Is it easy to fraud Tymit? Is Tymit safe enough?

Is it easy to fraud Tymit? After last night I would say yes.
My card got cloned or stolen online. Tymit accepted 12 transactions in 30 minutes done in Ghana with the same amout (plus another one done in USD on a money transfer).
I don’t think you need a complex and technically sophisticated system to detect that fraud.

Also, what is the process for disputing transactions? Apart from contacting Tymit, the FAQ does not say anything about fraud, scam or similar. FAQ are meant to address not only positive problems (how to split your transaction in installments) but also negative one (how to deal with a fraud).

Wow. Sorry this happened to you. I have also been wary of paying online with Tymit for fear this happened. Please keep us posted about how they deal with it.

I hear you.
I’ve used my card 12 times in total, 3 times online on some reputable shops (like HP.com…). Your card details can be disclosed in several ways, so that’s not really my concerne with this or any card.
The concerne is more about the following:

  • Suspicious activity started with a cash transfer payment which was not confirmed by 3DSecure
  • 12 payments in a row from Ghana were accepted for the same amount in a 30-minute time window
  • Suspicious activity continued during the night with other 3DSecure notification

When I discovered the problem, I locked my card from application and reported to Tymit that cancelled my card. After the cancellation, I continued receiving payment attempt with that card.

So there are two big problems here:

  1. A fraud prevention system seems not to exist
  2. The authorisation system has some issue

Resolution path from Tymit is still not clear. I was provided a PDF form from Wirecard where I listed transactions I don’t recognise. No idea of what is going to happen now. I asked twice, but I did not get any information back from Tymit regarding the dispute process.
Fraud transactions are still shown on my account.
I’ve not been told if a new card will be sent as replacement (I would suppose yes, but nobody told me).
After asking three times, they said I was not asked to pay those transactions, which, as of now, are still part of my account and impacting my due amount.

Take you conclusions.

Hmm! Would have thought that they would have queried the spend in Ghana a bit quicker!

Update:

On Thu, 9th Tymit removed fraud transactions from my account. Although this was not reflected on my balances; probably a different bug.
On Fri, 10th I received my new Tymit Card. The new card cannot be actived as the application does not manage the replacement so it shows the old card. More interestingly, the old card is cancelled, but I can still unlock it from the app.
On Sun 12th, removed transactions reappeared into my account but 6 over 12 are now in status cancelled (other 6 are - approved -).

True, but they have phones if you really want. The point is the call to the merchant in Ghana, it’s the fraud prevention first and the dispute management process second. In both cases it seems Tymit does not how to do.

Wow, it seems there’s still a long way to go for tymit in fraud prevention and dealing with fraud. Hope all gets resolved soon in your case!

It’s a bit scary tho. Complaining with Tymit for lack of apple play, flaws with app, unable to pay in a shop can be probably ‘acceptable’ or ‘understandable’ when you deal with a Fintech new in the market.
When they issue touches your personal finances directly, like fraud, things become more complex. Can you think you can be ready for the market with a credit card where the process for fraud management is missing?
To me it’s clear there’s a lack of process here. Any query gets answered with ‘we have to check internally’ and I am asked to even send them screenshots of what I see in the app when a transaction is reverted as it was a fraud. Have you ever tested this previously? It seems no…

Last update of the week:

  • 11 transactions over 12 are now cancelled on my account
  • 1 transaction has disappeared.

The replacement card Tymit sent me cannot be activated cause the app does not allow me to do and tymit has never thought about this.

Frankly, it’s a clear failure from Tymit. Not even sure how you got the licence to operate as you have clear process issues.

@Martin you should seriously reflect here. Selling credit cards is a complex business, it’s far more complex than just accruing transactions under an account.

Very last update. After weeks, Tymit came back to maybe saying the merchant consider legit 5 disputed transactions. Merchant provided Ghanian ID of 3 different people and now apparently I need to certify I do not know them and dispute again transactions.
Not sure this will never end.
Sure, my experience with Tymit is.
@Martin, beyond the bad experience, which might be only my one, still astonished you do not have:

  • security measures
  • decent fraud process management
  • decent customer service (people are good, but clearly they do not know how to deal with fraud and various app bugs)

I keep my card locked until ready to use then re-lock it immediately afterwards. Recently the use of ‘location to prevent fraud’ actually prevented the card being used online whatsoever, so had to temporarily disable that. Hopefully things will be ironed out in time. Clearly the guys running Tymit certainly have the right credentials but it’s early days.

I should keep it locked as well, but this is not supposed to be a solution to lack of fraud controls on Tymit side.

Clearly the guys running Tymit certainly have the right credentials but it’s early days.

Clearly they are not. The type of fraud is a very old conventional one which should have been detected automatically even by a system in alpha release. Even in the early stage of a new credit card business, you must be able to manage fraud processes and again Tymit is showing they are not.

As they state:

A credit card from a tech company

Well, they are not showing solid tech skills and not even business ones.

I will post more updates, as soon as I get them from Tymit (average answer time is about 36 hours per email reply)

I meant the credentials of the founders if you look that aspect up.

But yes that shouldn’t have occured, that’s pretty negligent and of course the onus is then on you to dispute & prove they’re fraudulent.

In contrast today I bought for the first time from Vinted and went through their secure payment portal. Used my Revolut account and a virtual card. Immediately the transaction was flagged by them, notification asking me to go into my app and verify whether the transaction was genuine. On confirmation that it was genuine the 2nd attempt processed accordingly. They’re pretty good, have had similar scenarios before and they don’t let transactions go unchecked.

I’d be well beyond absolutely livid if Tymit allowed a transaction to take place with the card locked. I’m tempted to try it at some point, especially since the location fraud prevention caused issues. Granted that stopped a transaction online so geographically they’re always going to be far from my physical location. I would only have expected that to work with in person card transactions via Chip & Pin etc.

I would like to see virtual cards made a standard option assigned bank and credit cards. I have with my Monzo card.

I’d also say virtual cards should be a must. Revolut have this and Tymit certainly does until the physical card arrives but then gone, which seems utterly daft!

1 Like

Virtual credit card are slightly different. A virtual credit card is either a token, which does not have a number you can see/use or it’s a one time usage card, which you generate for doing a single purchase and shortly after that become invalid. There’s a complexity in doing so (not the number generation, but the whole process of provisioning and managing transactions) plus some frictions regarding regulations.

What Tymit gives you, the number before sending the card, is not an innovation. When a customer gets acquired the number is generated immediately (and probably is just retrieved from a set a pregenerated number they got from Wirecard) and it is valid. Companies like AmEx have been doing it for ages. In US, if you apply for AmEx and you’re successful, you get your card number and the card installed on your apple/android wallet in seconds. The plastic in then shipped to your address. We need to consider that most of things we see as an innovation are not innovation, but just ideas used on other markets made available on our market. Again, planning you expense as soon as you make it, it is a format AmEx has in the US since 2017.

Coming back to the initial problem, there are things you can accept when the player is rather new in the market, like a UI with a lot of bugs. Others you cannot accept, like easy fraud, inability to activate your replacement card (which you got after the fraued one was blocked), inability of the customer service to ‘serve’ the customer, lack of direct contact when situation gets complex, etc.

1 Like

Just spent 30 mins on the phone with Virgin Money … £4k of fraudulent charges on my Virgin Atlantic CC and no Passcodes received for these transactions.

We need industry wide virtual & burner cards now.

It’s not a solution. Frauds exist and will continue to exist. What you want to have is a player can first provide enough decent systems to reduce the likelihood of fraud to the minimum, second, a robust and well-designed process for handling frauds which can be easy for a customer to follow.

In case of Tymit, there’s a clear lack of both. Moreover, considering lack of answers to my tickets, there’re also serious problem in basic customer relationship management.

To your case, which I do not really want to discuss in this thread, let’s remember the merchant has the option to turn off (accept) cards without security controls, e.g. a merchant can decide to not implement the 3DSecure to payment done on its website. This, obviously, increases the likelihood of frauds, but also make easier for you to dispute and close frauds. Again, in the case of Tymit, these controls do not exist on the issue side, so easy to make a fraud.

A Monday reply to my thread. Today, I’ve found reinstated 5 over 12 disputed transactions. On 3rd Septemer, Tymit asked me to dispute them again as the merchant provided enough justification for these transactions. I replied Tymit straightaway, but after 10 days I’ve not got any answer back.

So beyond the overall issue with fraud management process, after many emails back and forth with Tymit, I have the suspect that apart from Manuela and Mason, nobody else manages customers…and this cannot be commented further.

Keep your card locked, if they allow transactions with it locked that’s their problem!