Why the Lloyds Avios Amex fraud happened (probably)

Links on Head for Points may pay us an affiliate commission. A list of partners is here.

Is this why the Lloyds Avios Amex fraud happened?

As a follow-up to my recent articles on the major fraud in the US on Lloyds Avios Rewards American Express cards, I was contacted last week by a reader who works in the credit card industry on the fraud side who explained how he believed it had happened.

You may remember that Lloyds Bank claimed to be the innocent party in all this.  The line given to the media, including me, was that there had been a data breach somewhere on the American Express side.

This had a funny smell to it, as I said to all of the journalists who contacted me.  The fraudsters had made fully working American Express credit cards.  I found it unlikely, to put it mildly, that you could make a fully working plastic Amex card just from knowing the card number.

Lloyds Avios American Express card fraud

The reader thought that Lloyds Bank does not appear to have implemented two important security features on its credit cards.  Firstly, he believes that the Lloyds Bank / Amex processing system does not verify most of the key card information, including the expiry date, before transactions are approved.  The net result of this is that you only need the credit card number in order to manufacture a fake Lloyds Bank American Express credit card.  As the first six digits of Lloyds Bank American Express cards appear to be the same for all cards, it is easier to churn through various permutations to find working numbers even if there was no data breach.

In addition, the reader believes that Lloyds does not appear to match the data from the card terminal (which tells Lloyds whether a transaction is chip, swipe or a contactless tap) with the security data used for verification.  If this was right, it would mean that it would accept the lower level of verification required for contactless transactions – and this is low level verification because contactless fraud is virtually impossible – even when the transaction was not contactless.  It is apparently possible to overwrite the magnetic strip on a real credit card (issuer and card number immaterial) with the lower level of data required to validate a contactless transaction which would be charged to a Lloyds Avios Amex account.

I should stress that we don’t know if any of the above is actually true, but the hypothesis does appear to fit the known facts in this case.

(Want to earn more miles and points from credit cards?  Click here to visit our dedicated airline and hotel travel credit cards page or use the ‘Credit Cards Update’ link in the menu bar at the top of the page.)

How to get a one-way Europcar UK rental for just £1!
New year, new credit card? The best bonuses and market gossip

Click here to join the 15,000 people on our email list and receive the latest Avios, miles and points news by 6am.

Amazon ad
About Head for Points

We help business and leisure travellers maximise their Avios, frequent flyer miles and hotel loyalty points. Visit every day for three new articles or sign up for our FREE emails via this page or the box to your right.


  1. Wish everyone a Happy New Year 2018

  2. I’m not sure if this is true for Lloyds Amex cards, but Amex issued Amex cards follow this format



    AA – country/currency code
    BB – product code
    C – billing cycle
    D – account number
    E – card # (e.g. 1 if you have never got a card replacement for that account)
    F – position on account (e.g. 0 for main cardholders, 1 for first supplementary)
    G – luhn check digit

    so if it’s the same for lloyds cards, it actually sounds rather plausible, as with one combination of the first 6 digits (BIN code), there’s just 5 digits to guess.

    • I’m not sure that it applies for Amex Amex cards as far as AA and BB is concerned.
      My wife and I hold or have held::
      SPG with AA = 17 & 66; BB = 88 & 84
      and similar variations in other cards especially when Gold upgraded to Plat or BAPP down to Blue only last few digits change (in our examples) but I agree with F and G.

  3. johnny_c-l says:

    On the Zeek offer they have various Amazon vouchers @ 1/2% discount so these are now valid for the free £5 when spending £50 offer. Picked up a few of these earlier on today.

  4. Bctraveler says:

    Good luck with the maple leaf club and star alliance access… i was dnied at no less than 6 star alliance lounges with m maple leaf lunge card. All AC said was sorry. 700 dollars of sorry

    • Actually, their own lounges are of little value too. I recently did a lounge crawl at Heathrow T2B cluster – United was 5* with great ambience, cocktails and food, Singapore was ok (the downside was it was too crowded as it was just before a packed A380 flight, perhaps at quieter times it will look better, but AC was unevenful and the mixer drinks they offered were from Waitrose Essential range. Waitrose Essential for premium travellers, Carl!

  5. I now buy Amazon gift cards at Morrisons, to get their points. Works out at a few % back.

Please click here to read our data protection policy before submitting your comment.