Credit Card Fraud - TLG COMPHME

[LukeNM]

We had fraudulent Skype charges on one of our accounts a few days ago. We get notified by email whenever there is debit card activity on our accounts. Had to cancel cards and get new ones which is a big pain. Card has been used recently for ecig purchases, I wish we could compare notes on where...

eBay = Paypal = Skype!

Yesterday we got a call from eDetective to authorize a charge that someone with only our name, phone number and card number was trying to make.

It appears this type of activity might be on e the rise.

 

[voltaire]

I just want to highlight something that's been mentioned, but perhaps not strongly enough. This thread started out with most people speculating that some vendors were the cause of the CC fraud and that some of them might not have the best security. While this may be possible, it is actually FAR more likely that the people experiencing these problems have had the security of THEIR OWN computers compromised. If your computer is not secure (and from my experience, most people's aren't even close) there are all kinds of ways for a virus/trojans/keyloggers to capture your CC info, bank info, Paypal info, passwords, etc. and automatically send them back to the criminals.

If you want to feel safe using your computer, you need to have:
-ALL Windows security updates current
-Virus scanner regularly updated (I use Avira Antivir)
-Firewall s/w that protects programs and network access (I use Outpost)
-Anti-spyware s/w (see below)

For those of you who've had recent problems, at a minimum I'd recommend:
Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com
Install, update, then scan. You might be surprised to find what nefarious programs are lurking on your computer.

I personally use MalwareBytes, Spybot Search&Destroy (with TeaTimer & IE Protection), and Spyware Blaster. I try not to use IE at all, except for doing Windows Updates. I use Firefox with the AdBlock Plus and NoScript plugins. In my experience, not using IE is the single easiest way to avoid problems, although it's security has been improved upon lately. But that's not to say that you won't have problems using Firefox if you don't take all of the above security measures.

I do all my banking, finances, bill paying, taxes, a lot of shopping, etc. online and I've never had a single problem or unauthorized charge on any of my CC's or PayPal.

 

[Lorihalia]

I just want to highlight something that's been mentioned, but perhaps not strongly enough. This thread started out with most people speculating that some vendors were the cause of the CC fraud and that some of them might not have the best security. While this may be possible, it is actually FAR more likely that the people experiencing these problems have had the security of THEIR OWN computers compromised. If your computer is not secure (and from my experience, most people's aren't even close) there are all kinds of ways for a virus/trojans/keyloggers to capture your CC info, bank info, Paypal info, passwords, etc. and automatically send them back to the criminals.

QFE! Viruses are a lot more sneaky than they used to be, I hadn't actively downloaded anything that would have gotten my computer infected through 'traditional' means.

Java based attacks are quite common now.

 

[deitra]

Someone got my debit card number and charged 3hundred6something. All the bank could tell me it was a charge to western union. Really screwed me over. I only use my card online for e cig products. If it is happening to more people on here then we have to make a list of everywhere we order from and a list of every classified/swap purchase then compare, going to start on my list on paper then will post it here. Some people really do suck and now I'm afraid to use my card anywhere online.

 

[deitra]

I dont think it is a vendor causing this. I think it is a hacker who knows how to get around these sights. All they have to do is ping a site and then capture all the packets going and coming. One of my sons is a security expert on pcs.

And no he doesn't live with me. LOL. I think I'd have to shun him if I ever thought he was doing something illegal.

I also use google chrome, never IE.

 

[Quick1]

Mentioned this before but...
It's unlikely that everyone making a list and comparing would produce results.
Even if it did produce results it is unlikely that you would have the data to reasonably statistically point the finger at some location within any reasonable amount of time. like years if ever...
It IS highly likely that, evident by the posts, the finger would erroneously be pointed at a number of the wrong locations.

It could be a compromised site.
It could be credit card/payment software that a lot of the suppliers use.
It could be that the credit card/payment software that a lot of the suppliers use is susceptible to attack or has a vulnerability and IF they get past the PC security they can compromise it.
It could be a 3rd party credit card/payment processor that a lot of the suppliers use.

It could well be NONE of the above and the frequency and distribution of these events has no correlation to e-cigs at all. How many of you out of how many total have had a problem? Is it mostly women? Maybe the perceived commonality is something totally different or maybe there isn't any at all. Let's say all of you that experienced fraud and are keeping a list find that you all visited the same (or a number of) e-cig site(s). Are you then willing to trade credit card statements to see if you all visited the same non-ecig site? How far back? could be some database got hacked that all your numbers are in from a year or two ago...

The way to find your problem is use a different card number for EACH online or phone purchase you make. A number of credit card companies have this feature specifically for online purchases. My Citibank CC has this feature. Instead of reaching in my pocket for my plastic card this little app pops up, I enter my userid and passwd and it generates a new card number. I can view the "virtual" card numbers at any time and it shows the detail record just like a line on my paper statement (yes, I also get a paper statement each month that looks exactly like a regular statement with all my purchases listed like they were all made with my plastic card).

If a number gets compromised I know the exact date and location where I used that number ONE time for ONE purchase.

That's conclusive.

 

[deitra]

Thats a great idea your bank came up with. I only make 600 a month via disability so when a charge of 36?.?? showed up the bank automatically closed my card after the total posted. But I can't file fraud paperwork until it actually clears. I only had 34.50 in my account. I check it online a few times a week. I have only ordered from one site that has no obvious security so I set myself up for fraud. Not on purpose but I won't ever do that again. And it is a popular site. I have very little disposable cash so I only order maybe from 2 sites a month.

This happened to my mom last year and it turned out to be an employee at a call center. Wasn't the companies fault just a greedy employee.

 

[optsmk]

I just want to highlight something that's been mentioned, but perhaps not strongly enough. This thread started out with most people speculating that some vendors were the cause of the CC fraud and that some of them might not have the best security. While this may be possible, it is actually FAR more likely that the people experiencing these problems have had the security of THEIR OWN computers compromised. If your computer is not secure (and from my experience, most people's aren't even close) there are all kinds of ways for a virus/trojans/keyloggers to capture your CC info, bank info, Paypal info, passwords, etc. and automatically send them back to the criminals.

If you want to feel safe using your computer, you need to have:
-ALL Windows security updates current
-Virus scanner regularly updated (I use Avira Antivir)
-Firewall s/w that protects programs and network access (I use Outpost)
-Anti-spyware s/w (see below)

For those of you who've had recent problems, at a minimum I'd recommend:
Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com
Install, update, then scan. You might be surprised to find what nefarious programs are lurking on your computer.

I personally use MalwareBytes, Spybot Search&Destroy (with TeaTimer & IE Protection), and Spyware Blaster. I try not to use IE at all, except for doing Windows Updates. I use Firefox with the AdBlock Plus and NoScript plugins. In my experience, not using IE is the single easiest way to avoid problems, although it's security has been improved upon lately. But that's not to say that you won't have problems using Firefox if you don't take all of the above security measures.

I do all my banking, finances, bill paying, taxes, a lot of shopping, etc. online and I've never had a single problem or unauthorized charge on any of my CC's or PayPal.

This is by far the best reply I have seen to this thread so far. Soooooo many people have infected computers. This is the way that most poeple have their cc and personal info stolen.
If you are a person that has seen unauthorized charges on their cc, I would reacommend that you use malewarebytes ASAP and do a fill scan, then do a full scan with whatever AV program you are using. If the scans turn up positive, then disable your system restore and run full scans in Safe Mode.

 

[Quick1]

This is by far the best reply I have seen to this thread so far. Soooooo many people have infected computers. This is the way that most poeple have their cc and personal info stolen.
If you are a person that has seen unauthorized charges on their cc, I would reacommend that you use malewarebytes ASAP and do a fill scan, then do a full scan with whatever AV program you are using. If the scans turn up positive, then disable your system restore and run full scans in Safe Mode.

Ummm, while this all sounds very dramatic I seriously doubt that more than a fraction of 1% of fraudulent charges made to existing credit card accounts came from the card being stolen off an infected PC. Can you cite a reference?

I am not disputing that very many people have infected computers.
I am not disputing that this is one way for people to have their identity stolen.

But it's just not the source for (two-bit) fraudulent charges to existing credit card accounts. Way over 99% of those come from the information being compromised at the point of sale.

 

[kaymar]

A year ago at month end when we received our checking account statement we realized that we had about $1000 in fraudulent charges via our debit card. I HAD NEVER used this card online. I use CC or paypal for online charges because our checking account links to all of our other accounts. These were to different ecompanies both inside and outside the US. All but one, when I googled, came up with long histories of reported fraud. The bank investigated but we were not privy to their findings. We had to wait for a new card which is a pain but all of our money was refunded. The bank initially did not believe that I had not made purchases online with the debit card but upon reviewing the history it was evident.... which means either it was copied at a local merchant or the security compromise was the banks issue.

 

[optsmk]

Ummm, while this all sounds very dramatic I seriously doubt that more than a fraction of 1% of fraudulent charges made to existing credit card accounts came from the card being stolen off an infected PC. Can you cite a reference?

I am not disputing that very many people have infected computers.
I am not disputing that this is one way for people to have their identity stolen.

But it's just not the source for (two-bit) fraudulent charges to existing credit card accounts. Way over 99% of those come from the information being compromised at the point of sale.

Many times the information is stoled or fraudulently used at the POS. However, there is still cc fraud by malware or other scams on the Internet. So, it is possible to be exposed to scammers by your pc being infected.

Here is a paragraph from this site. Do Hackers Have Your Credit Card? Prevent Online Credit Card and Identity Theft Fraud
Tip #5 - Credit card information can be compromised when your PC is infected with malicious software or spyware. It is recommended that you clean and rid your system of any malicious software with a reputable anti-spyware or anti-virus program. Many spyware threats are able to track your online activity and ultimately steal your personal information which can include your credit card number.

Also, just about every site that makes antivirus software has similar documentation. You could say that it is because they just want you to buy their software and that they are making false claims, but I have seen too many times what spyware and malware can do to a pc and personal information.

Although all fraud is not committed this way, it does happen. Everyone should have some AV and or anti malware software installed on their own pc. If you don't then you should not be using a computer. Since there are so many ways that you can have your cc or other personal information stolen from you and it is beyond your control. At least you can control your own computer to be sure that it is not the source of the problem.

I also read your previous reply to this thread and it is a very good idea. If you use a dofferent cc number at each site, you would be able to figure out where you placed a one time order. That would surely help find where the fraudulant transaction came from.

 

[Quick1]

Yes, malware could technically be used to get your CC but that's not how it's used. If they could get your CC information then they would most likely have access to your identity. Selling your identity is far more profitable than makeing small charges on your existing credit card.

You get a monthly statement from your CC. Generally mailed to your house.
It's your telephone associated with that CC. You are much more likely to notice the fraud a lot sooner if there are some fraudulent charges on the card.

These worms and viruses are targeting/attacking millions upon millions of PCs. They gain access and compromise thousands upon thousands. They are harvesting on a very large scale. If it's identity type of information they are stealing they are selling it on a large scale and then it's being resold. It's not cheap. The end user of that stolen information is not likely to greatly decrease the value of it (or the probability of invalidating it) by making small charges on an existing credit card. Opening new accounts with different addresses and or making very large purchases could be a different story.

The crooks using the worms and viruses to steal confidential information are not stupid and will not kill the golden goose any sooner than necessary. It's the stupid crooks that make these kinds of purchases with stolen numbers which they have usually obtained second hand. It's the point of sale clerks etc that do things like make one or two smallish purchases and then throw it away hoping it goes unnoticed or can't be tracked back to them. The other profile is that your card gets stolen and they buy whatever they can as fast as they can before the CC company turns it off.

And most all of the viruses and worms fall under:
1) creating drones or robot pcs unknown to their owners. With a few hundred thousand of these (purchased in bulk from the virus crooks) you can extort sites for very large sums of money. Things like calling up a large sports book before the super bowl and extorting a few hundred thousand with the threat that you will shut down their site the week before the big game by pointing a 100 thousand pcs at their and they will lose tens or hundreds of millions due to the denial of service (nobody can get to their site).
2) malicious software that does damage to the target data. Just to show that they can or aimed at a particular mfgs stuff.
3) ad or tracking information or redirection.

All this is done on a huge scale. Making a couple of relatively small, fraudulent purchases on a credit card defeats the purpose and pretty much makes something of significant (illegal) value, worthless.

 

[deitra]

Before the fraud took place I had Malware (a must) and Norton. Took Norton off and replaced with Defender Pro. I set it up so nothing can access my pc via the outside realm of my pc without permission. My passwords are so complicated even I can't remember them. They are made with capitol letters, lowercase letters, numbers, and symbols. Each password must contain a good amount of variety. Every pc I have ever owned except my laptop I have built myself. Being in the Poverty class of the US made me very knowledgable about computers so I could own one. The first few I made was from rummaging them from the trash.

I hope this fraud thing doesn't harm anyone else.

Quick1 would you mind explaining a Stealth Virus for everyone. It would take me hours to as I am absentminded and wouldn't want to confuse anyone. Thanks

 

[Daifne]

Quick1,

You are a little out of date on the purpose of infections these days. The prevalence of rogue programs, who's sole purpose is to get you to "buy" them and voluntarily give them your CC info, is proof in itself. They want this info and will proceed to sell it. I have had this done to customers of mine who fell for the rogue software.

The small charges are done to test the card. If they are not caught and blocked (card canceled), then the larger purchases will be made. There are way too many people who don't go over their statements on a regular basis. Myself? I check my transactions online very regularly.

To show how bad this is getting and why I will not browse with any browser without ad blocking software (Firefox and adblock Plus for me) read this article that came out last night:
Malware delivered by Yahoo, Fox, Google ads | InSecurity Complex - CNET News

 

[deitra]

Thanks. It is reassuring to know that you are a merchant and are very informative.

Made sense when I thought it. LOL

 

[Raven_Blackblade]

Geez! You guys have made me insanely paranoid today!! I just went though my last 6 bank statements.... I normally check it everyday, and havent seen anything fraudulent (there was one, but I disputed it with the company itself... she was VERY nice and returned me my money. Especially after I mentioned that I am prior service military who is living off of unemployment.). Thanks for the heads up everyone!

 

[Drozd]

it could even not be online purchases...alot of the new CC and debit cards have that "tap and go" convienience...rfid chips in them...same as the new passports..
Well for about $100 an identity theif can buy the stuff to read and record that information from your card from just passing within 20 feet of you...
Banks and even some stores are even using RFID to see who's coming and going and what their spending habits are..
Either make sure your cards are not RFID capable or get a RFID blocking wallet..

 

[garz]

it could even not be online purchases...alot of the new CC and debit cards have that "tap and go" convienience...rfid chips in them...same as the new passports..
Well for about $100 an identity theif can buy the stuff to read and record that information from your card from just passing within 20 feet of you...
Banks and even some stores are even using RFID to see who's coming and going and what their spending habits are..
Either make sure your cards are not RFID capable or get a RFID blocking wallet..

or just carry a heavy speaker magnets in your pocket to scramble the RFID reader.

 

[thorn]

As far as brick and mortar places go...I make it a habit to NEVER pay for dinner at a restaurant/bar with a credit card if the card will leave my sight. Anybody can copy it in the back room, including the security code and bank name. Never trust your credit line to anybody getting paid half of minimum wage! (waitstaff rely on tips to make up the rest of their legal pay) I only use it at places I run it through the machine myself and if the cashier asks to see it, it is a good idea to cover up the bank name with your fingers if you can.

 

[VaporMadness]

I got a pair of fraudulent charges on my CC not long ago, a first ever for me. Thankfully my CC company's black ice (any body read neuromancer) stopped these charges dead in their tracks, and after a phone call to me, cancelled the card altogether not long thereafter.

I usually don't do many online transactions with my card, but since getting into vaping that has changed. I've also noticed that some ecig suppliers are rather lax in their security practices (sending passwords in plain text for example). These charges were paid to businesses in the pacific northwest. I did take a quick trip to the NW late last year and I did use my card to pay for the hotel and rental car while there.

I'll probably never know the vector thru which my cc number was pilfered, but that number is gone now (after something like 20 years maybe).