Fraud Charges 2nd Time This Year. !!!! Retailers get your **** together!!!

[nahoku]

Why is it so difficult for people to accept that "maybe" something is going on? I mean, vaping vendors weren't even in business when I first obtained my credit cards over 20 years ago. For over 20 years... more like 30 years, I have had no problems whatsoever. In 4.x months of buying ecig merchandise from only 9 vendors, I got hit.

You guys gotta admit, with all the reports going on here, it's just too coincidental. Why do you simply accept that nothing could ever possibly be going on with any of the vendors sites? The way some people respond it's like none of this is even possible! How can you discount this so easily? Just because it's easy to say CC fraud is a prevalent occurrence doesn't mean there's not a possibility of a leak right inside a vendor's website.

It's a good thing it's not murder we're talking about here. Some people might accept it because it goes on in the world. Heck with this much circumstantial evidence, if it was murder, the FBI would be all over this thing.

 

[ImThatGuy]

My identity was stolen around the age of 16 and it's possible...

You answered your own question in red, I won't go into details...I was just stating I understand fraud as a victim, if you aren't a victim you will never understand the possibilities that can occur.

Don't know how I answered my own question...In your case, was it fraud or identity theft? Since they purchased millions from home, cars, etc. and with those purchases a valid credit score/report needs to be tied in to those purchases.

 

[wolcen]

Which vendors have you used if you don't mind me asking? Everyone that was hit with fraudulent charges should post vendors they have done business with so we can get a list of most common vendors going and email them so they can take steps to sort this out.

Personally I don't think that's a bad idea at all, but I'll do some more reading before I do so. I have had a recent bogus transaction almost immediately after a vendor purchase. I let them know about it and heard *nothing* from them about that report.

Why is it so difficult for people to accept that "maybe" something is going on? I mean, vaping vendors weren't even in business when I first obtained my credit cards over 20 years ago. For over 20 years... more like 30 years, I have had no problems whatsoever. In 4.x months of buying ecig merchandise from only 9 vendors, I got hit.

You guys gotta admit, with all the reports going on here, it's just too coincidental. Why do you simply accept that nothing could ever possibly be going on with any of the vendors sites? The way some people respond it's like none of this is even possible! How can you discount this so easily? Just because it's easy to say CC fraud is a prevalent occurrence doesn't mean there's not a possibility of a leak right inside a vendor's website.

It's a good thing it's not murder we're talking about here. Some people might accept it because it goes on in the world. Heck with this much circumstantial evidence, if it was murder, the FBI would be all over this thing.

Perhaps this has more to do with the growth of the industry as a whole? Lots of new faces pouring into the industry may not fully realize the impact of their choices. Apparently however, there were some more long-standing vendors hit too, so maybe that's not all of it. I have heard that some processors don't want to deal with e-cigs, so likely of the "better" options are not necessarily available to e-cig vendors, particularly those selling juice.

I'm going to just stop reading these rants.

One thing is obvious. People have no clue how much technology has changed the internet. Hackers have advanced by leaps and bounds. All online venders depend on processing services and those services are Targeted jackpots for Hackers, not individual venders.
Look at the list of e-cig venders named lately. Do people really think those venders are special and a direct target for the get rich hacking freaks? To small a niche in online business. Not worth singling out or targeting repeatedly. to easy to eventually get tracked and caught.

Sorry, but I highly doubt any individual venders are purposely letting anyone steal information. Nor do I believe any have the knowledge or finances to put a stop to it.
We have internet crime divisions to handle this and they cannot keep up.
We have fraud divisions in all forms of banking just to cope with a never ending battle.

Take a look at the reality of the situation before condemning small business for trying to provide a service.

I think what people are trying to say is that they feel the vendors need to do their research better into the products they are entrusting our information with. It could just be that one particular processor got hit, and a number of vendors used them and it's all just one blip, I don't know. I do agree with the overall sentiment though that ALL online vendors have an obligation to carefully choose their shopping software and processors at the very least. There IS absolutely a chance that one or more vendors have been specifically hacked as well. Just because they are "small" doesn't make them any less of a target if a hacker has found a flaw with, for example, an automated probe. Anyone accepting a credit card or identity information is a target - period.

Sorry but if its the same vendors that people use and get hit with fraudulent charges this means one thing. They are either using a shopping cart software that is free and opened source which can be used by hackers to find weak points in the cart which in turn can enable them to inject code to capture data that is being entered and submitted before it gets send to the cc processor or they are just using shopping cart software that is coded with bunch of holes in it. Or they are using credit card processor which is either small and might have holes in its code as well or cc processing company that sells CC numbers. I have run online businesses online before and have done ton of research about shopping carts and cc processing companies. After weeks of research testing I have settled on shopping cart that cost $450 per license which out of all the ones out there was super secure with on the fly patching system. Also for credit card processors I have used one that has been in business for a decade with no known issues. I have never had any customers come back to me suggesting that they might have had card fraud because they have purchased through me. I'm thinking that lots of these businesses know how to get great product and make great e juices but have no clue on how to create secure sites. Which should be their #1 priority as an online vendor

In general terms I disagree with your sentiment that FOSS software is more prone to malware and/or attacks. While the software is available for criminals to attempt to find ways of breaking them, so is the software available to countless security firms and individuals trying to make a name for themselves. I do have some concerns about FOSS software (particularly with ancillary programs with few or single committers and also very low-use programs) but by and large, the more popular software is pretty rigorously monitored and verified. Closed source commecial software can make no reasonable claim to being "more secure". Source code for all closed source is available - it's just against the license terms (that no criminal is going to honor) to generate it. Granted, de-compiled software is a little tougher to read than original source.

On your other points though - people definitely should understand that there is the potential that *not only* processors are involved here. Yes, processors are an important and required hub in the process, but nearly ANY software on ANY website you give your card to could be an issue. The shopping cart software, some specialized preference software that saves your card for future purchases, etc. It's not as though you enter a credit card on site A and it magically only gets delivered to the processor B and nothing in between sees it; Quite the contrary - it is still received by the software actually accepting the transaction which then hands it over to the processor. There's nothing preventing that software accepting the transaction (or any in intermediary software) from doing something it shouldn't with your card number.

Don't know how I answered my own question...In your case, was it fraud or identity theft? Since they purchased millions from home, cars, etc. and with those purchases a valid credit score/report needs to be tied in to those purchases.

I think the word VALID was key here

 

[sonicdsl]

I'm going to post this again. Everyone should read this thread and understand that not only has the ecig biz had a boom, but also online shopping, as well as online criminals.

Similar to other methods mentioned in this thread, I use a Serve card from Amex. I transfer how much I'm going to spend to it, and use it only for online purchases. If it gets stolen somehow, there won't be much, if any, money to steal this way.


http://www.e-cigarette-forum.com/fo...-discussion-thread-online-shopping-101-a.html

 

[wolcen]

I'm going to post this again. Everyone should read this thread and understand that not only has the ecig biz had a boom, but also online shopping, as well as online criminals.

Similar to other methods mentioned in this thread, I use a Serve card from Amex. I transfer how much I'm going to spend to it, and use it only for online purchases. If it gets stolen somehow, there won't be much, if any, money to steal this way.


http://www.e-cigarette-forum.com/fo...-discussion-thread-online-shopping-101-a.html

In general, that is true, however, as old soldier mentions near the beginning of that post, one of the core assumptions is a "properly configured shopping cart". That's sort of a key phrase IMO. One that is NOT properly configured, or is even a proprietary system (nothing stopping anyone from making their own), can do whatever it wants with your card # before it reaches the processor.

 

[nahoku]

Yes, and this "boom" didn't just happen in the last 4.x months.

 

[patkin]

I agree with the you (OP.) I posted my thoughts here:

http://www.e-cigarette-forum.com/forum/alien-visions-e-juice/404034-credit-fraud-blues-6.html

If you look at the response to my post, you'll see why people quit speaking up and I wasn't even referring to AVE. Fanboys look the other way when their favorite vendors are involved... or with some... with any ecig vendor. This is something I cannot grasp about the community. This is a venue just like any other social one. There a cliques and cold shoulders when perceived toes get stepped on... facts are often not appreciated. I've posted on other threads that members should have each others backs and name the vendors they've done business with when they only use their card for ecig purchases. What good does it do to post they've been hit but not name names? It just seems that vendors are royalty and customers their subjects who are supposed to be loyal no matter what. That's how it comes across to me anyway either that or this forum is very pro-sales. As for vendors getting together in an attempt to solve the problem and protect customers... nah, they're competitors. And, as long as members are shushed when they speak up, the forum is not a place to find good info on the risk factors involved with a vendor. BTW, ecigexpress has been mentioned quite a bit along with AVE... enough for me to have quit buying there. If I see that they have changed processing centers and those check out well, I'll buy from them again because that would mean they care about protecting the personal info I entrust them with.

 

[patkin]

Okay, that's totally smart. Opening a free checking account, transferring just enough into it and getting a debit card. I'm TOTALLY doing that. Duh. Why didn't I think of that? Because I like to make things more complicated than they need to be.

GENIUS!

That's what I do. An additional tip:

Set up alerts to your email or phone on it. If your bank lets you, make the alert amount 50 cents or under a dollar because the thieves ping the account with as low as a $1.00 purchase to see if its alive. Proven live accounts bring more money when sold. Also set up an alert for transfers. This will alert you if a bank employee or the bank's system has a glitch and links your main account to your little one without your authorization. I learned that one the hard way. Also, depending on where you bank, have the account flagged for "no courtesty" or whatever your bank calls it when they go ahead and pay when there are insufficient funds and there is no overdraft protection. Its better to have a bounce than have a hacker out there selling your account number as a live one.

 

[Tripster]

Don't know how I answered my own question...In your case, was it fraud or identity theft? Since they purchased millions from home, cars, etc. and with those purchases a valid credit score/report needs to be tied in to those purchases.

You have credit once you obtain a social security number, than when people steal identities like mine...they steal identities that have no actual built credit so they can build the credit up and than have fun. They normally don't go after someone who already has horrible or well built credit since red flags would appear but the dumb ones tend to steal/buy identities that have horrible or well built credit and get caught.

How did you answer your own question, you stated "No one that I know of has any valid credit at 16 or even younger.". Well there you go, how many people do you know in this world...this happens daily to individuals, some whom aren't even old enough to understand credit and the like...it happens to any age as well. The intelligent ones have a system in place to build awesome credit from stealing ones identity while not throwing up red flags.

It happened to me and now you know that it is indeed possible.

 

[BostLabs]

How it is Sony with all it's security got hacked and all that info stolen?

Just a quick point here. Sony was not secure. Their security was weak and open to a SQL Injection attack. Then they stored user information unencrypted. 100% non standard security practices.

NOTHING is 100% secure and anything that moves from point a to b may be intercepted, at any point.

Absolutely correct. You can visit someplace and get a little nasty on your PC that talks back to its master and not even have to worry about the vendor site is using SSL or not. They compromised your PC in this case.

All that being said if you are careful, have good AV/Malware protection and only visit trusted vendors/sites you should be fine. But nothing is 100% safe.

Carry on.

 

[supermarket]

lalala processors yada yada... thats basically the response youll get. i dont remember the specifics... there are threads on here about how its works though, its not the suppliers fault. look for them, theres actually some great info on them. ive been loyal to mtbaker since i started vaping and have never been hit with a fraud charge, just saying

It really isn't relevant who HASNT been hit with fraud charges. From a computer security perspective, even if 1% of a business's clients are getting fraud charges, 1 out or 100, that is WAYYYYYY too many. And it shows something is definitely wrong.

As with any exploit or security hole....the majority of people are usually unaffected. It is always a minority , a small percentage that are targetted.


As to it being the CC processing companies, like I said in a previous thread, that is POSSIBLE, but NOT a reason to rule out a security hole in the vendors themselves, or even this forum possibly.

 

[crxess]

If anyone was offended by my post, so be it. I was not trying to justify anything. Simply pointing out there are many many ways to lose your information, not just Vender databases.

Several Decent Venders were Slammed in the post, almost DEMANDING Black listing. I have done business with a few and use one Often without issue. They are also very good with communication after the sale and assistance.

BLACK LISTING............ Anyone Remember Orson Wells?

Sadly I have to wonder if we will ever break the cycle of condemnation without proof.
Are we no better than the FDA which we feel is doing just this?

 

[supermarket]

I agree with the you (OP.) I posted my thoughts here:

http://www.e-cigarette-forum.com/forum/alien-visions-e-juice/404034-credit-fraud-blues-6.html

If you look at the response to my post, you'll see why people quit speaking up and I wasn't even referring to AVE. Fanboys look the other way when their favorite vendors are involved... or with some... with any ecig vendor. This is something I cannot grasp about the community. This is a venue just like any other social one. There a cliques and cold shoulders when perceived toes get stepped on... facts are often not appreciated. I've posted on other threads that members should have each others backs and name the vendors they've done business with when they only use their card for ecig purchases. What good does it do to post they've been hit but not name names? It just seems that vendors are royalty and customers their subjects who are supposed to be loyal no matter what. That's how it comes across to me anyway either that or this forum is very pro-sales. As for vendors getting together in an attempt to solve the problem and protect customers... nah, they're competitors. And, as long as members are shushed when they speak up, the forum is not a place to find good info on the risk factors involved with a vendor. BTW, ecigexpress has been mentioned quite a bit along with AVE... enough for me to have quit buying there. If I see that they have changed processing centers and those check out well, I'll buy from them again because that would mean they care about protecting the personal info I entrust them with.

Great post. I'm new here, but noticed the same thing. Once again, in another thread, I listed steps everyone can do to help in working towards solving this issue.

One of the things I suggested was to immediately come here and list which vendors you ordered from. It is beyond silly that people are unwilling to do this, because they think it will harm a vendor. Newsflash......the vendors should be doing everything they can to prevent this, and listing which vendors you ordered from can ONLY serve to discover the exploit/culprit.

Good post!

 

[ilovehugehits]

Vendors who don't take steps to secure their site are also negligent.
I don't care how much I like Mt Baker juice. I probably won't order from them again. Halo & Johnson Creek = Always secure.

 

[supermarket]

also from what ive seen everyone ends up getting these things sorted out... just an afterthought, its not fair to "blacklist" a company that offers great service and products. after a couple of days your fraud charge will be worked out, youll have your products, and everything will be honky dorey

Blacklist?

To say it isn't fair to not shop somewhere, because you had a bad experience, even if it wasn't the companies fault, is simply wrong.

It isn't really blacklisting....it is choosing not to shop somewhere because you had a negative experience.

There are places in the real world I won't shop.....because the location they are in is riddled with crime. Is that unfair? No, even though it isn't the stores fault (of course they could move locations, that isn't the point), the point is....each person chooses where they shop, and where they don't....and it isn't always based on the shop/company's faults of their own.....sometimes people have a negative experience beyond the control of the business owner, and nothing can be done to remedy it. There is nothing wrong with that.


My point is, if I had fraud charges on my card.....I wouldn't shop on any of the online places I shopped at, until I knew where those fraud charges originated from. That isn't wrong, it is being smart.

Now, if you start a CAMPAIGN trying to tell people not to shop at those places.....THAT is wrong. However, you can't be told you are wrong for choosing not to shop somewhere.

 

[supermarket]

If anyone was offended by my post, so be it. I was not trying to justify anything. Simply pointing out there are many many ways to lose your information, not just Vender databases.

Several Decent Venders were Slammed in the post, almost DEMANDING Black listing. I have done business with a few and use one Often without issue. They are also very good with communication after the sale and assistance.

BLACK LISTING............ Anyone Remember Orson Wells?

Sadly I have to wonder if we will ever break the cycle of condemnation without proof.
Are we no better than the FDA which we feel is doing just this?

Which post? If you are referring the OP....nothing he said had anything to do with blacklisting. I re-read the post just now to make sure I didn't miss something. Are you referring to another post in this thread? Or another thread? I didn't read the whole 6 pages, so if you are I'm sorry and I missed it.


If it IS the OP you are talking about, he did a good job listing the vendors he ordered from.....and he is justifiably angry after losing $2,500. If this was an isolated incident, perhaps I could see his post as overkill....but considering this is happening to hundreds of people a month more than likely through one or more e-cig vendors, I think he is right in his approach.

he also didn't suggest anyone else not shop there.....he simply suggested that the vendors need to take extra steps to ensure OUR security, which I agree with 100%.

 

[cags]

I'm going to just stop reading these rants......................................................

me too! all they do is irritate me!
vendors should do all they can to protect their customers (and I believe vendors DO care about this problem) BUT. I think it is our responsibility as customers to do something to protect ourselves. we shouldn't expect others to protect us while we just sit around complaining.
you can:
--get a prepaid card
--open an account just for ecig buying and don't put much money in it
--use or ask your CC provider to offer virtual card numbers... I use citibank, I get a one time use virtual number that ties with my cc#. bank of america has "shopsafe" same idea
--you can find a B&M and use cash
I'm sure there are other ways to protect yourself too

last year our CC# was stolen..........in a restaurant!

 

[ilovehugehits]

Mt Baker is the only vendor on the {MODERATED} that I've bought from.
Their Cherry Bomb is delicious for $5. But obviously not worth 2 grand. The same names keep popping up in fraud threads.
Do you really think it's a just bad luck?

 

[ImThatGuy]

Ahh...okay now...you were a victim of IDENTITY THEFT not credit card fraud. Thanks for clarifying that. I couldn't understand how purchases of millions at a young age of 16 or even younger could be possible when no credit history or score could even back up those purchases.

Thanks for the clarification.

*added* I just reread your original post...you did state identity theft. I kept in mind the topic of the thread of credit card fraud and just associated every post here with credit card fraud.

You have credit once you obtain a social security number, than when people steal identities like mine...they steal identities that have no actual built credit so they can build the credit up and than have fun. They normally don't go after someone who already has horrible or well built credit since red flags would appear but the dumb ones tend to steal/buy identities that have horrible or well built credit and get caught.

How did you answer your own question, you stated "No one that I know of has any valid credit at 16 or even younger.". Well there you go, how many people do you know in this world...this happens daily to individuals, some whom aren't even old enough to understand credit and the like...it happens to any age as well. The intelligent ones have a system in place to build awesome credit from stealing ones identity while not throwing up red flags.

It happened to me and now you know that it is indeed possible.

 

[tmcase]

I was recently the victim of CC fraud. I used my debit card at ecigexpress and the next day there were 2 fraud transaction on my account. I contacted ecigexpress and asked about there security and they assured me that they don't keep CC #'s in their system and nobody sees my card number when I type it in but who knows really.

I contacted my bank and they had already put a hold on my card due to being so overdrawn. I was able to get one of the packages intercepted and returned to the warehouse so my bank is handling that now. The other one caught the fraud trans and canceled it so that transaction dropped off. What ticks me off is the banks don't go after these thieves. Once the money is returned they are done with it. The thief is left alone to steal another day. Both my transactions were made in the UK and both at a women's shoe store. Neither bank will give me any info so I can file a criminal charge against her. They say my bank has to handle it but my bank won't prosecute.

Also, my bank won't issue me another debit card unless I promise to not use it online since this is the second time this has happened this year. 99% of my online transactions is from vaping stores. My bank recommends using only a credit card. They also told me that they hardly ever get fraudulent claims from point of sales purchases with a debit or cc.

I believe the vendors need to take some responsibility here to make sure our private into is private and I feel the banks should try to prosecute even if the money is returned or at least give the victim the thiefs info so we can file claims otherwise these thieves will continue to do what they do.