So off I trotted to the ATM machine to confront reality.
It’s always worse after Hogmanay than you think. You buy extra things at the last moment—petrol and unnecessary whisky and even clothes sometimes in the sales—and the banks cease doing anything for days so the transactions are slow going through.
Still, the mini-statement did give me a wee shock. The balance was MUCH lower than I expected, though the last few transactions were for ordinary looking amounts, the sort of amounts I probably spent last week on food and fuel and so on. Besides, I’ve done this before—spent far more than I really thought I had around Christmas, and there was just about enough left to get me through till the end of January.
It’s only money, I said to myself, mentally slapping myself for the last Amazon purchase the night before. It’s so easy to buy stuff with ‘one click’/ I knew I’d one-clicked twice in the last couple of days. Oh well. . . .
So I didn’t check online till the next day. Blockbuster online? Three payments? that didn’t sound like me. Play.com? Three payments of nearly £45.00 each? Never heard of them. I thought it was a gambling site, but it’s not. Play.com sell everything.
I phoned the bank. The last time this happened to me was four or five years ago and I think it was my Master Card, not my debit account, that was somehow fleeced. But that time it was only one payment to a Jewish Dating Agency in the States, which I noticed when the statement arrived. On that occasion, the fraud people asked me to contact the dating agency to see whether an error could have occurred. I phoned them and they quickly agreed it was a fraud and cancelled my date (or whatever I had bought) and refunded the money. Meanwhile, the bank cancelled the card.
This time the fraud lady from the bank cheerfully announced she was satisfied these transactions were indeed fraudulent. What about the one to Curry’s online? she said.
Curry’s online? I’d never even noticed the one for £239.98. No, I said. I haven’t bought anything from Curry’s.
My debit card was cancelled. Another one will arrive in due course. Meanwhile, the total spent in my name would be refunded on Monday (£492.90!)
But wait a moment, I said. What about this £239.98 in Curry’s? That must be something specific, like a fridge or something. Can’t we track who ordered it and where it went?
We don’t do that, she said. It was probably something electronic, an Ipad or something like that.
I could hear a whole room of Bank fraud people muttering in the background behind her, all of them dealing with fraud reports from bank accounts like mine. Why not? I said.
You are covered, she reassured me, and she told me again how the money would go back into my account on Monday. All I would have to do was sign a very important form to confirm the purchases had been fraudulently made.
Was there anything I could have done differently, anything that might have prevented this happening? I asked her. Was it my Amazon online purchase that got my details hacked into?
Probably not, she said. Amazon is pretty secure, and so are the other online sites you purchase from.
So how did they get my card details? I said. What about all this Bank of Scotland secure business?
I don’t know, she said. It happens. You should be very careful when standing at an ATM. Or they could have got your card details through a shop purchase, something like that.
I thought about all this later. No-one could get the full card details or the security digits on the back from standing behind you at an ATM. At an ATM the thing you have to protect is your pin number. So that didn’t make sense. Someone certainly could pick up these details from a shop purchase—and I had bought a cheap mobile phone in Asda the day before this began. But the Asda purchase didn’t require the three numbers on the back of the card. For my weekly groceries I’m very old-fashioned and I use cash.
I went to the Curry’s website later and read the bit about shopping with safety and protecting credit card details and personal information on line. Everything, allegedly, goes through the Verified by Visa scheme, which indeed frequently annoys me when buying online.
However, during my last two or three online purchases, I have noticed that when the Verified by Visa page pops up, I haven’t had to enter my password details. The page has disappeared again while I’ve been busy looking up the password, and so the sale has gone through. I thought they must have changed the system to make it less intrusive. But perhaps not. What could someone do to intercept Verified by Visa? And would the bank fraud people even be interested, when it would appear their basic job is to determine whether or not a customer is genuine in reporting a theft?
I telephoned Currys and asked them whether they could find out what someone had fraudulently purchased in my name for £239.98 on January 4th.
Certainly, the man said. Can you give me the transaction number?
No, I said. I didn’t buy the thing. It was a fraud. (I had already explained this).
Well, we would need that, he said.
Well, I’m reporting the theft, I said. Are you interested in fraudulent transactions at your shop?
We certainly are, he said. It will be reported to the police.
But the bank said they don’t do that, I said.
Well, I’m very SURPRISED to hear that, said the chap on the phone.
It wasn’t a profitable conversation. If he had been able to consult his database for what was bought by one H L Beaton using my bank card details on or around the 4th of January, I would have reported the details to the police. Who probably wouldn’t have been very interested either.
So far as I can see, the theft is probably accomplished by a big organization using sophisticated technology, not an ordinary person in Glenrothes buying six computer games and a new fridge. But it still seems unnerving to me that this can happen, that I can report it the very next day, and that there doesn’t seem to be a way of tracking back what was purchased by whom and where those purchases went.
It’s not surprising this puts people off buying things online, including from my HappenStance shop. Having said this, generally online purchases are as safe as any others, if not safer. At least you can’t leave your card behind when you buy online. And our HappenStance shop security procedures are carefully set up (in fact, what most often puts people off buying online is these very procedures).
Interestingly, on the CIFAS site (the UK’s Fraud Prevention Service), you are advised not to “publish your address, phone numbers, emails, date of birth, place of birth, passport or driving licence numbers anywhere. This includes any sensitive information on friends’ social networking walls.”
Considering how many FB ‘friends’ each week have birthdays flagged on my updates, that message is clearly not taken seriously.
No use getting neurotic about these things, of course. Perhaps it’ll never happen again. I am quite careful about passwords because I heard a programme about it on the radio: you need long passwords if you don’t want them easily de-crypted, mixtures of upper and lower case, numbers and symbols. So that’s what I do. This week, there was a marvelous Savage Chicken cartoon about this. Doug Savage rules!
Now it’s back to writing Chapter Six of The HappenStance Story which is very nearly done. It involves no theft, fraud or double dealing of any kind. Watch the post, subscribers! It will be coming your way before the end of January.