Multiple Users' Credit Cards Targeted in Coordinated Foreign Fraud; Some Victims Hit with 4 Unauthorized Charges?

Recently, on social media platforms, multiple users reported that their SpadeBank credit cards experienced unauthorized large transactions around September 9 in Brazil and other countries, resulting in theft. Many of these cardholders were not in Brazil, and some had never been there, leaving them puzzled about how these transactions occurred out of nowhere.

The Daily Economic News reporter found that in a group chat on a social platform, the number of members affected by the theft has exceeded one hundred.

In the early hours of September 13, SpadeBank’s Credit Card Center announced that it had immediately activated an emergency response with Mastercard, quickly detecting and blocking the risk.

The bank stated that the incident was “due to external attacks.”

Cardholder Xiao Pan (pseudonym) said that the suspicious transaction on his credit card occurred on September 9, but he did not receive a transaction alert that day. He only received a deposit notification on September 11.

Some cardholders contacted SpadeBank customer service after receiving the deposit alert. The response was “file a police report and keep the receipt.” They were also told, “The relevant department will follow up and contact you, and you do not need to bear the transaction amount during the investigation. Please rest assured. If there are any other issues or feedback, we will contact you promptly.”

Additionally, customer service clarified, “If the investigation confirms it was fraud and you are not responsible, the bank will cover the related losses.”

On the evening of September 15, SpadeBank told the Daily Economic News that “due to external attacks, some Mastercard cardholders of partner banks were affected. Our Card Center and partners promptly detected, blocked the risk, and issued notices to protect cardholders’ rights, preventing customers from bearing losses they should not.” The bank has contacted each affected customer individually to explain and communicate.

Screenshots of transaction information provided by multiple cardholders show that these suspicious transactions mostly involved amounts around 4,900 BRL (Brazilian Real, Brazil’s main currency). Converted to RMB, this is about 6,400 yuan, seemingly avoiding amounts over 5,000 BRL. The merchants involved include “used car dealerships,” “restaurants and dining establishments,” and “taxi services.”

One person was defrauded in four separate transactions.

Xiao Lei (pseudonym) revealed that he was defrauded four times, all in Brazil, totaling nearly 20,000 BRL.

The affected credit cards involved in this large-scale theft are mostly the “World Card” issued through a partnership between SpadeBank and Mastercard, also known as the “Red Sash” card.

The Red Sash card comes in two versions: a new version and an older version. The older version mainly served for overseas spending. In May 2024, this card was upgraded to a new dual-application chip card, which can be used both domestically and internationally.

Many affected cardholders stated they possessed the older Red Sash card.

Compared to magnetic stripe cards, chip cards are considered relatively more secure because magnetic stripe information is easier to copy.

The China Banking Association previously issued a notice warning that one of the main reasons for card theft is that cards are skimmed, personal information is leaked, or cards are used improperly. Consumers should enhance their security awareness by applying for and using cards through official channels, avoid sharing personal information with others, and never lend or rent out their credit or debit cards to prevent malicious use. When swiping, keep the card in sight, monitor the number of transactions, and retrieve the card promptly after use. For old or unused cards, promptly close the account and do not discard them casually.

Additionally, while online payments bring convenience, they also carry risks. Criminals may illegally obtain cardholders’ online transaction authentication information, enabling theft. Consumers should protect their login passwords, withdrawal passwords, and verification codes, and avoid sharing personal information with third parties. Be vigilant about the authenticity of online service channels to prevent information theft through phishing scams, such as suspicious calls, texts, or links. Do not download unofficial apps or enter personal details like ID, bank card, passwords, or verification codes on insecure websites or networks.

(Edited by: Wang Zhiqiang HF013)

【Disclaimer】This article reflects only the author’s personal views and is not related to Hexun. Hexun.com maintains neutrality regarding the statements and opinions expressed and does not guarantee the accuracy, reliability, or completeness of the content. Readers should use this information for reference only and bear all responsibilities themselves. Email: news_center@staff.hexun.com