ADAC credit cards hacked - bank switch ends in fraud for hundreds

Suddenly the account is empty: ADAC members hit by a wave of fraud after changing banks

A new partner, a new system - and suddenly the money is gone. Hundreds of ADAC members are currently reporting large-scale credit card fraud. Following the switch to Solarisbank as the new card partner, there have been several hundred cases of fraud - mainly affecting holders of the ADAC Visa card.

Several thousand euros were debited from members' accounts - sometimes unnoticed, sometimes despite alleged security measures. Particularly explosive: the perpetrators did not exploit any technical security loopholes, but used well-known scams - with frightening success.

Phishing instead of hacking: how customers fell for the scam

According to the ADAC, this is not a classic cyber attack on the club or Solarisbank. Rather, it was phishing emails, fake websites and Google ads that criminals used to obtain sensitive customer data. The perpetrators specifically used the switch to the new bank to feign trust.

In a well-known phishing email, for example, customers were asked to confirm their data "for the switch to Solarisbank". Anyone who complied provided their credit card number, security code and more - a free ticket for fraudsters.

Alexander Machowetz from the ADAC speaks of a "broad-based criminal campaign" that was obviously well prepared.

Reimbursement? Complicated. Communication? Sluggish.

But the real problem for many customers begins after the fraud: Communication with Solarisbank is apparently difficult to frustrating. Refunds take a long time - or are not made at all. The responsibility for the check lies with the bank itself.

If you want to get your money back, you have to overcome several hurdles:

• Was the direct debit noticed in time?
• Was sensitive data passed on voluntarily?
• Was there gross negligence?

In many cases, the bank decides on a case-by-case basis - and sometimes it remains a purely goodwill decision.

ADAC responds with task force - but still long waiting times

In order not to lose the trust of its members, the ADAC set up a task force back in February to work on solutions together with Solaris. The bank itself has also reacted and, according to its own information, has doubled its service capacity: around 160 employees are now dealing with the concerns of around 1 million ADAC credit card customers.

Nevertheless, the mountain of inquiries remains huge. Many customers complain about not receiving any feedback at all - or that cards have been blocked without warning. According to the ADAC, the latter is common practice to protect customers, but prompt notification should be a matter of course in such cases.

Phishing wave shows how vulnerable we all are

The wave of fraud at ADAC is not an isolated case, but part of a larger trend. According to the "Deutschland sicher im Netz" association, phishing attacks increased by around 5% in 2024. Experts criticize: Although many users are aware of the dangers, they still act recklessly.

One example: In more than half of all cases, leaked passwords contained simple numerical sequences such as "123456" - a perfect target for cyber criminals.