Credit Card Fraud

[Ken_A]

exactly. I personally feel I got complacent. Then over the past 6 months my online buying has gotten VERY heavy. It's a fact of life that for x number of online purchases you make at varying sites you have y% chance of getting your number lifted.
It's a risk I knew about, accepted and did not go ballistic over when it happened.
I'm going to check to see if I can sign up for an e-mail notification for when my CC is used in the future. Maybe I can cause a poor vendor to not have to send out to someone who uses my card without permission

 

[Big Screen D]

I know the conventional wisdom is that the vendors are faultless, but rather the problem lays with the CC processor. And this may well be true in some cases. However, it should be noted that on AVE's thread, the owner stated that their site had been hacked necessitating the temporary closure of his business, and a complete overhaul of AVE's website. Would be interesting to know whether or not any transaction was vulnerable, or only those with saved payment info.

This is why I have one CC dedicated to online purchases. If it gets compromised, I'll just have to wait a few days for a new card while my bank deals with recovering THEIR money.

 

[spider362]

Check your CC account and see if they offer "ShopSafe" or something similar. Bank of America offers this service for free.

"ShopSafe" is a feature where you can get a virtual CC number different from your plastic one where you can set the upper $$ limit and expiration date up to 12 months (the default is 2 months). Once the initial CC number is used it can't be used anywhere else and if the charge goes over your set limit it will be rejected. You also have complete control over the card in which you can increase the upper limit if you want to use it again with the same vendor, increase the expiration date up to 12 months if you've set it for less, and you can even cancel the number anytime you want.

Although this virtual number is linked to your regular CC account it will not effect the account if someone tries to use it, so you will not have to wait the days/weeks to get a new CC card. Just cancel the virtual CC number and continue merrily on your way with the next virtual number.

I have this feature on my Bank of America CC account and use it for every internet/phone order I place. I have only had one instance of someone trying to use the virtual number (not an e-cig order, BTW) and BoA called me about it. I immediately cancelled the virtual number, thanked the person at BoA and continued using my card without having to wait for a new one.

This feature does not protect your plastic CC number, however, only if you use a virtual CC number, but for internet/phone orders it's a lifesaver.

 

[retired1]

Before blaming the vendor, make sure your own stuff is clean. There's a ton of malware out there now that targets your banking and credit card information.

Delete Java from your machine and disable the java plugin on your browsers. A good portion of this malware comes through java exploits and once on your machine, becomes very difficult to detect and clean.

Some of the code for these malware packages actively searches for anti-virus programs and disable them so they can be written to your computer. Just because you have anti-virus software running, doesn't mean you're clean.

 

[cookiebun]

Okay, I read this. It does explain why merchants are high risk. However, just because they are high risk merchants does not mean my information should not be as "secure" as using my card at the local grocery store. I don't want to 'bash' a vendor, but that being said I give my info to a vendor trusting it is protected. Obviously my info is NOT being protected.

It's also my understanding that our beloved vendors have very few choices to which CC processor they can use due to the nature of what they are selling......

Please correct me if I'm wrong. Ty.

ecig vendors do not have as many choices for CC processors as your grocery store. That's why I posted that link. The vendors need to figure out which of the few processors they have available to them actually take security seriously. It seems like multiple vendors are using processors with lax security or are just plain dishonest.

 

[RedhatPat]

I know the conventional wisdom is that the vendors are faultless, but rather the problem lays with the CC processor. And this may well be true in some cases. However, it should be noted that on AVE's thread, the owner stated that their site had been hacked necessitating the temporary closure of his business, and a complete overhaul of AVE's website. Would be interesting to know whether or not any transaction was vulnerable, or only those with saved payment info.

This is why I have one CC dedicated to online purchases. If it gets compromised, I'll just have to wait a few days for a new card while my bank deals with recovering THEIR money.

All transactions were affected. IIRC, they didn't offer a save feature. Whether you have a real CC (open line of credit, those were the days eh) or a debt card, you're offered the same level of protection. The banks don't even investigate these cases because it happens so often, it's just cheaper for them to take your word for it and issue you a new card. Free checking accounts are getting harder to find but my advice is to get multiple cards or accounts. Just like we do with our emails. If we get too much spam, we use another e-mail address. If we get too many calls, we change our number. Keep funds low on the exposed account. This keeps track of your vape expenses, helps stick with a vape budget too.

Other elegant solutions are pre-paid cards and virtual one-time use cards offered by bigger banks.

 

[Caridwen]

http://www.e-cigarette-forum.com/fo...thread-online-shopping-101-a.html#post6696638

 

[Big Screen D]

All transactions were affected. IIRC, they didn't offer a save feature. Whether you have a real CC (open line of credit, those were the days eh) or a debt card, you're offered the same level of protection. The banks don't even investigate these cases because it happens so often, it's just cheaper for them to take your word for it and issue you a new card. Free checking accounts are getting harder to find but my advice is to get multiple cards or accounts. Just like we do with our emails. If we get too much spam, we use another e-mail address. If we get too many calls, we change our number. Keep funds low on the exposed account. This keeps track of your vape expenses, helps stick with a vape budget too.

Other elegant solutions are pre-paid cards and virtual one-time use cards offered by bigger banks.

If I remember correctly, a credit card has zero liability unless the card itself is stolen and swiped, in which case $50 is the max liability so long as the financial institution is notified of the stolen/hacked account within 60 days. A debit card is protected save for the first $50. A breached debit card opens a whole new can of worms. It's one thing to have to wait for a CC to be replaced. Having to wait on one's wiped out checking account to be funded is more than an inconvenience.

On another note I received an email today that someone was trying to login to one of my vendor accounts, and had been temporarily locked out trying to guess my password. So someone knows my email address, and that I bought vape gear from this vendor. Will be paying close attention to accounts and email notifications.

 

[MsComptrtchr]

Check your CC account and see if they offer "ShopSafe" or something similar. Bank of America offers this service for free.

Love this idea, alas, B of A only has this for CC accounts, not debit/checking

 

[spider362]

This would be reasonable since the "ShopSafe" number is a CC number and has all the safeguards associated with a CC.

 

[cags]

Check your CC account and see if they offer "ShopSafe" or something similar. Bank of America offers this service for free............

with citibank, you can generate a virtual #. it is a one time use number so that makes it pretty safe

 

[CrazyIvan]

This notion that somehow it's YOUR fault as a customer that your CC info got stolen, or that somehow you should just "accept the risk", is complete and utter nonsense.

I cannot believe that so many people are aggressively defending the vendors. I work in a security sector for a large company and protecting the customer information is TOP priority. If customer information was disclosed on your website and it get's compromised, it is 100% the company's fault, even if it wasn't compromised directly from their database.

Despite many recent threads on this topic, I have not seen one, not one, vendor come out and say that they took any measures to strengthen their security. And that's the issue for me. The lack of sense of responsibility on the vendor's part. They should try to convince me that is is "now safe" to shop with them. Even if it wasn't their fault. Heck, WizardLabs recently sent some duplicate emails to people and they have an alert on their front page highlighted in yellow explaining the error, apologizing, and assuring customers it is now fixed. Now that's a vendor I will stick with.

So please keep posting these and don't be discouraged by people flaming you for blaming the vendor. I find these extremely helpful. Thanks OP.

 

[cags]

This notion that somehow it's YOUR fault as a customer that your CC info got stolen, or that somehow you should just "accept the risk", is complete and utter nonsense.

I cannot believe that so many people are aggressively defending the vendors. I work in a security sector for a large company and protecting the customer information is TOP priority. If customer information was disclosed on your website and it get's compromised, it is 100% the company's fault, even if it wasn't compromised directly from their database.

Despite many recent threads on this topic, I have not seen one, not one, vendor come out and say that they took any measures to strengthen their security. And that's the issue for me. The lack of sense of responsibility on the vendor's part. They should try to convince me that is is "now safe" to shop with them. Even if it wasn't their fault. Heck, WizardLabs recently sent some duplicate emails to people and they have an alert on their front page highlighted in yellow explaining the error, apologizing, and assuring customers it is now fixed. Now that's a vendor I will stick with.

So please keep posting these and don't be discouraged by people flaming you for blaming the vendor. I find these extremely helpful. Thanks OP.

ecigexpress and alien visions (I think that is the name, ave) both have addressed the issue. check their forums here. as consumers we also have a responsibility to keep ourselves safe.

I recently saw a tv ad for wells fargo where they say they are doing their part to to try to keep their customers safe from fraud. to me that indicates it is a huge problem and not just with ecig vendors.......

 

[Crash Moses]

This notion that somehow it's YOUR fault as a customer that your CC info got stolen, or that somehow you should just "accept the risk", is complete and utter nonsense.

I cannot believe that so many people are aggressively defending the vendors. I work in a security sector for a large company and protecting the customer information is TOP priority. If customer information was disclosed on your website and it get's compromised, it is 100% the company's fault, even if it wasn't compromised directly from their database.

Despite many recent threads on this topic, I have not seen one, not one, vendor come out and say that they took any measures to strengthen their security. And that's the issue for me. The lack of sense of responsibility on the vendor's part. They should try to convince me that is is "now safe" to shop with them. Even if it wasn't their fault. Heck, WizardLabs recently sent some duplicate emails to people and they have an alert on their front page highlighted in yellow explaining the error, apologizing, and assuring customers it is now fixed. Now that's a vendor I will stick with.

So please keep posting these and don't be discouraged by people flaming you for blaming the vendor. I find these extremely helpful. Thanks OP.

Actually there have been a couple that have changed their shopping tools in response to complaints and one that even came out and admitted to being compromised.

I think part of the problem is there hasn't been any smoking gun that points to a specific problem at a specific site. Vendors can't very well admit to a problem if they don't know what the problem actually is much less fix it.

Anecdotal evidence isn't proof of anything.

 

[CrazyIvan]

Actually there have been a couple that have changed their shopping tools in response to complaints and one that even came out and admitted to being compromised.

I think part of the problem is there hasn't been any smoking gun that points to a specific problem at a specific site. Vendors can't very well admit to a problem if they don't know what the problem actually is much less fix it.

Anecdotal evidence isn't proof of anything.

You appear to be right, I did find the posts from vendors cags mentioned. Although I think they should do more to reach people who don't visit every subforum, I do give them credit for addressing the problem in a professional manner.

And it's not really a question of admiting as it is about acknowledging the concerns and doing something to protect their reputation. If you read the responses from the vendors, neither of them says "we did it", they are simply informing their customers of their heightened security focus. It's unfortunate that Paypal does not like "tobacco products". This puts the vendors in a difficult situation, because even if the CCs are processed elsewhere, the info does pass through their site, and that puts much more responsibility on them. It's unfortunate but it's a reality.

 

[Crash Moses]

You appear to be right, I did find the posts from vendors cags mentioned. Although I think they should do more to reach people who don't visit every subforum, I do give them credit for addressing the problem in a professional manner.

And it's not really a question of admiting as it is about acknowledging the concerns and doing something to protect their reputation. If you read the responses from the vendors, neither of them says "we did it", they are simply informing their customers of their heightened security focus. It's unfortunate that Paypal does not like "tobacco products". This puts the vendors in a difficult situation, because even if the CCs are processed elsewhere, the info does pass through their site, and that puts much more responsibility on them. It's unfortunate but it's a reality.

Frankly, I very much agree. It would be nice to see a concerted effort by vendors to let the community know that they're aware of our concerns and looking into the situation. Unfortunately vendors can't post in this forum and it's unlikely ECF members are going to peek into all the vendor subforums to check for responses.

I think what they need, regardless of the cause of the current CC issue, is a trade association to help organize responses to these kinds of problems...much like BICSI and other specialized trade groups.

Maybe EVA (E-cigarette Vendors Association) or some such.

 

[rockmissjess]

Honestly I will only check out with vendors that do paypal... that's it.. I will only use paypal to do online transactions.. call it a personal preference.. no paypal option.. no buy. Never had fraud problems.

 

[MrStik]

What's dumb is to choose a course of action based on an assumption made from anecdotal evidence. I've made nine purchases this week from nine vendors all of whom were mentioned in previous fraud threads so by that very same reasoning purchasing from these vendors is completely safe.

Listen...maybe I wasn't as clear as I could have been...I wasn't dismissing the possibility...what I'm trying to say is that CC theft is not endemic to just the vaping community...it's prevelant everywhere and to ignore other, more likely, scenarios is simply risable.

This is a very active community with a lot of focus on Internet sales and therefore much more sensitive to an overall increase in CC theft...much like a canary in a coal mine. It's fine to be concerned and by all means contact the vendor if you think it will help, but don't focus so narrowly on one aspect that you neglect others.

This has been brought up repeatably in other threads so I won't belabor the issue. Madison Avenue was right...perception is reality.

As you were.

I never said any of the vendors were at fault. I stated that that should be the first point of contact because that is the first point of contact with a customer's credit card information. This is not a witch hunt to take down vendors. These people reporting here are victims and are letting the rest of the community know that somewhere along the line, either the vendors or the processors or whatever else is compromised. To ignore these pleas and these very likely scenarios is just as bad. These anecdotal evidence have prompted a very respected vendor to actually find out their site was compromised and prompted a revamping of security to it. But that would not have been discovered if we took what we knew and swept it under the rug....

And once again, I am not saying the vendors are to blame, but they should be alerted that it is happening and they should check for compromises.

 

[Crash Moses]

I never said any of the vendors were at fault. I stated that that should be the first point of contact because that is the first point of contact with a customer's credit card information. This is not a witch hunt to take down vendors. These people reporting here are victims and are letting the rest of the community know that somewhere along the line, either the vendors or the processors or whatever else is compromised. To ignore these pleas and these very likely scenarios is just as bad. These anecdotal evidence have prompted a very respected vendor to actually find out their site was compromised and prompted a revamping of security to it. But that would not have been discovered if we took what we knew and swept it under the rug....

And once again, I am not saying the vendors are to blame, but they should be alerted that it is happening and they should check for compromises.

Thanks for clarifying.

 

[GwenB]

Got popped again with one of three dedicated cards. Last purchase with that card was AVE. Back in April when they opened back for a fews days. This after multiple charges on a different card. This is such BS! I tunes and some nursehelp.com ...?