Has the Lloyds Avios Rewards credit card suffered a major data breach?

There were many reports on Head for Points yesterday, in the comments, from readers who have seen fake transactions appearing on their Lloyds Avios Rewards credit cards.  It appears that there has been a major attack of card fraud on the Lloyds Avios product.

A Flyertalk poster picked up the comments on here and mentioned it on that site, and there were more reported issues.

There has been no official statement from Lloyds, it seems, which is odd.  If they have been trying to keep it quiet, it is now very much out of the bag.

If you have the Lloyds Avios credit cards, I strongly suggest you check your online statement immediately for potential fraudulent transactions.

Lloyds Avios Rewards card fraud

Here are a few of the comments:

Via HFP readers:

“About a week ago my wife’s Lloyds Avios Amex card was used fraudulently by someone over in New York for a few different things so we called Lloyds to talk about this and get the card cancelled and a replacement sent out. Logged into her account yesterday to find that my supplementary Amex was also used fraudulently earlier this week, also in New York. As my card has been sitting in a drawer at home and my wife’s has been in her purse the whole time, certainly haven’t been nicked and cloned or anything like that.

When speaking to Lloyds last night, they said that they were currently getting thousands of calls a day as they were seeing a lot of fraud on specifically the Amex cards people had, with the vast majority of the activity being contactless transactions in the US (the one on my card was for $100 at a drug store).

Therefore it might be worth checking your accounts in you have those cards (or perhaps others) and haven’t done so recently just to make sure nothing dodgy going on. The guy we spoke to said that clearly there had been some issue somewhere but given the large quantity of it going on, it was clearly an issue somewhere else and not with us – slightly happy but obviously also concerning there’s a significant issue somewhere else in the system! Certainly explains why it took 25 minutes to get through to their fraud team…”

“I also had two cases of fraud on my Lloyds Amex in the US. Taken off no problem but annoying.”

“I got a text from Lloyds over the weekend asking if I was trying to pay for something in Albertson? As I’d never heard of the place I texted back no. Checked my account and there were six transactions all in New York State I didn’t recognise. Two in Office Depot, one in Babiesrus. Called Lloyds and all removed no problem but it did make me wonder how the card had been cloned, I really use it infrequently.”

“I had to ring them last night as I had a fraudulent transaction appear in my pending transactions. They need to wait until it clears to refund it. Apparently there were a few more attempts that were declined. It does look like there has been a serious breach of security somewhere.”

“I have the Lloyds Amex and mine was also used fraudulently in the USA last week! Very annoying as I’m out of the UK in Japan and Australia for a month and was planning to use it a lot!”

“My Lloyds Amex was used fraudulently to pay some car parking charges in the US. I think there is a huge data breach here with Lloyds – just hope they only lost card numbers and not all of our personal information. I spent two hours on the phone with Lloyds this week trying to sort it, they were blaming Amex for it, until I said I’d call Amex directly and ask, then they changed their mind.”

“Same for me – queued for 45 mins on Saturday afternoon to speak to the fraud team after my card was declined – there was an attempted US transaction on there. And spoke to a colleague this week with the Lloyds Avios Amex whose card had also stopped working. There’s clearly been a massive leak somewhere…”

“Lloyds Amex – four transactions in California, last weekend, before I spotted and got the card cancelled. No issue with the MasterCard…”

“In my case it was Lloyds MasterCard which was used for fraud transactions. 6 attempts and also for luxury shopping bags purchase through online. I have cancelled the card. Looks like a major data breach from Lloyds side and they are staying silent which is suprising, no communication to customer to be vigilant.”

“Exactly the same thing happened to both me and my partner this week with the Amex card! Mine was used in a California petrol station last Tuesday and then two days later she had her card (separate accounts) used in Chicago!! I think it must be a data breach.”

“Have to say me too! 2 days ago $105 at Staples in the US (California) as a contactless transaction on the AMEX. I’ve never put this card onto Paypal so can’t be them, suspect leak from lloyds/amex themselves due to the number of issues. They did mention on the phone also to me that they’ve seen loads of these over the past week.”

“Me too! Mine in Bakersfield, California. Foot Locker, Kohl’s…”

“+1 to the Lloyds Amex fraud. I had a transaction from Office Depot in California – a contactless payment of USD 105 (didn’t even know that a contactless payment could even be for so much). Appears to be a huge data breach here! Called the Lloyds Fraud team and they are credited the transaction. Amex has been blocked and will be re-issued. MC not affected apparently.”

“Interesting to hear of this! My Lloyds AmEx got stopped. I called them and the customer rep started nattering something about “big customer data breach with AmEx” and also something about PayPal. I tried to press him for more details but he sounded either clueless or evasive”

“Whoa this seems like a widespread issue. I thought the two fraudulent transactions on my Lloyds Amex was because I’d recently booked holiday stuff (flights/tours) on Bolivian and Vietnamese websites and thought maybe some of the sites weren’t secured. At the end of October my card was used twice on the same day – one for a transaction with Massachusetts Bay Transportation Authority and another at a grocery store in Anaheim, CA.”

“My BA Amex was used fraudently 7 times in California earlier this week: FedEx, Target, T-Mobile for £800. Got a refund two days later. Impressed by Amex quick response to this annoying situation.”

“Its certainly not a case of card cloning in the sense that someone is copying a card you have handed over, my card has never been used and never left the house!  Attempted fraud took place in USA. I did think someone had cracked the amex code for generating card numbers and then getting lucky with card numbers that were active, but some of the comments say the fraud was taking place using contactless, so dunno. More like a big data breach – i guess in about 6 months time Lloyds will admit it. The reason my amex card was new and hadn’t been used was that it was a replacement for an old card that had also been stopped!!!!”

“I’ve had 4 transactions also in California on my Lloyds AmEx and none on the MasterCard in the last week. All small amounts (i.e sub $30).”

“..and another one – Jeez! My card was used twice in a USA sports goods store about 3 weeks ago. I’d only had the card for about a month. Again it was the Amex, they replaced the Amex card, said that the MC was not compromised. Interestingly, the transactions showed as “magnetic stripe” on the Lloyds app – all my uses had been chip and pin or contactless, so it seems that someone has copied the mag stripe.”

“And another one here. 45 mins on hold and they’ve removed the transactions.  Lloyds really need to make a statement on this. I really don’t trust them now.”

Via Flyertalk readers:

“Lloyds blocked my Amex card, but didn’t tell me about it until I rang them up.”

“Just adding a “Me Too” – the pattern seems to be US-based transactions within the last week or so, usually totalling no more than a couple of hundred dollars.  Given how many of us seem to have fallen victim at the same time, this seems like a massive data breach at either Lloyds or Amex…”

“Last weekend I tried to use the Avios Mastercard and it didn’t work, but the Amex worked at another store 10 mins later so I thought maybe the merchant had a broken card machine. Then I tried to use it 2 days ago and it didn’t work. I called Lloyds and they said they saw fraud and wanted to cancel the Amex but not the Mastercard! They said it was ‘some paypal partner’ that put a charge on the card and it got rejected. ( again nothing suspicious on my statement). When I said that I heard other card members were also affected, they said ‘we do not know about that.’ By this time I had had enough and told them to cancel and reissue both Avios cards, they are on the way to the address, so should get them soon (can already see them on internet banking).”

“This happened to me too. I’ve never used my Lloyds Amex card – I only use the Mastercard as I have a BA Amex card. Phoning them up cleared things up, but I had to wait on hold for 40 minutes to get through.  Two transactions on my statement: Toys ‘R’ Us and Best Buy, and both were in-store with a magnetic stripe. Impressive seeing as the card has never left my house since it came out of its envelope. This must be a hack or an internal security breach that they’ve not made public.”

As I said above, you should take a couple of minutes today to check your online statement and ensure that there is no evidence of card fraud on your Lloyds Avios Rewards credit card.
(Want to earn more miles and points from credit cards?  Click here to visit our dedicated airline and hotel travel credit cards page or use the ‘Credit Cards Update’ link in the menu bar at the top of the page.)
Bits: £119 Park Plaza London deal, Virgin Clubhouse in LA joins Priority Pass
Bits: double Avios on Kaligo hotel bookings, Hyatt double points promo, last day for 'buy Avios' bonus
About Head for Points

We help business and leisure travellers maximise their Avios, frequent flyer miles and hotel loyalty points. Visit every day for three new articles or sign up for our FREE emails via this page or the box to your right.

Comments

  1. Same issue for me.
    I spotted two strange pending transactions (which I regularly check) on Oct 26th: one was about $1 spent on a website, and the other was about $5 spent somewhere by swiping the card. I remember I had to wait at least 10 mins to speak to someone in fraud dept, and got the transactions cleared and a new replacement card sent to me.
    Though I’m still waiting for the PIN since then.

  2. Mark Witham says:

    I had this too. 4 transactions at autoparts and discount stores over in the US, roughly $40 each.

  3. Worrying. Checked my statement and nothing dodgy, but need to keep an eye out!

    Definitely agree that something bad has happened (either with Amex or Lloyds) for this sort of scale of fraudulent activity to be going on!

  4. My wife saw fraudulent US transactions on her Lloyds Avios Amex 2 weeks ago including from my supplementary Amex. No alerts sent from Lloyds that they might be dodgy even though we were on hols in Israel at the time and Israel travel flags were set up on the account. Then last weekend my Lloyds Avios Amex suffered the same fate. I asked the guy what was the point in travel flags if all these slipped through and they couldn’t give an answer. Also even after my cloned card was cancelled another US transaction appeared which required another phone call. Beware!

  5. Following yesterday’s comments I checked my account late last night – sure enough one transaction from California (about £75) had gone through and 2 unidentified (ie no details) pending, which were not mine either. At least I got through quickly, being midnight! Card cancelled and new one on its way and card removed from my account immediately (just hope my avios post!).

    I mentioned it odd that a figure of over £30 had gone through as a “contactless” payment but I was told it was actually a swiped transaction (contrary to the information on my account)

    • Evil Gazebo says:

      I thought mention of contactless was odd – any genuine cloning of an EMV contactless card would be new territory and extremely significant. Whereas cashing out via magstripe clones is old news

      Just sounds like some Lloyds front end system lumps magstripe and contactless transactions together

      • Some of friend’s transactions were labelled as chip+pin, some as magstrip, some as manual/paper!

  6. Couple of weeks back i had 2 x £38 McDonalds, 6 x £40-60 at Party City. Couldnt get through to fraud team for hours. Ended up calling at midnight, took about 20 mins. I got the refunds a week later. New card just arrived.

  7. HackinJack says:

    Just checked and found a USA transaction in faviour of T-Mobile for $100 on my card – nothing to do with me. Called and got them to flag it.

    Thanks HFP!!

  8. I use my Lloyds Avios in the USA 2 to 3 times a year, and I’m always surprised how many transactions require neither a pin or a signature. They have much wider availability of Chip and Pin machines than a couple of years ago, but it seems so often I insert the card, finger hover over the pin pad only to see Transaction Authorised please remove card. I suppose no different to contactless, but it does odd to me.

  9. And they are taking over MBNA!

  10. Matthew Taylor says:

    Yup, the same here. Although in my case I had a lot of transactions go out from Pakistan, India, and JD Sports and Sports Direct. Amex say that they had been trying to get in touch with me for days, however I received no missed calls or automated texts. New card issued and everything seems back to normal now.

  11. Speedbird676 says:

    My card has also been cancelled and re-issued. The fraud department told me they’re in the process of cancelling ALL Lloyds Bank issued Amex cards.

    I booked flights, which went through successfully, followed by hotel which got declined. I didn’t think much of it and just used a different card to book the hotel. The following day my card got declined again in Tesco for £7 so I called up and the agent told me my card would have to be cancelled and reissued.

    The fraud department called a few minutes later and explained in more detail that they’d received information from Amex about some compromised card numbers so they were proactively cancelling and reissuing all cards.

  12. tomsurfer says:

    I had 4 fraudulent transactions in Florida on 25/26 October totalling £270, I was alerted by the Lloyds fraud automated telephone calling system on 30 October, because a further transaction had been.queried and stopped.

    The 4 transactions were refunded and I had a new AMEX issued within days. The linked Mastercard was unaffected. The agent I spoke to suggested that my card had been cloned, and noted I had recently had purchases in France betweeen 29 September and 3 October and that my card had probably been cloned at CDG airport..

    I was advised to buy a RFID blocking card holder.

    The 4 transactions I looked at on line were cardholder present but not contactless, but now appear to have been relabelled as contactless. As the 4 transactions were immediately after my statement date which was 25 October, I did wonder if that was deliberate, as it is the sweet spot for fraud possibly not being noticed for a long time. If others have fraudulent transactions immediately after the statement date that would support the hacking theory rather than a cloning.

    Tom

    • Evil Gazebo says:

      Yep, given the reports of fraud on cards that have never been used by the owner then this doesn’t look like the traditional retailer breach – someone has got into the issuer supply chain i.e. Lloyds, their third party processor, AMEX, the physical card manufacturer, courier, etc.

      “I was advised to buy a RFID blocking card holder” – that is spectacularly uninformed coming from a bank agent. Whatever happened here, it didn’t happen because you didn’t have one of them!

  13. Hi add two fraudulent transactions in my card, I was actually contacted by Amex to confirm if they where mine. When I talked with them on the phone they didn’t mention anything about a leak, they just said that my card was cloned and I should be careful with my use of the card online. I was actually worried it was something I purchase online recently and wen to check everything.

    But it looks that the fault was not on my side…

    Sergio

  14. Katherine says:

    I read this article, checked my card and yes I found fraudulent American Drug Store transactions ($50 each). Thank you! Without this article I wouldn’t have noticed.

  15. Luckily nothing for me but will keep an eye on it now

    • Me neither, but it prompted me to sort out my Lloyds online banking access so I can keep an eye on it in future.

  16. Not Lloyds Avios related but had an issue when I opened a new Amex Plat charge card account a few months ago.

    Received the card, activated when I got home from work. Next day had a call from Amex fraud to confirm some charges. All were on my wife’s supplementary and totaled a few $000’s from hotels and flights (charges in the US). My wife’s supplementary was still in the envelope having not been opened yet.

    Amex refunded and cancelled immediately but even so- was fraudulently used before anyone would’ve seen the card details besides Amex.

  17. My acct seems to be clear but someone elses has transactions from montebello california.

    Upon calling lloyds their first suggestion was install an antivirus (…), but then when asked if there had been a breach, said there hadnt and it was american express.

  18. We noticed a serious security breach in Amex transactions the other week. We notified amex but they weren’t interested. We’ve now stopped taking amex as a result.

  19. As a counter my card’s been absolutely fine. No sign of anything suspicious

  20. Thank you for this article. I am currently in Uruguay having taken this card out for large Amex expenditure while I am here. All of it has been declined which this article explains.

    Pretty annoyed but at least I know it isn’t me now.

    • Make sure Lloyds cover all your for ex fees charged by another card. We too are in the same boat in Asia atm with hotels to pay rtf so l will be getting my fees back…nothing in news about this breach yet. Now an unused amex plat above affected…whi is going to cover this loss then!