Apr 082011
 
An example payment method still on my 'old' Amazon account

Over the course of the last few days I’ve discovered what appears to be – or possibly to have been – a fairly notable potential security hole in the Amazon UK website (and possibly others, but I only use the UK site on a regular basis). I will go into detail below about the nature of the security hole and how I discovered it – but first I want to point out that I’ve been trying to cause the problem to manifest itself again today, and failing. This might mean that the problem – which appears to have been triggered on my own Amazon account in August 2010 – has already been fixed. It might also mean, however, that I simply haven’t been able to establish all the variables that caused it to happen.

In other words, the problem I am about to describe might already be fixed, or it might not. I have no way of knowing one way or the other.

I was planning to wait before publishing this, but I’ve decided to proceed because I am somewhat less than happy with Amazon’s response to my emails on the subject – details at the very end of this post. Continue reading »

Sep 302010
 

After discovering there had been fraudulent activity on one of my credit cards held with Barclaycard on the 16th September, and my subsequent contact with them that didn’t get anywhere on the 17th, I had a missed call on the morning of Sunday 19th September from a withheld number, which I assume was from Barclaycard’s fraud department, but they made no further attempts to contact me that day. I finally received a call from them on Monday 20th. Continue reading »

Sep 192010
 

A couple of days ago, I posted about the call I received from Barclaycard concerning fraudulent activity on one of my accounts, and from which I concluded that Barclaycard themselves have become a victim of social engineering (which I am now able to confirm, and will be updating that post to explain after finishing this one), allowing the fraudster to set up new online access to my accounts – and I dropped in a comment about the security questions that they ask, and would have asked the fraudster, pointing out that they are not actually secure at all. Since then, I’ve called Barclaycard myself, so to illustrate the point that the security questions they ask are anything but secure, here are the three I was asked: Continue reading »

Sep 162010
 

I received a partially automated telephone call from Barclaycard today – their systems had been alerted to possible fraudulent activity on one of my credit card accounts. When I initially answered the call and their robot explained this, my first thoughts were that it probably wasn’t fraudulent activity, and that I’d have to confirm a transaction I initiated a few days ago – I booked some holiday accommodation, and the last couple of times I’ve booked with the same company I’ve received a similar phone call and had to confirm that it was a genuine transaction.

However, I soon discovered that booking wasn’t what triggered the call, as the robot revealed two transactions and asked me to confirm if either of them weren’t genuine. Neither of them, one for £3 and the other for £3,762, were transactions I had made.

Continue reading »

Nov 302009
 

I forgot to pay my Barclaycard bill this month. The amount I forgot to pay was massive. Absolutely huge.

Yes, the balance from my statement last month was a staggering £21.28.

Okay, that small amount of sarcasm aside (almost as small as the amount in question), at the end of the day the payment was due and I forgot to make it. It was my mistake, so let’s just get on to the point of this:

Continue reading »