Fraudulent Charge on Credit Card - possible Contabo breach (TBD)
-
@timconsidine I'm tying up some loose ends and rethinking my security measures like using a unique email for all services. CR 7.3 came out at the right time. I'm going to take advantage of the wildcard/alias feature and organize services by category*alias@domain.com.
The Contabo plan isn't the default amount since I have signed up for that server with a promotion and have extra storage added which adds a few more bucks to the bill. I also don't have the usual US-location fee added so the amount isn't common.
I've went through my card purchase history for the last year or so and compiled a loooooong list of vendors, some of which I need to change the card details for their recurring charges.
Like you've said though, I'll probably go nuts before I find the culprit. It's a good wake up call though for evaluating my tech stack and security measures.
-
@humptydumpty This is why I never use a card I rely on for other things. All my hosting-related costs (everything on the internet in fact) go on Revolut, that way I never need to worry about cards being cancelled and I know for sure where the problem originates from.
-
If you are in the US, I suggest Privacy.com for virtual payment cards.
If you are in Europe, I think Revolut has virtual cards as well.
-
@privsec said in Fraudulent Charge on Credit Card - possible Contabo breach (TBD):
If you are in Europe, I think Revolut has virtual cards as well.
They do, it's great.
With Revolut can create a one-time use set of card details which are automatically replaced as soon as they are used (and of course a notification is sent informing you they've just been used too).
I use them for doing things like giving Z Library money because I've no real idea who they are.
Here's my referral link if you want to sign-up:
-
@jdaviescoates +1 for Revolut.
Very useful when travelling in Europe (and presumably elsewhere) to reduce bank charges and improve currency conversion rates.
You still suffer, just less than you would with a high street bank.Just one word of caution : Revolut doesn't yet have a full UK banking licence, so don't put our life's savings with them.
Just in case.
Bank of England doesn't like their exposure to crypto.
And Revolut's management move too fast for BoE's liking!
But for transactional stuff and a front-end to protect your real account, Revolut are great.Also worth mentioning WISE (formerly TransferWise) : similar facilities, and possibly better than Revolut on currency rates and international payments (and GBP too).
-
@timconsidine Whoa, neat, ill have to look into them
-
I'm in the US so I'm not sure if Revolut would work for me (without a foreign transaction fee that is). I do use Privacy.com but it's for debit only, no credit cards. Anyone know of virtual cards for credit cards specifically?
-
@timconsidine said in Fraudulent Charge on Credit Card - possible Contabo breach (TBD):
Also worth mentioning WISE (formerly TransferWise) : similar facilities, and possibly better than Revolut on currency rates and international payments (and GBP too).
Yes, I'll second that..
Wise are very useful worldwide. Here's an invite link. -
Check out divvy pay, maybe what your looking for
-
@timconsidine said in Fraudulent Charge on Credit Card - possible Contabo breach (TBD):
Also worth mentioning WISE (formerly TransferWise) : similar facilities, and possibly better than Revolut on currency rates and international payments (and GBP too).
Yeah, I use Wise for all the things you mentioned Revolut is good for (for which it is even better).
Literally the only thing I use Revolut for is their one time card details. If Wise did those too I'd ditch Revolut.
Here's my Wise referral link!
-
@timconsidine said in Fraudulent Charge on Credit Card - possible Contabo breach (TBD):
Just one word of caution : Revolut doesn't yet have a full UK banking licence, so don't put our life's savings with them.
They don't have any licence. The money you hold with them is still protected under FSCS as they use UK banks to hold the money who do have a licence.
They are completely safe up to the FSCS limit.
Not really a problem as their overall service is very limited until they get a licence. Early next year hopefully.
-
@LeeW said in Fraudulent Charge on Credit Card - possible Contabo breach (TBD):
The money you hold with them is still protected under FSCS as they use UK banks to hold the money who do have a licence.
Kind of.
https://www.revolut.com/how-we-keep-your-money-safe/ explictly states "not FSCS"
https://www.revolut.com/legal/savings-vaults/ says:
"Your normal Revolut accounts (which are e-money accounts you hold with us) are not covered by the Scheme, but are āsafeguardedā. This means that whenever money is moved from your Savings Vault back to your normal Revolut account, it stops being protected by the FSCS, but is safeguarded instead."
and https://www.revolut.com/legal/terms/ says:
"8. How is my money protected?
"When we become aware of a payment for your account, or you add money to it, we issue the equivalent value of e-money to your account immediately.
"When we receive that payment or the money you add, we quickly either:
- place it into one of the dedicated client money bank accounts that we hold with large commercial or central banks (client money accounts keep your money separated from our own money, and the types of banks we can use are set by regulations); or
- invest it in low-risk assets that have been approved by our regulator, which are also kept in dedicated client accounts with financial institutions.
"We call this "safeguarding".
"The time at which we receive a payment for you or receive the money you add depends how we receive it:
- We only become aware of inbound bank transfers when they arrive in our bank account. When we receive these transfers, we issue the e-money to your account straight away.
- When you add money on the Revolut app (for example, by using your stored card, Apple or Google pay, or some other payment methods), we know the payment is coming before we actually receive it, so we issue the e-money to your account straight away. However, we donāt safeguard the money for these payments until we actually receive it. If itās been more than five business days since we issued you the e-money but the payment still hasn't arrived, we safeguard the money for you, using our own money, anyway.
"A business day is a day other than a weekend or bank holiday in England.
"We keep safeguarding your money until you pay it out. This happens when you spend or withdraw it using your Revolut card, send it to another bank account or Revolut user, or spend it in any other way.
"What would happen in an insolvency?
"Safeguarding helps protect you if we were to become insolvent. If that were to happen, you (and all our other customers) would be paid out your e-money balances from our client money bank accounts. This process would be handled by an insolvency practitioner, not by us. However, safeguarding regulations make sure that once any costs related to an insolvency are paid out you will be paid from our client money accounts before anyone else.
"The money in your account isn't covered by the Financial Services Compensation Scheme (because itās safeguarded instead)."
-
@LeeW said in Fraudulent Charge on Credit Card - possible Contabo breach (TBD):
Early next year hopefully.
From Telegraph in Sep 2022 (https://www.telegraph.co.uk/business/2022/09/08/revolut-does-not-deserve-banking-licence/) :
Instead of wondering why Revolut hasn't been granted a licence, the question may need rephrasing: will it ever get one?
Their involvement in crypto is a big unresolved issue.
I can't see BoE taking the risk. Despite what their founder says.Doesn't stop me being a fan of them for certain situations.
-
I use them for small but regular transactions, internet, travel and so on. I would never use them, Monzo, Starling or other online FI with my income or savings.
Revolut has a clear purpose for most, it is not their main banking account.
-
@LeeW said in Fraudulent Charge on Credit Card - possible Contabo breach (TBD):
Starling
Starling Bank is a fully licensed and regulated bank so isn't really in the same camp as Revolut.
IMHO they are the best business current account provider in the UK (in terms of a balance of ethics and value - Triodos more ethical but often not open to new applications and they charge fees for doing almost anything), unless you're a business that isn't a Company but is instead a Society or other legal structure as only companies can use Starling (I think just because their automatic ID checks check stuff on the Companies House register which they can't check for other entities).
For non-companies I recommended Unity Trust Bank
Anyways, Starling will plant a tree if you switch using this link:
https://www.starlingbank.com/referral/?code=zw8QLn
PS Monzo is also a fully licensed and regulated bank, but not as ethical as Starling (despite Ethical Consumer giving them the same overall rating), see
https://www.ethicalconsumer.org/sites/default/files/flipbook/Issue186/16/
-
It would also be nice if Revolut would do a joint account, I am guessing their limited offering is due to what they can do without a full licence.
I do have Monzo and Starling, there are differences, but overall I just prefer Revolut for what I need it for.
But in any event and back on topic. Just don't use your regular accounts to make purchases on the internet when it comes to hosting and other services. Many get by without incident but you appreciate it when it does happen and the impact is next to nothing.
-
Today at 12:54āÆPM I received a text and email from my bank Dear Customer, PKR 64,904.92 ($210) has been debited at 17:49 on 01-Jan-24 about the purchase that I had not made. I contacted the bank to be canceled this transaction but my Bank Meezan Bank is very bad they did not care about it . I logged into my bank and changed my login credentials for safe measure and blocked my Card. The reason why I suspect Contabo has been breached is because of the following:
1- The Debit card I got charged on is the same I use for my Contabo plan.
2- The fraud charge is $210 while my Contabo monthly plan is $8.49.
3- Both charges occurred within 3 hours of each other (the fraud charge happened before the legit Contabo one, hoping I'd approve it without checking twice).
4- The fraud charge happened I contacted Contabo but they changed my Email Account on my Contabo Account and also password. It is obvious that Contabo intentionally did this Fraud transaction by itself. They even not responding and replied me that they can't help. Soon after this fraudulent transaction I got another email from contabo that The e-mail address of your account was changed successfully.
If you did not perform this change please contact our support team immediately!
Best regards,
Contabo support team
but they have not motioned new email address also they have not responded me yet. It means all the things were done intentionally by the Contabo Team. They are fraud People. Please be aware before you add your card on Contabo. They are 100% Fraud.Is anyone else in the same boat? Check your credit cards!
-
@usmanmalik thanks for your comment, but it's best if you post this in Contabo forums . Just rechecking in case there is a confusion, this is the Cloudron forum which is totally separate and has no relationship with Contabo .