New Mobile Phone/Credit Card scam.

A friend of mine checked his online bank statement recently and found an unauthorised transaction for O2(UK)LTD PREPAY for £30.00 nestled amongst his porn charges and World of Warcraft subscription. Since he hadn’t used an O2 phone in over a year, this was quite a suprise, and a spot of Googling turned up more than a few people with the exact same problem.

So what is this O2(UK)LTD PREPAY? For starters, it’s a genuine debit on your card made by O2 – formerly BT Cellnet. The problem, of course, is that you didn’t actually make such a purchase, and you’re so paranoid about Credit Card Fraud that you keep your cards in a tinfoil envelope, so how did someone steal your credit card details?

The answer is.. they didn’t. Credit Card numbers are generated using an algorithm which makes it possible to easily check their validity before submitting it to a payment processor. Unfortunately, that same convenience means that anybody can whip up a simple program to test 16-digit numbers that pass the validity checks.

So now you have a valid card number, the next thing you need is the expiry date. Since there are only 12 possible expiry date values per year it’s trivial to check until you get a hit. Most cards only last a maximum of five years so you only need check 60 combinations. If you get a hit, congrats – you have a card you can use for fraud.

But wait – surely the only way you can test a card number and expiry date is to actually go ahead and try to buy something? And even then, don’t you have this Verified by Visa step to go through where you have to enter your password? Well ordinarily, yes you would, but if you happen to find a company that is pathetically lax with in the way they accept Online Credit Card payments – for example O2 in the UK – then you can enter just these details and see if the card works.

The O2(UK)LTD PREPAY that you see on your statement is a fraudster testing your card number and an expiry data and getting a hit. If you do not cancel your card straight away, you will soon find your card statement filled with purchases you didn’t make, things like TVs, cameras or more phone topups.

O2 are not the only company who allow anyone to enter any card details to top up any phone. Keep an eye on your bank or credit card statement for any of the following:

  • iTunes Purchases
  • Tesco Mobile Topup

If you didn’t make these purchases, call both your bank and the business involved immediately. Ask the bank to cancel your credit or debit card and issue you with a new number, and ask the business listed on the statement to investigate.

Worryingly, we’ve heard that the bank/business will tell you not to bother contacting the police over the matter. Whether you do or not is up to you of course, and if you get your money back without problems (aside from changing your cards) then you may not want the extra hassle, but the fact remains that a crime has been committed and those businesses with lax online card security have no incentive to improve matters if people don’t complain. I would suggest getting a crime number just for peace of mind – it at least helps you prove to the bank that you are serious about the fraud even if the likes of O2, Orange and iTunes are not.

So why don’t O2 etc put a stop to this?
From their point of view, why should they? Airtime actually costs very little for mobile phone companies to provide, so if they have to refund £30 to someone’s card, they actually lose a lot less than that. Add to this the unknown number of transactions that you can guarantee are never spotted by the card owners and you’ll come to understand that O2 are making a profit from this scam.

People should really be complaining to Visa and Mastercard, petitioning them to threaten O2 et al with the loss of their credit card processing facilities unless they tighten up online security. There is absolutely no reason, in this day and age, for this kind of lax attitude to be permitted – they are enabling fraud on a massive scale, profiting from it and appear to have no intention of changing things.



Memory Stick Capacity Scam

Fancy spending some cash on a nice new memory stick? With prices as low as ever you may be tempted, but be sure you know what you're buying.12th April 2012

Triple boot XP, Win7 and Ubuntu

A guide to configuring your system to allow OS selection on startup - XP, Windows 7 or Ubuntu.16th January 2011

Philips HDT8520 Freeview+ HD PVR

Philips Twin-HD Freeview+ PVR is a good looking little machine with terrible software, only saved from being dumped into the Reject Bin by a software update. Read on for thoughts, experiences and suggestions.21st December 2010

Shell Script to Update Multiple WordPress Installs

Updating WordPress can be a pain if you're a host with several installations, all of which require updating to the latest version...5th December 2010

Amazon Kindle 3 Review

Unless you've been hiding under a rock for the past year or so you can't fail to have heard of the Amazon Kindle and the impact that the device has had on the eBook and eBook Reader market.7th November 2010

O2 (UK) Ltd Prepay Slough Mobile Phone Scam

An explanation of why you're seeing items from 'O2(UK)Ltd Prepay Slough' on your credit and debit card statements.1st February 2010

Two Weeks in Tokyo

Back for more: A second trip to Tokyo for two whole weeks of geekiness including the Tokyo Games Show. This time K as decided to tag along...1st February 2010