Another CC fraud ..

[SSRob]

Credit card fraud isn't always the merchants fault. We (VaporKings.com) never see the full card details.

There is a strong possibility that your computer could also be infected with a type of SpyWare that records and uploads your credit card and other personal information to malicious persons. Even though you might be connected to a site by 128-bit SSL encryption, if a local program is recording your keystrokes it won't matter.

If you use credit cards online it's extremely important that your computer is protected by CURRENT anti-virus software. We personally use AVG Enterprise here.

Rob

 

[Quick1]

Credit card fraud isn't always the merchants fault. We (VaporKings.com) never see the full card details.

There is a strong possibility that your computer could also be infected with a type of SpyWare that records and uploads your credit card and other personal information to malicious persons. Even though you might be connected to a site by 128-bit SSL encryption, if a local program is recording your keystrokes it won't matter.

If you use credit cards online it's extremely important that your computer is protected by CURRENT anti-virus software. We personally use AVG Enterprise here.

Rob

Maybe it's your billing service? Who do you use? I would expect they have their credentials and security measures listed on their site.

 

[SSRob]

I wasn't necessarily saying it couldn't be something else, just letting people know there are other security threats besides the site they are on. Your own computer is definitely a possibility.

If a human invented a security method, another human has the capability to bypass it. Technically no information is 100% safe.

 

[Quick1]

I wasn't necessarily saying it couldn't be something else, just letting people know there are other security threats besides the site they are on. Your own computer is definitely a possibility.

If a human invented a security method, another human has the capability to bypass it. Technically no information is 100% safe.

I fully agree. And I would be rather surprised to find a vendor doing it intentionally. I'm fully convinced all you guys plan on getting rich selling us boat loads of product . I am under the impression that many/most suppliers use a billing/payment service. I'm assuming there are a number of those of varying size, price, and popularity. I would expect them to have their credentials and what security products/services they employ. Just another point of vulnerability. I would be rather uneasy with a supplier that didn't use a billing service.

No doubt there are a plethora of ways and locations where the information could have been compromised.
Individual's personal PC.
Man-in-the-middle phishing site.
Trojan installed by vendor's site.
Trojan at vendor's end.
compromised billing service servers.
etc.
etc.

I would see it as a positive/selling point if suppliers advertised on their sites something to the effect of "We use xyz secure billing service (<link> for more information)"

 

[mick37]

I fully agree. And I would be rather surprised to find a vendor doing it intentionally.

i agree too, i never said is the seller, I just said what sites I've used

 

[cliff]

If you are completely convinced of that then you are fooling yourself.
The only way you could "bet your life" on that is if it's never been connected to anything.

once you connect a phone line or cat 5 to it your always at risk for something

 

[Quick1]

once you connect a phone line or cat 5 to it your always at risk for something

lol, many, many years ago I went to interview at TRW. They showed me the computer room where they ran the classified jobs (they weren't running any at the time). No kidding, it was a huge lead lined room. I guess so you couldn't snoop for the electromagnetic signature of the key contacts on a keyboard. Absolutely no connectivity into or out of the room. but that's getting into the black helicopter kind of stuff. I don't think you need to worry about that from cc thieves.

 

[crashtestjeep]

I was JUSt compromised last night to a site called blizzard ent, and msn passport. Blizzard is a WOW, or world of warcraft gaming site to purchase thinsg abt the games. BC I have this INFO- I have a sneaky suspicion on who may be doing this to us. I refuse to name ANY names until I have concrete evidence tho. I have a feeling this is an EX VENDOR. -same one that ripped off people here and never sent items. The bank said the purchases came from washington state, same as where ripoff vendor was from...spokane to be exact. HMMM...anyone else that ordered from this "dino" vendor have any issues with thier accts being compromised???? If so, PLEASE PM me!!! Thanks so much!!!

 

[Kimmy]

nvm my mistake oopsy

 

[Xenite]

I think something that should be mentioned that has not yet is the fact that MANY of the suppliers around are using the exact same e-commerce website suites. LiteCig for example uses the exact same one as V4L which is Volusion.

I purchase regularly from V4L and LiteCig so I will be keeping an eye on my CC. I have a degree in PC sciences and engineering and can assure you my computer security is tighter then a dolphins blowhole.

 

[voltaire]

If you use credit cards online it's extremely important that your computer is protected by CURRENT anti-virus software. We personally use xxxxxx xxxxx here.

Rob

Just FYI, and maybe I'm being overly paranoid. (but that doesn't mean they are not watching you, heh) But "security through obscurity" is an important factor. Making it public what AV s/w you use is probably not the best practice - don't make a potential hacker's job any easier.

 

[Quick1]

Just FYI, and maybe I'm being overly paranoid. (but that doesn't mean they are not watching you, heh) But "security through obscurity" is an important factor. Making it public what AV s/w you use is probably not the best practice - don't make a potential hacker's job any easier.

No, you're being overly paranoid. They're not scanning forums or blogs to target particular pc's based on the av you're using... They're just hitting millions of random pc's and getting into a few of them. It's not like they're saying "heh, Quick1 is using Eset! We can get past that". Besides, there isn't much way to get from "Quick1" to my pc.

Actually, saying what av you're using might be the best thing you could do. Then other's could tell you "that's junk" if that's the case.

 

[voltaire]

No, you're being overly paranoid. They're not scanning forums or blogs to target particular pc's based on the av you're using... They're just hitting millions of random pc's and getting into a few of them. It's not like they're saying "heh, Quick1 is using Eset! We can get past that". Besides, there isn't much way to get from "Quick1" to my pc.

Actually, saying what av you're using might be the best thing you could do. Then other's could tell you "that's junk" if that's the case.

First of all, I wasn't talking about you or any regular user's single personal PC. My comment was addressed to a vendor and his website, which is easily identified as VaporKings, and is a much juicier target than you or I would be.

Second of all, any security expert will tell you that security through obscurity, being the first line of defense, can be very significant. Knowing the particular AV your target is running would allow you to tailor an attack based on that AV's vulnerabilities. Not knowing that information would make it just that much harder, and could make the difference between being chosen, or not chosen, as a target. Better to not be chosen as a target, I say.

Lastly, you are not being paranoid enough if you think that anyone can say anything here without having to worry that someone might exploit that info for possible nefarious purposes. It's called the world wide web for a reason, and the title of this thread could very easily show up in a search by someone with bad intentions who is not part of this community.

 

[Quick1]

First of all, I wasn't talking about you or any regular user's single personal PC. My comment was addressed to a vendor and his website, which is easily identified as VaporKings, and is a much juicier target than you or I would be.

Second of all, any security expert will tell you that security through obscurity, being the first line of defense, can be very significant.

Right, and that's why MAJOR online commerce sites and stores have their security published (usually prominently displayed on the website). So you can have some confidence that they're using something decent and the site is reasonably secure. It's the sites that don't disclose what they're using that I'm leary of. I assume it's because they didn't spend the money or couldn't afford the good stuff.

 

[voltaire]

Right, and that's why MAJOR online commerce sites and stores have their security published (usually prominently displayed on the website). So you can have some confidence that they're using something decent and the site is reasonably secure. It's the sites that don't disclose what they're using that I'm leary of. I assume it's because they didn't spend the money or couldn't afford the good stuff.

Got any examples of "MAJOR online commerce sites and stores" that have their AV software package prominently displayed? If you actually do, I've got an example of a site not using the best security practices, and a site that I would be leery of.

Every time AV package "X" is updated with fixes and virus definition updates, you have a nice convenient list of ONLY SOME of the things that it was previously vulnerable to, and even that PARTIAL list is often staggering. Even the "good stuff" you apparently look for has vulnerabilities. Some of the MOST secure and top-secret systems in existence have vulnerabilities and sometimes get compromised. EVERY little bit of info a potential attacker has on their potential target helps them decide both who to target, and then how to target them. The less info you give them from the beginning, the safer you will be in the end - this is just common sense.

 

[gpdo24]

I have not gotten through this whole thread but do believe i saw some previous post about fraudulent charges from St kitts to other members.
Received notification from cc company and denied the charges (which were not very large at all) but curious if any light has been shed on similar charges stemming from a company either located in St Kitts and Nevis and/or processed thru PAY-Realnet.com.
Check statements, Vape on ,and be happy you are not a NY MET's fan.