Table of Contents
UPDATE of July 20, 2024: This article discusses a case from 2022, resolved since then, but we have updated it in light of recent testimonies from Nickel customers who shared their misadventures with us, victims of phishing. We invite you to go to the end of the article to access recent information.
Are you a customer of the online bank Nickel, the neo-bank that offers an “online account without a bank,” and relies on a solid network of tobacconists, acquired by BNP in 2017? Have you noticed suspicious charges from “2Go Delivery” on your bank account, which you did not authorize? Be careful: your bank card is surely compromised, and you need to block it!
It’s no longer a secret: all banking actors are attacked by hackers during phishing operations, to retrieve customer data by posing as the bank. But here, it’s a completely different story. This case begins at the end of June 2022: a journalist from our team has been a Nickel bank customer for several years. While checking his bank statement on his app, he notices 2 suspicious charges from a company named 2Go Delivery, which is said to be based in the UK.
The amounts charged are not exorbitant: the first charge, dated Sunday, June 26 at 04:03, is €4.77, while the second, amounting to €0.48, is charged the same day, but at 11:10. About €5, which can go unnoticed if you’re not paying attention. First suspicion: 2 transactions on the same day, with the same company, but at completely different times, seems strange.
The company behind this charge, 2Go Delivery, is illustrated with the “Food” icon within the Nickel app, which suggests it is a food business (restaurant, supermarket…). But our journalist is certain he is not the originator, nor did he spend these amounts on the given dates. After some research, he quickly realizes he is far from being an isolated case.
On Facebook & Twitter, several Nickel bank customers complain about the same problem, with smaller amounts, but with the same process. At this point, it is clear that it is no longer a simple coincidence, but indeed a case of stolen bank data… and only Nickel customers seem to be affected by this scam. This suggests that Nickel may have suffered a bank data breach…
Several legitimate questions arise:
We have no details at this time. In any case, Nickel’s customer service systematically responds by redirecting each request to its page dedicated to contesting transactions. This procedure involves filing a complaint and blocking the bank card… a heavy procedure, and especially one that suggests they are not to blame, and that it is up to the customer to “manage” on their own.
But an email, sent by Nickel to all customers affected by this fraud, was sent on Monday, July 18, 2022, and seems to prove that the problem was identified internally:
Hello,
Unfortunately, your Nickel card information has been compromised and payment attempts were made with it.
We confirm that our teams have refunded all amounts that were debited from your account due to this fraud.
If you haven’t done so yet, we strongly recommend blocking your card. You will also be reimbursed for this.
Our Nickel advisors are available to assist you from Monday to Friday from 8:30 am to 7 pm and on Saturday from 9 am to 6 pm by phone at 01.76.49.00.00 or via our contact form.
The Nickel team
At present, it is difficult to say what really happened. The email seems clear: Nickel’s teams are convinced that the data has been compromised. Who is to blame?
After verification, our journalist’s account was indeed credited with the amounts received, more than 2 weeks after the incident. Furthermore, the fact that Nickel offers to cover the cost of blocking the card suggests that the problem was identified internally.
It is unfortunate, however, that there is not more transparency about the incident, nor details about the measures taken to prevent it from happening again in the future.
We are increasingly receiving comments from readers who report being victims of fraud on their Nickel account.
In this regard, Nickel sent a newsletter to its customers that we think is useful to repeat:
Malicious people may try to contact you on social networks and offer you commercial offers in the name of Nickel.
To protect yourself, here are some pieces of information you should always keep in mind when browsing online:
Unfortunately, zero risk does not exist. If you are a victim of fraud, block your card as soon as possible, and if you have doubts about having shared your credentials or secret code, consider changing them!
In this article, initially published on June 26, 2022, then updated on February 20, 2023, the latest comments from consumers reporting scams targeting their Nickel account date from the end of October 2023: when analyzing our readers’ messages, it seems that the nature of these scams resembles phishing of data obtained through phishing campaigns (as a reminder, 1 in 10 people would click on phishing links) conducted against them.
Indeed, the modus operandi suggests that hackers obtained the bank details as well as the phone numbers of consumers, to then use them on websites to make fraudulent transactions. On October 30, 2023, Eva told us in a comment that she was contacted by someone pretending to be a Nickel advisor, and that he had to block 3 transactions for a total of 1194 euros. These were actually payments made on the PMU.fr site, and this person had the sole purpose of obtaining the OTP code received by SMS by the customer, to validate their transactions.
According to our analysis, we are no longer dealing with the initial case mentioned in the article, namely a potential leak of bank card data, which was resolved by Nickel’s teams, who refunded the amounts received. The problem mentioned by readers is more about phishing, a phenomenon that affects all banks, including Société Générale, Crédit Agricole, BNP Paribas, LCL…
So be vigilant, and above all, never give your code to anyone, even your own advisor (code received by SMS, account access code, etc.).