Hi there, I have just had that exact same fraud take place on my card late last night of 84.89 pounds from TikTok!!! I’ve never bought off TikTok in my life! The fraudster then tried three more times with the same amount and then a different amount! The first on went off and did not require my authorization but the following ones did and I received the Monzo notification to authorize and this is where I reported the fraud and blocked the card. My question is, will I be refunded that 84.89 pounds that did go off? It is clearly fraud since I am now the second person if not the hundredth person this has happened to? Who knows how many people these guys have tried this with? I see they started with a small amount yesterday of around 2 pounds called Shopatron? I remember looking at this transaction that came through in the middle of the night and wondering what the heck it was? Now I realise they were testing my card!!! This is so scary!
Exactly the same happened to me!
Still waiting to hear back from the fraud team. This must be a Monzo problem?
Same thing happened to my brother. Also last night. Also £84 and £213. Also to tiktok. He doesn’t use tiktok.
Did the fraud team get in touch?
Yeah there’s a trend here. Never used tick tock in my life.
You’ll get it back, try not to worry.
Just heard from a friend the same two transactions were attempted on their Monzo card last night too. (Declined because they haven’t used Monzo for some time so it’s empty).
I’m going to widen the net and ask around. So far it’s just Monzo accounts and only to tiktok from what I’m hearing. That’s alarming.
Is this happening on the primary card, or is it also happening on virtual cards? If we freeze our cards until it is resolved, transactions shouldn’t go through, right?
Also, is the requirement for 3DS not on the bank (instead of the seller)?
There’s nothing to resolve. Card details are compromised everyday for millions of people.
Monzo, I’m sure, are investigating. Hopefully once the issue has been resolved they’ll be able to blog transparently about it as they did with the Ticketmaster breach.
You can’t know that, there may be. While the forum sample is still statistically small, if there are other Monzo customers and the compromise is only from TikTok, and there is no 3DS confirmation (which I would expect from any new large transaction), there may be something to look at internally instead of looking at the usual people factor.
Depends if there’s been a breach. And if there has who was breached and to what scale. Worst case scenario, cards are gonna need to be cancelled and reissued like what happened when PlayStation were hacked (a decade ago?).
It’s being picked up on my circles and a few folks are investigating it now.
My intuition says someone somewhere’s been breached, and that it’s not the case of users themselves being targeted.
IIRC it is up to the merchant to implement 3DS, not Monzo. So if the merchant doesn’t call for it, Monzo can’t ‘force’ a 3DS authorisation.
So you think every Monzo customer should freeze their cards just in case?
If that’s the advice, everyone should be doing that every day anyway.
3DS is on the merchant, not Monzo.
Well, I did put it in the form of a question. Yes I think if the probability is not insignificant that there is some sort of attack currently ongoing that only affects Monzo cards with TikTok and no 3DS, this might be good advice, and I was asking other people’s opinions.
It’s not everyday you get a targeted attack at a specific bank’s customers.
Again, I’m not saying this is what’s happening, and it may well be the most likely case is a few people had their cards compromised with TikTok at the same time and they all happened to be Monzo customers. Maybe there are more customers of other banks and it’s a TikTok problem, can’t tell.
But I don’t think it’s helpful to dismiss it outright as people’s cards compromised, nothing to see here.
I’ve never used tick tock and there were two more attempted transactions made one my card was frozen.
Absolutely no basis to this whatsoever. People got charged, nothing says it’s just Monzo, 3DS isn’t law. It saying TikTok doesn’t mean anything or that its related to that app as multiple people have been targeted who don’t use the app.
You don’t know this.
I’m not. But a data break doesn’t equal everyone at Monzo needs to freeze their account.
Can’t find anything on Twitter or Reddit about these payments for others, so hopefully it’s not super widespread.
But my oh my, the people that tweet Monzo makes this place look like Mensa.
I just checked my account and it’s fine also (thankfully).
There will be a common denominator between the accounts that were compromised, and we’re unlikely to work that out on here.
It could be neither.
There’s probably been a breach somewhere, and TikTok’s lack of 3DS makes it an easy way to empty someone’s bank account.
Maybe the breach is with Monzo. Maybe (and also probably) not. Maybe the attackers are only targeting Monzo users for some other reason. Maybe it’s just the instantaneous nature making it apparent faster than it would be with other banks. Maybe other banks suspected the fraud and stopped it, whereas Monzo didn’t.
There’s so many unknown variables.
Monzo’s investigators will likely know before any of us. They’ll be able to correlate accounts and identify common denominators. Remember how they did it with that ticketing website several years back?
Thankfully I’m ok (for now). Im sure Monzo are already dealing with it and when there’s an update we’ll know (or not, it might just get individually resolved).
One thing to note is that these seem to be USD transactions for the most part. Perhaps that has some significance, perhaps not.
I did slightly update the title which I hope is ok and paging @AlanDoe for awareness