Sorry to hear this, Jonathan. It's happened to me and to almost everyone I know: and it's galling to know that one reason why it continues is that banks find it more cost-effective to take the hit than to implement proper security measures.
I’ve thought for some time that the banks are almost criminally complacent about security on personal accounts. In one of my final conversations with the Co-op Bank before I switched they made it clear that they weren’t going to change their policy of putting contactless features on all new debit cards and tried to reassure me in several very unconvincing ways:
They suggested the technology was completely sound though they couldn’t tell me how this claim squared with the stories on all the consumer programmes about Marks & Spencer, TfL and other very prominent bodies and their problems with contactless cards – not to mention very strong rumours that the cards could be read and hacked by thieves who got close enough to you. In other words it seems your pocket can now be picked by someone who never gets closer than a few feet away from you.
They said the potential losses (on this particular feature) were very small – I think £20 per transaction up to £100 per day. My response was that this might be small compared with their CEO’s bonus but could be very significant to ordinary people.
Finally, perhaps most offensive of all, they said if anything did go wrong I would be reimbursed. This made me absolutely furious as they were essentially saying I should have no objection to being forced to have a contactless card because my money was already being used to reimburse other people with such cards if the bank’s security wasn’t robust enough.
Underlying all this, of course, is an arrogant disregard for the worry and inconvenience caused to Jonathan and others when they become victims of fraud. The banks push the idea that there’s no need to worry about security because you will, eventually, be reimbursed when things go wrong.