30-12-2023 9:54
Can anyone explain how an old account I had with Now TV suddenly had payment card details updated and then payments taken from it without my permission? This account was one created in 2018, but not used since. However, on 22nd December payments were taken for the Ents, Cinema, and Sports passes. I received no emails confirming this and I have zero idea how it happened.
I have now received a refund, but I am very concerned that this is possible. I did suspect fraud, but if this was the cause then nobody was using the account after the payments were taken and I’m unsure how they used my latest card details given they had changed since 2018 and I’d moved house.
30-12-2023 10:03
What it sounds like is someone has got a hold of your account somehow and taken the membership out. So there are several things you need to do straight away.
31-12-2023 15:17 - edited 31-12-2023 15:19
The card details may not necessarily have been updated suddenly, but at the time the card changed. Or indeed, possibly when Now was asked to provide the new passes.
This link explains the mechanism:-
https://www.credit.com/blog/how-companies-know-your-new-credit-card-number-before-you-give-it-to-the....
So that’s how Now had the new details.
As to how somebody did this to you:-
1. Have you disposed of a TV, Stick, or other device on which Now just opens without requiring a password each time, and without factory resetting it first? That would let anyone who got hold of it watch Now on it, without knowing your password, and that would still apply even if you had changed your password since.
2. Such a person can even buy new memberships on your dime, unless you have a Payment PIN set, which prevents this. Unless they know your Payment PIN; but by design, this is nowhere to be found in your Account details, and can’t be changed there (without them also having hacked your email, which is pretty unlikely),
3. If you have disposed of a device, as in 1, without resetting it, and you later realise this, you can use ‘Sign out of all devices’, as described above by @gavs82008, to neutralise any such remote devices.
The above, though, is just one explanation as to what might have happened; there are others, but they all require breaching your security, and are usually carried out by someone known to you, and so are much rarer, and less likely to be the cause here.
01-01-2024 16:47
01-01-2024 22:17 - edited 01-01-2024 22:17
I have no idea why they would do it either.
The alternative to a disposed-of device being used is a current device being used; small children, plonked in front of Peppa Pig, have been known to buy the odd Sports Pass while mummy is busy elsewhere. But if you don’t have a current device with an open Now account on it, that rules out that hypothesis.
I do know why you didn’t get an email saying the passes had been purchased; nobody does, ever, because Now don’t send out such emails for purchases. Though they do, as you have found, for cancellations.
I hope you have now either disposed of the account, or set a new password and Payment PIN, and blown off all devices that might be using your account, as above; these steps are needed to prevent any future repetition of the situation you were just in,