Credit Card Fraud

[Mookie]

Just a word of caution and my Be careful using your credit cards to make online purchases.

I just got notice from my bank today that my credit card was frozen due to fraudulent activity. This is the second credit card this week this has happened to. And one of the cards I've only had for two months. I have purchased online extensively for many years without ever having a problem. Because I've never had any problems I admit I've gotten pretty layed back about paying attention to the website's security.

I'm not pointing fingers at anyone BUT the only purchases I've made online since Christmas have been for vaping supplies. Also I generally always use my debit card for local shopping not my credit cards. I have bought from so many places I couldn't even begin to guess where it may have happened. It could just be a coincidence but with it happening twice in one week it's a little too fishy for me. I'm only guessing but possibly some of these smaller vendors don't have the proper security net's set up. As I said it could have happened in a variety of ways but I'm not taking chances anymore.

I am going out tomorrow and buying some prepaid throw away cards to use for on line shopping. It's probably the safest way to go that I know of for now.

**Remember secure web site starts with HTTPS:// instead of HTTP://.** Here are a few tips I copied off about.com in case anyone is interested:

Here are five tips for shopping safely online:

• Choose Credit Over Debit: You probably don’t often hear advice to use a credit card instead of a debit card or cash, but if you can do it responsibly, you absolutely should. Credit cards offer protection from identity theft that debit cards don’t. For example, with a credit card, your liability for fraudulent charges caps at $50 as long as you report the fraud within 30 or 60 days (depending on the company). However, if you’re using your debit card online and someone gains access to it, they can clean out your checking account before you even learn there’s a problem. It’s likely you’ll get part of that money back, but possible that it can take a while, and that you won’t get it all. So, use a credit card instead and pay the bill off monthly.
• Disposable Is Better: Even better than using a credit card is to use a disposable credit card. Disposable credit cards work just like most gift cards. You add a specified dollar amount to the card, and it’s good until that is gone. Once it’s gone, you can add more, or purchase a new one. And both Visa and American Express now offer these cards in varying amounts, so they’re easy to get hold of. The bonus is that if the number from a disposable credit card is stolen, it’s anonymous, and criminals can’t gain access to anything more than the dollar amount that’s still available on the card.
• Verify Website Security: The variety that’s available when shopping online can be dizzying, but it doesn’t stop at just the products and prices that are available online. There are also different levels of security that are available online, and you want to be aware of them. Some online web sites don’t offer secure shopping. That means that savvy criminals can capture everything that you enter onto a form on those sites, including your personal and credit information. If you’re going to shop online, limit yourself to secure sites. You can tell if a site is secure by the URL. A secure web site starts with HTTPS:// instead of HTTP://. Secure sites will also have a small lock icon in the lower right corner of the screen.
• Don’t Shop Publically: If you plan to do any shopping online, do it at home. At home, you can shop in your pajamas (or nekkid) and you can do it any time of the day or night. You also know who accesses your computer at home. If you’re using a public computer—at the library, at a cyber café, or at work—to do your shopping, you have no control over who might be using that computer as well. You also don’t have any control over what kind of spyware or malware might be infecting that computer. So, just don’t do it. Shop at home. It’s much safer.
• Don’t Store Information Elsewhere: Many shopping sites, even the major ones, offer you the ability to save your credit card information on their servers to speed the shopping process. Think Amazon.com’s OneClick shopping. It’s definitely faster, but there are some risks to maintaining your personal information elsewhere. If a company that you’re shopping with has a data breach, your personal information could be put at risk. It takes a little longer, but instead of storing your information on some server that you have no control over, just enter it yourself each time you shop.

Price and selection are two of the best benefits to shopping online. But don’t let the benefits lull you into complacency. Take the time to shop securely, and use caution with the sites that you choose to shop on. Then, not only can you find great deals, but you can do it without the worry that your identity will be stolen in the process.

 

[six]

This thread may interest you. And, this one. And this one.

And about 20 other threads started since January.

What it comes down to is that one of the largest credit card processors was hacked and the cc info for up to 1.5 million people was exposed. A few articles on the topic I've read indicate the authors feel that it was probably closer to 15 million users than it was to 1.5 million.

 

[MikeA5]

Mookie,
The same happened to me about two months ago. I'm glad my credit card company found it and called to see if the purchases were legit. Subsequently I've not purchased any ecig supplies from the three companies that I suspect, since a can't prove which one the fraud originated at. This type of fraud is going to hurt ecig/ejuice suppliers because customers are going to loose confidence when purchasing from them. I believe that ecig/eliquid venders need to get together and agree on just one or two credit card processors to do all their cc processing. This would help minimize the confusion of where the actual fraud is originating from.

 

[vikeme28]

Mine has had to be canceled twice in the last few months also. Not very fun at all thinking of what could be done with your money and your name.
Maybe ecf could make it mandatory that all ecf registered suppliers operate under the same system.

 

[vikeme28]

Plus all the phone calls I have been getting from random weird #'s. I think I will be getting a pre paid card and giving a false phone #

 

[Mookie]

I knew there was a least one thread talking about it but I couldn't find them. Yes, I understand that master card was hacked into, I believe, about a six months to a year ago. So when my first cc (which I've had for years) was hacked last week and I read that thread I just blew it off thinking it was related to that. Then yesterday my new master card (which I've only had for two months) was also hacked. So I figured that new cc couldn't be related to that initial report. That was a huge hack but the fact remains that any time and every type of plastic you use is always going to be at your own risk.

Believe me, I am not here to cause harm to anyone. I am simply the absolute opposite type person. I'm just sharing my experience. It's a simple fact that fishing software, scanners, etc are used and improved daily. CC and identity theft is a huge market and happens in various ways and will continue to grow. It happens online, at the restaurant, gas station, grocery store, from your trash, your doctor's office, simply everywhere.

But I know where I have used my new card and I know I have not been smart while using it lately. I know that at one or two sights I've even clicked "yes" when asked if I wanted them to save my cc info for future purchases - yes that dumb!!! I also always used to check for the https and the little lock icon but admit I've become compliant because I've never had trouble and I haven't been paying attention lately. So when discussing this with my husband last night we figured the most probable way was that some smaller (or unaware) vendors might not have the proper security measures set up on their sights. Obviously I don't know that for sure but this cc company is going to run an investigation. They said it will take 6-9 months but they may be able to figure out where the security breach happened.

My intentions (and personal belief) is to never cause harm. My intention is to make people and vendors more aware of how to protect themselves. I don't want to hurt the vaping community or vendors! I love it and I love to see businesses grow and prosper. I was raised working in our family's small business. I loved it and that is what fed us and put clothes on our backs. I would hate to see any vendor put out of business because identy/cc theft was happening at their site. That is exactly why I did not name the vendor where I last purchased before my cc was hacked and I privately notified them. And that is why one of the main reasons I posted this thread is to make vendors more aware and to make sure they protect their business.

And yes, I know that we are only held responsible for $50, if even that. That is not the point. The point is this harms all of us in numerous ways. Especially the vendor who is put out of business and all of us in the long run because the financial institutions have to spend (and eat) up so much money fighting fraud and that cost is eventually passed on to us consumers.

I've read some of the snarky responses on the other threads. That type of person is not helping in anyway. So people who only think negatively and enjoy cyber bullying please don't respond. I'm only trying to be helpful. Vendors, protect your business by protecting your customers and customers be savvy.

Peace & Love

 

[spider362]

My CC has the capability of creating a virtual CC number, one that's completely different from the one on the actual card.
On this virtual CC I can place an upper limit (usually $10 - $20 above what I expect to spend) and an expiration date (default is 2 months, but I can extend that up to 12 months), and this is the only thing I use when shopping on line.

Unlike prepaid Debit/Credit cards, this virtual credit card carries no extra/hidden fees, and is a true credit card so is protected from fraud just like the real one.

You might check your CC account or call them to see if something like this is offered to you.

 

[tippyclubb]

My credit card was hacked also a few weeks ago. I know it's from e-cig vendors because that is all I have purchased on line. In fact I never used my card on line until I started vaping. The cc people took the charges off my account and sent me a new card. I'll keep that in mind to only use sites with https.

 

[Angi2299]

Just happened to me too! Card denied over the weekend. Had to wait until Monday morning to go to the bank and find out what the problem was. Fraud protection caught it and flagged my account/canceled my card. I will start using prepaid cards for all my online purchases.

As a side note, I think it is ridiculous that most CC are issued for 2-3 years and at reissue the number stays the same. That time period seems too long. I think every year a new card and number should be issued for each account. Just my 2-3 years is a long time for your CC # to be floating around - God knows where. Remember when it was standard for your entire CC # to print on your receipt? I had clerks get mad when I scratched out my CC # numerous times. At least we have moved beyond that.

 

[spider362]

Issuing CC's once a year or once every 2-3 years wouldn't matter since the number on the card stays the same, just the expiration date changes, at least on mine it has.

 

[mikkey9]

The other way to avoid this is to use someone like paypal to make your online purchases, that way you never have to give your card details to any vendor, personally if a website doesn`t have a paypal option then i don`t shop there.

 

[Vchick]

Unfortunately in the US paypal isn't an option

 

[DaveP]

The other way to avoid this is to use someone like paypal to make your online purchases, that way you never have to give your card details to any vendor, personally if a website doesn`t have a paypal option then i don`t shop there.

Most ecig vendors are turned down by Paypal. If there's any indication that the vendor is an ecig vendor, they refuse the charge. There are still a few that code their items as accessories or some other label that passes.

 

[Angi2299]

Issuing CC's once a year or once every 2-3 years wouldn't matter since the number on the card stays the same, just the expiration date changes, at least on mine it has.

Yeah, that's why I said a new card and new # should be issued yearly.

 

[carpedebass]

I really think a lot of this nonsense can be stopped by people being more careful about their computer security in general. Things like keeping anti-virus software updated and current as well as performing regular spyware and adware scans.

I used to do computer repair as a way to make a little extra money. Almost 100% of the machines I repaired had no antivirus software on them, outdated definitions, or expired antivirus software. Blaming the ECig market is ridiculous, in my opinion. It's the other garbage you download on your machine that will get ya'!

Yes, by all means pay attention to the website's security features. But every vendor I deal with has enough security in place to make me comfortable.

I've also noticed that people will get on public machines and order things online. Then they walk away and leave their info right there for the next person to see as they do not log out of the system before walking away from it.

 

[NicLiq]

Just happened to me too. First charge at a South African airlines, and then a money order in South Africa. This is a Mastercard that is kept in my desk drawer and has only been used for vaping purchases. I use a Mac, have up-to-date anti-virus software, and make sure the sites I buy from have a secure form.

 

[dixiejohn]

Had my Discover card number stolen just a little over a week ago. The fraud protection caught it but not before the culprit’s made a couple of large purchases so I had to get a new card issued. I only used it with three different e-cig vendors so I'm sure that the problem came from one of them. As far as antivirus software I keep it updated religiously alone with spyware and other software. I emailed the three vendors and two of them were very helpful about explaining their onsite security along with thanking me for letting them know that there may be a potential problem but the other one was very evasive to the point of almost being rude. I've been purchasing online for several years with no problems till now so I think it is more than just coincidence, software issues or hacked credit card processors but that is just my opinion yours may be different.

 

[txtumbleweed]

My master card was also hacked last week. I had to cancel my card. First time for me although I did have my new checks from bank stolen out of my mail box and that was far worse! It was amazing how many merchants cashed checks without an ID. It took me about six months to get my account straight.

 

[AttyPops]

I just had over $230.00 in fraudulent iTunes purchases hit this morning. Guess I got complacent...since I've been purchasing online with trusted vendors and haven't had an issue until now. But if the processors get hacked, or (as was the case the other day... the phone system was down and they had to call it in from a merchant), and then there's this on-line e-cig stuff (with one vendor that's "new" for me in the last few months). And they often wait a while before "hitting" you so you can't figure out where it comes from. Sheesh! Who knows. Scumbags!

Thanks for the suggestions. I think I'm going to get a temp card or something just for internet. Sill no guarentees, but hey. Less hassle if it isn't funded.

 

[CW1982]

Got a call today asking if I had preauthorized a charge for $5.00 at some hotel in Hawaii... Only ordered from 4 vendors ever, and one uses paypal. Find it crappy that my wife orders tons of junk online and I make less than 10 purchases ever and my cc is the one being swiped on some beach while i'm at my grandmothers funeral. Anyways... is it against forum rules to post which vendors we've used to see who's website needs a security update?