Home » Claims and lawsuits

No time to explain, block the card! Four ways to withdraw your money without SMS confirmation


The short answer to the question, is it possible to steal money from a card account, knowing only the card number of Sberbank or any other bank - NO, this cannot be done. It would be too naive to believe that the entire huge card payment industry will rely only on its number to authorize a bank card transaction. This cannot be done even if you know the card account number (remember that the account number and the card itself are different concepts), unless, of course, you are an insider (a bank employee) who has access to the accounts of his clients.

Can scammers withdraw money using only a card number?

No, knowing only the card number, they cannot. For online purchases, in addition to the number, you need at least the name of the owner and the expiration date of the card - most sites also require a back code and a one-time password. If the holder’s name can be found out in the Internet bank by making a transfer using the card number, then the expiration date will have to be selected, and passwords are generally impossible to find unless you tell them yourself.

However, knowing the card number and phone number, an attacker can call you, posing as a bank employee and mislead you.

What data is needed for payments and transactions

When the question arises about what can be done if you know your bank card number, people often exaggerate the scale of the disaster. Not everyone understands that the number is only part of the mandatory details required for any operation. Therefore, if you only have a number, it is impossible to withdraw money. This is deception and fiction.

What data will be required for any operation:

Read also:  How and to whom to complain about a minibus or bus driver
  • number;
  • security code or CVV2/CVC2 (the code is indicated on the back of the card);
  • validity.

To identify the user, you need to confirm the operation by phone number and enter the security code. Without a password, most banks will not process transactions.

Therefore, it is impossible to make a payment knowing only one detail. This is a clear answer.

Can money be stolen from a contactless card?

If a contactless card ends up in the hands of fraudsters, then yes, they can. More precisely, not to steal, but to pay for several purchases with it up to 1 thousand rubles each in retail stores. Also, all the fraud schemes described above work with contactless cards, except for data theft through ATMs, if you do not insert a card reader.

There is a rumor on the Internet that money can be stolen from cards with NFC technology by touching the terminal to a bag or pocket, for example, in public transport. Technically, this is very difficult to do, since the distance between the card and the terminal should be no more than 4 cm, and the attacker will only have a few seconds to complete the write-off procedure while the device is active.

Tips for protecting your money from scammers

  • If one of the strangers wants to transfer money to you, do not give the card number - it is better to give the mobile phone number to which the card you need is linked. This way you will receive the money if the buyer is real, and you will remain completely safe;
  • Under no circumstances leave data such as card photos (either from the front or the back), passport photos, etc. in the public domain. This cannot be posted on bulletin boards, on a social network page, or anywhere else;
  • Always be careful on the Internet. Before entering important data into the special input fields, look at the site address - if it differs from the real address, then this is the so-called “phishing”. In this case, your data will fall directly into the hands of scammers. An example of a fake website address: sderdank.ru instead of sberbank.ru;
  • Do not use ATMs and terminals located on the streets or in other poorly monitored places. Very often, criminals install special skimming devices in such ATMs, with the help of which they read the magnetic strip of the card and its other data. Then a plastic duplicate is made, which can be used to pay even in a regular Pyaterochka store;
  • If it does happen that the data falls into the wrong hands, don’t be lazy and block the card right away. Moreover, it is better to do this by phone in order to save time on going to the bank office (read about this, for example, in this article). You'll lose time, but save all your money.

Is it possible to return money withdrawn from a card to fraudsters?

If fraudsters have withdrawn money from your card, the first thing you need to do is block it. Next, you need to write a statement to the bank about disagreement with the latest transactions. If you do this in the first hours, the chances of a return will increase. It is also necessary to write a statement to the police.

Whether the bank will return the money stolen from the card depends on how exactly it was stolen. If you yourself transferred the information to third parties, then the probability is extremely low - the service agreement stipulates that the credit institution is not responsible in such cases. All you have to do is try to resolve the issue through the court and prove that you were misled, for example, by calling from the official bank number.

Reference : according to information from the Central Bank website, banks reimbursed 935 million rubles for 2021 - 15%, or every 7th stolen ruble.

Rumors say otherwise

Despite the real facts, there are many rumors that all the money was withdrawn using just the number. This is especially true for the Sberbank card. People often write and ask what can be done if they know the Sberbank card number.

Truth or lie? A lie, people often do not realize or do not tell the truth. Practice shows that cardholders independently help fraudsters. They not only provide them with the card number, but also dictate a code that is sent to the phone. After all, they believe that they are not disclosing any confidential information. They simply tell you the SMS password (frequent situations when selling goods on special sites).

The answer to the question is in the story itself. It is impossible to steal money if you know the number. This can be done if you have a number and a mobile phone. They often call older people or low-income people, informing them of social support for citizens. They ask you to provide card details for crediting funds. Afterwards you just need to confirm the transfer.

How to protect yourself

To avoid scammers, follow a few rules:

  1. Don’t tell anyone your card details, especially if they call from the bank - real employees already have all the necessary information.
  2. Don't send money to strangers. If friends ask for a loan, make sure it’s really them.
  3. Attackers can manage money on your card through mobile banking if they gain access to the phone that is linked to it. Therefore, when changing a SIM card or losing your phone, be sure to disconnect your mobile bank from your old number.
  4. To receive a transfer, instead of a card number, indicate the phone number associated with it.
  5. Get a virtual card for online purchases. Transfer to it exactly the amount necessary for payment.
  6. Set limits on all cards.
  7. Do not download unknown applications or click on dubious links.
  8. Connect your card to the Secure Code service.
  9. When entering your PIN code at an ATM or at a cash register, cover the keyboard with your hand - attackers will not be able to steal funds from your card without a PIN code and SMS confirmation unless you transfer the money to them yourself.

If you enter personal data, for example, login and password for your personal online banking account, make sure that the website address is correct.

No time to explain, block the card! Four ways to withdraw your money without SMS confirmation

A third of Russians under the age of 25 constantly use contactless payments, and 2% of the country’s citizens have abandoned cash altogether, according to data from the Levada Center. The card is convenient for paying at grocery stores and in transport; it can be linked to media services and taxis, and you can schedule utility payments. But there is also a flip side to the coin. Artem Trofimov, a card security specialist at the Tochka bank for entrepreneurs, told 66.RU about it.

Read also:  Complaint about unfair competition to the FAS: sample application

How can money be stolen?

In the banking industry there is the concept of a “compromised card”. This is a card whose full number, CVV2 or CVC2 code and other data have become publicly available or fallen into the hands of fraudsters. This data may be enough for the bank to provide access to your money. It is almost impossible to know that a card has been compromised until it has been used without your knowledge.

How can this happen? If the fraudster knows the card number and CVV2 or CVC2, he is able to make transactions in Internet services that do not support or intentionally do not use 3D-Secure technology. Simply put, they don’t send you a one-time password to confirm that the cardholder is paying for the purchase and not someone else.

Whether or not to verify the buyer's identity using 3D-Secure is decided by the online merchant, not the bank that issued the card. Some companies deliberately conduct part of their operations without this technology in order to make shopping easier for customers.

The AliExpress online store deliberately abandoned 3D-Secure. The first few transactions there will be confirmed with a one-time code. When the store is convinced that the account is not fraudulent, you will be allowed to make transactions without 3D-Secure, so that the buyer does not make unnecessary movements and does not change his mind after he receives an SMS with a password to confirm the transaction. Thus, AliExpress independently decides when to use 3D-Secure and when not to.

AliExpress is just an example of how you can pay for purchases without 3D-Secure, and not a place where people actually steal. Almost no money is stolen through it.

Aggregators Uber and Yandex.Taxi also do not use 3D-Secure. We at Tochka do not see a surge in fraud at Uber; in my opinion, these are one-time cases in other banks. The scheme by which scammers withdraw money through the service may look like this. Thieves link the stolen details - card number and code - to the passenger's profile. Then they create a virtual profile of a taxi driver and “pay” for his services with a stolen card, that is, they simulate trips, and then receive compensation in real money.

Main news on the topic

Fraudsters are stealing money from bank customers via Uber. Even those who do not use taxis are under threat of bills

Examples from Habr:

1. Fraudsters register real estate on Booking.com or Airbnb, it doesn’t matter whether it exists, and “book” it with themselves, paying for the purchase using the victim’s stolen number and card code. The booking service transfers money to the scammers’ account. 2. You can receive other people's funds through food delivery services. Cyberthieves register a business or negotiate with the owner of a cafe that works with delivery services, and pay for orders with the victim’s card. The courier, who suspects nothing, fulfills the request, and then the dishes are returned back to the catering. And so on in a circle.


Photo: Archive 66.RU

Fraudsters want to get money from the card, and not pay for services using stolen data. Moreover, Booking.com and Airbnb will require an identification document for such payment. Therefore, finding someone who lived at someone else’s expense will not be difficult.

How to protect your data?

Treat your card details with care and try not to compromise them. First, use contactless payment through Apple Pay, Google Pay, Samsung Pay and other services. They change the details of the plastic card to virtual ones - a token. Tokens help protect details from third parties. Even if the token information is found out, it will be useless because every transaction uses encrypted dynamic data. The use of the same tokens for online payments using EMV® Secure Remote Commerce technology is not far off.

Here are several ways to compromise card data:

  • Keep your bank card visible, for example, on your desk. Or store it in your wallet along with your PIN code.
  • Show off a card with an unusual design on social networks and publish a photo of it.
  • Pay for a purchase on an unverified fake resource. Before entering details, check the store details, contact the seller, read reviews on the Internet, call the specified phone number and check through 2GIS, Yandex.Maps or another service what kind of organizations are located at the physical address of the store.
  • Pay for delivery of goods by letter from the “seller”. If you have agreed on a purchase and the seller has sent a link to the delivery site, carefully study the address of the page where you went, find the delivery phone number through the search engine and check with the employee that the address is correct. Cyberthieves use duplicate sites that are very similar to the original ones, where payment for delivery or purchase is a transfer from card to card, nothing more.
  • Provide the card number and code to the bank's security service. If they call you from the bank, address you by name, mention your latest transactions and assure you that your account is at risk, don’t believe it. Hang up, think for five minutes, remember the news about defrauded clients and call back the customer service number indicated on the back of the bank card. You need to enter the numbers yourself.
  • Share card details with other people.

If you suspect that the card is compromised, immediately block it by calling or writing to the bank. After this, no one will be able to spend money from the account, even if they know the PIN code, CVV2 and other data.

What to do if money is stolen?

Report this to the bank immediately. Then you are more likely to be able to challenge fraudulent transactions, especially when 3D-Secure was not used. This is an advantage of cards compared to cash, which thieves are unlikely to return to you.

Read also:  Order of the Ministry of Health and Social Development of the Russian Federation (Ministry of Health and Social Development of Russia) dated March 9, 2011 N 175n, Moscow “On approval of the Administrative Regulations of the Federal

Even if you fail to challenge the purchase or transfer, it is possible to freeze your money in the scammers’ accounts in order to later return it at the request of law enforcement officers.

The editors of 66.RU would like to thank the Tochka bank for entrepreneurs for their assistance in preparing the material.

How to avoid falling for scammers?

Few people think about this, but there is one simple rule to avoid being scammed on the phone: do not answer questions from strangers calling and do not give in to provocations.

It is very important to distinguish between incoming and outgoing conversations with the bank. If you called the bank yourself, then as a rule they will not ask you for unnecessary information. Using your internal number and the CRM system (customer accounting software), a real bank employee will immediately see your basic data: last name, first name, patronymic, date of birth, code word and other additional information.

But the bank, in turn, will have to give a code word to make sure that you are who you say you are. Otherwise, you may be refused further conversation if you cannot prove your identity.

Don't let your guard down

Telephone scam by scammer

A call from a scammer can come at any time. They may call you when you are sleepy (early call), sick or drunk.

In this case, even if you do not suspect deception, it is recommended to limit communication - hang up or ask to call back later. If you are sure that you are ready to communicate, then you need to listen carefully to the interlocutor calling from an unfamiliar number. And at the same time, do not provide him with any information about your bank card and personal account.

If your Sberbank card receives a transfer from an unknown person

After receiving one or more payments from people unknown to you, you will receive a call approximately according to the following plan:

Sorry, my husband/wife, we mistakenly transferred money to the card using your phone number. Please send it back and I will tell you your card or phone number.

Here - attention, STOP! You can only see payment information such as:

  • Amount in rubles;
  • Name;
  • Surname;
  • First letter of last name.

But the scammer will tell you not the card or phone number where the money came from, but another one.

The money credited most likely has a criminal origin, for example: advance payment fraud, sale of something prohibited, and much more. And in this case, you become a chain of a criminal transaction, without suspecting anything.

If you transfer this money to the person who called you, then the person who sent it to you, through a bank or court, may demand these funds back from you.

What you need to know to withdraw money from a card

To withdraw money, simply insert the device into the ATM and enter the password. To carry out such an operation via the Internet, you will need to enter the owner’s first and last name, as well as an identification code, usually consisting of 3 digits located on the back of the plastic, into the window that opens. First and last names are entered in English.

Transferring money from someone else's account will require its owner to communicate to a third party the following information:

  • card numbers;
  • card validity period;
  • Bank details.

No other additional information is required. The information provided is quite sufficient, but, as it turned out, it is extremely undesirable to disclose it to anyone.

What you need to know when paying individuals from card to card

To transfer money to another person

Bank Otkritie [mortgage][sale]

When paying to an individual via the Internet or mobile application, you do not need to provide any of your card details. All you need is the phone number of the person to whom you are going to transfer money, or the recipient's card number.

To get you money

It's the other way around here. If your phone number is linked to a bank card, then only that is enough. If it is not linked or there are two or three cards on the number, and you want to receive funds for a specific one, then indicate only the card number, consisting of 16 digits. AND THAT'S ALL!

Smartphone security

Even if access to the phone is blocked, but notifications can be opened, or worse, they are completely visible on the screen, you should reconfigure this function so that sensitive information is not accessible. Otherwise, locking the screen makes no sense.

Cheating on the phone

Most often, scammers use phone calls. With their help, they psychologically influence their victims, as a result of which they gain access to online banking. How do scammers withdraw money from bank cards using this method? To do this, the following actions are implemented:

  • Initially, the attackers call the selected victim’s phone number;
  • they may pose as buyers if the person has advertisements on any websites on the Internet, and may also claim to be employees of a banking institution;
  • to transfer or protect funds, they allegedly require a one-time code that is sent to the cardholder’s phone number;
  • in fact, fraudsters are trying to gain access to online banking through a computer;
  • if a person is trusting, then he can communicate this confidential information to a complete stranger;
  • at this time, the attacker enters his personal online banking account, which allows him to quickly and easily withdraw all funds to his account.

This method is considered really effective, and usually the scammers are experienced psychologists who win people over, so citizens easily pass on important information to them. To protect yourself from such fraud, it is advisable not to connect to online banking. If a person is worried that he may become a victim of scammers, then he should figure out how to disable the Sberbank Online mobile bank. To do this, you need to contact the PJSC branch with a corresponding application.

The most common victims of fraudsters are Sberbank cardholders. This is due to the fact that a large number of citizens have these payment instruments.

security code on a bank card

Read also:  Complaint.Online: where and how to complain in the Russian Federation

Will money come to a blocked card?

If the card is seized, it is still possible to transfer to a blocked Sberbank card. Because the money will fall into the client’s account itself, available for use. You just need to know its details or the details of the plastic.

You can use your online banking account to transfer funds . Just log in, then go to the appropriate menu item. Here you need to enter the required data into the standard payment form and confirm the transaction. The money will be credited to your account instantly.

You can send money to a third party through a personal visit to a bank branch. The cashier will request the relevant information from the payer (details of the plastic instrument). Upon completion of payment, it is recommended to keep the receipt until confirmation of the transfer of money to the balance.

You can make a transfer in other ways that are supported by the issuing bank. The only difference will be the timing of receipt of money by the recipient.

In what cases can you withdraw funds from a card without a card?

If the client informs the branch that he simply forgot the card at home or does not want to use it for personal reasons, having it in hand, such an explanation will not suit the branch employee and they will refuse to issue funds.

In the following situations, you should prepare for refusal to withdraw funds without a card at Sberbank:

  1. The client showed the card and announced his intention to receive the amount within the daily limit.
  2. The card holder came without a passport and cannot confirm his identity.
  3. The account is frozen and cannot be serviced.
  4. The person reported that he left the card at home.
  5. The manager had doubts about the identity of the person.
  6. After losing or damaging the plastic, a person refuses to write a statement about blocking.

To summarize the situation with the refusal to execute a card withdrawal operation, any deviation from the proposed procedure leads to the impossibility of receiving cash through the branch.

In this case, it remains to use alternative methods of obtaining funds without complying with the strict conditions of the issuer.

Use of malware

These programs can be installed in ATMs or independently downloaded to phones by bank card holders. How do scammers withdraw money from “plastic” using this method? To do this, perform the following steps:

  • if malware is installed on an ATM, then the card details are read by the fraudsters, and they also gain access to the entered PIN code, after which the attackers can use this information if they make a copy of the card;
  • Additionally, scammers can send a link to download a malicious program in an SMS message, so if the cardholder clicks on this link, then software will be installed on his phone that gains access to the mobile bank, after which the necessary information is sent to the scammer;
  • a virus can be installed even as a result of using the Internet on a phone if a person goes to any unreliable and dubious sites.


Is it possible to get a passport without registration: documents and step-by-step instructions for registrationYou may be interested in: Is it possible to get a foreign passport without registration: documents and step-by-step instructions for registration
If a swindler gains access to online banking, then he can withdraw money from all cards belonging to the selected victim.

skimmer for ATM

Advice first!

Insert the card into the payment terminal yourself and enter the PIN code using your hand.

And also a little advice
- to pay via the Internet, it is better to get a separate card and top it up as needed.
Top up this card before every purchase of anything online. This will allow you to avoid additional losses in case of unauthorized access to your card by intruders. And keep your main money on another card.

Recommended debit cards:

  • Alfa Bank.
  • Ural Bank.
  • Raiffeisen Bank.
  • Sberbank.

You can also get a credit card, but do not withdraw money from it, since in this case you will have to overpay the bank in the form of large interest rates. It is only profitable to pay with this card for anything on the Internet.

But remember that even the most reliable security systems do not relieve you of the need to be careful.

Phishing. What is this?

Skimming and phishing are new types of fraud. They are used to obtain data that allows you to use another person’s money on a bank card. Phishing is as follows:

  • scammers create a website that is similar in appearance and interface to some famous and popular online store;
  • then they email potential victims with offers about the possibility of receiving discounts or bonuses;
  • To purchase a product, people enter their bank card information, after which scammers can use this information to illegally withdraw money.

Typically, such sites operate for about two weeks, after which they close. It is almost impossible to find the perpetrators, so even numerous reports to the police do not lead to a refund.

Another method of using phishing is that scammers send SMS messages to victims’ phones that offer various discounts or gifts.

how scammers withdraw money from bank cards

Rating
( 1 rating, average 4 out of 5 )
Did you like the article? Share with friends:
You may also be interested
How to write a police report correctly?
How to return money transferred to a fraudster’s card: step by step
Can scammers withdraw money from a card or phone?
Ozone point of delivery
Ozone does not return money to the card, what should I do?
How to return an erroneous payment to Tele2 via chat
How to return money mistakenly transferred to Beeline?
Does the bank have to notify the seizure?
What to do if the bailiffs blocked your salary card?
Letter to the President of Russia
How to write a letter to Russian President Putin personally: Three main ways
What to do if a police officer violates your rights?
Remember all passwords and PIN codes, do not store information on media
How to return money withdrawn from a Sberbank card by bailiffs?
Photo 2
How long does it take to return goods to Leroy Merlin? Terms and rules
How to return money from Aliexpress if the goods have not arrived and the time has expired
The lawyer took the money and is inactive: what to do and where to complain?
How to get money back for buying an apartment - step-by-step instructions