Thanks to Ian Murray for this information.
To understand this fraud you need to have a little patience. The criminal fraternity certainly had the patience to set it up.
Essentially this fraud exploits the open barn door of VISA (and MasterCard).
Let us give a non-fraudulent example first.
1) You have moved your electricity supplier and are setting up a new monthly debit. This time you reach into your pocket for your DEBIT card and type in the correct information. Hey presto ... at the end of the month .. the lights don't go off and you feel smug because your new supplier is cheaper.
2) A few weeks later your partner sees your tatty old trousers covered in gardening muck on the bedroom and decides they wont survive another tumble in the washing machine. Into the family dustbin they go ... with annoyingly your debit card in the back pocket.
3) You come home and have the predictable row about your missing much loved trousers. The row goes nuclear when you discover your debit card was also put into the rubbish with the trousers. Never mind. Your recover your cool, get onto the bank, cancel the old card and await its delivery.
4) It is the end of the month. The new card is due and the lights in your domicile have not gone out. You don't give it a second thought - perhaps you should have.
So what happened ? Well your electricity was on a SUBSCRIPTION service tied to your VISA DEBIT card. When the electricity company tried to put through your monthly bill it was initially rejected. The electricity company then requested from VISA - not your bank - the replacement card details. VISA thoughtfully passed over the details, which they had retrieved from your bank, and your lights stayed on. Good result.
So how does the fraud work?
The first thing to say is that the fraudster is not interested in any subscription service they create on your behalf. The creation of that subscription may be fraudulent but that is not the purpose of the fraud. Are they really interested in viewing another set of writhing bodies on a porn set or reading the Economist on-line. No they are not.
The fraudster has your card details, could be from a dodgy Internet purchase or a restaurant you have visited. It doesn't matter how. The first thing the fraudster does is sign up for a subscription service: preferably one which gives the subscriber a 'free' first month or so. Ideal. So far so good.
Then the fraudster starts trying to spend your card - not on subscription services but that nice Harley or perhaps a new hi-fi from Bose. Perhaps one or two purchases will get away safely to the fraudster before you suspect and the card is blocked. Job done.
The fraudster waits for the subscription service request to be declined because the card is
blocked. Quite reasonably the subscription service asks VISA for the new numbers associated with the account and VISA obliges. Now the fraudster has your new card details and can do this all over again. In fact so good is this service to the fraudster that VISA NEVER tells your bank that it offered up your debit card details.
You complain to the bank that your new card is being fraudulently used to buy a nice tank of petrol in southern Spain. Sadly if you were unfortunately to be in southern Spain, your bank will simply not believe you - and no one knows how you were scammed.
EXCEPT NOW YOU DO KNOW
This open barn door has been known about by the banks for the last 20 years. They have
absolutely zero defence against it. There is a pretence that the fraud alert systems will spot some of these dodgy subscription services and the follow on payments. To some extent they are correct and when my cards were attacked like this no money got through the net. But the barn door is still wide open and NO ONE IS DOING ANYTHING ABOUT IT!
Footnote: typically the fraudster will generate middling size purchases under £200 because they rely on the punter not spotting their activities on their bank's statements. Remember this is not a credit card fraud but a debit card fraud. The VISA contract with subscription services is different for credit cards which are treated by VISA as charge cards against (let's say Barclaycard), not against your bank account. You often check your credit card bill: how much do you check that bank statement?