How I Helped Fraudsters Steal Thousands of Dollars from Me

Commentary about business and finance.
Aug. 2 2013 12:01 PM

How I Aided and Abetted My Own Debit Card Fraud

The criminals spied on me at an ATM and followed me home. I handled the rest.

Using an ATM at night.
Who's behind you?

Photo by Thinkstock

“Hello, Mr. Welch. Visa Card Services here.” That was how my nightmare started one Sunday morning. I was hungover, sitting on the sofa, when the landline rang. I was surprised because I’d only given the number to about three people. The person on the other end of the phone, Mark, told me there had been a number of fraudulent transactions on my bank account since midnight, adding up to about 1,100 pounds ($1,663). I’d never heard of Visa Card Services before, but then, I’d never had money stolen like this before. Maybe this is what happens?

Mark then confirmed the last genuine withdrawal I’d made, at the Barclays bank opposite Highbury & Islington station in London. He gave me a reference number and told me to ring the telephone number on the back of my card. I did just that, quoted the reference number, and was able to speak with someone who knew all about the supposed fraud. These cunning tricksters had apparently cloned my card at the Barclay’s ATM, then treated themselves to a few things in the Apple Store. Something didn’t ring true about the whole thing—why would someone with a stolen card only spend 400 pounds (about $600) in the Apple Store, for starters? Still, I watch enough alarmist consumer-affairs TV,—the kind of program presented in the U.K. by an estuary gargoyle named Dominic Littlewood—to know that these things happen.

The person now helping me, Rajesh Khan in HSBC’s card protection department, had all my details: full name, date of birth, and crucially, my address. When he said a courier was on the way to collect my card for further examination, I didn’t need to tell him where I lived. I initially flinched at the idea, but when Rajesh explained that the bank’s fraud team needed to analyze the chip, it made sense. After all, I’d phoned the bank myself—this was no cold call, and he had all my details already. That’s probably also why I typed my PIN number into my telephone keypad of my phone when Rajesh asked me to.

Advertisement

“It’s OK, Mr. Welch, we can’t see it, but we need to perform a PIN block,” he said.

“I’ve never heard of that,” I said, “but fair enough.”

I packaged the card up as requested—wrapped it snugly in a paper towel and tucked into an envelope—and waited for the courier to arrive. Rajesh called back twice, once to say the car was five minutes away, and again to say it was outside, quoting the car’s number plate and describing the driver. My new mate, Rajesh, called again later that afternoon to say they’d received the card and that I’d have my money back in a few days. “Great," I thought. I recall saying to one of my housemates how difficult it was to like banks, what with them ruining the world and everything, but you couldn’t argue with efficiency like this.

The following day was similarly efficient, as I went through exactly the same process with my credit card. The fraudsters had somehow hacked into my online account, got my credit card details, and maxed it out. This time, good old Rajesh told me, there was a shred of hope the criminals would be arrested as they’d made the mistake of buying Eurostar tickets to Paris on a specific train. The police would be waiting for them at the Eurostar hub at St. Pancras station. Amazing news!

But then a few days went by without a call from Rajesh. By this point I was about 4,000 pounds (more than $6,000) out of pocket. I called the bank, this time from my mobile. After explaining the situation to two or three representatives, the nightmare stepped up a notch when one of them said, “But Mr. Welch, your cards haven’t been reported stolen."

I’ve never been speechless before; I’ve never been able to feel the color drain from my face either, but now I was and I could. It ran from me like water down an open drain. I was consumed by feelings of stupidity, anger, and fear. Realizations kept hitting me as I relayed the conversations to the bank reps, over and over and over. Why had I given my card to a stranger? Why had I typed my PIN into the phone? How did they know my mother’s maiden name? How did they have my address? And most of all, why in the name of all things holy hadn’t I checked my balance to see for myself what the damage was before I even called the bank that Sunday morning?

Well, to answer the last question first, I suppose I didn’t want to see what was happening. When I did check, things were far worse than I’d expected, and my rent had bounced to cap it all off nicely. The Apple Store story was a lie—they’d in fact spent thousands in clothes shops, and better yet, they’d treated themselves to a Dixie Fried Chicken each evening. Forget the fraud—what kind of savage spends 95 pounds in three days on greasy take-out?

The rest of it comes down to good faith. Once you call the number on the back of a card and go through security stages, you enter into a world of trust, where you’re no longer the boss. The person on the other end of the line takes over. “My National Insurance number? Sure, stranger I’ve never spoken to before, here you go …”

By now, I was really panicking. Most of the money was credit or overdraft. What if I didn’t get a refund? That was a possibility, according to the security expert at the bank. It would take me years to pay off debt like this.

I called the police, and after explaining my idiocy once again—it’s pretty humbling, repeatedly admitting you’re the type of person who gives both your debit card and PIN to the first person who asks for them—they outlined the likely series of events that led to this theft. (They also told me, to my relief, that banks almost always refund the first-time defrauded.) It all started, said the police, on the Saturday night when one of this gang would have watched me withdraw money from the ATM. The thought of being spied on while you’re trying to enjoy yourself at a garage night at the Buffalo Bar is sinister enough, but not the worst of it. The police believe that then I was followed home, which is how they got my address. It could have been worse—they could’ve just stabbed me, so every cloud and all that, but followed me home? Christ.

As for the Sunday morning phone call, well, credit where it’s due—it’s pretty clever. If you call a landline, it’s up to you to end the call. If the person who receives the call puts down the receiver, it doesn’t hang up the call. So after I went to find my debit card, the fraudster was still on the other end of the phone, waiting for me to pick up and call “the bank.” As I did this, the police said, he first played a dial tone down the line, then a ring tone, making me think it was a normal call.  “Mark” would have been sitting next to ”Rajesh,” no doubt barely holding in their laughter at how stupid I was. Well, Mark and Rajesh, I hope you’re happy with your lives. To Hades with you.

I was right to praise the bank’s efficiency, though. They returned all my money to me within 10 days, although I did have to get new bank accounts and cards. It was a pretty lean spell, and by the time I got my money back, I’d spent my last 60 pence on a tin of beans. The feeling of total financial ruin, of utter helplessness, isn’t one I’ll forget in a hurry. If I momentarily forgot what was happening, I’d start panicking all over again the second I remembered. Setting up all new direct debits was an unholy pain in the arse, my credit rating has taken a serious knock, and getting the various bank departments to talk to one another and not charge me hundreds in overdraft charges was no picnic either. I’ve since had to sign up to a number of other bank schemes and government services to add further layers of protection. I get a monthly statement of credit checks in my name, for example, so I know if these people are using the information they have on me again. It took a few weeks to stop worrying about the same people coming back to my house, too, although it helped to spend hours online researching the link between bank fraud and violent crime—virtually nonexistent, it would seem. If I’m wrong about that, I don’t want to know.

Bank fraud is a bigger problem than I had ever realized before this happened. A 2012 study of thousands of consumers across 17 countries revealed that 1 in 4 has been directly affected by card fraud in the last five years. Millions and millions of pounds are pumped into funding departments and insurance coverage. That’s our money, paid in extortionate overdraft arrangement fees that finance the whole industry. Financial fraud is often thought of as a victimless crime, because ultimately it’s only huge companies footing the bill, not individuals. But having suffered through it myself, the stress, upset, and countless hours spent sorting it out tell me it’s anything but.

Out of everything, accepting that the fraud had happened probably took the longest to process. Being paranoid, well, hopefully that’ll just wear off in time; being a bit more suspicious than I was before isn’t a bad thing. I like to think I’m a tech-savvy person, I read about internet security, I know about phishing, but the knowledge left me when it counted and I handed over all my money to criminals like some yokel buying magic beans at a county fair. I’m surprised I didn’t offer to help them spend the cash as well.

This piece is reprinted from Andy Welch’s personal blog.

Andy Welch is music editor at the Press Association and writes for NME.

  Slate Plus
Slate Picks
Dec. 19 2014 4:15 PM What Happened at Slate This Week? Staff writer Lily Hay Newman shares what stories intrigued her at the magazine this week.