Every Little Helps Credit Card Fraud? ~ Tesco-Complaint

Sunday, November 26, 2006

Every Little Helps Credit Card Fraud?

I was thinking about this issue after Tesco failed to deliver my home delivery on Wednesday - a failed delivery which Tesco maintain was delivered! The issue I have is with the way they handle potential card fraud. If you ever use Tesco online to order groceries you will notice that Tesco never ask for your billing address. I realised this most recently when I used my card to pay via my housemates Tesco account.

Any responsible retailer online has security measures in place to prevent card fraud. I'm not talking about the encryption, but rather the level of information you have to enter about the card. Tesco asks for the name on card, the card number, the issue number, the expiry date, and the security code; all information present on the face of a card. If this transaction was in a High Street store there would be the added security of a signature check (or Chip and Pin). On the internet that's currently impossible. Which is why, all other online stores I know of will ask for the billing address for that card. In most cases it would be the same as the delivery address. But in my case it is different as I live away from home at uni halls.

I intially thought the whole billing address and delivery address was all just pointless data to enter until I entered the wrong details on another site. It refused my payment and flagged the card for fraud. Pretty drastic perhaps, but at least I knew it was there for security (and the bank did release the card once they rang me and I confirmed everything). Anyway, sorry about the diversion. My point is, Tesco online don't ask for billing address. There isn't that added security which I think is damn well required.

Consider the possibility someone found a credit or debit card on the floor (or how about someone who quickly notes the details off it say in a restaurant?). Consider they go out to try and use it. They can't go down the high street, they'll want a pin number. And you can't normally use it online because it'll ask for a billing address. Both the PIN number and billing address you wouldn't know. But, go onto Tesco.com and you can use it. You don't need to know anything other than the details that are on the card.

Now, my question is, what is the legal stance of this? Isn't this somewhat irresponsible of Tesco as a retailer. What do you think Trading Standards or whoever would say about this? Something like this could hit Tesco pretty hard I think. What's your take on all this?
I anticipate your response, JC.

TESCO-COMPLAINT EDIT: Thank you for highlighting this issue. It is not the first time that Tesco's lapse attitude to credit card security has been exposed - see our "news and links" section for this entry: "Tesco helps credit card theft" via self scan terminals without chip and pin.
Continued in the comments section...

14 comments:

tesco-complaint said...

It seems obvious to us that Tesco care more about making money and their own interests than the consumers interest in the security of credit cards. Most companies we have used on the internet will prevent you from using your card to deliver to a non-billing address yet your experience of Tesco demonstrates that they have no regard for such common security processes.

This is, in our opinion, a clear opportunity for credit card fraudsters who are almost certainly already using our stolen credit cards on tesco.com (anyone experienced this fraud on their card?).

You are right that this is most irresponsible of Tesco. Sadly, we do not think that something of this nature is within the ambit of Trading Standards or general consumer protection legislation. The only people that can determine Tesco's policy in this area is Tesco's merchant bank that provides Tesco access to the credit and debit card authorisation network and of course Tesco themselves. The only thing we can do to impact their policies is to expose them to the public eye and warn people of the above dangers of Tesco.com.

Lets hope the media pick up on this story, we'll be contacting our favourite online net media - The Register and others. Exposing Tesco publicly is the only way to make them respond to your concerns as we learnt when we set up this website.

Anonymous said...

I've never used the online service but I am worried to learn that they require so little information. Considering the type of goods they also sell online (TVs etc.) then there is a potential for thousands of pounds worth of fraud, perhaps even before the owner realised that the card was missing. They should be asking for at least one piece of information that isn't on the card.

Of course it's the same with their self service checkouts and with the pay@pump system in their petrol stations. Although I understand that the self-service checkouts are now being fitted with chip and PIN, there's still no form of protection at the petrol station. The pumps have keypads already so how hard would it be to use those for PIN number entry?

Anonymous said...

If all of you are complaining about Tesco, why do you shop there?

Anonymous said...

If all of you are complaining about Tesco, why do you shop there?

Anonymous said...

Can anyone hear an echo in here? ;)

Anonymous said...

Yes, I completely agree, you can read more about such things here : http://www.scamsky.com/2006/11/26/credit-card-fraud/

JazzyC said...

"If all of you are complaining about Tesco, why do you shop there?" Ever since that issue I've stopped shopping there. Seeing such poor attitudes toward online security made me think twice about what they do with all the money they've invested in online services (and on the whole, Tesco itself)? Guess the answer lies in spreading themselves worldwide and outbuying land that potential competitors could have used.

Anonymous said...

Online credit card fraud is a big, big problem, especially when combined with the issue of identity theft.

Anonymous said...

Online credit card fraud is a big, big problem, especially when combined with the issue of identity theft.

Anonymous said...

Identity theft is a growing business here in the UK. I wonder how much Tesco loses to that and how much they pass the cost on to us consumers?

Unknown said...

Tesco can't use the existing units for chip an pin because they weren't built for chip cards. (the units are more than ten years old). The keypads that are on them are for fuelcard users (who drive vehicles that the company they work for the fuel for through a 'fuelcard') can type the registration into the units, a requirement of the fuelcard providers. That facility has now been switched off and fuelcard users can now only pay in the kiosk. The reason for it being switched off is that Tesco is beginning the roll out of new pay@pump units which are chip and pin capable (and will use chip and pi from the day of installation). The new units only have a number keypad, however, so typing a registration in would be impossible. The new units will also be able to accept clubcard vouchers. More info ->http://www.verifone.com/products/devices/unatt_outdoor/pdf/Tescoletter.pdf

Unknown said...

Edit- A fuelcard is a card that companies use to pay for fuel that is used by a vehicle they own.
Also, that link is http://www.verifone.com/products/
devices/unatt_outdoor/pdf/Tescoletter
.pdf (all one line, obviously)

Anonymous said...

I am curious to find out what blog platform you're using? I'm experiencing some minor
security problems with my latest website and I'd like to find something more secure. Do you have any recommendations?

Look into my homepage - subutex Doctors
Also see my page - Where Is The Closes Methadone Clinic

Anonymous said...

Washing out and ԁrying, time for a гelaxing morning going over the contеnt on here.
.. might have to nіp to the tip with somе gагbage though!


Ηere is my wеb blοg ... http://www.cheappersonalloans.me.uk