought about CPA on card 1.

even the Roblox IP comment and google play transactions can all be explained because....

 

i suggest all this stems from your sons gmail account being hacked, them being able to read all the emails in/out on the gmail online portal and thus being able to log-in to google pay , get the 1st cards details from funding source page..away they go.

 

all of the fraudulent transactions thus made via google pay to ebay etc and o2 or a account that got setup via the 1st card before it got cancelled in december....

 

pretty simple when you break it down.

 

rather than you typing things up it's much better to scan letters etc to pdf please.

if and when you do SAR HSBC then all of the above can be proved.

 

 

[dx100uk]

Tips for using Google Pay – Google Pay (UK)

 

it's NOT Direct debit!!

[elainecll]

what is SAR?

[The GodMother]

Just a querie but would a dd mandate still need signing if it was set up online. 

I ask as HSBC are saying it was a DD but no mandate signed. I can set up a DD with a company over the phone or online, what they claim is a DD anyway, but never sign anything 

[dx100uk]

Gpay is not a DD.

 

dx

 

[elainecll]

Got it, i will work it out THX u DX

If GPay is not DD how to stop?

[dx100uk]

[elainecll]

and if not DD how CPA can work?

[elainecll]

Right now I take all the snap shop including ebay, amazon, google youtube's refund, and hacker IP and close google pay email etc then print it all out and get ready to flighting  

[dx100uk]

no need to got to those lengths.

 

i've explained CPA numerous times.

 

YOU can't cancel it, you have to ring the debit card issuer in this case HSBC and demand they cancel ALL cpa's on xx bank account.

then you start again putting the ones back you need using the NEW CARD on the relevant sites like Gpay . it will have a new ref number so as long as the old CPA's are cancelled job done, the hackers cant' invoke the old CPA as its dead.

 

when was the LAST time the hackers successfully paid for something ? 

[elainecll]

DX dont angry with me, i really not good on it, or else wont ask for help plssssss, i am really stressful at the movement, cos morning need to attend online course, then today i received criminal attack msg from my son school, someone wanted to kill him such as message.... 

[dx100uk]

me no get angry with anyone never do..., please don't mistook CAPS as anger or shouting...

[elainecll]

I already cancel everything as u said CPA at HSBC, now only left 56pence, i also open another account in others bank, last is until march, facebook also being hacked but i reported to facebook, and no payment method in there in facebook, but dont know why on March the hacker still can use the first card do the payment

[dx100uk]

what proof do you have from HSBC that HSBC HAS cancelled all CPA's ?

[elainecll]

i got print out from the branch

[dx100uk]

can you scan that up please to PDF?

remove acoount.name etc but leave dates 

[elainecll]

i can snap shot, send to u?

 

sorry only is list of direct debit and standing order instructions i got

 

DX pls give me your email, if u want to see the snap shot, 

[dx100uk]

see it's all coming together

as it hasn't got cpa's on it no point then..

 

dx