Another CC fraud ..

[HzG8rGrl]

Did not "bet my life" on anything. Just know it (computer)is not "infected".
What I do agree on, is to check your online balance every day. And when using a CC, be sure it is one that is for online purchases only. So that when it happens (fraud), it doesn't turn your life upside down.
I also run my Credit Report 3 times a year to keep an eye out for the inevitable. Staying on top of your financial matters is of utmost importance.

 

[juicefreak]

my online banking alerts me as soon as a charge is made by email. when you get your new card see if they have that option.

 

[Big Hit]

I have had a fraudulent charge on my c.c. and have ordered only ecig supplies.
Anyone have a fraudulent charge for a gift card?

 

[thelook]

This is why I only shop on online using prepaid CC.

 

[HzG8rGrl]

This is why I only shop on online using prepaid CC.

I am looking into that very thing. TheLook knows!!!!!

 

[thelook]

I have my REAL CC, but I purchased a prepaid CC at wally world just to use online, you can refill it as many times as you like. This way I do not worry as much about CC fraud.
I know what is on there and only fill it when I am about to make a purchase.

 

[BuzzKill]

If a site is SECURE it will be an SSL and PIC compliant , we use Authorize.net as our processor and our site is PIC compliant .
We have a the Authorize.net LOGO on the site and you can click it to see that the site is secure and verified by them.

To do business legally ON-Line you need to be SSL and PIC compliant.
Our site when it is secure has a logo in the web site www bar If you click on that it shows that it is SECURE and verified / encrypted .
( I am not a specialist at this so getting the info from someone who is would be better ! )

Just a thought

 

[markimar]

Funny I had my card flagged this weekend also it was either over the phone or online because one of the purchases was for a cell company in Istanbul! Ummm. I'm in Florida! Was not a happy camper! I pray it wasn't the vendors I use all the time I'm not going to name names only because it wouldn't be fair if it wasn't them. But it's just an odd coincidence someone else had the same problem!

 

[Mr.Mad]

I got hit also last week for 700.00 bux only used that card for ecig purchases made like 15 purchases so who knows. The charges were for some fake money to play myspace / facebook games with... And I dont play that crap.

 

[Blaze]

Most people, however, don't give enough credit to exactly how paranoid most CC companies are.

Coming from someone that used to work for one of the largest CC companies in the world (not naming names), I could tell you simply there's more going on in the background than you'll ever know.

Most CC companies will "flag" any charge that meets a certain criteria (including charges that are "normal"), and based on a number of factors, they'll decide if it's ok to allow, simply deny the charge, or close the account all together and flag it for fraud. It's actually alot more common place than most people think.

I'd go farther into detail, but disclosure agreements prevent this. Simply put, it's not usually something to worry about if a CC company denies a charge (even tho you know it's yours) or to close an account and re-issue. Just the many precautions taken to protect your credit and identity.

 

[finalthought83]

If you are completely convinced of that then you are fooling yourself.
The only way you could "bet your life" on that is if it's never been connected to anything.

LOL perfect!! not only could your computer be infected but your router could be compromised. Im assuming you have wireless in router? most standard come with wireless defaulted on with the lowest security settings. keyloggers aren't viriuses and dont show up in scans that just check for them. You also need a spyware/malware scanner as well to check. To be safe with your cc online or over the phone Paypal has the virtual credit card system that generates a one time use cc number registered to you and can be used just like the real thing. It is just processed through your account. Or prepaid visas.

 

[Rainbowz]

I found out yesterday my CC was compromised on the 14th when I tried to make a liquid purchase, and it was denied. Called my CC company, and I was patched through immediately to the fraud department. Two small charges were made within minutes that day, so they put my account on security hold. They let my liquid purchase go through (whew! I'm almost out!) but now the account is cancelled and a new card is being issued.

 

[me who]

I have my REAL CC, but I purchased a prepaid CC at wally world just to use online, you can refill it as many times as you like. This way I do not worry as much about CC fraud.
I know what is on there and only fill it when I am about to make a purchase.

That's a great idea, I'm going to look into this one.

 

[Israfil]

Hackers don't steal credit card numbers, thieves and criminals do... They don't deserve to be called that, grr...hurting people like that. I'll wander a bit and see if I can bring up some info. Let ya know if I find anything.

LOL perfect!! not only could your computer be infected but your router could be compromised. Im assuming you have wireless in router? most standard come with wireless defaulted on with the lowest security settings. keyloggers aren't viriuses and dont show up in scans that just check for them. You also need a spyware/malware scanner as well to check. To be safe with your cc online or over the phone Paypal has the virtual credit card system that generates a one time use cc number registered to you and can be used just like the real thing. It is just processed through your account. Or prepaid visas.

Keyloggers are often found as viruses by the higher quality virus scanners, but I do agree that extra protection is a good thing. Just remember that no system is ever EVER 100% safe.

The easiest way is for everyone who was compromised to list the suppliers they purchased from recently, then see if any coincide repeatedly. I have SERIOUS doubts that any of our approved suppliers would commit such frauds, but as most of the suppliers aren't really what I'd call big businesses it is possible that their server was compromised.

 

[Quick1]

The easiest way is for everyone who was compromised to list the suppliers they purchased from recently, then see if any coincide repeatedly. I have SERIOUS doubts that any of our approved suppliers would commit such frauds, but as most of the suppliers aren't really what I'd call big businesses it is possible that their server was compromised.

Now this I would be very hesitant to do. The "cure"/damage might be worse than the problem.

People's understanding of these things and how they work ranges vastly and is heavily weighted towards the clueless side. For example, why would you make the implication you did above? A great many people are going to think "supplier" as the source of the problem. If the list coincides with one or some suppliers it's only a vague indication of where to narrow the investigation. You ended by saying "their server" when it's unknown if any suppliers even do their own billing or contract it out to a service provider.

I'm guessing that's not what you meant to imply but that's the conclusion a LOT of people are going to jump to. As soon as you post a list of "suspect" suppliers you could do them serious damage when they might have nothing to do with it at all. Let's say 50 suppliers all use the same 3rd party billing service. Let's say your list (probably from a statistically insignificant sample of anecdotal reports) indicates one or two particular vendors. Let's say it was at the billing service where the data was compromised. Let's say the number of people reporting CC fraud purchased from some vendor during a period of time -- like maybe when that vendor was running some sale or contest or happened to have some popular product that was out of stock at the other vendors. And it was around that period of time that the billing service was compromised. Then you list that supplier as the source or just that people who purchased there were the ones that got fraudulent charges...

I would suggest, if you can get an ECF admin or Mod to do it, that lists be submitted to them to evaluate and investigate.

Another thing would be to get some information out here about these third party billing services. Who are they? How many of them are there? How does one evaluate or "score" them and then people might choose to only do business with suppliers who use the better/more secure billing services.

I *think* the way these things work is that the billing service provides the merchant with software/hooks for the merchant's online store/website. When you make an order it goes straight to the billing service and the supplier only sees the product order, shipping infor, and a reference number or possibly the last 4 of your card number... Something like that. Naturally the service costs money so suppliers might forego that and do the billing themselves while they are not equiped or setup with the proper security measures (also an investment).

 

[Israfil]

I am sorry, I did not mean to cast any sort of doubt upon our venerable suppliers. My intention was simply to gain access to a list to be used for the purposes of finding what billing services were used and furthering the investigation of a possible security breach.

It was my intention to bring to the attention of said suppliers the possibility of such a breach, and that they may want to look into their billing service or, in the case of in-house billing, their server's security logs for the time in question.

I do hope any and all suppliers that come across this thread realize that we are very happy to buy from them, and that this was simply intended to cast a light on what could, in the very worst case, be a case of a crafty thief who has access (most likely remotely) to their servers.

It is entirely possible that every case listed here was entirely unrelated with the others. Information on what was fraudulently purchased would also be extremely helpful in tracking down the culprit.

 

[spider362]

I have my REAL CC, but I purchased a prepaid CC at wally world just to use online, you can refill it as many times as you like. This way I do not worry as much about CC fraud.
I know what is on there and only fill it when I am about to make a purchase.

That's a great idea, I'm going to look into this one.

Before you do that, check with your own CC company and see if they offer the virtual cc number. Mine does and it's called "Shop Safe" and it's on my Visa card with FIA. Also, it's a free service.

 

[Dkrom68]

I was hit last night with one of my credit cards. I have only used it on 4 occasions to 4 suppliers, all the rest has been just swipes at local places around home and no other use at all. Everything is being checked into and the charges appeared are definately by a younger person for the charges that were made.

 

[Quick1]

I am sorry, I did not mean to cast any sort of doubt upon our venerable suppliers.

I know that. But the point was that a good number of people don't know or think past "I bought stuff there, my CC got stolen, they did it".

My intention was simply to gain access to a list to be used for the purposes of finding what billing services were used and furthering the investigation of a possible security breach.

I agree. That might actually turn up something.

It was my intention to bring to the attention of said suppliers the possibility of such a breach, and that they may want to look into their billing service

Absolutely.

or, in the case of in-house billing, their server's security logs for the time in question.

Personally, I would avoid small places doing their own billing. My feeling is that if they had the expertise and level of understanding in networking and security and the equipment/software they wouldn't be struggling to get an e-cig business off the ground

I do hope any and all suppliers that come across this thread realize that we are very happy to buy from them, and that this was simply intended to cast a light on what could, in the very worst case, be a case of a crafty thief who has access (most likely remotely) to their servers.

or people they hire, or...

It is entirely possible that every case listed here was entirely unrelated with the others. Information on what was fraudulently purchased would also be extremely helpful in tracking down the culprit.

Well, minimally at best. The CC information may have been wholesaled in bulk and then be 2nd or 3rd hand after that. The person or persons making the fraudulent purchases may not be the one who stole the data.

(and yeesh, how is it possible to buy ~$700 worth of "play" money for online games...)

 

[Quick1]

I was hit last night with one of my credit cards. I have only used it on 4 occasions to 4 suppliers, all the rest has been just swipes at local places around home and no other use at all. Everything is being checked into and the charges appeared are definately by a younger person for the charges that were made.

You say that as if you're discounting the physical use locally. In general, it's more likely to be stolen from physical use than from online use.