Forums › Frequent flyer programs › Other frequent flyer schemes › Just had 96,000 Nectar points stolen
-
Had an email just now from Nectar, saying that I’d redeemed 96,000 points in Argos in Northampton (I’ve never been to Northampton, I’m a couple of hundred miles away).
Sure enough, upon logging into my Nectar account, 96,000 are missing and it shows a redemption today.
Nectar phone line is closed until Monday, but I’ve changed my password and de-linked it from BA Executive Club.
What would be the fraud mechanism here? Could have found an old key fob somewhere? Award Wallet? No orders appear in my Argos account.
Well, that was the shortest panic ever!
I DM’d them on Twitter. They’ve set up a new account/ card number, and reinstated the stolen points. All within an hour of my discovering it.
It seems from previous accounts on here it’s likely it’s an inside job the number of times and the way it happens.
Yes, a bit of Googling brings up rather a lot of cases. Must be costing them a fortune if they’re not catching it.
Same thing happened to me a few days ago with 84,000 points all redeemed in the same day and no warning by app, email or phone.
Thankfully it seems they are refunding them…
Same thing happened to P2 – Nectar points redeemed in a store about an hour away.
Nectar replaced the points very quickly as well.
I’ve just discovered this has happened to my substantial balance. I have 2 factor auth setup for the login, which I thought was enough to prevent unauthorised access. Seems there was a spend to earn points, in Finchley Road, to test their access; I didn’t see that until this morning. And then a huge single transaction to spend all my active balance in Hendon, dated yesterday.
Have DM’d via Twitter so waiting to see how helpful they are.I’ve just discovered this has happened to my substantial balance. I have 2 factor auth setup for the login, which I thought was enough to prevent unauthorised access. Seems there was a spend to earn points, in Finchley Road, to test their access; I didn’t see that until this morning. And then a huge single transaction to spend all my active balance in Hendon, dated yesterday.
Have DM’d via Twitter so waiting to see how helpful they are.It’s been reported here before that Nectar has a fatal flaw as you don’t need to log in to remove all your points; that can conveniently be done by the thief in store without the card owner’s intervention/presence! You may have put 2FA in place, but Nectar has left the gate and the back door open while you just locked the front door. It seems to be a regular occurrence, so they should restore your points.
I’ve just discovered this has happened to my substantial balance. I have 2 factor auth setup for the login, which I thought was enough to prevent unauthorised access. Seems there was a spend to earn points, in Finchley Road, to test their access; I didn’t see that until this morning. And then a huge single transaction to spend all my active balance in Hendon, dated yesterday.
Have DM’d via Twitter so waiting to see how helpful they are.It’s been reported here before that Nectar has a fatal flaw as you don’t need to log in to remove all your points; that can conveniently be done by the thief in store without the card owner’s intervention/presence! You may have put 2FA in place, but Nectar has left the gate and the back door open while you just locked the front door. It seems to be a regular occurrence, so they should restore your points.
I’ve discovered a number of posts now, about the security issue. Have done the obvious things like change password, and unlink Avios transfer for now. They are replying via Twitter DM so I am hopeful, given the initial posts on this thread. Ironically, I was (stupidly) keeping the points in Nectar in case of any Avios devaluation, having moved 50000 Avios to Nectar ages ago, before the transfer rate changed.
Nectar agent has been very helpful; new card no the way, and once registered, I should see points balance restored, with an additional 2000 for the hassle. So very grateful and relieved. Unlike Rich A, I didn’t get any email to warn me about the redemption.
https://www.latestdeals.co.uk/chat/warning-nectar-hit-massive-fraud-again
Your password is not required for the fraud, so bypasses 2FA
Nectar should really up their security all the bad actor needs is a barcode
Sadly there are always employees who are willing to share these details with friends and family who then have a free splurge. Some Iceland customers have also recently reported that their Bonus Card balances have been mysteriously spent miles away from where they shop, although in that case it’s real money which is being misappropriated.
This issue, combined with the recent poor customer service I have had from Sainsburys energy regarding DD value and manual top up just means I have very little reason to continue shopping regularly at Sainsburys. Will keep my eyes peeled for easy bonus offers like their recent Christmas one, but from now on it’s back to the closer local Asda, with their Asda starts scheme, and only 3% off preloaded card from Perksatwork, rather than 5% sainsburys card.
I don’t use Nectar in any meaningful way, so my personal preference is to close my account.
Nectar didn’t send an email or a 2FA to verify, or even an email to acknowledge that I had closed my account.
Having discussed this with friends, trying to explain how it happens, a thought occurs. Naive no doubt, but thought I would ask. For the fraudster to test that it was working, they spent their own money, using my nectar card, so points were added to the account. Once they knew it was working, they hit the big spend.
Surely they would not be stupid enough to use their own debit / credit card details for the purchase test, otherwise there is a clear trail. So has to be cash purchase, or a stolen card ?
I saw a few posts which mentioned Hendon sainsburys, where my points were spent; I wonder if it’s a hot-spot ?Plenty of people are that stupid! It would be interesting to know how Sainsbury’s is pursuing this in terms of stock they are losing via these “purchases”.
It would take an article in a major newspaper before they take any action.
When we had this happen to us, the Nectar rep we eventually got through to (after the first three useless ones) seemed completely unfazed by the whole thing, like it’s something they dealt with regularly.
We also reported to to the police as a case of fraud. But before doing so, we also phoned the Argos and Sainsbury’s branch where the points were used. Both confirmed they had CCTV directly at the tills/counters; I gave them my Nectar card number, they gave me exact timestamps of the transactions, and they said they would burn copies of the video ready to hand over if requested by the police. I told the police this, and even called the shops back and gave them the crime number.
Needless to say, nothing ever came of it that I’m aware of.
When my points were stolen, they spent £5 cash the day before, no doubt to see the nectar balance, before stealing the total the next day. By buying on the card one day it validates the card to be used for redemptions in that particular store. It was a store I’ve never visited.
We also reported to to the police as a case of fraud. But before doing so, we also phoned the Argos and Sainsbury’s branch where the points were used. Both confirmed they had CCTV directly at the tills/counters; I gave them my Nectar card number, they gave me exact timestamps of the transactions, and they said they would burn copies of the video ready to hand over if requested by the police. I told the police this, and even called the shops back and gave them the crime number.
Needless to say, nothing ever came of it that I’m aware of.
Police don’t “do” Fraud. It’s de-facto decriminalised, like smoking weed.
When we had this happen to us, the Nectar rep we eventually got through to (after the first three useless ones) seemed completely unfazed by the whole thing, like it’s something they dealt with regularly.
We also reported to to the police as a case of fraud. But before doing so, we also phoned the Argos and Sainsbury’s branch where the points were used. Both confirmed they had CCTV directly at the tills/counters; I gave them my Nectar card number, they gave me exact timestamps of the transactions, and they said they would burn copies of the video ready to hand over if requested by the police. I told the police this, and even called the shops back and gave them the crime number.
Needless to say, nothing ever came of it that I’m aware of.
Can you not download / request the footage yourself under FOI ?
@alig4th, @TooPoorToBeHere, the fraud would have been committed against Sainsbury’s, so you wouldn’t necessarily be made aware of any action taken by the police or courts unless you were required as a witness.
Amateur hour at Nectar:
I contacted Nectar to enquire as to whether or not my account had actually been closed, since I had received no email confirmation.
They confirmed it had indeed been closed.
I asked why I hadn’t received an email or text confirming this. They said no such process exists, and that only Nectar can deactivate accounts after customer verification on the telephone << not true.
Nectar really couldn’t see the issue here.
Easy account deactivation + no customer notification = scammer paradise
Having discussed this with friends, trying to explain how it happens, a thought occurs. Naive no doubt, but thought I would ask. For the fraudster to test that it was working, they spent their own money, using my nectar card, so points were added to the account. Once they knew it was working, they hit the big spend.
Surely they would not be stupid enough to use their own debit / credit card details for the purchase test, otherwise there is a clear trail. So has to be cash purchase, or a stolen card ?
I saw a few posts which mentioned Hendon sainsburys, where my points were spent; I wonder if it’s a hot-spot ?They weren’t testing it was working. Presumably as security, you are only able to spend nectar points at any Sainsbury’s/Argos where you have recently earned points on spend. They were therefore making a transaction to make sure the store was added to the accounts ‘earning’ stores, so they could spend all your points. The CCTV is only on the self-checkouts. To spend >£25 in points, you need to go to a manned till, which will not capture your face like the self-checkouts do. A baseball cap would probably stop their face being on camera. They knew exactly what they were doing.
- You must be logged in to reply to this topic.
New to Head for Points?
Welcome! We’re the UK’s most-read source of business travel, Avios, frequent flyer and hotel loyalty news. Let us improve how you travel. Got any questions? Ask them in our forums.
Latest Forum Posts
- No Longer Entitled on Pro Plan
- memesweeper on BA IT cretins strike again!
- btmgreg on Clubhouse on 20th October – LHR > LAX
- memesweeper on FOS complain about changes to VA cards and scheme
- sloth on The HSBC Premier Mastercards thread
- BA Flyer IHG Stayer on Fishy business with Amex BA Business Card
- LittleNick on KLM/Air France availability – gone again
- VickyTM on Booking a reward seat
- LittleNick on KLM/Air France availability – gone again
- Man of Kent on Recommendations for dinner and brunch using the Amex £150 plat credit
Check reward flight availability instantly for free!
Booking a luxury hotel?
Our luxury hotel booking service offers you GUARANTEED extra benefits over booking direct. Works with Four Seasons, Mandarin Oriental, The Ritz Carlton, St Regis and more. We've booked £1.7 million of rooms to date. Click for details.