CC fraud... would this be viable...

[nahoku]

In light of the CC fraud incidents being reported here, would it be a viable effort to list the vendors that were involved with people who have had their CC hacked prior to when the fraud occurred? Now before anyone goes off on this, the reason is NOT to blacklist any one vendor, but to possibly help identify commonalities so that a possible vendor(s) can be identified and notified to look into the matter at their end.

I've been shopping on-line for more years than I can remember and have never had a CC problem. Within the last 5 months shopping for ecig merchandise, I've already been hacked. This is just too coincidental to overlook and I'm sure the other people who have also been hacked might agree. And yes, I've heard that it would be hard to pinpoint a time frame for when someone might steal and use a CC, but again, I never had a problem for years and now... in just 5 months?

Imagine the worst case that whoever is hacking our CC's is actually monitoring some vendor's website for every transaction going through. If the vendor doesn't have top notch security in place, that could be very bad for anyone shopping there. If I were a vendor, I would surely like to see any information that could help to secure my site so I don't lose customers.

This is just a discussion of the viability of such an effort and not a place to start posting vendors. Perhaps another thread could be opened where vendors would be listed by only those people who have had their cards compromised.

Note to Moderators... I thought about posting this in the Lounge, but I felt it would be more beneficial if posted to the General viewership.

 

[FACE MEAT]

There is a thread regarding credit card fraud and how it's likely not the online vendor's fault that fraud occurs. The original poster has some good insight into how this type of fraud occurs. Give it a read.

http://www.e-cigarette-forum.com/forum/general-e-smoking-discussion/411835-card-fraud-before-you-blame-online-retailer.html

 

[MikeA5]

I think that the online vendors registered here on ECF should band together and pick one or maybe two CC processors that they think is the most reliable to use and see if the CC fraud still occurs. If the CC fraud continues that CC processor should be eliminated for ecig CC purchasing. Honestly though I don't think they will ever do this because of the amount of time they may have to shut down their site to implement the new CC processor to integrate into their site. I think, though, if the vendors loose enough money from decreased online sales due to CC fraud they may actually consider doing something of that sort.

 

[nahoku]

There is a thread regarding credit card fraud and how it's likely not the online vendor's fault that fraud occurs. The original poster has some good insight into how this type of fraud occurs. Give it a read.

http://www.e-cigarette-forum.com/forum/general-e-smoking-discussion/411835-card-fraud-before-you-blame-online-retailer.html

Yes, I already read that thread. However, if we can identify which vendor(s) might have a processing problem, and then identify the processor, then maybe we can have them fix this issue. You have to admit, so many reports in such a short span of time should be investigated deeper. We can't do that unless we can find out who might be involved so we can contact them.

 

[nahoku]

I think that the online vendors registered here on ECF should band together and pick one or maybe two CC processors that they think is the most reliable to use and see if the CC fraud still occurs. If the CC fraud continues that CC processor should be eliminated for ecig CC purchasing. Honestly though I don't think they will ever do this because of the amount of time they may have to shut down their site to implement the new CC processor to integrate into their site. I think, though, if the vendors loose enough money from decreased online sales due to CC fraud they may actually consider doing something of that sort.

I don't believe this is widespread across all vendors... although it could be if all are using the same processor. It could be that only a handful of vendors are involved. Personally, I've only dealt with 9 vendors and I got hacked. Out of those 9, several of them have been a one time transaction only.

I really think we need to narrow it down somehow before more people get hit with this.

The other option, and I think not a good one, is do nothing on this forum but discuss how we're getting hacked and how we shouldn't blame the vendors. This amounts to doing nil in my book!

 

[iceman68]

In light of the CC fraud incidents being reported here, would it be a viable effort to list the vendors that were involved with people who have had their CC hacked prior to when the fraud occurred?

I think you have a good idea. However, after reading through a lot of these threads, I gather that the Moderators don't want negative posts about vendors because they aren't able to defend themselves on this forum. Plus, in most if not all cases, we can't be 100% sure that the CC fraud occurred with any one vendor due to several purchases with various vendors. So pointing fingers at one specific vendor could be unnecessary and unfair.

I agree that it's just too coincidental to have been hacked at this time, after making e-cig purchases, and not having any problems in the past. Same thing happened to me.

It would be nice to compile some sort of list to try and find a common denominator, but is it possible, practical, worthwhile? The thieves will always be out there. Maybe it is up to each of us to take steps to ensure our own security, whatever those steps may be.

 

[MrStik]

I think you have a good idea. However, after reading through a lot of these threads, I gather that the Moderators don't want negative posts about vendors because they aren't able to defend themselves on this forum. Plus, in most if not all cases, we can't be 100% sure that the CC fraud occurred with any one vendor due to several purchases with various vendors. So pointing fingers at one specific vendor could be unnecessary and unfair.

I agree that it's just too coincidental to have been hacked at this time, after making e-cig purchases, and not having any problems in the past. Same thing happened to me.

It would be nice to compile some sort of list to try and find a common denominator, but is it possible, practical, worthwhile? The thieves will always be out there. Maybe it is up to each of us to take steps to ensure our own security, whatever those steps may be.

Many of the Vendors are already on here, and there is a feedback forum for negative ratings for vendors, so that leads me to believe that the moderators here are ok (to some extent) to negative feedback on vendors.

I agree with you that we should take measures to ensure our own personal information is safe, but how far does that go when a vendor is either negligent or unaware and our information we trust them with gets compromised?

 

[nahoku]

I think you have a good idea. However, after reading through a lot of these threads, I gather that the Moderators don't want negative posts about vendors because they aren't able to defend themselves on this forum. Plus, in most if not all cases, we can't be 100% sure that the CC fraud occurred with any one vendor due to several purchases with various vendors. So pointing fingers at one specific vendor could be unnecessary and unfair.

I agree that it's just too coincidental to have been hacked at this time, after making e-cig purchases, and not having any problems in the past. Same thing happened to me.

It would be nice to compile some sort of list to try and find a common denominator, but is it possible, practical, worthwhile? The thieves will always be out there. Maybe it is up to each of us to take steps to ensure our own security, whatever those steps may be.

Again, the effort is not to blacklist any vendor. The Moderators also have to understand the premise of what this investigation is all about. This is a forum, and if you search it, you will find many posts to the effect that such and such products suck. These posts also name the products... such as Provari, Vamo's, Volcano juices, etc, etc. While these comments may simply be viewed as opinions, they also do name the products, and the makers of these products cannot defend themselves here. I guess what I'm hoping for is that we in the forum have the freedom do something for the better good of all involved. If we don't do something, then who's going to do it for us? Prime example... we could talk about ecig regulations all day, but if not for the efforts of CASAA, then all that talk would basically amount to nothing and ecigs would now be illegal in many states.

Right now, there are only a few people who've been hacked. Gathering data shouldn't be that difficult. It would involve people actually calling their card companies to find out what date the hacking occurred, so they could possibly discount some data points. For example, I got hacked on Apr 29... I also made some purchases on May 1st... and that purchase was from a vendor I never used before... which means that vendor is not even involved with my particular hacking. Of course this is not to say that this same vendor won't show up on someone else's list.

I really have no idea what it would take to accomplish this effort... that's why I threw it out into the forum. I also am not sure if it would be against ECF's TOS to undertake this effort here. Moderator's please discuss and chime in.

By the way, I do agree with a lot of what you say. Is this really worthwhile, practical, etc? For me, or rather us, it's too late. So why am I so concerned about it... I really don't know. One thing I do know for sure is that this forum will be seeing more new posts about someone's CC being hacked... and it's all going to be tied to some ecig vendor's website/processing.

In the end, whatever is decided by ECF I will follow without question.

 

[nahoku]

Many of the Vendors are already on here, and there is a feedback forum for negative ratings for vendors, so that leads me to believe that the moderators here are ok (to some extent) to negative feedback on vendors.

I agree with you that we should take measures to ensure our own personal information is safe, but how far does that go when a vendor is either negligent or unaware and our information we trust them with gets compromised?

The hope is that any information garnered from this investigation can be passed to the vendor(s). I would also hope that if the vendor would like to continue serving this community, he would take seriously that we need them to have secure websites/processing. Open communication with the vendor(s) must be maintained and being unaware or negligent cannot be accepted as an excuse. Vendors need to be diligent in security matters concerning our personal information. It's also their business that's at stake here.

 

[crxess]

One problem here is people say - I only used this card online at Xxxx. But they never mention using it at Yyy resturant or to buy Gas or at the local Grocery/hardware/etc. where most card information is stolen.

 

[iceman68]

nahoku, let me reiterate, I think your idea has merit and I hope an effort can be made to shed some light on this issue. In my previous post I was just voicing what I thought could be some stumbling blocks. As MrStik mentioned there is already a negative feedback forum here pertaining to vendors(I wasn't aware of this as I am new here). Maybe this CC fraud issue could be considered an extension of that somehow.

You are right when you say if we don't help ourselves, no one else is going to do it for us. If the Moderators allow it, and members who've been hacked chime in with their information, then maybe data could be collected and a pattern determined. Although wouldn't someone have to keep track of and study all of the data in order to reach some kind of conclusion? It seems like that would be an overwhelming task which leads me to wonder if it could be done. Of course, I'm a die-hard pessimist so I always lean that way.

Bottom line is I DON'T WANT TO GET HACKED AGAIN! If something can be done that leads to heightened awareness and better security - I'm all for it. Any effort to prevent CC fraud will benefit all of us.

 

[nahoku]

One problem here is people say - I only used this card online at Xxxx. But they never mention using it at Yyy resturant or to buy Gas or at the local Grocery/hardware/etc. where most card information is stolen.

True. However, for over 20 years that I've used my card, I've never got hacked. Within 5 months... well actually 4.x months... of using it for ecigs, I got hacked. The number of reports here in this single forum is alarming to me. I've been a member of numerous Photo forums, and several car forums and have never seen so many reports. True that it would be difficult to nail down the data, but what else can we do? Should we not even try?

 

[2nd chance]

I think that the online vendors registered here on ECF should band together and pick one or maybe two CC processors that they think is the most reliable to use and see if the CC fraud still occurs. If the CC fraud continues that CC processor should be eliminated for ecig CC purchasing. Honestly though I don't think they will ever do this because of the amount of time they may have to shut down their site to implement the new CC processor to integrate into their site. I think, though, if the vendors loose enough money from decreased online sales due to CC fraud they may actually consider doing something of that sort.

In a world made of gum drops and rainbows that may work, and its a great idea, but that would mean others would be dictating who vendors use for their merchant accounts, I just don't see that happening.

 

[FogHawg]

Yep there is something going on that is related to (at least some of) the e-cig vendors. There are just way too many cases being reported where the victim had been making online transactions for years w/out issue, & then suddenly gets hacked after a purchase from an e-cig site. And I agree that using whatever means available to find a common denominator is a good idea. What if just one CC processor is involved? Unlikely I know, but how would we know if data isn't compared?

 

[nahoku]

nahoku, let me reiterate, I think your idea has merit and I hope an effort can be made to shed some light on this issue. In my previous post I was just voicing what I thought could be some stumbling blocks. As MrStik mentioned there is already a negative feedback forum here pertaining to vendors(I wasn't aware of this as I am new here). Maybe this CC fraud issue could be considered an extension of that somehow.

You are right when you say if we don't help ourselves, no one else is going to do it for us. If the Moderators allow it, and members who've been hacked chime in with their information, then maybe data could be collected and a pattern determined. Although wouldn't someone have to keep track of and study all of the data in order to reach some kind of conclusion? It seems like that would be an overwhelming task which leads me to wonder if it could be done. Of course, I'm a die-hard pessimist so I always lean that way.

Bottom line is I DON'T WANT TO GET HACKED AGAIN! If something can be done that leads to heightened awareness and better security - I'm all for it. Any effort to prevent CC fraud will benefit all of us.

You didn't need to reiterate. I understood your post. Sometimes when I reply to someone with a quote, I'm not only replying to that person, but also to anyone who might read my reply. If it seems I didn't understand you, or asked you questions, don't mind me, I'm a weird poster! I'm like you too... I'm kind of a born pessimist... but with my aging, I've more so turned into a realist as I've found my pessimism was correct!

Yep there is something going on that is related to (at least some of) the e-cig vendors. There are just way too many cases being reported where the victim had been making online transactions for years w/out issue, & then suddenly gets hacked after a purchase from an e-cig site. And I agree that using whatever means available to find a common denominator is a good idea. What if just one CC processor is involved? Unlikely I know, but how would we know if data isn't compared?

Yes, I was thinking the same thing... what if it's only one CC processor causing all these problems?

 

[nahoku]

This is an ECF advanced search RESULT for the word "fraud" over the last 60 days (you will have to be logged in to see it). You can discount a few threads as they're just discussions. For the threads that are actually reporting frauds, the important thing to note is that within these threads are people reporting they have also been defrauded... apparently a lot of them haven't created their own threads. CC fraud may be more wide-spread than it appears on the surface.


EDIT... apparently, the search result can only be accessed in a current session. If you're interested, you'll have to do an advanced search yourself

 

[PaymentsExpert]

Credit card fraud is rampant. Everywhere. Not just online.

Some recent known, reported breaches of card info, by report date:
April 2013 Gomez Gasoline and Automotive, California
April 2013 Wawa, New Jersey
April 2013 Schnucks Markets (2.4 million cards)
April 2013 Works Bakery Cafe, Maine
April 2013 Shoplet.com, NY
April 2013 Tennis Express, Tx
March 2013, Unnamed restaurant in Hawaii
March 2013 Fabric Depot, OR
Feb 2013 INformation Handling Services, CO
Feb 2013 Sprouts, AZ
Feb 2013 Hotusa Group
Feb 203 Kork and Keg, IN
Feb 2013 Haagen-Daz, FL
Feb 2013 ATMs in NJ, IL and WI - Skimming devices
Feb 2013 Talk Fusion, FL
Feb 2013 McDonald's, Shogun Japanese Restaurant, Krystal, Polished Nail Salon - Skimmers used by employees
Feb 2013 Thorlo, NC
Feb 2013 Bashas', Lake Havasu City and Pinal County

These are just the last few months of reports. I got this from http://www.privacyrights.org/data-breach?order=field_breach_total_value&sort=desc if anyone is interested.

Bottom line, CC fraud is everywhere, and unless you ONLY used your card at a specific vendor, than it would be very unfair to name that vendor and damage their reputation without proof of a compromise at their location.

 

[nahoku]

Credit card fraud is rampant. Everywhere. Not just online.

Some recent known, reported breaches of card info, by report date:
April 2013 Gomez Gasoline and Automotive, California
April 2013 Wawa, New Jersey
April 2013 Schnucks Markets (2.4 million cards)
April 2013 Works Bakery Cafe, Maine
April 2013 Shoplet.com, NY
April 2013 Tennis Express, Tx
March 2013, Unnamed restaurant in Hawaii
March 2013 Fabric Depot, OR
Feb 2013 INformation Handling Services, CO
Feb 2013 Sprouts, AZ
Feb 2013 Hotusa Group
Feb 203 Kork and Keg, IN
Feb 2013 Haagen-Daz, FL
Feb 2013 ATMs in NJ, IL and WI - Skimming devices
Feb 2013 Talk Fusion, FL
Feb 2013 McDonald's, Shogun Japanese Restaurant, Krystal, Polished Nail Salon - Skimmers used by employees
Feb 2013 Thorlo, NC
Feb 2013 Bashas', Lake Havasu City and Pinal County

These are just the last few months of reports. I got this from Chronology of Data Breaches | Privacy Rights Clearinghouse if anyone is interested.

Bottom line, CC fraud is everywhere, and unless you ONLY used your card at a specific vendor, than it would be very unfair to name that vendor and damage their reputation without proof of a compromise at their location.

No one here is so ignorant that they don't understand fraud is prevalent in the world. Who doesn't know this? To list a bunch of data not specifically tied to the current events in this forum is really irrelevant don't you think? You think you need to "prove" that fraud exists?

We're talking about current events being reported here by people who, for years, have had no problems until they started using ecig vendors. Does that account for anything? Does it smell like there's a rat in the ecig house? This is what we're trying to find out.

There is no "bottom line" to this unless you want to just close your eyes and walk away. We are NOT trying to damage anyone's reputation nor be unfair to any vendor(s). Any investigation MUST include open communication with the vendor(s) so they understand the gravity of the situation.

This is how I see it... Unless something is done to curtail the CC problems, the numerous CC reports being reported now, and in the future, will cause more damage to online vendors overall because soon NO ONE will know WHO to trust. You can read it in the atmosphere of the posts here. People are worried, and rightfully so.

 

[MrStik]

Credit card fraud is rampant. Everywhere. Not just online.

Some recent known, reported breaches of card info, by report date:
April 2013 Gomez Gasoline and Automotive, California
April 2013 Wawa, New Jersey
April 2013 Schnucks Markets (2.4 million cards)
April 2013 Works Bakery Cafe, Maine
April 2013 Shoplet.com, NY
April 2013 Tennis Express, Tx
March 2013, Unnamed restaurant in Hawaii
March 2013 Fabric Depot, OR
Feb 2013 INformation Handling Services, CO
Feb 2013 Sprouts, AZ
Feb 2013 Hotusa Group
Feb 203 Kork and Keg, IN
Feb 2013 Haagen-Daz, FL
Feb 2013 ATMs in NJ, IL and WI - Skimming devices
Feb 2013 Talk Fusion, FL
Feb 2013 McDonald's, Shogun Japanese Restaurant, Krystal, Polished Nail Salon - Skimmers used by employees
Feb 2013 Thorlo, NC
Feb 2013 Bashas', Lake Havasu City and Pinal County

These are just the last few months of reports. I got this from Chronology of Data Breaches | Privacy Rights Clearinghouse if anyone is interested.

Bottom line, CC fraud is everywhere, and unless you ONLY used your card at a specific vendor, than it would be very unfair to name that vendor and damage their reputation without proof of a compromise at their location.

That would be REALLY handy if I had gone to one of those places..... Just curious. Do you know how those places got placed on such a prestigious list? More than likely users who noticed fraud reported it, investigated it, and assisted with fraud control depts to determine where the fraud occurred. According to your postings here, you love to defend just the online vendors. That is fine, but it also seems you think all the vulnerability falls in B&M locations. Sure, Skimmers and unethical employees make such locations vulnerable, but so are many smaller less secure online vendor sites.

There are some in this community who want to band together and try to make sense of the rampant fraud going on. The first rule of troubleshooting is to find patterns and commonalities. I am sure most of the people here do not frequent the same B&M locations, restaurants, and gas stations. But what they do have in common are online purchases. And since this is a E-cig site, a very common pattern is E-cig online vendors. And for all we know, it may not be vendor, but possibly a common processor, or domain owner... But to get to that, we need to look at the first contact, and that is the Vendor.

 

[PaymentsExpert]

No, I am not defending anyone. It just is not prudent to out anyone without any proof. It damages their reputation and their business. How would you like someone blaming you for something you did not do, which cut your income down by 20 or 30%. If it hit home like that, you would understand. Outing someone by name, and being wrong, will do just that to the merchant.

The ones on this list are usually identified by the card companies and the secret service. If there are fraud reports on cards, these entities look for commonalities in all the reports charges, and find that one specific merchant, processor, or what have you, to determine who put the cards at risk. These reports DO get investigated and they happen on a daily basis.

My point to posting this list is to show how often this happens, and how prevalent this issue is. These are just the ones where forensic investigations have determined the cause. I can guarantee you there are probably hundreds more out there that are currently happening that have not yet been narrowed down to the cause.

My wife's card was compromised twice recently, and we have yet to find out where. She was not on any of these sites. But, under this line of thinking, if she had been, she should tell everyone where she shopped and that the site could possibly be breached. This will stop some from shopping at that site, even though her card was breached somewhere locally. Naming names only damages innocent businesses.