Thousands of First Direct customers recently discovered unauthorized transactions on their cards, primarily involving orders at Nando’s, a popular UK restaurant chain. Among those affected was Phoebe Maddrell, who contacted Guardian Money to report that her debit card details were fraudulently used despite her never having utilized the card. This incident highlights the ongoing battle against credit card fraud, which cost the UK a staggering £574.2 million in 2020, as per UK Finance data.
In Maddrell's case, the fraudulent activity was detected swiftly after her bank was alerted. First Direct confirmed that the transaction at Nando's was blocked, the card canceled, and any Apple payments would not be charged to her account. Maddrell will receive a full refund without needing further engagement with the fraud team.
“We are aware of some low-value unauthorised retail transactions appearing on a small number of our customers’ cards.” – A First Direct spokesperson
First Direct has acknowledged the issue, stating awareness of low-value unauthorized transactions appearing on some customer accounts. Contrary to initial assumptions, the fraudulent transactions were traced back not to Domino's but an unfamiliar sportswear company in the Midlands.
Credit card fraud remains pervasive, with £376.5 million attributed to e-commerce fraud alone in 2020. Jake Moore, a global cybersecurity adviser at Eset, explains that criminals often target websites handling large volumes of low-value transactions due to their vulnerability.
“The first thing to realise is that you are not guessing the full 16 numbers at random,” – Jake Moore, a global cybersecurity adviser at Eset
Moore elaborates on how criminals exploit the credit card number structure. The first six digits indicate the card network and issuing bank, while the final digit serves as a Luhn algorithm checksum. Some websites, often based outside the UK, accept card payments without requiring a CVV number or additional identity proof.
“There are websites out there that have Luhn verifiers which help find these numbers in little or no time at all, making the chances of locating a card in use relatively high,” – Jake Moore, a global cybersecurity adviser at Eset
Banks have made significant strides in combating fraud, refunding 98% of affected customers and preventing an additional £983 million of fraud last year. First Direct reassures customers they will not incur any financial loss due to these unauthorized transactions and is actively reaching out to those impacted.
“We take our customers’ security very seriously and will be reaching out to affected customers in the coming days.” – A First Direct spokesperson
Halifax also emphasizes its commitment to fraud prevention through advanced detection systems designed to thwart even the most sophisticated criminal attempts. Despite these measures, some fraudulent activities manage to penetrate defenses.
“Through our multilayered fraud detection systems, we never stop fighting to prevent fraud, blocking the vast majority that is attempted. Unfortunately, highly sophisticated criminal gangs also never stop trying to break our defences and some fraud does get through.” – A Halifax spokesperson
To mitigate risks, experts advise regular scrutiny of bank statements. Moore suggests checking statements daily to quickly identify any discrepancies, which can prevent potential financial damage.
“We would advise customers to regularly check their statements and get in touch if they notice any suspicious activity.” – A First Direct spokesperson
The ongoing implementation of strong customer authentication regulations aims to bolster security measures before the March 2022 deadline. These regulations require additional verification steps for online transactions, adding another layer of protection for consumers.
Card verification values (CVVs) also play a crucial role in safeguarding against unauthorized use. The three-digit number printed on the back of cards adds an extra hurdle for criminals attempting to guess card details.
As this recent wave of fraud illustrates, vigilance remains key in protecting personal financial information from cybercriminals. While banks continue to refine their defenses and refund affected customers promptly, individual awareness and proactive monitoring can significantly reduce the risk of falling victim to such schemes.