Credit Card Fraud

[Zedd]

Strigoi is right, because the main companies like Google Wallet and Paypal won't support the eliquid vendors they are often turned to less than reputable processing solutions because they are cheap. If I were one of these people who were getting their info stolen multiple times I would seriously either change the vendors you buy from or start using pre-paids.

Also, I think saying that MBV was the last vendor you bought from doesn't hold a lot of weight unless you say something like " and I didn't purchase anything else within the last 6 months" because once the card is stolen many times they will wait a while to try to use it so to disguise the location of the leak. Sometimes literally months. MBV does so much business that if they were leaking credit cards I imagine it would start to get obvious it was them by now.

 

[wv2win]

You also need to realize you are using a CC online, a simple Trojan on your device can copy your every action and CC numbers would be.the easiest to pick out. FB has had allot of Trojans going around and all it takes is one click of a link or one time to a website to get one even off FB. No computer or mobile device is safe from them. It won't get stolen by a Trojan everytime you use your card if you have one on your device due to how they work. Basically after you have used your card on an infected device the info is stored. Then you need to be online when someone is scanning for Trojans and happen upon yours along with many others most likely. After that its just a matter of time until your file is looked thru and then try to use your card.

My computer security expert told me that in the vast majority of cases, for a person to get a Key-logger virus on their computer, the hacker has to have physical access to their computer.

 

[thewrightstuff]

I have been only using pre paid cards or paying in person with the CC (lucky enough to have a couple of good local vendors). Getting ready to make a relatively large MBV order, so I have a pre-paid visa from Walgreens all ready to go.

 

[DaveP]

I had two $455 charges made to Sears.com on mine the other day. The CC company called me and told me about it. The put those in dispute and I won't have to pay them. There was another attempt at Sears while I was on the phone and it was declined because by that time they had locked the card number down. That was followed by another attempt to purchase $6.60 worth of food at an eatery. It was probably someone sitting in a restaurant with a laptop using their wireless and they got hungry. Order the food online and walk across the room and pick it up.

They changed my number and Fed Exed me a new card. I've checked out the prepaid debit cards, but they all seem to charge $4.95 a month service fee. I'm looking into the one time use feature of my card with a number good for only one transaction, but Paypal needs a full time card and so does Amazon.

It's really getting to be inconvenient to use the convenience of online purchasing.

 

[darkstorm]

My computer security expert told me that in the vast majority of cases, for a person to get a Key-logger virus on their computer, the hacker has to have physical access to their computer.

He would unfortunately be incorrect. For example there are commercial key loggers used for parental controls that can be installed remotely. Key logging Trojans are pretty common but usually need your permission to install. This is typically granted through various fishing techniques like site redirection. Think you are saying "yes" to something on Amazon but you are really allowing/approving a behind the scenes software install.

 

[skyztheLynnit]

If the vendors are using cheap cc processors. . How can they NOT be held
partially responsible?
I use shopsafe since i read about these issues.. it gets old checking accounts to make sure everything is OK.

 

[317Vapers]

i just had my credit card company call me for fraud charges today. someone tried to pay spring almost 300 and another do what looks like a hotel. they said the charges did not go through and they would be investigating it and closed my accounts and sending new ones. I have only used that card a couple times for vaping and one of them was a local B&M. and it was a while back. This is getting rediculous on the fraud charges period not to mention vaping on top of it. I guess I'm going to be using only the card for vaping gear so my personal checking doesnt get compromised.

 

[Cavediver]

If the vendors are using cheap cc processors. . How can they NOT be held
partially responsible?
I use shopsafe since i read about these issues.. it gets old checking accounts to make sure everything is OK.

From what I've gathered, some of the larger CC processors consider vaping companies to be in the "higher risk" groups and either charging very high fees, or not accepting them as clients at all. Perhaps someone who knows how this works will chime in. Anyhow, that leaves the vendors with few choices. Use the processors available to them, or go back to snail mail and checks / money orders...

ETA: I got hit this week, but my bank caught it and has resolved the issue with a new card. From here on out, I'll likely switch to reloadable or Visa gift cards, or go back to paying cash at a local B&M. I'll probably try to work with the gift card option, and tailor my purchases to match the gift card amounts (or load up my cart and figure shipping, then head out and buy a gift card in the specific amount). Anything left on the gift card will be immediately used at a gas station. I'm not sure what they'll think of 12x $0.25 purchases, but I'll find out soon enough

 

[mrpony]

I got double burned on something a few years back and got stuck for it too. Totally crashed my credit score too.since then I refuse to use my credit cards online.
'Someone' used my phone to cal a hard luck credit1-800 number and it was linked to my credit.he g

 

[TroyHoot]

I got hit couple days ago. My CC company caught it and blocked both charges. New card coming.

Anyway. Signed up for a Citi card same evening. They have Virtual account number (VAN) for single use numbers. I wont have this problem ever again. It will make me waste an extra minute or so but im fine with that.

Bank of america has safe-shop but I didnt like that service as much. at least by the description. Discover has the same type of service, so i read.

 

[mrpony]

I got double burned on something a few years back and got stuck for it too. Totally crashed my credit score too.since then I refuse to use my credit cards online.
'Someone' used my phone to call hard luck credit1-800 number and coming from my phone number it was linked to my credit.he got a card in his name( but with my credit) and used it at some online .......... where the number was stolen and then sold. My credit score got so dinged two of my cards were cancelled by the bank.
Since then I've repaired most of the damage but I'll only use pre paid card online and I don't let guests use my phone. I only load what I need on the cards and I only risk the change and its not linked to my credit.

 

[DaveP]

I've been fortunate so far in infections. People bring me their computers, mostly family, when they get an infection that creates so many popups that they can't log in. I usually find a rootkit. The other day, I ran a full scan on the desktop upstairs and it identified a program I used to reveal the key to let me reinstall Windows (couldn't find my original packaging at the time). It also found a key logger program that I used to crack the password on a database file that someone wanted to convert. Those were benign identifications.

It found two rogue programs that I failed to write down the name of before eradicating. It was an unusual scan day for me. I don't see infections often.

Lots of people use Malwarebytes and it gets good grades, but unless you pay the $24.95 registration fee you don't get real time detection turned on. Malwarebytes (or any other free virus program) can allow install of rogue programs and they might not be detected until they run and present a signature. So, if you are using the free version it's a little more risky. Once they run, they can theoretically do some damage before detection shuts them down. You need real time scanning to catch them on download. On the up side, Malwarebytes prevents redirects to most of the sites that install this stuff.

Microsoft Security Essentials is a free program that I've learned to trust. It gets high marks among the paid programs, also. There are a number of free virus checkers that get good grades. Avast is one. It's still a good idea to pay the one time fee and get all the features turned on.

 

[BlueSnake]

I still have no clue why everyone thinks this has to do with buying vaping supplies. CC fraud is happening to people all over the world. It's now an epidemic and happening to people that never ever vaped or bought vaping supplies. Ask your bank. This is not an isolated problem just for people buying ecig needs it's happening to anyone anywhere. Doesn't anyone read the news or see the warnings on banking sites?

This can happen to anyone even if they don't shop online. Major systems get attacked all over the world daily.

 

[wv2win]

He would unfortunately be incorrect. For example there are commercial key loggers used for parental controls that can be installed remotely. Key logging Trojans are pretty common but usually need your permission to install. This is typically granted through various fishing techniques like site redirection. Think you are saying "yes" to something on Amazon but you are really allowing/approving a behind the scenes software install.

I never say "yes" to anything on a web site. I just won't purchase from that web site or do anything else.

 

[Cavediver]

I never say "yes" to anything on a web site. I just won't purchase from that web site or do anything else.

So you click the "No" button? How do you know no means no? For that matter, the little closing "x" in the upper right corner might also be mislabled.

FWIW, I don't click anything on pop-up windows. When I get one that won't close via right-click / close tab options, I open windows task manager and kill the entire browser. No guarantee that's saving me from any real trouble, but it's the best I can do in those cases.

 

[317Vapers]

I got hit couple days ago. My CC company caught it and blocked both charges. New card coming.

Anyway. Signed up for a Citi card same evening. They have Virtual account number (VAN) for single use numbers. I wont have this problem ever again. It will make me waste an extra minute or so but im fine with that.

Bank of america has safe-shop but I didnt like that service as much. at least by the description. Discover has the same type of service, so i read.

Does any Citi card over that? I have a Citi platinum i never knew about that

Sent from Galaxy Note 2 using Tapatalk 2, so there will likely be typos!

 

[Morgythekilla]

Paypal is pretty secure... Sellers can't gain access to your numbers through paypal.

 

[finecraft]

I got a call from one of my CC companies today. The last thing I used the card for was getting liquid from MBV. Someone in Casablanca, Morocco did a charge for $3.xx at some hotel. They cancelled the card right away and are sending a new one. The last time this happened was back in Oct/Nov. It only takes a few minutes to get the problem remedied so it's not a huge deal to me. Waiting for a new card in the mail does kind of suck though.

I've had my card number stolen probably 5 times from ordering e-cig stuff over the years.

Remember, it's not the vendors that are stealing the numbers. It's someone from the company that they use to process the CC info. Vendors don't get enough of the CC info to do anything with it. I had a discussion with Andrew at CCV about this after having my number stolen one time.

Same thing here. I called MBV yesterday to let them know. Looks like it's time for them to find a new cc processor.

 

[darkstorm]

From what I've gathered, some of the larger CC processors consider vaping companies to be in the "higher risk" groups and either charging very high fees, or not accepting them as clients at all. Perhaps someone who knows how this works will chime in. Anyhow, that leaves the vendors with few choices. Use the processors available to them, or go back to snail mail and checks / money orders...

You have the fundamentals correct. Very few gateway providers will service ecig sellers who do business online. Those that do allow them specialize in high risk/high profit businesses like porn and online gambling. Its like having to deal with payday loan companies rather than a large bank. If/when one of these providers is compromised it impacts many ecig vendors as there are not many great options available. There are more gateways available to vendors that deal only locally. Hopefully our options will increase as the hobby becomes less stigmatized.

There are two primary reasons ecigs are considered high risk. Historically early ecig companies use to sign customers up for a subscription to their products. They would automatically drop ship prefilled carts like a nicotine stained Columbia House resulting in TONS of charge-backs from upset customers. The second is increasing legislation requiring ID/age verification for ecig products. Most vendors do not have costly age verification software, requiring only a "click here" if you are under 18.

 

[ScottP]

You have the fundamentals correct. Very few gateway providers will service ecig sellers who do business online. Those that do allow them specialize in high risk/high profit businesses like porn and online gambling. Its like having to deal with payday loan companies rather than a large bank. If/when one of these providers is compromised it impacts many ecig vendors as there are not many great options available. There are more gateways available to vendors that deal only locally. Hopefully our options will increase as the hobby becomes less stigmatized.

There are two primary reasons ecigs are considered high risk. Historically early ecig companies use to sign customers up for a subscription to their products. They would automatically drop ship prefilled carts like a nicotine stained Columbia House resulting in TONS of charge-backs from upset customers. The second is increasing legislation requiring ID/age verification for ecig products. Most vendors do not have costly age verification software, requiring only a "click here" if you are under 18.

In the US the use of a credit card is usually considered good enough for age verification. This is how porn sites get away with it.