CCFraud/nic supplier

[trentenmarschel]

Yup, no worries. I get that it's a policy. I'm just used to musicians forums and we let people know with a quickness when something is going down. IMHO and experience it doesnt hurt the businesses rep unless it becomes a habit or there are other issues with the company.

With a lot of people buying right now If we can't be sure it's a specific vendor/vendors and someone starts naming them, then others might not want to buy from them. It could be a MASSIVE MasterCard data breach for all we know. But until it's confirmed we can't really go bashing on the specific suspected vendors.

 

[r77r7r]

Anyone else?

 

[trentenmarschel]

If you order juice supplies from vendors any time soon just make sure you don't store your card information in their system. Also check your bank statements to be sure the correct charges were processed and that nothing else goes through that you didn't authorize.


At least my bank was nice enough to give my back my money. Be sure to call your bank and not rely on them to catch everything.

 

[usastratsu]

With a lot of people buying right now If we can't be sure it's a specific vendor/vendors and someone starts naming them, then others might not want to buy from them. It could be a MASSIVE MasterCard data breach for all we know. But until it's confirmed we can't really go bashing on the specific suspected vendors.

I agree, but I don't consider it "bashing vendors". I view it as a PSA for the community.

 

[retired1]

I agree, but I don't consider it "bashing vendors". I view it as a PSA for the community.

Far too often, that supposed "PSA" is wrong and has far reaching effects on the innocent.

This is why we do not allow the naming of suspected companies. Now, if you're an established security researcher and can display proof of a compromise, we'll definitely take that into consideration.

 

[Eskie]

It used to be you had to wait until you received your statement each month to review your charges and payments. Now, with the ability to log on to your cc issuer and check your activity you can spot fraud much faster, and allow your bank to take action before nasty stuff can start to accumulate. I routinely check my activity to see what's going on (as well as how much money I spent).

The only time I ever had a fraudulent transaction was years ago when a sales clerk made multiple imprints of my card in back of the store while I was paying for an item (that was in the day where cc slips were imprinted and filled in manually, the stone age of shopping).

If you do see a fraudulent transaction, contacting your vendor/supplier/whoever is still a good idea in case they do have a breach and are not yet aware of it. You could save other customers from the same issue. And while there'a always the chance the vendor might be at fault because of poor security implementation, it can still happen with the tightest controls in place if a hacker is determined enough.

 

[r77r7r]

I started this thread with the intention of gathering information to alert a supplier. Give them a heads up. I'm starting to think that it's not my job, and not my business.

 

[trentenmarschel]

I started this thread with the intention of gathering information to alert a supplier. Give them a heads up. I'm starting to think that it's not my job, and not my business.

Lol I've already done that. IMO the ball is in their hands on what they decide to do with the information. It's the weekend so probably nothing will happen until next week. But now that they are alerted to the situation, maybe they can comb through their servers and check logs and firewalls to see if anything fishy has happened. If they start getting calls from more customers that essentially say the same thing then that will continue to build on the possibility that they had a security breach.

It's good that you created this thread, because if others order and get the same type of fraud charges in the same range of time, then that will start to build on the evidence. But as it stands now there really isn't enough to point out any specific place. At least not yet. I'm looking for at least 10 or more of us that have the same charges with the same circumstances. Right now the score is at 2.5/10.


Also just found this site for looking at recent security breaches.

 

[penstyle]

Chase blocked a charge and emailed me and called to find out if it was me just today. Like others I have been buying the sales from on line vape shops including nic.

Just be careful out there and keep an eye on your money.

 

[searcher]

My credit card was just used by someone in NYC. I only use that card online and then only with Paypal with the exception of 3 orders in the last year from vapeshops for nic and flavorings. That kind of points to one of the shops. Could have come from any one of the three, but one of them was in New York. I hope my CC company is able to track them down.

 

[leftyandsparky]

Scary

 

[trentenmarschel]

So just got off the phone with the vendor. She said the owner had their IT guy look into it over the weekend, and they also spoke with their card processor. They were not able to find any security breach. They said they use a 256bit encryption on the card information. When a purchase is made all the card info but the last 4 numbers on the card are dumped and not stored in their servers. They said they have seen 3 examples of this same type of fraudulent charges, but the charges never originated from the same place. One example was a charge that originated in Florida and not in the state that the vendor operates from.

That information along with what I was able to collect points to this not being a single breach with a couple vendors. It is most likely something bigger like a mass card information breach. Think of the big Target data breach. Some of these charges could be from card info that was taken in something like that hack. Also when you use WIFI, all the bits of web traffic are sent to and from your computer. It is possible for someone to hack your WIFI network and sit outside in a black van and use a packet sniffer type software and capture those bits of data. If they do this long enough and you happen to use an unsecured webpage to enter card information on, they can get your card information this way.

There are hundreds upon hundreds of ways that card information can be stolen these days. We'll probably never know how these recent hacks were conducted, but the only thing you can do is use secure networks, and always use sites that are Https to enter card information on. Also like I mentioned before ALWAYS check your bank pages often and make sure nothing fraudulent is going through. Even using the best security measures, if someone is determined enough they can hack the most secure networks so prevention is harder. This is why it is important to routinely check your bank statements.

 

[leftyandsparky]

Thank you for taking the time to give a update. It made me nervous when I read it Saturday and wanted to place a order.

 

[r77r7r]

Good enuf. I was just concerned for the supplier. Buuut, I wanted to order more goods from him and I'm not sure that'd be a good idea. I have the trust, but I think my CC supplier wouldn't think highly of the idea.

Thanks for following through.

 

[trentenmarschel]

Just saw this on the news too. You just can't tell which hack resulted in your card getting breached.

Data Breach At Oracle’s MICROS Point-of-Sale Division

 

[trentenmarschel]

Dang my Credit card just got hacked as well. Now I have to call for a new card as well for them. This is getting annoying.

 

[Eskie]

Just saw this on the news too. You just can't tell which hack resulted in your card getting breached.

Data Breach At Oracle’s MICROS Point-of-Sale Division

Well that's a bad breach. Worse than a large single vendor like Target.

 

[trentenmarschel]

Well that's a bad breach. Worse than a large single vendor like Target.

Crap, I just got off the phone with capital one, and they have to read back to me each fraud charge that they blocked and confirm them with me. Took like 20 minutes to read them all off. There were at least 30 charges they blocked ranging from $1- $500. They were from like all kinds of places like New York, Or some walmart.com charge for $285. I think this has something to do with one of those big Point of sales breaches and not a specific vendor. If that was the case then 2 vendors were hacked on different days and I just happened to be the one to buy from them on those days. I don't think that is likely. Now I am without any cards. .

 

[leftyandsparky]

Crap, I just got off the phone with capital one, and they have to read back to me each fraud charge that they blocked and confirm them with me. Took like 20 minutes to read them all off. There were at least 30 charges they blocked ranging from $1- $500. They were from like all kinds of places like New York, Or some walmart.com charge for $285. I think this has something to do with one of those big Point of sales breaches and not a specific vendor. If that was the case then 2 vendors were hacked on different days and I just happened to be the one to buy from them on those days. I don't think that is likely. Now I am without any cards. .

I'm sorry you are going through that. We will be checking our cards and acc. this evening when hubby gets home.

 

[satchvai]

I got hacked too. Capital One was on top of it and notified me in almost real time.