GEM Visa / Latitude breach

Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor.

To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification.

If investing please consider our affiliate link for new accounts: Sharesies.

Forums › Finance and wealth management › GEM Visa / Latitude breach

RogerMellie

350 posts

Ultimate Geek
+1 received by user: 198

#298807 18-Jul-2022 13:24

If you have a GEM Visa card I would recommend you check for any fraudulent charges.

I discovered someone successfully charged their Spotify family subscription to my GEM Visa card last week.

I've never used my GEM Visa card for anything except 1 purchase from Harvey Norman, and had a $0 balance on the card for well over a year, so this was easy to spot.

Calling GEM Visa using the button from within the app put me on a 10 minute wait before being connected to a lady in India who read every word from her script, and had no word of explanation or apology for how this happened. Was told to wait for up to 21 days for this charge to be disputed etc etc.

Got on to online chat with Spotify and after giving them the transaction ID for the payment, they were able to immediately block the account and refund me the amount that was charged.

1 | 2

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41045

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2943416 18-Jul-2022 13:30

I am not sure this is a breach or your specific card was compromised. Do you have the number stored anywhere? Is your phone safe (where the app lives? Were you logged into the app at any time in the last few months? Any ad-supported games on the phone? Have you ever used this card number or login on a computer?

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

michaelmurfy

meow
13580 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#2943438 18-Jul-2022 14:01

Where is your physical card stored? Do you have kids?

I doubt Latitude got pwned, it is more likely somebody close to you got hold of your card details and simply used it.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

richms

29099 posts

Uber Geek
+1 received by user: 10210

Trusted

Lifetime subscriber

#2943446 18-Jul-2022 14:25

Just had a look and mine is fine, nothing unexpected on there, and I have the card saved with paypal and some other retailers that I don't trust with my normal card that would be a pain to replace.

Richard rich.ms

RogerMellie

350 posts

Ultimate Geek
+1 received by user: 198

#2943489 18-Jul-2022 15:31

Potatoes/ potatos. If my card has been compromised, then that in my eyes is a breach as it is unlikely to just be my card, because of the reasons I state below.

I had considered all the possibilities I could think of before posting as I know what to expect when posting on geekzone, and going by the fact that I have simply not used the card for over a year, or stored it's details anywhere, the likely breach has occurred with GEM (or perhaps Harvey Norman if they keep my payment details on file?)

No one has access to my card as it is kept in my gunsafe which only i have access to. I have not used it myself since 2020, and there are no other people on the card/account.

I use an up-to-date iPhone, and log into the app twice a month at most, to check for incidents just such as this (and which I think is the first time I've had it happen).

I don't play games on the phone, don't connect it to any computers via USB, and certainly don't install any apps that might be considered dodgy. I don't store any c/card details anywhere but in my safe. I don't use the card number to login, but my Gem Visa/Latitude login account is OK and not compromised according to login records, and I have changed the password to be certain.

I had received a new card from GEM recently, but have not used it, nor activated it. In the app it still showed the old card number, & so the purchase was done on the old card, which was coming up for expiry. I'm not sure if that's relevant to how the breach might have occurred but am confident it is not through any lack of security on my part.

freitasm: I am not sure this is a breach or your specific card was compromised. Do you have the number stored anywhere? Is your phone safe (where the app lives? Were you logged into the app at any time in the last few months? Any ad-supported games on the phone? Have you ever used this card number or login on a computer?

RogerMellie

350 posts

Ultimate Geek
+1 received by user: 198

#2943494 18-Jul-2022 15:34

michaelmurfy: Where is your physical card stored? Do you have kids?

I doubt Latitude got pwned, it is more likely somebody close to you got hold of your card details and simply used it.

Damn it, of course! I better go interrogate my 4 year old daughter. Thanks!!

richms

29099 posts

Uber Geek
+1 received by user: 10210

Trusted

Lifetime subscriber

#2943502 18-Jul-2022 15:59

Did you get anywhere with lattitude? I would expect that spotify wouldn't process it without the csc number so quite weird that it would just be a spotify transaction and not something actually valuable.

Richard rich.ms

Dell

Shop now for Dell laptops and other devices (affiliate link).

RogerMellie

350 posts

Ultimate Geek
+1 received by user: 198

#2943512 18-Jul-2022 16:18

richms:

Did you get anywhere with lattitude? I would expect that spotify wouldn't process it without the csc number so quite weird that it would just be a spotify transaction and not something actually valuable.

Latitude/GEM said they'd take 21 days to get it 'disputed' (i.e. no promise of it being reversed/wiped), so I gave up on waiting for that as in the meantime they would then expect me to pay off the card.

I got hold of Spotify via online chat, and from the transaction ID I provided (helpfully listed against the purchase in the app) they could track it to the exact Spotify account (gua...da2@gmail.com) and then block it (and any of the 5 associated email addresses/accounts that might have also been using the account). They said they would action the refund immediately, so knowing GEM this will mean I might see it at the end of the week.

I was also wondering why a small transaction, so I thought perhaps the M.O. is to do a small purchase that might not get noticed, prove there is credit on the card, and then perhaps try for a larger purchase once they have sussed out what they were going to buy & where from.

Lesson learned - use the app to block cards which are not being used, and unblock them when required.

old3eyes

9158 posts

Uber Geek
+1 received by user: 1364

Subscriber

#2943514 18-Jul-2022 16:21

RogerMellie:

michaelmurfy: Where is your physical card stored? Do you have kids?

I doubt Latitude got pwned, it is more likely somebody close to you got hold of your card details and simply used it.

Damn it, of course! I better go interrogate my 4 year old daughter. Thanks!!

Just wait for one of your family to complain that their Spotify no longer works in paid mode. :-)

Regards,

Old3eyes

ANglEAUT

altered-ego
2436 posts

Uber Geek
+1 received by user: 842

Trusted

Lifetime subscriber

#2943546 18-Jul-2022 18:51

RogerMellie: ... they could track it to the exact Spotify account (gua...da2@gmail.com) and then block it (and any of the 5 associated email addresses/accounts that might have also been using the account) ...

old3eyes: Just wait for one of your family to complain that their Spotify no longer works in paid mode. :-)

If it was family, you would hope the OP would recognise the email address

RogerMellie: ... Lesson learned - use the app to block cards which are not being used, and unblock them when required.

Now your thinking. The additional spending limit I've set always trips me up. It's 4-5 higher than my normal spending pattern, so on the few times I do require the higher purchase, I'm more likely to think I mistyped my PIN than then limit blocking me. :D

Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

mailmarshall

362 posts

Ultimate Geek
+1 received by user: 60

#2943552 18-Jul-2022 19:17

My GEM Visa card got compromised a month ago. Someone in NZ (not going give locations) went on a crazy spending spree online from fast food ordered to expensive hardware items from a large hardware store.
I got 2 texts from Visa saying please enter a code to finish purchase at some rando store . Tried to ring GEM but their Fraud complaints call centre doesnt open till 10am :(. I used the app to block the card.

Anyway $3k plus (across 10 or so large transactions) got rucked up and after 21 working days I got a text saying they have wiped the debt.

I dont write my numbers and infract the card doesnt even get used.. hard to know what is going. Def not blaming anyone but woulda thought some better alerts in background woulda helped perhaps.

DjShadow

4222 posts

Uber Geek
+1 received by user: 1322

ID Verified

Trusted

Subscriber

#3051440 18-Mar-2023 10:58

This e-mail came in from Gem Visa overnight

We’re writing to you directly to update you on a recent cyber-attack that Latitude Financial is actively responding to. Regrettably, the attack has resulted in the theft of some customer data.

The attacker appears to have stolen personal information that was held by two Latitude service providers, impacting customers across both Australia and New Zealand.

As of today, we understand that approximately 103,000 identification documents, more than 97% of which are copies of drivers’ licenses, were stolen from one service provider. Approximately 225,000 customer records were stolen from a second service provider.

Latitude apologises to its customers, particularly those who were impacted. Please be assured we will contact you directly if your personal information has been disclosed.

We are working with the relevant authorities and have engaged cyber security specialists as we continue to do everything in our power to contain the attack.

As a valued Latitude customer, we thank you for your understanding and patience. Our services remain available and you should have confidence in using them.

Please continue to monitor Latitude’s website where we will be publishing further information as it becomes available.

Andrew Walduck
Chief Operating Officer