Undue purchases on behalf of Sky and other companies have been made on the credit cards of the Nubank: there are several reports of transactions on behalf of the operator, or a cosmetics brand, or a clothing store, Tecnoblog. This is in addition to payments made to a person called “Katia”, which also affect customers in the Itaucard and Credicard.
Itaú and Nubank deny having suffered a leak; the cloning may have occurred due to a security breach in physical stores or online.
Itaucard and Credicard have undue purchases
THE Tecnoblog uniquely revealed that Nubank’s customers have been the target of undue transactions for one “Katia”. Our readers claim that this is not limited to fintech: Itaucard and Credicard credit cards are also targeted.
“For more than a month, they’ve been giving this same blow to my wife’s Itaucard, even with the card canceled,” says Sidnei Campos at TB Comunidade. “My Itaú Mastercard card was the target of this in the amount of R $ 5 and R $ 81 of this Katia”, warns a reader. “This happened to me at Credicard … my purchase was one in the morning,” says another on Twitter. We found about ten similar reports.
In a statement to the Tecnoblog, Itaú explains that “the transactions involving the mentioned establishment were carried out in a digital environment using data from the customer’s card”.
In positioning, Itaú regrets what happened and guarantees that it has not experienced any security vulnerability or suffered a data leak. “The bank has monitoring systems to detect situations of attempted fraud and, in the case in question, adopted all the appropriate measures to protect and protect customers,” says the note.
Sky is mentioned in improper purchases on Nubank
There are other fraudulent attempts to purchase credit, both on the physical and on the virtual card, and many of them involve Nubank customers. For example, we have cases with the name of the operator Sky: improper transactions of this type have been mentioned continuously on Twitter and the NuCommunity itself since at least May 2019. These are high value purchases, ranging from R $ 200 to R $ 600, often in installments.
A user explained this week on Twitter that Sky was charged $ 500, plus $ 400 on his mother’s bill; Nubank blocked and sent new cards. Last Thursday (2), another customer suffered an improper transaction of R $ 622.82 on behalf of the operator.
There are more recent cases of cloning, and a search on the social network also reveals fraud involving Sky’s name over the past few months. “I just had an improper charge of SkyApp on my Nubank card in the amount of R $ 643.13; I don’t have a Sky account, much less authorize this charge ”, complained one user in May this year. “I received a purchase notification at Sky, I was shocked because I didn’t buy anything,” said one user in April.
In a statement, Nubank reinforces that “the reported cases of purchases not recognized in the establishments in question do not originate in the company”. Fintech guarantees that its security structure “remains protected and no data was obtained directly from our base or by leak”.
Questioned by Tecnoblog, Sky says it does not comment on the matter.
Cosmetics shop points out fraud in transactions
The improper transactions also mention other companies. For example, a user explains on Twitter that Nubank authorized a purchase in the amount of R $ 7.67 on behalf of a cosmetics brand: “I have not used the card for days awaiting the closing of my invoice… the no-approval process was approved recognition of purchases, and now I have no physical card until reissue and shipping ”.
THE Tecnoblog found about ten similar and recent cases, all involving the same name as the cosmetics brand, and almost all related to Nubank credit cards – the exception is an attempt at an Itaucard.
“This is a fraud”, guarantees the cosmetics company to the Tecnoblog. “The fraud was easily identified because the lowest value product on our website is R $ 29.90 plus shipping; and because our collections are made by Cielo / Rede, and the fraudster is using another collection solution. ” She was unable to say which payment service was used by the scammers.
Clothing store pronounces after complaints on Reclame Aqui
There is also a clothing store whose name has been involved in improper transactions; the scams appear to have started on June 25. In one, “a charge of R $ 1.06 appeared in a store that I didn’t even know existed on my Nubank card”, explains a customer on Twitter.
This generated several complaints for the company in Reclame Aqui. “Today I received an email from Nubank saying that they identified a suspicious transaction on my card through your store … but I never heard of that store until today,” says one of the reports. “A purchase was made with my credit card at this store without my knowledge,” says another.
The irritation was so great that the store published a statement on Facebook: “we have no relation to the charges… Our CNPJ is not present in any of the charges and none of the people who came to us were customers! Our account has no record of the amounts. None of those affected were customers or knew about our store ”.
Nubank explains to Tecnoblog which has risk detection systems to deny purchases at suspicious establishments and automatically block the card. In some cases, the transactions have been confirmed, but fintech says that “it is already adopting the appropriate measures”.
If the customer has any unrecognized purchase, the recommendation is to start the contestation process through the application, or through the call center (chat and telephone, 24 hours a day). “Upon completion of the review, we will notify the customer of this, including granting a refund, if applicable,” says Nubank.
Card cloning can occur in physical stores and online
Fabio Assolini, senior security analyst at Kaspersky, explains to the Tecnoblog that card cloning can affect a considerable number of customers of the same issuer, flag or bank; however, the financial institution is often not to blame.
For example, affected customers may have purchased from an online store infected with a web skimmer, malicious code that collects the card number when it is entered at the end of the purchase. “This happens when the criminal compromises the e-commerce site and adds malicious scripts, often abusing legitimate services like Google Analytics,” says Assolini.
Another possibility is that customers made purchases at the same physical store, whose systems may be infected with PoS (point of sale) malware that captures card data. “Prilex is a Brazilian malware that can infect points of sale and make these collections, even affecting cards with chip and PIN”, notes the researcher.
The security breach may also be on the customer’s own PC or cell phone. “Today, malicious apps like BRata and Basbanke can not only collect card numbers, but also credentials for accessing internet banking,” says Assolini.
He notes that, in these three forms of cloning, the card issuer is not responsible for the security breach. “Often the anti-fraud teams, by correlating data, can identify the origin of the number of cards”, says the researcher, “but this data is rarely informed by them, for reasons of confidentiality”.