Where was the breach?

**Joseph K** · 18-07-20, 16:13

Can't answer your questions I'm afraid. But I too have been a victim of fraud a couple of times over the past two months. The second time especially was:

but the first time was more stressful, not knowing how to deal with it etc. The difference is I know in these cases how they got hold of my details. It's a bit unnerving when you don't know that.

**johnb** · 18-07-20, 17:00

That is worrying and it does seem to be somehow connected with your Amazon purchase.

I don't know for sure but I would be very surprised indeed if your credit card details were passed on to any Marketplace vendor.

Which leads to a worrying (perhaps incorrect) conclusion.

**eighthobstruction** · 18-07-20, 17:17

Originally posted by johnb View Post

That is worrying and it does seem to be somehow connected with your Amazon purchase.

I don't know for sure but I would be very surprised indeed if your credit card details were passed on to any Marketplace vendor.

Which leads to a worrying (perhaps incorrect) conclusion.

Have you looked at your junk mail?....

**Pulcinella** · 18-07-20, 17:23

Originally posted by french frank View Post

I've just had a delivery from Amazon, and had already noticed from my credit card statement that they seemed to have charged me twice. Their order confirmation and despatch notification were for a package costing £24.48. But my credit card statement had that order, plus a second for £24.38, for the identical dates. The only difference was in the way the merchant details were recorded: the first for AMZNMKTPLACE AMAZON.CO, the second AMZNMktplace. I got a call-back from Amazon, confirming that they had no record of the £23.38 payment and that it was therefore an unauthorised use of my card.

All sorted with the bank fairly painlessly, my card has been cancelled and they're sending a new one.

But how was the fraud carried out? It would be too much of a coincidence (dates, amount, merchant details) for it to have been unconnected with my Amazon purchase, but where was the security breach? Amazon? the independent merchant? me?

A different level of concern, but there have been some breaches with Coop membership: there's no need to think that everyone's out to get you if you find you have a problem with your card (I know you're a Coop shopper).

This is part of a message I received this week:

During this time, we believe that someone has viewed your membership card number and your membership reward balance.

A new card is on its way, and in the rest of the message it said that no personal details were accessible to whoever viewed my account.

**johnb** · 18-07-20, 19:18

Originally posted by french frank View Post

The only difference was in the way the merchant details were recorded: the first for AMZNMKTPLACE AMAZON.CO, the second AMZNMktplace.

I've just reconciled my last CC statement and all the Amazon Marketplace orders were recorded as AMZNMktplace. Happy everything was OK - but Amazon don't exactly make it easy to do a reconciliation when a number of items are ordered at the same time.

**french frank** · 18-07-20, 21:51

Originally posted by johnb View Post

I've just reconciled my last CC statement and all the Amazon Marketplace orders were recorded as AMZNMktplace. Happy everything was OK - but Amazon don't exactly make it easy to do a reconciliation when a number of items are ordered at the same time.

Bizarre - because that's the one that was fraudulent, 10p cheaper than the Amazon confirmation emails. Worryingly, I can't see where else the flaw could be but the Amazon site which was where the card details were entered. Anyway, I have to say that Amazon and Lloyds settled the matter very quickly, Amazon recommending that it should also be reported to the police as a cybercrime. It took me a bit longer to fill in the ActionFraud form (explaining that I was the 'victim' but, no, I hadn't lost anything, except a bit of time sorting things out).

**Bryn** · 18-07-20, 22:04

Originally posted by french frank View Post

Bizarre - because that's the one that was fraudulent, 10p cheaper than the Amazon confirmation emails. Worryingly, I can't see where else the flaw could be but the Amazon site which was where the card details were entered. Anyway, I have to say that Amazon and Lloyds settled the matter very quickly, Amazon recommending that it should also be reported to the police as a cybercrime. It took me a bit longer to fill in the ActionFraud form (explaining that I was the 'victim' but, no, I hadn't lost anything, except a bit of time sorting things out).

"AMZNMktplace" is the version on all my credit card statements and no payments have gone astray. Bizarre indeed.

**french frank** · 18-07-20, 22:42

Originally posted by Bryn View Post

"AMZNMktplace" is the version on all my credit card statements and no payments have gone astray. Bizarre indeed.

It looks as if both are possible, judging from this Cabinet Office Transparency Data (or they've been done too, but didn't notice? Nah …)

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/812874/Annex_B_-_Transparency_GPC__500__May_2019_.csv.csv/preview

**french frank** · 04-08-20, 15:30

Now this even more troubling.

I felt something was wrong about this whole business and suddenly realised: the fraudulent payments ostensibly to Amazon were on my Lloyds Bank credit card. But my Amazon account - as for all my online payments - was on a Post Office Money credit card, duly registered with Amazon - and when I checked my Post Office statement, my £24.48 payment to Amazon was there too, as it should have been.

So how did the identical sum - £24.48 to Amazon - plus a second sum get on to my Lloyds card? Somehow, whoever got hold of my Lloyds card details had knowledge of my Amazon orders. How? The Amazon and PO accounts operate on one email address, my Lloyds card on a separate one. Five different passwords for Amazon, Post Office, Lloyds and the two email addresses - all now changed, and Lloyds seemed to accept that somehow this had happened and I was due a refund on two fraudulent payments. But very worrying nevertheless.

**Anastasius** · 10-08-20, 22:31

Very confused here, FF. Which credit cards had what charges ? Are there three charges ? Two for £24.48 and one or £23.38 ? All on the same credit card ? If so which one ?

I have an inkling how they did it but need confirmation as to which card had what charge.

**french frank** · 11-08-20, 09:17

Originally posted by Anastasius View Post

Very confused here, FF. Which credit cards had what charges ? Are there three charges ? Two for £24.48 and one or £23.38 ? All on the same credit card ? If so which one ?

I have an inkling how they did it but need confirmation as to which card had what charge.

I'll email you.There was a further development which may or may not have been connected.

**Dave2002** · 11-08-20, 09:51

I am confused. The very first post mentions sums of both £24.38 and £23.38. I'm not doubting that something went wrong, but was there either an error in the amounts in the first post, or an omission of an important detail?

**french frank** · 11-08-20, 10:43

Originally posted by Dave2002 View Post

I am confused. The very first post mentions sums of both £24.38 and £23.38. I'm not doubting that something went wrong, but was there either an error in the amounts in the first post, or an omission of an important detail?

I take it you mean £24.48 and £24.38? There was an important detail missing, subsequently supplied in Msg 10. BOTH amounts were fraudulent, since they shouldn't have been charged to my Lloyds card at all. The genuine charge of £24.48 was also on my Post Office credit card, registered with Amazon. So somehow they had access to 1) My Amazon transaction details for the date and amount, and 2) my Lloyds card details; on the face of it they are quite unconnected - different passwords, different email addresses.

**Dave2002** · 11-08-20, 11:09

Originally posted by french frank View Post

I take it you mean £24.48 and £24.38? There was an important detail missing, subsequently supplied in Msg 10. BOTH amounts were fraudulent, since they shouldn't have been charged to my Lloyds card at all. The genuine charge of £24.48 was also on my Post Office credit card, registered with Amazon. So somehow they had access to 1) My Amazon transaction details for the date and amount, and 2) my Lloyds card details; on the face of it they are quite unconnected - different passwords, different email addresses.

Ah yes - I missed that. There are actually three different amounts shown in the original post £24.48, £24.38 and £23.38 - one is in the reporting of a reply from Amazon.

Where was the breach?

Announcement

Where was the breach?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment