Lets cut to the chase: if you notice anything at all suspicious in your bank records, phone the bank! Don’t give up on the hold queue because you have other things to do, which is exactly what I did on Friday.
Apparently, sometime in the last few weeks, someone got ahold of either the card-numbers for my debit card or the account numbers for the bank account it’s linked to. I’m not 100% sure how this happened, because I haven’t used my card to pay for anything in a shop since I got to Belgium. I’ve only used it online and at cash machines, which narrows the cause down to malware, a hacked website or a card-cloning device attached to an ATM.
I only use three different ATM machines here, because not all of the banks will deal with my debit card. One of the machines is in the Parliament itself while the other two are in the city centre and near my flat. While I know what I card cloner looks like in the UK, I probably wouldn’t notice one here because most of the cash machines look completely different from the ones at home.
What I find more likely is that my numbers were stolen via an online transaction. In the last few weeks, I’ve made purchases from the Steam service, iTunes, the EU’s publisher and RyanAir. My iTunes and RyanAir purchases were made on my Mac from home, using a wired connection. I’ve seen no evidence of malware or other exploits on my computer or that any of the other services which I use (such as my email account) have been hacked.
The Steam purchase should have been pretty secure, since it uses a dedicated client and encrypted security. It’s also a large and reputable service. However, I did make it from the Windows 7 installation on my computer, which probably isn’t as secure as it should be (mostly due to the fact that I only use it for playing videogames on).
The purchase which I’m most suspicious of is the one from the EU publisher. I made it in work, on a Windows XP based machine. The Parliament does have security in place, but it’s not unknown for large institutions to be targeted by cyber-criminals. I’m also not sure that the payment details for the book I bought (The Consolidated Treaties of the EU since you asked) were sent through a fully encrypted channel, which means they could have been intercepted.
There are a hundred and one other methods which could have been used. Anything from a hardware key-logger to someone pilfering details from a company which I’ve bought from. Whoever it was and however it was done, I suspect that Bank of Scotland’s fraud office won’t be able to catch them. With luck, they’ll at least be able to get my money back.
The immediate problem for me is that I have no money to get to Charleroi so I can fly back to Scotland on Tuesday. I’ll also be rather hungry by the time the plane lands on Tuesday night, since I was planning to go shopping today. The bank have sent a new card to my home address, but that’s in Scotland and won’t arrive for a few days. So, I’ll be paying a visit to the British Consulate in the hope of getting a crisis loan. The downside to this is that it requires surrendering my passport in exchange for emergency travel papers until the loan is repaid, which could cause issues when I try to get back into Belgium.
We’ll see what happens though. C’est la Vie.