-
My sister today was the victim of card skimming at a TfL ticket machine in London when attempting to top up oyster card £2.5k was stolen from her debit card. They came back again a few mins and tried for £1.4k but transaction was declined due to insufficient funds.
Her bank in Ireland has informed her that she may not receive a refund as her PIN was entered. TfL staff at the station were unhelpful and point blank refused to believe there was anything on the machine. Unfortunately we did not think to take pictures at the time.I called TFL customer service who advised to submit a full incident detail along with description of staff member spoken to.
We also reported the incident to action fraud team who advised it was possible no investigation would be done.First time dealing with this type of situation Any advice appreciated
* What are the chances of TfL refunding the stolen amount?
* Is there anything else we can do to increase our chances of recovery?They stole £2.5 million from her debit card?
Edit: it’s £2500 I re-read it
Was the £2500 transaction in a store?
Which station does she think the skimming took place at? If you really think there’s a skimming machine there, you need to contact the police, as she’s unlikely to be the only victim.
How do you know it was the ticket machine? How was the money taken – do you mean it was withdrawn or transferred to another account? If so, where was the withdrawal/what are the account details?
Did you ask TFL how to request a copy of their CCTV footage?
As per @Lula – did your sister or any TFL staff try to contact BTP? I assume that if the ticket machine was in a station, it would be within BTP’s jurisdiction.
Also, did someone tell you to contact Action Fraud? This is really a theft, not fraud, and therefore more a police matter.
A few seconds after entering her PIN number on ticket machine she got a notification from her bank advising of transaction. The merchant name is just a load of random letters.
As I mentioned the staff at station did absolutely nothing to help and refused to believe anything had happened. Other than her bank investigating in Ireland and report to action fraud we did not contact police but will contact BTP
Also have sent an email to tfl as advised by customer support line.
Another reason to use credit cards rather than debit…
A few seconds after entering her PIN number on ticket machine she got a notification from her bank advising of transaction. The merchant name is just a load of random letters.
As I mentioned the staff at station did absolutely nothing to help and refused to believe anything had happened. Other than her bank investigating in Ireland and report to action fraud we did not contact police but will contact BTP
Also have sent an email to tfl as advised by customer support line.
That sounds rather quick. Had she used it anywhere else earlier?
And with contactless cards now no need to really use a ticket machine and just touch in and touch out and avoid this risk.
Okay, well presumably banks in Ireland operate similarly to here and they will open an investigation, and they should be able to identify what the transaction was.
That’s shameful behaviour on the part of TFL as well, I’d also be sending a strongly-worded email to Sadiq Khan’s office, given that crime in London is his remit! Was your sister visiting London from Ireland? If so I would also emphasize that this is a particularly woeful way to treat a guest in your country, and not likely to encourage anyone to visit the capital.
Let us know how you get on with this. The bank’s decision may rest on whether your sister was (in their opinion) negligent with her card information, but the simple fact that she input her PIN for the TLF transaction would not constitute this. I would want to know whether the fraudulent transaction required the PIN as online transactions generally require the CVV, not the PIN. Also, nowadays debit card transactions online require some kind of 2FA, so the bank’s security isn’t very good if it was done online.
Is there a time/date/location for the £2500? It might be significant as your sister might be able to show she couldn’t have physically made that transaction, if it was actually some sort of in-person transaction which required a PIN.
@rams, I was thinking the same about contactless, but do all Irish debit cards work this way? I know I often have to put in my PIN abroad although it’s generally not necessary in the UK these days.Thank you so much @Northernlass I will ask her about the location on the transaction tomorrow and will definitely post back with a update on final outcome.
Yes had some family visiting me in London for the weekend from Ireland. A shit*ty end to a lovely couple of days. She was talking about coming back again in New year but not so sure now. I had given warningsto be vigilant regarding mobile phone use in public.
There are definitely a few lessons to be learnt regarding oyster usage v contactless but not what she wants to be hearing tonight.
A few seconds after entering her PIN number on ticket machine she got a notification from her bank advising of transaction. The merchant name is just a load of random letters.
As I mentioned the staff at station did absolutely nothing to help and refused to believe anything had happened. Other than her bank investigating in Ireland and report to action fraud we did not contact police but will contact BTP
Also have sent an email to tfl as advised by customer support line.
There is almost no way that info came from the ticket machine or a device attached to it, internet connections, coding the device, making it small enough to be hidden, memory for when the device goes offline, coding for edge cases to deal with different situations etc., all too much to realistically expect. Plus all the networking and data processing on the backend. Also, if the bank are saying the PIN number was used, that is probably an in person transaction somewhere, I can’t imagine how anyone could operate that quickly.
All of that sounds extremely unlikely. I’d be asking yourself where else has the card been used with a PIN number? Stick with the ordinary police
Instances of fake card readers at tube stations are incredibly rare.
A google search of “card skimmers at tube stations” shows the last reported incident to be in 2016.
Staff working in tube station ticket halls check ticket machines on a regular basis and would also notice someone spending a long time at a machine (required to install the device) and would go to them to see if there is a problem or if the person needed help.
They know what the card reading elements look like and would soon spot anything out of the ordinary.
I have no doubt that your sisters card was cloned but it was very unlikely to have been via a tube ticket machine. She needs to go through all her card transactions for the last few days to try and identify where it may have happened – more than likely somewhere where a staff member took the card to process rather than it just be tapped onto a card machine at a till point or at the table in a restaurant etc.
SSS is correct. Highly likely skimmed at a retailer before the ticket payment.
Easiest way to avoid this is to use Apple Pay or google pay wherever possible. It’s astonishing how many people are ignorant.
Obviously won’t work at ATMs. Try to avoid third party ATMs as much as possible.I don’t know much about the actual mechanics of these things, but does cloning a card give you the PIN?
Anyway, what’s done is done and OP’s sister may not be used to living in a crime-ridden metropolis!
Jurisdiction will ultimately lie with where the offence took place, but that may not be known for some time. It’s also going to be complicated by the victim’s bank being outside the U.K., and she needs to take all the steps she can to show that she wasn’t negligent, and wasn’t present when her money was stolen.
@travelersolo – purely coincidentally I’ve just done a very rare transfer from my current account to my Revolut card. The reference is 17 random characters – 16 letters and 1 number. Is this similar to what’s showing on the transaction on your sister’s bank account?
One tip I would suggest for the OPs sister (well anyone really) who might be a bit antsy about using credit cards in foreign lands is to get one of those top-up cards such as FairFx where even if someone physically steals the card it’s basically useless as there are only limited funds on it to be used I.e. the amount you have loaded onto it
Very true – got the teenager a Revolut card for exactly this reason. Also freeze cards, if possible, when not in use. I’ve had a few suspicious notifications on Curve when it’s been frozen and they haven’t been able to be processed.
That sounds rather quick. Had she used it anywhere else earlier?
Sounds about right to me, depending on the bank of course.
Notifications from LBG, for example, are often instantaneous. Sometimes feel the buzz in your pocket before “approved” appears on the screen of the merchant device.
I think @rams meant that the theft was very quick after OP’s sister used her card at the TFL machine, so possibly the machine was not the source of whatever compromised the card.
She is retracing all her steps since arriving in London so the timing at TFL ticket machine may be a co incidence
To make matters worse flight back to SNN was cancelled this morning for operational reasons seems the plane due to operate is stuck in Boston. They are now scheduled to fly tomorrow night. On hold with EI trying for something earlier though not hopeful at all
Wow. So sorry to read what happened to your sister.Having that sum taken is not nice. I hope her bank refunds her.
I echo what others have written and am not sure that it happened at a TfL machine. It’s more likely to have been elsewhere so re tracing her steps and where she used the card is a good idea. Also the bank should be able to identify the merchant – the fact that it is appearing as a random string of numbers makes me think it’s not a TfL machine. Those cloning devices read the card details. Then the cloned card is used elsewhere so I think it was a coincidence that she happened to be usibg the card at a tube station.
This is why I don’t use my debit card and why I don’t have so much money in my current account. I have a linked savings account that allows instant withdrawals and deposits only via the current account so keep the majority of any cash there and I transfer as needed.
Also bad luck on the flight cancellation – hope your sister gets home earlier.
Instigate a chargeback with her bank.
The random digits were for the transaction from the sister’s account to wherever the thief transferred it. It sounds very much like my Revolut transaction from my current account this morning- 16 letters plus 1 number.
Instigate a chargeback with her bank.
She is already in touch with her bank who are investigating and will follow their fraud protocols. A chargeback will likely be rebuffed until their investigation is completed.
Remember when it comes to reimbursement of any illegally taken money, it will be on balance of probability whether your sister authorised the payment.
In this case it sounds like it should be easy: if she were buying a ticket with TfL putting her pin in for an authorised transaction, then she cannot have been elsewhere also putting in her PIN for an unauthorised transaction (and the bank should have noticed any significant location discrepancy between in-person transactions and blocked at least one of them). When you add in it will undoubetdly be for a totally random retailer that your sister has never shopped at, then it should be even easier.
- You must be logged in to reply to this topic.
Popular articles this week:
