CC fraud... would this be viable...

[crxess]

CC theft has little or nothing to do with e-Cig vendors in particular. That would be just about worthless to any real hackers. We just assume vender fault due to Reporting on our forums. Other type forums get the same reports from members and make the same assumptions.
Assuming only lackluster Processors are at fault is also way off base.

Have a read:
How Credit Card Data Is Stolen and Sold - NYTimes.com

This is just one of thousands of articles on just how big the issue is.

 

[MrStik]

No, I am not defending anyone. It just is not prudent to out anyone without any proof. It damages their reputation and their business. How would you like someone blaming you for something you did not do, which cut your income down by 20 or 30%. If it hit home like that, you would understand. Outing someone by name, and being wrong, will do just that to the merchant.

The ones on this list are usually identified by the card companies and the secret service. If there are fraud reports on cards, these entities look for commonalities in all the reports charges, and find that one specific merchant, processor, or what have you, to determine who put the cards at risk. These reports DO get investigated and they happen on a daily basis.

My point to posting this list is to show how often this happens, and how prevalent this issue is. These are just the ones where forensic investigations have determined the cause. I can guarantee you there are probably hundreds more out there that are currently happening that have not yet been narrowed down to the cause.

My wife's card was compromised twice recently, and we have yet to find out where. She was not on any of these sites. But, under this line of thinking, if she had been, she should tell everyone where she shopped and that the site could possibly be breached. This will stop some from shopping at that site, even though her card was breached somewhere locally. Naming names only damages innocent businesses.

20%- 30% is much better than in the long run losing everything because they were compromised. I am not saying anything about putting blame on anyone. But if the evidence that everyone is posting is that the commonality is they are purchasing from a select few ecig Vendors, then that is the first place to look. That is the initial point in which customer CC numbers are handled and that is the best place to start. If I was a vendor, I would greatly appreciate a heads up on a potential gaping hole in security.

If 20 people come into this forum reporting fraud because all of them purchased from a small pool of online ecig vendors, would your first question be to ask if they frequent the same Auto Repair Garage or Nail salon? No, you would look into the common vendors they have. I mean, that makes common sense to me. But that is not to say they are at fault. It may be a common processor that got compromised, but to find that, you need to know who the vendor is, and what processor they use.

To investigate, we all have to start somewhere, but you are telling people to not start with the obvious starting point.

 

[nahoku]

No, I am not defending anyone. It just is not prudent to out anyone without any proof. It damages their reputation and their business. How would you like someone blaming you for something you did not do, which cut your income down by 20 or 30%. If it hit home like that, you would understand. Outing someone by name, and being wrong, will do just that to the merchant.

The ones on this list are usually identified by the card companies and the secret service. If there are fraud reports on cards, these entities look for commonalities in all the reports charges, and find that one specific merchant, processor, or what have you, to determine who put the cards at risk. These reports DO get investigated and they happen on a daily basis.

My point to posting this list is to show how often this happens, and how prevalent this issue is. These are just the ones where forensic investigations have determined the cause. I can guarantee you there are probably hundreds more out there that are currently happening that have not yet been narrowed down to the cause.

My wife's card was compromised twice recently, and we have yet to find out where. She was not on any of these sites. But, under this line of thinking, if she had been, she should tell everyone where she shopped and that the site could possibly be breached. This will stop some from shopping at that site, even though her card was breached somewhere locally. Naming names only damages innocent businesses.

The point is, everyone already knows how prevalent it is. Everyone has already heard everything you're stating. No one here is in denial.

So what your entire case boils down to is ... do nothing. Correct? This is your solution. This is how you would attack this problem.

You are missing the premise of what is being suggested. No one is attempting to blame any vendor. I don't even know how an effort like this would even move forward. I for one would NOT like to see this handled in the general public. I would much rather see this confidentially handled inside a private thread that only allows those who have been compromised to read and input data. In other words, people like you would not even be able to see this thread, much less input any information.

Don't believe for a second that I never considered what damage can be done to a vendor if we blatantly started blaming them for CC problems. On the other side of the coin... who the heck is protecting us? Let me tell you who I think should be protecting us... the vendor!

 

[ScottP]

The reason it is so rampant is because most of these people never get caught. We always hear about where the credit cards were compromised but how often do you hear that an ID thief was actually caught? We need law enforcement to start catching these asshats and locking them up forever as a deterrent.

 

[nahoku]

CC theft has little or nothing to do with e-Cig vendors in particular. That would be just about worthless to any real hackers. We just assume vender fault due to Reporting on our forums. Other type forums get the same reports from members and make the same assumptions.
Assuming only lackluster Processors are at fault is also way off base.

Have a read:
How Credit Card Data Is Stolen and Sold - NYTimes.com

This is just one of thousands of articles on just how big the issue is.

What you're saying is somewhat true. The vendors may not be directly the problem, but they are heavily involved the moment they accept our CC's.

People who've been hacked and reporting here are only a handful at the moment. More than likely, these people probably used common vendors. I've only used nine myself. So perhaps someone else used 10, or maybe 11. If we find out enough information like when the compromise occurred we can whittle those numbers down and perhaps do more investigating into what processors the particular vendors might be using. Then, perhaps contact the vendors with a form letter indicating our findings. None of this needs to be made public.

The CC problem is overwhelming worldwide, but we may have a good chance of success simply because our sample is so small. We're not looking at 77 million customers or 2.2 million credit cards.

 

[wandawag]

possibly this could be a vendor/efc moderator effort. i really hate naming of the vendors, as this hurts their sales, and is not their fault. i do hope a solution can be found that eases everyones tensions about all of this. since it is happening on a daily basis, possibly some other authorities could be brought into it to shed some light on it. if the mods could find out the processors of the vendors and make a common denominator there....that would be the solution i believe. i just don't want vendors run through the mud when it is not their fault.

 

[TinyTimberGal]

1. E-cig vendors have very limited options when it comes to obtaining or changing credit card processors. Oftentimes they're dropped when the companies become aware they sell e-cigs and or e-liquid. Their options are dwindling daily.

2. The only way to truly protect your credit/debit card info online is to not use your credit/debit card to pay for anything online.

3. The only way to avoid credit card data from being stolen anywhere is to use cash.

The bottom line is, use a prepaid card, or get a dedicated card from your bank and load only what you plan to spend.

 

[nahoku]

1. E-cig vendors have very limited options when it comes to obtaining or changing credit card processors. Oftentimes they're dropped when the companies become aware they sell e-cigs and or e-liquid. Their options are dwindling daily.

2. The only way to truly protect your credit/debit card info online is to not use your credit/debit card to pay for anything online.

3. The only way to avoid credit card data from being stolen anywhere is to use cash.

The bottom line is, use a prepaid card, or get a dedicated card from your bank and load only what you plan to spend.

Is this fact, rumor, or speculation? Are you a vendor or in the business? How could a processor not know the business the vendor is in? I mean the name alone should be a dead giveaway.

Vapor Alley
My Vapor Store
Ecig City
Discount Vapors
Vapor Tek USA
RTD Vapor
Got Vapes
Tons more...

I would speculate (although I didn't count) about 200 names alone in ECF Stores list. I can't imagine they're all having a hard time trying to hide their business, much less finding it tough to find a processor. Then again, I'm not in the business, but I do have an inquiring mind!

The bottom line is, use a prepaid card, or get a dedicated card from your bank and load only what you plan to spend.

I certainly agree with this one!

 

[TinyTimberGal]

Is this fact, rumor, or speculation? Are you a vendor or in the business? How could a processor not know the business the vendor is in? I mean the name alone should be a dead giveaway.

Not a rumor or speculation. Do an advanced search for 'vendor credit card processor'.

And no, I'm not a vendor, I've just been here for couple of years .

 

[nahoku]

Not a rumor or speculation. Do an advanced search for 'vendor credit card processor'.

And no, I'm not a vendor, I've just been here for couple of years .

You see... my inquiring mind has been satisfied.

I did do a search, and yes, I see the problem. Unfortunately, I don't see the reason. When places like Authorize.net gives this as a reason... is associated with electronic cigarettes (i.e., "e-cigarettes") or any similar product; or... with no further explanation, there's nothing much anyone can do.

 

[FogHawg]

IMO what will hurt the vendors business worse is for this theft to continue growing unchecked, until ppl simply refuse the risk & stop making online purchases at their sites. I'm sure many already have & the longer this goes on the more ppl will find other options to get their supplies. This stuff can be bought at B&M stores w/in short driving distance in most locales these days so it looks to me like the vendors would be 'all in' on any ideas to fix the problem before it gets any worse. Unfortunately some of them are apparently totally unconcerned.

 

[nahoku]

IMO what will hurt the vendors business worse is for this theft to continue growing unchecked, until ppl simply refuse the risk & stop making online purchases at their sites. I'm sure many already have & the longer this goes on the more ppl will find other options to get their supplies. This stuff can be bought at B&M stores w/in short driving distance in most locales these days so it looks to me like the vendors would be 'all in' on any ideas to fix the problem before it gets any worse. Unfortunately some of them are apparently totally unconcerned.

This is true, and it will happen... more people will certainly get hit and yes, they will start going elsewhere. I for one will no longer use a CC for any ecig vendor. This is not to say I won't shop online for ecigs... I just won't use a CC. I will probably also go to more B&M establishments. I actually went to one yesterday and purchased a Kick for $45. Comparable price to online, but I had to deal with a very rude girl who never even acknowledged my existence in the store, nor even thanked me for the purchase! I Yelp'd my experience to thank them!

 

[PaymentsExpert]

You see... my inquiring mind has been satisfied.

I did do a search, and yes, I see the problem. Unfortunately, I don't see the reason. When places like Authorize.net gives this as a reason... is associated with electronic cigarettes (i.e., "e-cigarettes") or any similar product; or... with no further explanation, there's nothing much anyone can do.

I also don't see the reason. I can process for them, and one of my main reasons to be here is to try and figure out why others can't. I am in the business, and can't come up with a good reason why so many have shut down eCigs. And no, I have not marketed my programs here, and that is not my intention. I have learned a lot about vaping by reading a lot of blog posts recommended by others. I've been analog free since April 25th, 2012, and have been vaping ever since. I have no desire to ever go back, and actually, have not even wanted one since.

 

[cags]

I also don't see the reason. I can process for them, and one of my main reasons to be here is to try and figure out why others can't. .........

I have read (where, when I don't know) that the govern, or maybe the fda at some point warned cc companies or processors that ecigs were being looked at and were trouble. I don't think I'm making that up!

everyone should ask their CC providers to offer a virtual # (like citibank) or a shopsafe option (like bank of america) why can't the CC companies help with this problem? the only time our # got stolen was at a restaurant,

 

[uzer]

Three new cards... all three compromised three months in a row. The first one was a replacement card, same number but with a different exp date and different ccv. I spotted the fraud immediately, cancelled the card, and was issued a new card and number. The following month, almost to the day, more fraud. This time I had narrowed the possible sources of a breach. Third month, new card from a different company gets fradulent charges....

So I'm down to two sources, and a buddy of mine tells me about all the woes here recently in the ecig community. It was actually not the one I suspected as the source of my fraud nightmare (btw I only use one ecig/juice vendor and the other source is my insurance company). It just so happens that my vendor here now has a post saying how they have done tons of security evaluations, and although nothing is broken, they've decided to upgrade their system and switch processors. Just to be on the safe side... REALLY, no evidence of anything wrong with the system but we're upgrading the whole thing AND switching processors???? To me, it's a red flag.

I don't buy the whole 'before you point fingers, its probably a POS vendor at a local establishment' thing. My card didn't exist last month, and it hasn't been swiped anywhere. Now the vendor did always have a secure checkout, so maybe the gateway is the culprit. Either way don't blow smoke up my wazoo and tell me all is good when you probably have more of an idea what the heck is going on than most people here. It just makes you lose credibility. I would recommend everyone here file a report with the FTC disclosing all sources they suspect from which the fraud could be coming. They will not investigate individual claims, but when they see a group of claims, they are more likely to investigate, track down the REASON for the breach, and hopefully make any who were negligent pay for their lack of diligence. I don't care what they are selling. If they profit off of my business, they have a responsibility.

Here is the link to the FTC.
https://www.ftccomplaintassistant.gov

They may be the only people willing to get to the bottom of this. The vendor(s) and/or the processor(s) are not coming forward, and my bank didn't seem to care beyond making the ultimate victims (the companies who received a fraudulent charge with my card) pay me back. My local police department wouldn't even file a report.

 

[Uma]

One problem here is people say - I only used this card online at Xxxx. But they never mention using it at Yyy resturant or to buy Gas or at the local Grocery/hardware/etc. where most card information is stolen.

Oh wow, this is so true! Even I fit that bill. My Wamart CC was used only once, because I've been adding my vaping allowance to it for a few larger purchases for a few lists I'm on. (was on ) So I KNEW it could have only been hacked from the ONE transaction I had online. Obvious right. Wrong!
After reading your post quoted above, a flashback hit me hard. Hubby used my cc to get a propane bottle filled at the local station before hurriedly hurrying off to work. I had totally forgotten about that. It was a spur of the moment, unusual event.
And here I was soooooo sure of my one and only transaction.

 

[NickyBlade]

Add me to the list of people who were frauded...