Security

Question

Status of "device IDs" in fraudulent transactions

By J2B2 ·
Tags: Security
I have been talking to somebody who claims to have recently been the victim of a number of fraudulent online transactions made on their debit card totalling approximately £900. The card itself had not left their possession, and the purchases (mostly on Sainsbury's online) only needed the name on the card as well as the number and expiry date. No CVV or postal address was asked for.

The bank has informed them that their systems showed the "device ID" was the same for the disputed transactions compared to that of previous undisputed ones. So the bank are not offering compensation.

I've not heard of the device ID this being used by banks in this way. To what extent are such IDs reliable proof of identification over time?

I have meanwhile told them it may be worth filing a SAR for device IDs from the bank for both the disputed and undisputed transactions as I believe they now count under GDPR PII. It seems to me that at the very least the bank should offer some evidence for their assertion!
Thread display: Collapse - | Expand +

All Answers

Collapse -

Spoofing

by azeem28 In reply to Status of "device IDs" in ...

There are possibilities of your Device ID being spoofed by someone which may cause the bank to think that the same device was used for all the transactions. This may occur due to any malware in your device or if your device was physically accessed by someone.

You should scan your device with some reliable antivirus to detect any viruses and also make sure not to fall for any phishing scams by opening links from unreliable sources.

Related Discussions

Related Forums