That's why you just can't beat virtual card numbers for online purchases. You can use a different card number for every single transaction and that number will only be valid for at most 2 months. That way of you find fraudulent charges on your bill you can see which number was used and if it was a virtual one you can pinpoint exactly where it was compromised.
- Status
That's why you just can't beat virtual card numbers for online purchases. You can use a different card number for every single transaction and that number will only be valid for at most 2 months. That way of you find fraudulent charges on your bill you can see which number was used and if it was a virtual one you can pinpoint exactly where it was compromised.
I contacted two major credit card companies. One never offered a temporary/one time use number and the other discontinued them 3 years ago. Both said they had a no hassle charge removal if a problem came up. 'Course they're both stupid as it IS a hassle to cancel one card number and wait for a replacement.
LOL, that will also render your credit cards useless as well!or just carry a heavy speaker magnets in your pocket to scramble the RFID reader.
citibank. Says "platinum select" on the card but I don't know if some of theirs have it and some don't. There is an app you can run off their website on public computers or you can download and install it on your own. It's really pretty well done. If you leave it in your system tray it pops up when it detects a CC form on a web site. You log in and one of the options is to generate a number. The popup looks like a CC and they fill in the number, ccv and exp date. and it will auto-fill the form if you want. You do have to login each time so you do have to be online.
I have been compromised once before with a monthly trickle on my bank account, and it had nothing to do with ecigs. As a government software engineer, ecommerce developer of many sites, and an administrator to several servers, I live by a couple of rules:
1. Antivirus and Malware protection always up to date.
For the comments that these are not being used to collect your credit card information, that is completely false. Many developers of malware these days are interested in trickle, potentially unnoticed bleeding of accounts. If 1000 PCs can be infected (which is extremely low for a true infection) at $10-$15 bleed per account, the author has effectively smuggled $10,000-$15,000 per month into their own account. Not so small when you figure most viruses and malware infect hundreds of thousands of PCs. Even if 50% of the users actually notice the charge, they have still made a huge chunk of change. Most of the time the offenders are overseas where it is harder to locate and prosecute (i.e. China has the largest hacking industry).
2. Don't store your credit card for future use.
Sure, most of the time it is encrypted and stored in some sort of a hash table, but if you really want to be secure, then you won't give the hacker something to look for. There is no way to verify that the vendor is ACTUALLY encrypting it, let alone the true security of their site (aside from trying to hack it).
3. Look at the site you are paying on, and look at the links you are clicking on to get there.
By now, most people should realize that somesite.something.paypal.com is legit whereas somesite.paypal.com.com or somesite.paypal.something.com is not (it must always end with [legit-site].[legit-extension]). Even if the second sites take you to the same place, they may be initiating scripts to capture your keystrokes as you are paying. This is why I rarely recommend clicking ANY links in your e-mail. If you need something from a site, go to that site directly.
4. Look for the little lock symbol (ensure the payment portion of the site is secure).
If you're really concerned, look at the certificate and make sure it belongs to a company you trust.
These tips should cover everything from the concerned to the extremely paranoid. I don't often check out certificates of trust myself, but it's not a bad idea if you're truly paranoid in regards to your security.
1. Antivirus and Malware protection always up to date.
For the comments that these are not being used to collect your credit card information, that is completely false. Many developers of malware these days are interested in trickle, potentially unnoticed bleeding of accounts. If 1000 PCs can be infected (which is extremely low for a true infection) at $10-$15 bleed per account, the author has effectively smuggled $10,000-$15,000 per month into their own account. Not so small when you figure most viruses and malware infect hundreds of thousands of PCs. Even if 50% of the users actually notice the charge, they have still made a huge chunk of change. Most of the time the offenders are overseas where it is harder to locate and prosecute (i.e. China has the largest hacking industry).
2. Don't store your credit card for future use.
Sure, most of the time it is encrypted and stored in some sort of a hash table, but if you really want to be secure, then you won't give the hacker something to look for. There is no way to verify that the vendor is ACTUALLY encrypting it, let alone the true security of their site (aside from trying to hack it).
3. Look at the site you are paying on, and look at the links you are clicking on to get there.
By now, most people should realize that somesite.something.paypal.com is legit whereas somesite.paypal.com.com or somesite.paypal.something.com is not (it must always end with [legit-site].[legit-extension]). Even if the second sites take you to the same place, they may be initiating scripts to capture your keystrokes as you are paying. This is why I rarely recommend clicking ANY links in your e-mail. If you need something from a site, go to that site directly.
4. Look for the little lock symbol (ensure the payment portion of the site is secure).
If you're really concerned, look at the certificate and make sure it belongs to a company you trust.
These tips should cover everything from the concerned to the extremely paranoid. I don't often check out certificates of trust myself, but it's not a bad idea if you're truly paranoid in regards to your security.
Last edited:
These (most excellent) tips should be standard practice for anyone and everyone. They can almost be fully automated and the manual parts take practically no effort, time, skills or thought. Even the certificate checking. You can configure your browser to check certificates against your list and popup if it's not on there.
Well guess what my card wad just hit today!!!! I'm so mad right now!!!! I had to call and freeze my account now I'll have big headaches. I have only used this card for e cigs... they hit me for $94.95....I googled the company it says it's a web hosting company, I wish I knew which company this was, I hope to have more answers after I go to the bank in the morning.
How did you find out they hit you yesterday so quickly? Most people don't find out until their monthly bill comes. And please don't say you are using a debit card, there is no recourse for that. But if it is a normal credit card, the bigger bank credit card companies usually have no issue not charging you for fraud and will also give you a new card number. I'm not sure how prepaid credit cards are handled but they're usually smaller companies so chances are you are out of luck on those too.
Does America work differently to the UK when it comes to bank cards? I've been hit numerous times on my debit card over the years, and the bank sorted it every single time, within minutes.
I think all the debit card differences have been pretty much sorted out. Used to be that they were a direct line to your checking account and the banks treated them completely different (like no $50 limit on liability -- but that was fixed almost immediately). I do believe that the dispute process may be a bit different?
Last edited:
I'm glad you posted about this issue, as I usually don't look over my bank account terribly closely. Like most people, I don't get paper statements any longer, only online statements, and I can look at it online anytime of course. I've had the same account with the same debit/credit type card for over 7 years, and it always surprises me when people think they have no recourse when they use their card as a debit, and then someone uses their account number to make fraudulent withdrawals, charges, or purchases. I've had a few over the years, and have never lost money on a single one. I just call the bank, tell them I did not authorize this charge or debit and file a dispute, all over the phone. They put the money back in the account within 48 hours. Then they investigate the charge/debit, and since it's always fraudulent, nothing ever happens. No one stealing your money is going to defend it.
And what some people don't realize, is that you have a right to dispute any charge or debit for goods or services you did not purchase, did not receive, OR if they were not what you expected to receive. So if someone sends you garbage when you paid for something worthwhile, you can dispute the charge. But most of us don't want to try. Now I think I'll go look at my bank account again!
And what some people don't realize, is that you have a right to dispute any charge or debit for goods or services you did not purchase, did not receive, OR if they were not what you expected to receive. So if someone sends you garbage when you paid for something worthwhile, you can dispute the charge. But most of us don't want to try. Now I think I'll go look at my bank account again!
I was hit in May on a credit card that I had only used twice in the past four months and those two times were for ecig supplies from two different forum suppliers. The charge was for $24.95 for a .........!
The credit card company reversed the charge but just the idea that someone got my credit card information from an internet transaction makes me very nervous. I do a lot of ordering of many different types of items on the internet.
Everyone should make sure they check their statements carefully.
The credit card company reversed the charge but just the idea that someone got my credit card information from an internet transaction makes me very nervous. I do a lot of ordering of many different types of items on the internet.
Everyone should make sure they check their statements carefully.
Heh ...... I've got a story too. I recently (less than a month ago) got into ecigs and ordered from around 8 vendors in a fairly short amount of time. I do a lot of online ordering however and do not believe in credit cards. I use a debit card account that I can transfer money into when needed. I usually keep a few hundred dollars in there at all times and up it when needed.
So I order from these vendors over a 2-3 day period and everything seems to go well. Upon checking the account (I'm pretty .... about doing that) I see a charge for exactly $200 to "Kiva.org." What the heck is this, I never dealt with kiva.org, much less approved a $200 charge. It was a charge ran through their paypal account. Looked into Kiva.org and it is a small loan company for third world countries or something ... lol .....dunno. I went to the bank in person on Saturday morning. The bank manager promptly canceled the card and sent in a request for a new card to be sent to me. I had to fill out a dispute and sign a paper or two. She said if I don't see a credit to my account in a few days let her know.
Less than a week later I see the $200 re-appear in the account, so all is good. I don't know if the e-cig/supplies purchases were related or not. It just seemed a little too coincidental. Take this as you want to, just be careful and take precautions. The bad guys are certainly out there.
~Harrysun
So I order from these vendors over a 2-3 day period and everything seems to go well. Upon checking the account (I'm pretty .... about doing that) I see a charge for exactly $200 to "Kiva.org." What the heck is this, I never dealt with kiva.org, much less approved a $200 charge. It was a charge ran through their paypal account. Looked into Kiva.org and it is a small loan company for third world countries or something ... lol .....dunno. I went to the bank in person on Saturday morning. The bank manager promptly canceled the card and sent in a request for a new card to be sent to me. I had to fill out a dispute and sign a paper or two. She said if I don't see a credit to my account in a few days let her know.
Less than a week later I see the $200 re-appear in the account, so all is good. I don't know if the e-cig/supplies purchases were related or not. It just seemed a little too coincidental. Take this as you want to, just be careful and take precautions. The bad guys are certainly out there.
~Harrysun
To be honest PayPal is not exactly the greatest for the seller either. Especially if it's an e-bay business. I sell guitars and I used to sell a ton on E-bay. However, it's gotten out of hand. Dishonest buyers have totally figured out how to scam the system.
Honestly, E-Bay has gone downhill very badly. Their fees are out of control, you are forced to accept paypal which isn't cheap. No matter what a seller tries to pull you can't leave them negative feedback, so no one knows what smucks they are. PayPal will give the buyer his money back even after some idiot drops their guitar and sends it back. I'm pretty much done with them, and I have paid out over 80 grand in paypal and e-bay fees over the last 8 years or so. At one time I was selling around 100 to 150 guitars a month with them. I don't even have anything listed right now.
I would love to see a better alternative to PayPal and E-bay.
Honestly, E-Bay has gone downhill very badly. Their fees are out of control, you are forced to accept paypal which isn't cheap. No matter what a seller tries to pull you can't leave them negative feedback, so no one knows what smucks they are. PayPal will give the buyer his money back even after some idiot drops their guitar and sends it back. I'm pretty much done with them, and I have paid out over 80 grand in paypal and e-bay fees over the last 8 years or so. At one time I was selling around 100 to 150 guitars a month with them. I don't even have anything listed right now.
I would love to see a better alternative to PayPal and E-bay.
Hey Guys, I am a vendor here and am not defending anyone and am not soliciting for your business, but I have been a victim of identity theft.
Now, my case involves going through First Data for my transactions (in my 2 businesses) which I can see the last 2 or 4 numbers of your card and what type of card you used, that is all. First Data scans their servers and I scan my computer.
I found that someone had hacked my computer and put a virus or malware that would send back personal information to thieves when typed in. Since, I have used numerous virus protection programs and found that BitDefender has worked best for me. It scans my computer every day and they seem to jump on a new virus very quickly when it pops up. It also updates everyday. Since I have had this program on my computer (about three years), I have not had a problem. I have no relationship with this company, but with 2 identity thefts I searched for the best program I could find. I also have a sign/graphics shop with 6 computers and have not had a problem since I put the program on.
Note: I only got to page 5 and did not read the rest of the posts, somebody may have already addressed this issue.
To get on another forum, I had to have a PCI DSS certificate which is just more security for me and my customers. The other forum required me to scan my computer everyday, which I was already doing. When you see a safe seal on a site, click on it and look at the certificate they were granted.
This is my story of being a victim and hope this helps someone else. It was heck to have to start over with new accounts, so check your account everyday. I see Bright Red when there is something on my statement that was not mine.
Don
Now, my case involves going through First Data for my transactions (in my 2 businesses) which I can see the last 2 or 4 numbers of your card and what type of card you used, that is all. First Data scans their servers and I scan my computer.
I found that someone had hacked my computer and put a virus or malware that would send back personal information to thieves when typed in. Since, I have used numerous virus protection programs and found that BitDefender has worked best for me. It scans my computer every day and they seem to jump on a new virus very quickly when it pops up. It also updates everyday. Since I have had this program on my computer (about three years), I have not had a problem. I have no relationship with this company, but with 2 identity thefts I searched for the best program I could find. I also have a sign/graphics shop with 6 computers and have not had a problem since I put the program on.
Note: I only got to page 5 and did not read the rest of the posts, somebody may have already addressed this issue.
To get on another forum, I had to have a PCI DSS certificate which is just more security for me and my customers. The other forum required me to scan my computer everyday, which I was already doing. When you see a safe seal on a site, click on it and look at the certificate they were granted.
This is my story of being a victim and hope this helps someone else. It was heck to have to start over with new accounts, so check your account everyday. I see Bright Red when there is something on my statement that was not mine.
Don
Protecting your personal computers is always a good idea and you're always at risk if you're connected. I prefer Eset products.
No one victimized has kept detailed records or a method of absolutely determining the source so there is no positive id. It is possible it could just be coincidence although unlikely that it was a card used for e-cig purchases.
(said this before but it never gets old)If it happens to me I will know for sure since I use a different card number for each and every online transaction. Even from one transaction to the next from the same vendor. If a number is compromised I will have used it for only a single purchase. So far this hasn't happened, probably in part due to the fact that the numbers expire the next month. If an unauthorized charge shows up on my bill (everything comes in on a single bill) I can determine exactly when and where that number was used.
No one victimized has kept detailed records or a method of absolutely determining the source so there is no positive id. It is possible it could just be coincidence although unlikely that it was a card used for e-cig purchases.
(said this before but it never gets old
)If it happens to me I will know for sure since I use a different card number for each and every online transaction. Even from one transaction to the next from the same vendor. If a number is compromised I will have used it for only a single purchase. So far this hasn't happened, probably in part due to the fact that the numbers expire the next month. If an unauthorized charge shows up on my bill (everything comes in on a single bill) I can determine exactly when and where that number was used.I check my statements on line weekly - credit and debit cards. I went to the bank and I recieved new cards ( and new numbers)for my account and my account will be credited the full amount. My bank said they wish more people would check more often than they do.Like you said usually when they get paper statements in the mail. I try to protect my credit the best I can. I asked if I should purchase prepaid cards to make purchases on line and she said no you have no recourse. They said continue doing bussiness as usual and keep an eye on your account, if it happens again just come back in. I thought it would have been more of a hassle than it was. I love my bank! The most upsetting thing is that these companies almost always get away with this the bank will try to get their funds back. I just hope this doesn't happen again.
Protecting your personal computers is always a good idea and you're always at risk if you're connected. I prefer Eset products.
No one victimized has kept detailed records or a method of absolutely determining the source so there is no positive id. It is possible it could just be coincidence although unlikely that it was a card used for e-cig purchases.
(said this before but it never gets old
I did ask my bank if they have something similar to what you are talking about and they said they didn't. Two of the website I had bought from did have their security breeched well I think? - someone hacked into their sites, could that have breeched credit cards numbers???? I guess we really don't know what precautions all merchants take to protect our information that is transmitted over the internet. The bank said this happens all the time - not just on the internet, she said could be an employee at a resturant,gas station anywhere we use our cards....she said it's sometime impossible to ever know. I wish I could get something like you have, that is the best idea I have heard about. I just wanted to let everyone know to keep an eye on your accounts. I have to work to earn my money and when I donate it I like to make sure it goes to someone who needs it, not a thief! Just keep an eye on your accounts.
Thanks for everyone's help and thoughts.
Depends if they are using a 3rd party (offsite) billing service or not. I have no idea how many do or don't. And I have no clue about billing services. If there are just a few or a lot or large and small and if they vary on security.
I think it's actually a higher probability that your card number gets stolen when using it physically than over the internet. It's getting high tech too. I have a large gas station near me where someone had put a reader/recorder in the card pay slot... apparently it's small enough to read and record the card information while allowing the machine to work as if it wasn't in there. Then they return later to retrieve the device and stored information.
It's a citibank card says "Platinum Select" on it. You register for web access (you don't have to, the physical card is just like any other). There is a "virtual card number" app you can run on the site. You can just run it on the site or if you want you can download the app for your PC. You can run it manually or run it in the system tray and it will pop up automatically when it sees a credit card form on a site (basically it's real convenient. It will fill in the form for you if you want). You log in and generate a card number or look at your virtual numbers/transactions, etc. When I get my bill it just looks like the the regular bill except for a second line showing the account number for each transaction. If I was to find an unauthorized transaction then I could use the virtual card number app to see all transactions under that number (or just call them and have them tell me). More than that I like the idea that virtual numbers expire at the end of next month so they're only valid for at most 2 months. Reduces your exposure at sites or billing companies you don't frequent often or no longer do business with.
- Status
Similar threads
