I have read of card scams,where fraudsters call you to extract OTP from you. But in this latest scam, where I am a victim, my cards got transacted, even if otps came in my phone.
This happened 3 in the morning, where everyone is supposed to be sleeping. My cards of banks sbi, RBL and axis were transacted of amount ranging from 3000, 5000, 14000 and international transactions of currency euro and rub.
The payment gateways are of AMAZON PAY INDIA and pay.pl. The transactions have been disputed, but axis has declined the dispute , labelling as customer liability, as OTPs came through.
Anyway, long story short, and not to be a cry baby, the cards and my registered cell phone were with me all times. say, international transactions don’t require OTP, but Amazon pay india gateway went through despite OTPs in my phone. As if OTPs were a joke.
I had a nightmare trying to block cards, as the attacks came one by one.
I do not wish these things to happen to anyone. It sucks, when you have to pay for something you never did.
Please switch off international transactions, and put lowest transaction limit.
And please share any similar experiences if you had.
I have blocked the compromised cards. Now, I have a phobia. Some cards, I have temporarily switched off. Can the so call hackers, transact through switch off cards!
3 am and every sms tone is nightmare for me now.
Let this be a lesson to my fellow traders. Many times I wished ,if I had just switched off the international transactions and maybe switch off domestic transactions too.
It’s like I should have taken the trade. When the market is over. The hindsight is always clear.
Better approach the banks or report it to your near by cyber cell and take their suggestions on what could be the next best course of action to prevent further losses.
@Celina I have had this happen to me , but the amounts were small like 200, 500, 600 one after another; after midnight. I disputed and Kotak reversed them all. Mine were all CC.
I think mine were all marked Google Playstore purchases
Do you do a lot of online transactions, international? I do a lot.
FORMAT your Phone. I removed all UPI payment apps and mobile banking apps after the episode.
This had happened with one of my family members in 2014. They had added their Credit Card to Paypal. One afternoon, they got a message that around 19 GBP had been spent for buying something via Paypal. That transaction was reversed by the merchant itself (likely because the Credit card company intervened somehow as that card was never used for international transactions before that) but what followed afterward is much more interesting.
After that happened, the hacker tried to take over the Paypal account by adding a new email address and make it the primary email of that Paypal account (essentially trying to lock us out of the Paypal account). We tried calling Paypal India customer care but they were of no help. But, thankfully that process (aka making a new email ID as the primary email ID) required approval which was sent to the existing email address present in the Paypal account.
But then, we started to get 2FA login codes on SMS, essentially meaning that someone was trying to login into the Gmail account linked to that Paypal account (the odd thing about those SMS’s was that those were not in English, something like “קוד האימות שלך ב-Google הוא” (this is Hebrew) which revealed to us that hacker wasn’t from India (or was masking/hidding their location)). From what I understood later, the hacker likely had somehow gotten their hands on the password for the Gmail account as well. Fortunately, a few months earlier, we had enabled Two Factor Authentication on all family Gmail accounts and that became our saving grace. Eventually, we were able to reset the Paypal account password and remove the new email address from the account. The first thing we did after that was removing the stored credit card from Paypal.
After that incident, I become somewhat paranoid and try to enable 2FA everywhere (even my TradingQnA account has 2FA enabled) and prevent storing cards wherever possible.
But after reading about your experience, I am a bit scared. Your case does look like its related to SIM swapping/cloning but Isn’t there any way to approach Amazon India and report that your card was used for doing an illegal transaction via the Amazon platform? The hacker would have likely covered their tracks (aka created a fake Amazon account) but given that they had entered your card details in Amazon Pay to make a payment, Amazon would likely know to which merchant that payment was done to. In case they are willing to share those details, you could then approach that specific merchant to get more details about that transaction. But something like this wouldn’t be possible without some kind of legal action.
Also, I have come across a recent news story related to curbs being introduced by RBI for storing card data after the rising incidents involving card data leakages -
That was terrifying to read. I have switched off international transactions on all my cards. Thank you for sharing your (harrowing) experience.
After thinking about this for a bit, here is what I suspect: there is some app on your phone which is parleying your OTPs to the hackers. Could you check app permissions to see if some third-party apps have access to your SMS? In Android this can be done using Apps->Settings->Permissions or something similar. Many apps (e.g: food delivery apps, grocery apps, investment apps, banking apps) ask for SMS read permission so that they can read their own OTP messages. Ideally we should deny this permission to anything except the built-in SMS app, but we often let other apps read our SMSs for the sake of convenience.
If one of these other apps has been compromised, then they can relay your SMS to the bad guys. To my mind, this is one way in which this CC fraud could have happened.