UK Issuing Bank blocked Debit Card. Said card was used fraudulently on ecommerce website. How can this happen?
I was using my UK bank account debit card in India, to buy few flight tickets for my inter city travel. Using my own laptop, in a co-working space.
Website used : makemytrip.com -- is one of the top Indian online travel companies.
First transaction worked fine. I had few more tickets to book. Second transaction failed, saying bank could not process this request. Tried again. got the same error message.
Soon Got a call from my UK banks anti fraud team, saying my card is blocked and canceled as a transaction attempt was made on Indian e-commerce website Jabong for a total of INR 52,000. I have not done any such transaction. Jabong is a good website; leading e-commerce in India.
They said there were two failed attempts on makemytrip.com; Failure reason was incorrect information entered. I was sure I entered correct information on the failed transactions. During this process of failed transactions; someone hacked my card details and used it maliciously on Jabong website.
The Bank could not give me more details as they are not authorized to give more information
I want to know how this is possible from a technical point of view.
Website was not a phishing website.
I was on https. Antivirus McAfee running with all updates.
My doubts are chrome extensions or other open tabs? wifi network?
How is this possible? Is there a possibility that my bank just canceled because transactions were from India? But if then how did they specify amount of the fraud transaction and e-commerce website it was tried on.
Should this question be asked in another place?
ThankYou
EDIT:
The amount i was making on the makemytrip app was not equivalent to the fraud amount. fraud amount was 5 times higher .
(2)2 Comments
Sorted by latest first Latest Oldest Best
My doubts are chrome extensions or other open tabs? wifi network?
How is this possible?
It could be due to a malicious chrome extension. This could have intercepted the card details and sent it to hacker; he would have then used it to make the purchases on Jabong website. WiFi looks less likely but possible.
Is there a possibility that my bank just canceled because transactions were from India? But if then how did they specify amount of the fraud transaction and e-commerce website it was tried on.
It is possible; but unlikely. Banks do monitor the transactions and flag any irregular behavior. More so as the Bank mentioned the fraudulent use on other site.
makemytrip.com is a joke, even though it looks professional. I wouldn't be in the slightest surprised if, per se, someone/everyone inside it was having a peek.
setting that aside,
yes, the simplest explanation is that
of course nobody "hacked! your wifi!" or similar, and
regarding the "facts" your card company generously offered you, it's simply the case that makemytrip is hooked up with Jabong somehow, hence the confusion, and,
as you know,
it's utterly normal that banks "cancel credit cards" because, basically, you "used the card in India" (or some other shocking! bizarre! region){1}
you are probably aware that in India, very little processing is done "in house" by web sites, there's always some involvement of SBI, Axis / whatever, which endlessly confuses matters
and my contribution to this "simplest explanation" is:
you have mixed up the amounts somehow; it was indeed actually the same/similar amount to what you actually spent
that being said,
Very surprisingly it does seem to be the case that hackers can grab card numbers. I can only see this as being part of some sort of inside situation. I have buildings full of folks to keep my stupid MacBook safe, but the other day, sure enough, someone in Brazil tried to charge 50 cents on one of my cards (a USA card .. Visa), so they promptly (and thankfully) cancelled it. (Astonishingly, they got me a new one, the next morning by 9am via Fedex - no charge!)
I'm sort of in the same camp as you
it does seem to happen
I just can't fathom how it happens. Explanations like "EM keystroke loggers!!!!" are just silly. Most people like yourself and even me are immune to genuine, "!!!hacker!!!" stuff like MITM, actual viruses, wifi snopping and so on. I really think lots of cards get looky-looked at by processors, subprocessors, contractors and so on. There's no other simple explanation for how this can happen.
Unfortunately the folks on security.stackexchange (while normally worthy) won't have a clue and will in this case just blether about EM keystroke loggers etc. But you should also ask there for sure.
{1} .. I had a funny on the other day where i used a US card on a UK (how bizarre!) government (omg! shocking!) web site and Mastercard called in a blind panic to see what was going on. I was only barely able to convince 'em not to cancel!
Terms of Use Privacy policy Contact About Cancellation policy © freshhoot.com2026 All Rights reserved.