We had around £90 of Nectar points taken off our account yesterday evening and spent in Argos. It looked like simple theft. Although we have all the cards, we thought that the online account could have been compromised (immediately changed password).
Then today it got weird. Another load of points were taken off and spent in Sainsbury's, similar amount to before. Now the account balance is -£80 !
This sort of thing should be impossible, unless there is a bug or someone is being malicious, perhaps exploiting a bug?
You'll have the nectar baliffs round 😀 (sorry)
Have you got the right cards still? I have heard of less than honest checkout workers quietly swapping cards with any they see with a particularly high balance. Whether it's an urban legend, I'm not sure.
But I've never heard of a nectar card in "debt". Have you been onto their fraud team / support? Do they know if it was a local Argos?
Yeah could a nectar card go into deficit? If the points aren't there they can't be spent.
Anyway -> https://www.nectar.com/contact-us
Have you got the right cards still? I have heard of less than honest checkout workers quietly swapping cards with any they see with a particularly high balance. Whether it’s an urban legend, I’m not sure.
That sounds like the sorta twaddle that circulates on Facebook and almost certainly never happened in real life.
How can you be in debt for a none credit system? You can only spend what is on there.
We've been on to support and the account is now suspended. We should get a new one and they will restore the balance.
The fact that it's gone into debt probably means something malicious is going on. Someone may have access at a system level
Different systems? Could be an inside job where someone knows that Argos updates at midday and sainsburys at midnight for example. I used to work in gambling so I know all about employees trying to game the system flaws!
How can you be in debt for a none credit system? You can only spend what is on there.
In the early days of UK mobile phone network one of the operators (can't recall with 121?) wasn't able to check your balance when you bought something using an SMS (text XXX to number YYYY to donate £10 to children in need or buy a porn video or whatever).
So you could rack up a massive debt on the SIM and then just discard it....
It could be something like that, exploiting the knowledge of when balances update. I doubt anyone who has access to do anything more would have the need to steal a relatively small amount (I guess they'd be a software dev and be earning enough!).
We have the cards still, so it must be a cloned card. However due to Covid and getting the shopping delivered, the cards have not seen a checkout in years.
My dad had his nectar card swapped in a petrol station… so it does happen!
DrP
Argos is inside sainsbobs now so could be very easy to use it twice in a matter of minutes.
It's a good graft if someone has worked out they have different upload/refresh times.
Not sure how you could clone a nectar card is it on your phone?
My dad had his nectar card swapped in a petrol station… so it does happen!
Swapped or picked the wrong up?
Argos is inside sainsbobs now so could be very easy to use it twice in a matter of minutes.
It’s a good graft if someone has worked out they have different upload/refresh times.
This makes sense, especially with the similar transaction amounts to maximise what they get.
well known that petrol stations are the epicentre of card fraud so doesn't surprise me!! Good reason to have all cards on your phone/watch instead!My dad had his nectar card swapped in a petrol station… so it does happen!
was the old password weak and/or otherwise not unique (i.e. appears on leaks/pwned lists)? Would be the obvious culprit. Assuming yes & your account was compromised, they would have been able to download your barcode - which to all intents is equivalent to them having your physical card - so no surprise that fraudulent activity continued as they would no longer need your password or access to your account to use the card.we thought that the online account could have been compromised (immediately changed password).Then today it got weird.
Not sure how you could clone a nectar card is it on your phone?
It's only a barcode. Plenty of apps to display this and many other barcodes on your phone. If you've access to a card you know has a healthy balance (or have the means to scan many numbers), it's a moment's work to type the number into a loyalty card app.
finbar
Free MemberYou’ll have the nectar baliffs round 😀 (sorry)
They call them the "bees" for short
was the old password weak and/or otherwise not unique (i.e. appears on leaks/pwned lists)?
Very possible, yes. I have previously recommended my wife uses generated unique passwords for everything (apart from email, Facebook and Amazon) and stores them in a password manager. 2FA would also help, not sure Nectar offers this though.
You’ll have the nectar baliffs round 😀 (sorry)
Yeah that could really sting, unless you tell them to buzz off.
@drac
He bought petrol, gave his nectar card to be swiped (which had lots of money on it) and was given back an empty one!
Sleight of hand powah!
DrP
