CC Compromised

[unirevolt]

I'll try to make this brief. While I understand that this is a worldwide forum, there have been an alarming number of complaints of credit card numbers being compromised. In today's world this is unfortunately all too common. Credit card numbers have been taken in many ways.

I hate placing blame unjustly on any one company, however the complaints seem to focus on one in particular. I've read the complaints over the past few months, thinking, pfft, I've ordered there many times, no issue, and hit the red x. It's been 6 months since my last order there.

I received notice from my bank that my card was believed to have been compromised and that it has been froze. Surely enough someone had made several "feeler" purchases before getting a bit carried away. Fortunately(?) my bank must be aware of my purchase types and habits, and put a stop to it.

...So much for brief.

Is anyone wanting to try to find the common denominator here? Not much need for chit chat. Just post where you've made your purchases from, only if you are comfortable with doing so. Please remember, the kid working the drive thru can take your card number easier than a hacker can.

 

[rolygate]

If we are notified of vendors that 'seem' to be involved, we could take it further. Requests for the names of possible vendors are met with a deafening silence.

Unless 10 or 20 people who had an issue are willing to tell us (1) who their card issuer is and what the card type is, (2) what vendors in total they have bought from, (3) full details of the timescales involved, and (4) who they think might have a problem - we can't do anything.

We have asked for this information before; but three people, all giving us different or partial information, does not help.

We are willing to take a different approach though, maybe by setting up a report form perhaps. It's just that, up to now, hardly anyone has wanted to help us with the information we need. A very small number of complaints with vague hints, or reports with half the info we need, are not going to resolve this.

If we set up a report form for CC fraud, what questions do you think would be appropriate, in addition to the four listed above?

Should we write up an advisory article on how to minimize risk, for The Library?

 

[Cyrus Vap]

Should we write up an advisory article on how to minimize risk, for The Library?

that would certainly be a big help to security dummies like myself sir!

 

[unirevolt]

Sending you a PM, will take a few to compose....

N/M - seems as though that's not possible, which I understand.

 

[unirevolt]

There are more than a handful of posts in the neg. reviews, looking back to the beginning of the year, I'm coming across about six posts, with one in common. This could just be coincidence as far as I know. There may be more that haven't posted. I've also been recieving PM's asking if it was "X" company. I do not know. Some have mentioned a different company.

I intentionally didn't name this company, because I have no idea if it was in fact them. I like this company and do not want to cause any potential harm. I use my check card almost exclusively, and rarely carry any cash. I have purchased from a handful of places.

Actually how I found out that it was froze was after trying to buy a bag of chips and soda on my break at a local gas chain store. "Sir, it wasn't accepted." Didn't have the $3 in my pocket to cover it, furious, I walked outside and called my bank.

I have no problem giving my purchase history to a forum admin, or mod, I would rather not make it public record.

 

[oldsoldier]

I've already tasked our resident expert on credit card fraud to start gathering some information for an advisory post.

This subject has come up a lot lately and is important for all consumers, not just vapers.

Some things folks need to understand is that the CC theft industry is huge, multinational and well organized. Millions of credit card numbers have been compromised directly at the source or processing -- yes there are cases of a person stealing a card number at a restaurant when they run the card for the customer, but huge amounts of stolen credit card numbers come from the CC and processing companies themselves.

One recent breach placed 1.5 million cards at risk with an initial estimate that 10 million cards may have been affected.


ETA:
I've also reached out to our suppliers in the hopes that one would be so kind as to post some properly sanitized screenshots showing folks exactly what they do see at their end. A picture is worth a thousand words

 

[oldsoldier]

update: I've already collected one screenshot
Our suppliers do realize that this is something that affects the industry. They would like to go on record as being just as upset about the allegations as those people that have been defrauded.

I'm hoping to gather screenshots from most of the major credit card gateways so as to inform the ECF membership of just what information is shown directly to the suppliers. You have to remember that they are dealing with the banks and processors and are just as much a victim in this as we are.

 

[Killjoy1]

This subject has come up a lot lately and is important for all consumers, not just vapers.

+1 on this. I've had my debit card compromised three times, none of which to my knowledge originated from any sort of online purchase. Most people don't realize just how many people have access to your credit card info without you ever even having to use it.

I think an advisory post is a good idea, just as a general FYI.

 

[salemgold]

I had my CC number stolen over a year ago and I am pretty sure that it was from an online purchase. Since then, I have utilized the option that I have through BOA to create a one time use CC# online through my bank account for every purchase. I set the amount of money that it is good for. It is only good for a one time use so if it were ever compromised, it would not do the thieves any good at all

I have never had another single problem since. I just thought that I would mention this as the option may be available through other banks and may be worth looking into if you did not already know about it.

 

[oldsoldier]

to expand a little further I'll paraphrase an email conversion I have had recently with a Supplier.

In a nutshell he gets hundreds of fraudulent first time orders a month. Usually these are first time customers with a stolen card number. Luckily the processor catches most of these before they are shipped. Many are declined outright (fraud detection at the CC company level) but if one gets through and is shipped he has to eat that one. Oh the joys of doing business online...

 

[the ob]

I just want to add, I had the same thing happen last week. I have no idea who the vendor is in question, but it has happened twice in the last 6 months.

 

[oldsoldier]

so far I have screenshots from two different suppliers that use different processors showing exactly what they receive. When I've gathered them for the most common processors I'll start posting them somewhere so that people can have a little more understanding of how the system works. Our banking and credit card system is a little complicated and over the years less information has been made available to the actual vendor, it is electronically processed, sanitized and the money is placed in "escrow" for them. They only get a "receipt" and have to wait for a payout to their merchant account.

I am over simplifying and over generalizing here on purpose becasue the different gateways and processors have their own specific policies.

 

[unirevolt]

This is all already well understood. No screenshot is neccesary here, I already know my name and xxxxxxxxxxxx1234 7/12.

I'm not wanting to blame any one company. I have however more than hinted at the company that most people seem to think is involved in this. I have purchased there many times. I'm not the guy stating "I ONLY used it here." I used it everywhere.

I know that they are feeling victimized in this as well, as I am cautious to order there again. Or anywhere for that matter. Heck for all I know it could've been taken from PP

 

[unirevolt]

I guess I'm just peeved that this is a first for me, I've seen it happen elsewhere, guess I thought I might have been immune.

Such is life.

 

[oldsoldier]

i think this is a valid subject, The intent here is not to defend the suppliers or badmouth anyone that has been ripped off.

When we have finished the project it will be a sticky that comprehensively covers the credit card transaction cycle and provides insight from both sides of the fence on how to protect yourself.

 

[HawkeyeFLA]

I guess I'm just peeved that this is a first for me, I've seen it happen elsewhere, guess I thought I might have been immune.

Such is life.

It's always a PITA when it happens. I had it happen with a bank account debit card about 5 years ago. Frozen card over the weekend at that. I couldn't even buy lunch at work. I appreciate the proactive protection that most banks use, but it can be annoying and embarrassing when it happens. Luckily a coworker was able to buy my lunch. I do a lot of online shopping these days, but I forage on. If it happens again, it happens. I personally won't stop shopping online.

I do appreciate that ECF is taking this kind of matter seriously tho. Shows that they do care about their users.

 

[Liscab]

I do a lot of shopping on line all the time , I only had problems shopping from american suppliers, since i went back to the Chinese stores paying with paypal all my troubles are gone

 

[jamie]

IMO these things would be helpful:

* A well-moderated thread where folks can post what they know about specific safe shopping cards, virtual cards and prepaid, fees, rules, limits, reputable websites having such lists and comparisons etc. None of my bank and cc companies offer anything and it's been a real chore trying to figure out what websites and options are legitimate, finding their obscured lists of fees, etc.

* A formal effort to narrow down points of failure in the vendor community, whether that be specific vendors or specific shopping cart software or a common merchant/processor. (yes I would provide also, roly)

* For novices provide links to a few excellent sites/forums on computer security, spyware, s/ware recommends. This has long been done to perfection elsewhere.

 

[Yves]

I have had no problems using a CC for purchases on American or any other sites. I have a debit card that is linked to one account only. I put just enough money into that account to cover the purchase I am making, so even if the card was compromised it would decline for any other purchases. Just a thought for some who are having problems.

 

[jamie]

II have a debit card that is linked to one account only. I put just enough money into that account to cover the purchase I am making, so even if the card was compromised it would decline for any other purchases. Just a thought for some who are having problems.

Some accounts will do that. Some will instead pay a legitimate looking transaction and then charge the account-holder a penalty or hold or grab funds from other accounts. If enough bad (fraud-filed) paid or unpaid transactions are made I suspect there would be a risk of being refused further cards or accounts. So while I agree with you it's a better option than nothing, I think there are still downsides.

Either way, glad you haven't been victimized!