1. If you're receiving a message that you are banned from the Current Events or Politics forums, it's not you specifically: those forums have been hidden for all users. For more info, see here.
    Dismiss Notice

Telstra nosedive?

Discussion in 'Networking, Telephony & Internet' started by MR CHILLED, Aug 13, 2020.

  1. Sunder

    Sunder Member

    Joined:
    Apr 26, 2012
    Messages:
    4,429
    Yep, kind of my point. DD is more secure than CC in general.

    Huh? I can't really buy whatever I want from Telstra, TPG, health funds or utilities. Cybercriminals are really going to buy health insurance in their name using your DD? Sounds far fetched to me. Even getting a new resellable iPad on MRO seems a bit far fetched, as even with a DD attached, they want to do credit checks, another 100 points of ID, none of that happens with a CC.

     
  2. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    6,100
    Location:
    NSW
    Never though of doing that, interesting... given i am digital for paying things when out and about (i never take a card, its tap and pay via my mobile or nothing) that makes life easy.

    Actually have heard of this happening with a few dodgy backend employees with telstra, who placed orders for a lot of apple gear, have it shipped to a empty place, and then resell for profit.
     
    Last edited: Jul 21, 2021
  3. caspian

    caspian Member

    Joined:
    Mar 11, 2002
    Messages:
    11,903
    Location:
    Melbourne
    don't be asinine. what they will do is make a significant charge against your account to another account they have also compromised, withdraw the cash, and vanish.

    I might point out that my wife works in a complaints support role for a major bank. she spends all day every day dealing with complaints of this sort of scam happening.

    same. even my physical card rarely clears my wallet since I went to phone pay. loading the new card details into the ewallet is done within minutes and the account is live as soon as it's done, so you're back on the air for both in-person and online purchases.
     
  4. Sunder

    Sunder Member

    Joined:
    Apr 26, 2012
    Messages:
    4,429
    Is this some kind of weird reverse ad hominem attack? Should I remind you I used to work with the NSW Police Cybercrime and Fraud squad and IAFCI? I'd prefer not to, I prefer to deal with every argument on its own merits.

    To do the attack you described, a criminal would have to take over Telstra, or TPG, or a health fund's accounting system. A typical account set up by a person like you or me, stolen identity or not, cannot direct debit someone else's account, neither can your typical low security check business account.

    I don't doubt the fraud occurs, but it would be extremely rare. If you have such deep control of a large organisations systems that you could do direct debits, you have many other options to get cash out.
     
  5. caspian

    caspian Member

    Joined:
    Mar 11, 2002
    Messages:
    11,903
    Location:
    Melbourne
    no, they do not. all that has to happen is a business has their database hacked and the credentials stolen. it happened to me personally about 18 months ago.

    it's also no more difficult to compromise the account of someone with merchant credentials and initiate the transfer. it doesn't have to be Telstra or TPG. any small business will do.

    I cannot speak to your personal experience other than to comment that I hear daily proof that it absolutely happens, from the victims of the fraud. it's cyber crime business.
     
  6. Sunder

    Sunder Member

    Joined:
    Apr 26, 2012
    Messages:
    4,429
    Out of interest, I pinged an old colleague of mine still in the game to see how prevalent it was. It's now about 10% of all payment fraud up from tenths of a percent when I was directly working in that area. Apparently more common in the UK than anywhere else. The majority is actually not as you describe, but to buy subscription services like Netflix (although I note that Netflix don't do direct debit any more) which are then sold as "lifetime" subscriptions. Or at least until the direct debit victim finds out. Then the buyer becomes the victim.

    So I'll admit that I stand at least partially corrected. It is obviously still far more secure than giving someone your credit card, but it happens more than I thought.
     
  7. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    15,310
    Location:
    Canberra
    that's NOT a bank level authorisation/check, that's just PayPal covering their ass from you entering the wrong details (leaving them open to a loss if you buy something, and they can't pull it from your account). Your bank doesn't care nor do they have any say in that process.

    it's akin to a pre-authorisation check and hold on a CC. merchant pre-authorises by placing a hold on $x on your card, it confirms you have at least that amount available, and they hold that until your transaction is complete (e.g. a hotel stay), where they refund, or keep it to cover your minibar spend/cleaning charge etc.

    again your bank/card issuer lets this happen without any authorisation from yourself.
     
  8. Sunder

    Sunder Member

    Joined:
    Apr 26, 2012
    Messages:
    4,429
    Yes, agree 100%. I thought that was clear that it was a Paypal side security thing, so a criminal couldn't just use a stolen BSB/Account number thing.
     

Share This Page

Advertisement: