Beware Black Friday: Tis the season for fraudsters to prey on shoppers

While wading through a confusing morass of phone menus in an attempt to check that my credit card hadn’t been the subject of a scam, a thought popped into my head: imagine what this would be like on Black Friday.

A call claiming to be from “Visa” had alerted me to a massive Amazon transaction of £700. I’d never spent that much at the digital marketplace, so it was reason for concern.

I immediately hung up when the call came in because I have a hard rule: if I get a call purporting to be from my bank or credit card company, I take down the details. Then I ring the company back on one of its numbers to check everything out to ensure I’m not getting scammed. This call was also from Visa which (rightly) struck me as dodgy. Why would Visa be calling me and not the card issuer?

The problems started when I attempted to varify the claim. While I was trying to contact one company, my wife was meanwhile getting increasingly frustrated after discovering a transaction on our current account that she thought was suspicious. She goes through our statements line by line, and in another life, she would have been a forensic accountant – and a damn good one at that.

But after making calls to both the bank and PayPal (the company’s name was on the direct debit), she was unable to ascertain who it was that was ultimately taking the money. Nor how JP Morgan EMEA was involed – in Bournemouth, of all places.

She’d checked out the message boards and found other people encountering similar issues with similarly mysterious direct debits. Some commenters said not to worry, that it’s all legit. Some suggested otherwise.

For the record, my experience in financial hackery told me that JP Morgan EMEA means JP Morgan “Europe Middle East & Africa”, a rather patronising term used by American financial institutions for a wildly diverse region that extends from John o’Groats to Johannesburg to Jeddah.

But I still was curious as to why JP was on a direct debit neither of us could recall setting up. And Bournemouth? I sensed a story. Phantom payments involving PayPal? This could be a big one. So I contacted the company to find out more.

Sigh. Turns out the direct debit was linked to my PayPal account and was for a subscription I’ve since decided to junk. The confusion was added to – I think – by the fact that we recently switched banks. PayPal also banks with JP, which does indeed have a centre in Bournemouth, so when you set up a direct debit via PayPal it looks like you are paying them. I’m told PayPal is looking to set up a page designed to clarify this and reduce the confusion caused.

I have to commend PayPal’s press team for getting answers. It’s just a pity my wife was plunged into a runaround involving the company and the bank in the first place. And, clearly, not everyone is married to a jouranalist who has the capacity to investigate when things like this happen.

I wasn’t left quite as frustrated as my poor wife while I was in phone menu hell trying to check out the supposed Visa transaction – which didn’t exist. The phone call was designed to elicit bank details so the callers could steal from me. But it still took quite some time before I could talk to someone to double check nothing sinister had occurred and the call was, indeed, a scam.

Where’s Black Friday in all this, you might ask? Front and centre, dear reader.

The annual event, the days leading up to it, the weekend after it, and then Cyber Monday, are massive shopping events; they’re a consumer festival. Having a good one can make or break a retail CEO’s year. And there are millions of card-based transactions taking place amidst the stampede.

Preying on shoppers, even more so than usual, the people behind scam calls and dodgy websites will be raising hell. Consumers will inadvertently give up their banking details and have their accounts attacked. It’s frighteningly easy to get caught out, especially when you’re busy.

I can only imagine what it feels like for those who find themselves on the wrong end of this, given the experience we had simply trying to make some checks. This has to be made easier because it is only by checking that people can find out if they have been scammed and to take steps to ensure it doesn’t happen again.

Sam Richardson, deputy editor of Which? Money, stresses that banks have an obligation to protect their customers all year round. It is, Richardson says, “unacceptable” if they make it “difficult for consumers to report potential scams”.

“Some banks offer 24-hour scam checker tools and more should consider implementing their own to strengthen their anti-fraud measures. If banks fall short of these requirements, then the regulator should take appropriate action to send a message that it won’t be tolerated,” he rightly points out.

And yes they should. The financial services industry needs to do better. It’s not only customers who incur costs when scam artists are making merry. Perhaps they’d care to remember that...