-
It would take an article in a major newspaper before they take any action.
Once I get my new card, and have confirmed the points restoration, and safely moved them back to Avios, I plan to bring it to the attention of a few consumer finance broadcasters, to see if they want to spread the message and the warning to other people.
But as others have said, the fraud is against Sainsburys, assuming they are happy to restore stolen points. Does their lack of action suggest that the cost of upgrading the Nectar scheme to full security hugely out weighs the cost of the ongoing fraud ?
Once I get my new card, and have confirmed the points restoration, and safely moved them back to Avios, I plan to bring it to the attention of a few consumer finance broadcasters, to see if they want to spread the message and the warning to other people.
The media already know, and won’t be that interested in resolved events. The losses are no doubt less than what it would cost to re-write their legacy Nectar systems.
Of course, a newspaper publishing a “how to” guide with an explanation of the Mod10 algorithm to generate valid Nectar account numbers, and the method to check validity and obtain a balance in-store might promote investment in the system.
It would take an article in a major newspaper before they take any action.
Already appeared in a few – nothing much done so far:
https://www.bbc.co.uk/programmes/articles/1gJz1n3J50ZHYP1NcFHVYBY/nectar-fraud
https://www.davidmcclelland.co.uk/watchdog-nectar-card-fraud
https://inews.co.uk/inews-lifestyle/money/bills/your-saving-grace-my-nectar-points-stolen-struggling-get-them-returned-whats-happening-1558436 – negative balance
https://www.thesun.co.uk/money/8024852/nectar-card-customers-fraud-stole-points-saved-christmas/
Or indeed the one I ghost-wrote for the Sunday Times:
https://www.thetimes.co.uk/article/hackers-go-shopping-for-avios-air-miles-wjt5j7t9t
I can’t get past the paywall for Rob’s article but there will be organised groups targeting loyalty accounts everywhere – it’s relatively easy for one person to get a job in an organisation where they have access to account details and arrange for family members or associates to spend the points they manage to harvest on desirable items. Retailers know they have a problem but generally employ their own security staff to deal with it in-house (a lot of retired cops do this sort of stuff).
There’s been quite a bit about the resurgence of shoplifting in the media recently, but misuse of loyalty schemes and use of stolen credit/debit cards has always been an issue as well – the latter especially since contactless payments were introduced.
To spend >£25 in points, you need to go to a manned till
Don’t think this is true
I can’t get past the paywall for Rob’s article but there will be organised groups targeting loyalty accounts everywhere – it’s relatively easy for one person to get a job in an organisation where they have access to account details and arrange for family members or associates to spend the points they manage to harvest on desirable items. Retailers know they have a problem but generally employ their own security staff to deal with it in-house (a lot of retired cops do this sort of stuff).
There’s been quite a bit about the resurgence of shoplifting in the media recently, but misuse of loyalty schemes and use of stolen credit/debit cards has always been an issue as well – the latter especially since contactless payments were introduced.
I think you’re right about this being a long standing problem with loyalty schemes. I remember about 10 years ago having approx. £300 of vouchers lifted from my Clubcard account. In fairness to Tesco they must have known it was an issue and they replaced them although it involved a two hour phone call – I always felt it was an inside job – don’t know why.
The scammers don’t need a man-on-the-inside. It’s a lot more simple than that. They just need your discarded receipt.
The scammers don’t need a man-on-the-inside. It’s a lot more simple than that. They just need your discarded receipt.
Not true. The first set of numbers are asterisked out
The scammers don’t need a man-on-the-inside. It’s a lot more simple than that. They just need your discarded receipt.
Not true. The first set of numbers are asterisked out
Only the last 11 numbers are unique. The first numbers are 98263000 for everyone. The last 7 are shown on the receipt, leaving only 4 to generate. There are even nectar number generators online. The security is pathetic.
The hassle factor in getting the nectar balance restored is painful.The scammers don’t need a man-on-the-inside. It’s a lot more simple than that. They just need your discarded receipt.
I’m not sure if Nectar is the same as Tesco, however in My case I am so OCD I would never discard a receipt, I even go through my monthly statements and match them to my receipts, then shred the receipts. No idea how they got hold of my Clubcard information, the vouchers were still in my possession, they must have hacked my account and then changed them up into £1200 of deals, or whatever they were called year’s ago.
The scammers don’t need a man-on-the-inside. It’s a lot more simple than that. They just need your discarded receipt.
I’m not sure if Nectar is the same as Tesco, however in My case I am so OCD I would never discard a receipt, I even go through my monthly statements and match them to my receipts, then shred the receipts. No idea how they got hold of my Clubcard information, the vouchers were still in my possession, they must have hacked my account and then changed them up into £1200 of deals, or whatever they were called year’s ago.
At sainsbury’s self service tills you (or the fraudster) just asks the sales assistant to reprint the receipt. The SA just presses a few buttons on the scanner and the scammer has the receipt. Even easier if it is an inside job as the SA can see when they print the first receipt the nectar balance.
Hmm not good then, probably best to stay with Tesco & M&S food. You would think Sainsbury’s/Nectar could do something about it, if its a known problem.
Thanks for all the info on this subject. My new Nectar card has arrived. I’ve quickly registered it and transferred most of the balance back to Avios, to avoid this happening again. Now, who is going to tell me about security flaws with Avios and worry me ?
Thanks for all the info on this subject. My new Nectar card has arrived. I’ve quickly registered it and transferred most of the balance back to Avios, to avoid this happening again. Now, who is going to tell me about security flaws with Avios and worry me ?
I certainly wouldn’t keep the cards linked. As you know one has flawed security.
Thanks for all the info on this subject. My new Nectar card has arrived. I’ve quickly registered it and transferred most of the balance back to Avios, to avoid this happening again. Now, who is going to tell me about security flaws with Avios and worry me ?
I certainly wouldn’t keep the cards linked. As you know one has flawed security.
My understanding of the Nectar scam is that it’s the nectar number (which can be made into a usable barcode for spending by fraudsters) which is the problem. The login to the nectar account seems safe, as is the BA Executive club login.
The scammers don’t need a man-on-the-inside. It’s a lot more simple than that. They just need your discarded receipt.
Not true. The first set of numbers are asterisked out
Only the last 11 numbers are unique. The first numbers are <chrome_annotation data-index=”0″ data-data=”984b5635-a881-4fac-9a0d-03fe94e5c544″ data-annotation=”98263000″ data-type=”PHONE_NUMBER” role=”link” style=”border-bottom-width: 1px; border-bottom-style: solid; border-bottom-color: rgb(51, 51, 51);”>98263000</chrome_annotation> for everyone. The last 7 are shown on the receipt, leaving only 4 to generate. There are even nectar number generators online. The security is pathetic.
The hassle factor in getting the nectar balance restored is painful.I figured but thats 10,000 possible combinations
Surely theres a max limit of triesBumping this thread as I had 10000 Nectar points nicked last week :/
Despite all the activity in my Nectar app taking place in Glasgow, there was one transaction of -10000 points from a Sainsbury’s Local on Harrow Road in London!
No idea how my card details could’ve been cloned for someone to carry out that theft. My card was linked to Ebay, could a seller have got the details from there?
Fair play to Nectar customer support who were quick to acknowledge the suspicious activity and are sending me out a new card with the points reinstated.
It’s been discussed elsewhere that the security around Nectar accounts is pretty minimal – and clearly hasn’t improved in the interim!
Is the conclusion that the Avios balance is safe in the event that accounts are linked (mine are)?
Fraud of all stripes (and crime more broadly) seem to be at almost anarchic levels in the UK and nobody in power seems to care, seemingly even those organisations suffering the loss, such as Nectar. To my mind as a crime Nectar theft is no different to someone breaking into your car to steal your stereo, remember when that was all the rage?! We had exhaust catalysts stolen last summer and another car badly vandalised while parked in the same street, the police showed no interest at all and just provided a crime reference number. The £500 excess on the insurance (and the increase in premiums for the next 5 years) rendered it unviable to claim on insurance for either loss, the net loss across both incidents was £3000.
Fraud of this type is de-facto decriminalised. Police won’t act, they tell victims to contact Action Fraud, who do nothing.
At root this is because obtaining convictions – as with domestic violence – was/is almost impossible, so police whose performance is assessed on “disposals” have a strong incentive not to touch it.
Why would fraud be prosecuted when one can easily walk into any retailers and walk out without paying? There are so many crimes that are no longer investigated or prosecuted.
Dozens of instances of nectar theft posted here in the past and still many dont care.
Sometimes they dont wake up until they are impacted.
If you dont care about avios and it anyway has a fixed value, why accumulate it? Just redeem it as early as possible.
It’s not fraud as people generally think of it, which is why nobody is interested in prosecuting it. The customer is not the victim here in the eyes of the law. Loyalty points remain the property of the retailer, so it would be up to them to try to pursue any perceived loss, and they’re not actually losing anything until someone redeems the points for goods and/or services. At that point (as it were), it’s their decision whether or not to involve the police and criminal justice system.
There might be some sort of offence of data hacking, but again, the retailer would be the victim of this. In reality, though, I think what’s going on is far less sophisticated.
It’s ludicrous to compare it with domestic violence which these days is very much proactively pursued through the courts.
I rather hoped when police commissioners were introduced that the public might then be able to influence the priorities of the boys and girls in blue. Unfortunately the that seems not to be the case, instead they continue to carry on as apprentice social workers and persecute motorists
- You must be logged in to reply to this topic.
Popular articles this week:
