Some places don’t require a billing address.
Just card number and expiry.
Two of the devices yesterday were tap to pay mobile handset devices, like Android phones.
The other a small square, and the other a bigger square type device.
All these questions and eagerness makes me wonder if you’re the fraudster 
Edit: also, the address back in 2023 would have been different to now, confirming no address details had been used to verify the payment.
I am very interested in this breach since it would be one of the bigger ones in a while, but unless we see AI takeovers of jobs sooner than expected im not (sarcasm obviously)
Seems like that website requires full details though, can you get the CVC via NFC?
CVV is not a requirement for payment, only extra security, you can process without.
Commonly, merchants ask for it for extra security to verify it’s you.
These events are common, worked for 3 banks, it’s a standard day for the fraud departments to deal with this.
Generally just results in a card replacement, there’s no way to prove where it’s come from hence I say you’re only speculating and it’s minor coincidence.
Seems like rangenine does require it though
And they use stripe which pretty heavily enforces the postcode check too
I’m not sure if they can see it, if their machine doesn’t truncate the data on receipts then it’s possible.
It did work with the wrong postcode though, so scratch the billing address idea
that sucks 
I’m pretty sure yours isn’t Lyca related, since they claim to not store CVC
Unless their payment processing script was getting MITMd or someone was reading card details from malware on the server like the Target hack a while back
interesting monzo would’ve let it deduct that money if it was there using a completely random USA billing address
It’s possible it wasn’t checked or requested, solely data capture merchant end.
true, not sure if I was logged into PayPal either since they were using embedded
I didn’t get active card checked
The currency threw me off, your right Canadian
Only trying in common with these seems to be Wordpress and Stripe
We don’t use “inc” as company types here. It’s Ltd or PLC
That should’ve been an obvious giveaway!
Yeah I highly doubt yours was related to Lyca for now @Carlo1460
Another guy just posted the mobility one, he had two virtual cards for just Lyca and both were compromised
I know it’s just speculation, but what more could you see without Lyca coming out and admitting it?
I’ve had my yellow card since it was launched and used it in hundreds of places, so mine could have come from anywhere.
But when you have a virtual card that is only used for Lyca, then that’s a different story.
