$16K Fraud with HSBC Star Alliance Credit Card

M

mpogr

Junior Member
Joined
Apr 27, 2017
Posts
16
Qantas
Gold
Virgin
Gold
Star Alliance
Gold
Just sharing here some experience with HSBC from the pure banking perspective.

My HSBC Star Aliance card was charged with total of 16K+ AUD (in 3 transactions, ~4+~4+~8K AUD, all in GPB) by some unknown hackers. The only thing I've got was a text message from the bank about the biggest one of the above, which I received during the night.

I called them in the morning, had the card blocked and reported all 3 as fraudulent transactions. However, I can't essentially use the card as all my credit limit is exhausted. 2 days after all 3 transactions have been posted on the statement. According to the fraud department, the investigation can take up to 60 days!

Now, every time I was about to spend online amounts above 500 AUD even in Australia, let alone overseas, I'd get pop ups asking to input a code sent to me by the bank via SMS or email. Yet in this case the bank let through 3 charges for much higher amounts, in foreign currency, without a blink. And now I have to deal with the consequences, while the bank is refusing to take any responsibility and taking its time to investigate, like it was a petty scam of 20 or 100 bucks.

BTW, took me 50 mins to get hold of someone to talk about it from the customer service angle, without offering anything better than "call us again if it's not resolved by the time you need to pay your balance".

Realy makes me think twice if the benefits of the FF status are worth the hassles of dealing with a bank which can't be bothered with securing their customers finances and having a customer service worth of its name.
 
mpogr said:
Just sharing here some experience with HSBC from the pure banking perspective.

My HSBC Star Aliance card was charged with total of 16K+ AUD (in 3 transactions, ~4+~4+~8K AUD, all in GPB) by some unknown hackers. The only thing I've got was a text message from the bank about the biggest one of the above, which I received during the night.

I called them in the morning, had the card blocked and reported all 3 as fraudulent transactions. However, I can't essentially use the card as all my credit limit is exhausted. 2 days after all 3 transactions have been posted on the statement. According to the fraud department, the investigation can take up to 60 days!

Now, every time I was about to spend online amounts above 500 AUD even in Australia, let alone overseas, I'd get pop ups asking to input a code sent to me by the bank via SMS or email. Yet in this case the bank let through 3 charges for much higher amounts, in foreign currency, without a blink. And now I have to deal with the consequences, while the bank is refusing to take any responsibility and taking its time to investigate, like it was a petty scam of 20 or 100 bucks.

BTW, took me 50 mins to get hold of someone to talk about it from the customer service angle, without offering anything better than "call us again if it's not resolved by the time you need to pay your balance".

Realy makes me think twice if the benefits of the FF status are worth the hassles of dealing with a bank which can't be bothered with securing their customers finances and having a customer service worth of its name.
Click to expand...

You are expecting the bank to wear $16,000 of losses on your behalf and you're cross with them?
 
Mr H said:
You are expecting the bank to wear $16,000 of losses on your behalf and you're cross with them?
Click to expand...
My very first expectation is they do some extra checks BEFORE letting such transactions through. And the fact they didn't (or let themselves be fooled by the hackers so easily) really makes me question whether my money is safe with them.
 
mpogr said:
Realy makes me think twice if the benefits of the FF status are worth the hassles of dealing with a bank which can't be bothered with securing their customers finances and having a customer service worth of its name.
Click to expand...
They should be able to suspend the need to make that repayment
 
mpogr said:
Just sharing here some experience with HSBC from the pure banking perspective.

My HSBC Star Aliance card was charged with total of 16K+ AUD (in 3 transactions, ~4+~4+~8K AUD, all in GPB) by some unknown hackers. .
Click to expand...
Not a great situation, but I am sure it will be resolved in your favour if you did nothing wrong. The time frames are normal across banks, they have to investigate!

Would never have got this card with a 16K limit, better to have 6K, and another card with another bank, to avoid inconveniences like this.
 
mpogr said:
Just sharing here some experience with HSBC from the pure banking perspective.

My HSBC Star Aliance card was charged with total of 16K+ AUD (in 3 transactions, ~4+~4+~8K AUD, all in GPB) by some unknown hackers. The only thing I've got was a text message from the bank about the biggest one of the above, which I received during the night.

I called them in the morning, had the card blocked and reported all 3 as fraudulent transactions. However, I can't essentially use the card as all my credit limit is exhausted. 2 days after all 3 transactions have been posted on the statement. According to the fraud department, the investigation can take up to 60 days!

Now, every time I was about to spend online amounts above 500 AUD even in Australia, let alone overseas, I'd get pop ups asking to input a code sent to me by the bank via SMS or email. Yet in this case the bank let through 3 charges for much higher amounts, in foreign currency, without a blink. And now I have to deal with the consequences, while the bank is refusing to take any responsibility and taking its time to investigate, like it was a petty scam of 20 or 100 bucks.

BTW, took me 50 mins to get hold of someone to talk about it from the customer service angle, without offering anything better than "call us again if it's not resolved by the time you need to pay your balance".

Realy makes me think twice if the benefits of the FF status are worth the hassles of dealing with a bank which can't be bothered with securing their customers finances and having a customer service worth of its name.
Click to expand...
Sorry this has happened to you. Most banks made a credit whilst the transaction is being investigated.
 
Just a side note on what was the likely place my CC details had been leaked from or used with.
All 3 fraudulent transactions have likely been done with some UK government organisation, according to the fraud department guy I've spoken with.
Now, my only interaction with anything remotely related to such was when I paid for the recently introduced ETA for travelling into the UK in late December. In fact, I actually used this card for that payment, while on my trip there I've only be using a different card (Bankwest, which doesn't have international translation fees).
So be careful with these payments, could be the UK government is to blame for the leak.
 
Mr H said:
That’s possible. It’s also possible you made the payment while connected to an unsecured network.
Click to expand...
I was connected to my home WiFi. Not bragging about anything, but I'm a cybersecurity professional as my day job, so rest assured my home network is protected the best it can get.
 
mpogr said:
I was connected to my home WiFi. Not bragging about anything, but I'm a cybersecurity professional as my day job, so rest assured my home network is protected the best it can get.
Click to expand...
And the UK Government employs cyber security professionals. So I’m guessing a cyber security professional stuffed up somewhere along the way.
 
Almost pains me to share good experiences… I’m remortgaging with a different Chinese bank and they’ve been difficult, to say the least. The latest strange request was “your HSBC account number on your credit file doesn’t match your HSBC card number. Explain”.

I figured that would be a drama… one one live chat request and I get a quick response stating “the number on your credit file is internal. I’ll raise a request for a letter explaining this”. Within about 4 hours I had a PDF letter that cleared it all up.

Really thought it would be a huge HSBC runaround…. But credit where credit is due.
 
Mr H said:
That was my point. HSBC loses $16,000 and is getting blamed for it.
Click to expand...
No, they haven't. Right now, the customer has lost $16,000.

HSBC will (should) initiate a charge-back on the financial institution that requested the payments. If successful, HSBC will have lost nothing, and the customer will have lost nothing.

And there is nothing to suggest that it won't be successful.
 
mpogr said:
I was connected to my home WiFi. Not bragging about anything, but I'm a cybersecurity professional as my day job, so rest assured my home network is protected the best it can get.
Click to expand...
This sounds too much like a non-official website for the ETA capturing your details and acquiring the ETA on your behalf, to not raise suspicion.

These are rife in the ESTA space.

Assuming that the UK government hasn't been hacked, can you be certain that you applied for your ETA on the official website?
 
BJReplay said:
... who's out of pocket: Credit Card Offers - HSBC Star Alliance Credit Card: Fast-Track to Star Alliance Gold Status
Click to expand...
The card issuer bears the loss. The card issuer may then try a chargeback to the retailer and may win, but if the retailer challenges then they have a fair probability of winning, leaving the card issuer bearing the loss. Either way, it’s hard to see why the OP would be angry with the card issuer. Maybe he/she is just a naturally choleric person.
 
Last edited by a moderator:
It's quite possible that there's no breach or mistake been made anywhere and that this is the result of a BIN attack.
www.abc.net.au

What's a BIN attack and how are cybercriminals guessing your credit card number?

Experts say it's easier than you think for cybercriminals to guess your credit card details. And it's costing customers and small businesses.
www.abc.net.au www.abc.net.au

Ultimately the retailers, networks and banks could work together to make the system that they've designed more secure, mandating things like 3D Secure for online transactions. But that would make using the cards less convenient and they've obviously made a calculation that the profit from the convenience out weighs the losses from additional fraud. That's a choice they've made though, so it's entirely appropriate that when it occurs, the consumer shouldn't be inconvenienced by it.
 
I've had this card for a few years and always selected SQ as my status airline. This year I went with UA as I have a few long haul UA flights so I wanted the comp economy plus benefit.

My status has come up as a "Trial" status on my milage plus membership card, similar to if I requested a status match, has anyone else had this happen or does anyone foresee any issues with the benefits on partner airlines?
 
Mr H said:
The card issuer bears the loss.
Click to expand...
No, that's not how chargebacks work.

The card issuer (HSBC) doesn't bear a loss if the charge is deemed valid. The customer pays. If the charge is deemed invalid, the issuer claims the charge back (and costs) from the accepter - the account that made the charge. The card accepter's bank bears the cost if they can't recover from the accepter account.

There is no scenario where the issuer bears the costs.

You clearly have no idea how this works.
 

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.

Recent Posts

Currently Active Users

Total: 216 (members: 42, guests: 174)
Back
Top