My HDFC credit card hacked; charged 51.5k

Status
Not open for further replies.
S

Sei

Galvanizer
So, one fine afternoon (15th May actually), I was sitting in my office canteen and eating a fruit plate. I get a message from HDFC stating that my card was charged for Rs. 51534.93. I blinked twice because I thought the amount to be 500 something. Then immediately got a call from HDFC confirming the purchase, which they do for high valued single transaction purchases.

I told them that I have not made the purchase and I have the card with me. He tells me to call up Customer Care and get my card blocked. I blocked it immediately. The payment was charged to Chari & Co. NYC. I have never dealt with this company before.

On 16th May, Customer Care tells me that the bank had indeed transferred the money and I need to fill a Charge Dispute form. I have filled and submitted the same. There will apparently be an inquiry for 15-20 days in which HDFC is going to investigate the case further.

Now, what are my chances here? Has anyone experienced or heard of such a case before? I really don't want to pay the money, obviously.
 
HDFC may do payment chargeback which can sue actual person who purchased something from Track Bike - Chari & Co N.Y.C. using your card. The things you can do from your side is to contact the website merchant Store Location and tell them what actually happened..

You won't be paying the money for sure as HDFC will chargeback the payment as Credit Card owner (you) have denied the transaction.
 
^ Though that is extremely nice to hear but is this valid even when the bank has already paid the store? Are they going to refund the money? Also, should I go ahead and mail the store? Another thing which I found weird was that most stores are very strict in their policy of accepting credit card orders only when shipping address = billing address and the card is American. Seems like this is not the case here.
 
Sei said:
^ Though that is extremely nice to hear but is this valid even when the bank has already paid the store? Are they going to refund the money? Also, should I go ahead and mail the store? Another thing which I found weird was that most stores are very strict in their policy of accepting credit card orders only when shipping address = billing address and the card is American. Seems like this is not the case here.
Click to expand...

The bank will take the money back from the store
 
Dont you have to enter in a password in a secured https gateway of either Visa or Mastercard before confirming the credit card purchase? How did the hacker managed to do that?
 
^^ Nope. that securecode thing is only for Indian payment gateways. Its an RBI rule. International payment gateways don't have to follow it.
 
There many ways people can steal card info. Online transactions is one of them, handheld magnetic strip readers are another. Other than suspicious online transaction ; never let your card out of your sight.
Recently, I wanted to order home delivery from Pizza Hut but store's handheld machine wasnt working. The guy taking my order offered - I could handover the card over to the delivery boy and he will take it to the store to swipe it. Once done; my card will be returned. I flatly refused. Better safe than sorry.

AFAIK there is a 1-2 day delay in the money actually being paid to the merchant. So they can deny the payment (basically chargeback the transaction).

Thankfully, you are not with SBI. Somethig like this happened to a friend with SBI Credit Card. Got charge 35k for a gold chain; SBI investigation went on for 6 mths and he was constantly harrased for proof.
 
That is why i only use PayPal for all payments on international sites. However, haven't you enabled the VBV password for your card yet. Because the card details could have been stolen from an Indian e-store as well which don't have facilities like PayPal.
 
I've always had a good experience with Amex. Just have to call them and tell them that there are invalid transactions and they raise a dispute and immediately offer a credit for the full amount.
 
Well recently while doing transaction on Godaddy, I observed that even CVV was optional...I just entered my CC number and my card was charged without CVV...:crazy:
 
Thanks for commenting in this thread guys. I really appreciate it. I really hate that this happened even after me being generally cautious about such things.

Aces170 said:
Dont you have to enter in a password in a secured https gateway of either Visa or Mastercard before confirming the credit card purchase? How did the hacker managed to do that?
Click to expand...

manu1991 said:
^^ Nope. that securecode thing is only for Indian payment gateways. Its an RBI rule. International payment gateways don't have to follow it.
Click to expand...

I really didn't know that. I was wondering that too.

avi said:
Sei - don't worry, you will get your money back.
Click to expand...

That is what I really want to hear from HDFC bank! :)

sharktale1212 said:
There many ways people can steal card info. Online transactions is one of them, handheld magnetic strip readers are another. Other than suspicious online transaction ; never let your card out of your sight.
Recently, I wanted to order home delivery from Pizza Hut but store's handheld machine wasnt working. The guy taking my order offered - I could handover the card over to the delivery boy and he will take it to the store to swipe it. Once done; my card will be returned. I flatly refused. Better safe than sorry.

AFAIK there is a 1-2 day delay in the money actually being paid to the merchant. So they can deny the payment (basically chargeback the transaction).

Thankfully, you are not with SBI. Somethig like this happened to a friend with SBI Credit Card. Got charge 35k for a gold chain; SBI investigation went on for 6 mths and he was constantly harrased for proof.
Click to expand...

Yeah, I am careful in scenarios like above but I guess I do get a little complacent online. Also, there is generally a 1-2 day delay but in this case Customer Care said that the bank had paid the money :(

max_demon said:
have you used your card at any online store, seems like their database is compromised.
Click to expand...

I did purchase some material off this site - Aristotle Prep - The Leading Online Test Prep Content Provider I was a bit suspicious when making the payment too. Their site refused my debit card. So, I had to use my credit card. Though I have no doubt about the site in general (they are a well known GMAT prep site) but looking at their site, I think that their site might have been compromised in some way. But that is the only doubt I have. Rest all transactions have been made to well known sites such as Flipkart, Hostgator etc.

letmein said:
One good tip is too scratch out the CVV number from the back of the card
Click to expand...

I really didn't know that!

rdst_1 said:
That is why i only use PayPal for all payments on international sites. However, haven't you enabled the VBV password for your card yet. Because the card details could have been stolen from an Indian e-store as well which don't have facilities like PayPal.
Click to expand...
Yeah man I also try to use Paypal wherever possible. But it's not present on all sites. Also what is this VBV password you are talking about?
 
Sei said:
Though I have no doubt about the site in general (they are a well known GMAT prep site) but looking at their site, I think that their site might have been compromised in some way. But that is the only doubt I have. Rest all transactions have been made to well known sites such as Flipkart, Hostgator etc.
Click to expand...
10 Massive Security Breaches -- InformationWeek
unencrypted customer details is all it takes for a security breach.. and many sites don't encrypt! mostly international only...
but in India most sites will have verified by visa and mastercard secure code so its safe.
 
I know it is tempting, but try not to use your CC/Plastic card on a site which does not have Secure code (payment gateways) and does not ask for the I-PIN. Mostly foreign sites do not even have this set up. Or get a card with a low value for foreign sites. I was once trying my Visa card on a foreign gateway, and Citibank denied them the transaction, because they did not have 3D Secure set up.
 
Status
Not open for further replies.
Top Bottom