Hello All Long time, no post... I've recently had to re-install Windows on a customer's machine after a payment that they are certain they did not authorise was made to a new payee from their bank account. The customer somehow suffered a silent TeamViewer install (they are again certain that they did not click on any links in any mails etc.) and the log shows that there was a remote connection active around the time that the payment was made. However, given that the bank requires card authentication to add a new payee via a card reader, I cannot understand how the rogue payment to a new payee was authorised: The bank is saying that the customer must have authorised the payment via the card reader and will not offer compensation. The customer is absolutely sure that they did not use the card reader to authorise the new payee. My question is: How could the requirement for physical authorisation of the new payee via the card reader have been circumvented as it obviously was? Thanks!