Fraudulent card charge today...

[Mamacruz13]

I've posted on a different thread about fraud about a week ago but I wanted to throw this out here too...

I work as a card fraud analyst for a national bank. This is true for everyone that has a debit/credit card, at some point in your life you will have at least one credit card or debit card number stolen. That is the current statistcs. Credit card fraud is the fastest growing crime in the world because it is so simple to do. ANYWHERE you enter your card information or physically swipe your card to make a purchase will leave you vulnerable to have the number stolen.

There is really no way to 100% protect yourself from credit card theft but there are ways to prevent it from happening in a few cases.

online charges should be done with a prepaid credit card or gift card that can be registered for online purchases and loaded with only enough to cover the orders.

when paying for a meal at an establishment that takes your card from the table to make payment, use cash. We have seen numerous cases where it turns out card numbers were being written down by servers and then sold online.

when using ATMS or gas pumps, jiggle the card swipper to see if it is loose or looks tampered with or damaged, if so DO NOT USE IT.


It definitely sounds like possibly a processor was hacked since it seems like more than one vaping site has been pointed out in all this. I just wanted to point out that while there seems to be an issue on a few sites, card information can be stolen many ways, not just online... Also not just little privately own sites.. We know of a few large corporations who have current holes in their web servers but seem to be on no big hurry to correct them.

 

[Opi21]

For people with Bank of America. On their website through your account you can access something called ShopSafe. It's a very short process where you put whatever you want to spend, say 50$ and an expiration date. They generate a visa card number and you can use that 'virtual card' anywhere online, instantly. It's pretty much a free refillable virtual pre-paid credit card that you can get in 1 minuet and you can generate as many as you want. Oh, and you can put a spending limit that is odd, you aren't restricted to 10/20/50/100. You can put $43.29 as a spending limit. And you don't have to go to the store, and you don't have to pay any ludicrous 'fees' aka 'white collar crime'. The one thing BoA got right. I'm sure other big banks have something similar to this.

 

[wv2win]

So I received a call today telling me I had a suspected fraudulent charge on my new credit card. I've only had this thing for about 3 weeks and have barely used it! I've used it to order ecig supplies online from TPA once and Ecig Express twice, and other than that I have only used it at a couple ATMs and a few stores near my home.

Well, I noticed last week that Ecig Express's Website was completely down for a good day or two. I figured it was just a routine maintenance type deal. Well, today I tried to login to my account there and I received this message:

We have redesigned our website and added tons of new features! For your protection, existing passwords have been reset. If this is your first time logging in on the new site, please press the "Forgot Your Password?" link and enter your email address. You will immediately recieve an email containing a link to select your password. Please check your spam box or junk folder if it does not appear in your inbox.
This process should take no longer than a 60 seconds. We apologize and appreciate your understanding. Again, this is for the protection your protection.

I also tried calling their customer service number and received a message saying they have unusually high call volumes today and wait times would be extended. I understand things like this happen, but if they knew of anything like this happening (which the resetting passwords thing leads me to believe they did) one would think they would at least give customers who have placed recent orders a heads up. A quick phone call or an email would suffice.

I hate to point any fingers unjustly, but this smells fishy to me...

You are not pointing the finger unjustly. I start a thread last week with the same problem of having my card number stolen. The only site where I used that card for 12 days was ecigexpress. I just posted in another thread yesterday from a guy who got his card stolen on ecigexpress. I sent them a nice email about the problem and they replied that it couldn't be them.

I would stay clear of this site.

 

[unloaded]

I got the same call today. Had 7 $50 charges on my card today. Last week I ordered from IndyVapor, 3/22 from WizardLab and 3/09 from EcigExpress. Not sure if it came from one of them or not.

 

[Wafflestomper]

I was also hit with a mysterious $100 charge today..
Fortunately, after I go on a spree I obsessively check my statement..
..not ecigexpress in this case.

 

[anavidfan]

I also had this happen for the first time in my many years of online shopping, right after using the Flavours apprentice for the first time. Hmmm.

 

[Wafflestomper]

Maybe china is getting revenge for supercharging all of thier stuffs.

 

[ScubaBebe]

OK....now I'm really concerned. Like most of you have probably done, I went to check my account. I got a message telling me to contact the bank an error had occurred. It's probably nothing but I will be on the phone with them EARLY in the am.

 

[Fred Garvin]

I haven't had any fraud charges lately.....BUT.....

I got an email from ebay saying my account was locked due to fraudulent activity. I needed to login, change password, change security question. They had locked the account and removed all the suspect activity.

Now, normally I just delete these emails as phishing.....but this one looked seriously legit and all the links highlighted properly.....so I opened a fresh tab and logged directly into ebay....and there was that message in my box, so it did come from ebay. I made all the required changes and updates, and also changed the password on my main email account.

No idea what happened, what was charged or bought, or anything.....I never got any emails. I've checked all my accounts and pulled a credit report....no ID theft (yet, anyway) but I'll be keeping an extra close eye on things for a while.

 

[cherrycakes]

scary stuff 0.o

 

[KatyLoo]

I've had to replace my credit card twice in the last 3 weeks. Because it is a Bank of America card, I started using ShopSafe after it happened the first time.

The second time it happened a ShopSafe number was used and there were only 2 possible vendors it could have been. One I won't name, because no one else has, and they are not as well known. The other was ecigexpress. Even so, I don't blame ecigexpress but instead the credit card processor they are using. I've never allowed any of these sites to save my card information.

It turns out that ShopSafe was much more helpful to BOA than it was to me. There were 3 attempted fraudulent charges, 2 were immediately declined I assume because of the $40.00 limit on this card number, the 3rd was only for $1. I still have to wait once again for a new credit card despite the fact that my real number was not stolen.

 

[lynch]

The $1.00 charge was the first one on my card also, I guess they do this to see if it will work ?

 

[Koman]

The $1.00 charge was the first one on my card also, I guess they do this to see if it will work ?

Probably so, lynch!

 

[exnihilo]

For people with Bank of America. On their website through your account you can access something called ShopSafe. It's a very short process where you put whatever you want to spend, say 50$ and an expiration date. They generate a visa card number and you can use that 'virtual card' anywhere online, instantly. It's pretty much a free refillable virtual pre-paid credit card that you can get in 1 minuet and you can generate as many as you want. Oh, and you can put a spending limit that is odd, you aren't restricted to 10/20/50/100. You can put $43.29 as a spending limit. And you don't have to go to the store, and you don't have to pay any ludicrous 'fees' aka 'white collar crime'. The one thing BoA got right. I'm sure other big banks have something similar to this.

Crazy thing is, it's only good with their credit card, not their debit card; which I would assume should have more protection.

cg

 

[K DUB]

just got hit with 2 charges to match.com. one for 70 bucks and one for 40. just figured it was percentages catching up with me,until i read this thread. the only place this card has been used other than a bank ATM was ecigexpress. i will be contacting them with my concern. i'm not calling them out and pointing fingers, but after a little reading,they seem to be a common denominator. a good security sweep on their part would be a good call. everyone needs to be careful. looks like pre-paid is the way to go.

 

[ThunderPumpkin]

Calls BS - Web site consist of 2 sides. back side you never see - inventory/billing/etc. Frontside> Store Front exposed to all for viewing ,saving, making purchases. Either end can be upgraded/updated without the other being effected.

That doesn't contradict what I was saying.

Stormy's did a Total site upgrade - long needed. All passwords were reset. Hacking passwords would rarely get you CC info if the site is using proper secured processing. They would never have/store the CC info.
Some sites offer a choice for easy reordering. I would hope they are using encrypted storage.

For all we know, there are vendors who store CC info in plain text!

The high number of cases of CC fraud that are reported here every day point to bad security practices by some of the companies involved (sites and/or CC service providers).

The alternative explanation -- good security practices, but hackers are concentrating on e-cig sites because they have it in for tobacco alternatives -- is rather implausible.

 

[rand4ll]

I just got taken for $400 too after ordering from MVS. I let them know and they said their security is great and tried to blame it on me having a computer virus which is also bs since I build my own archlinux OS. I informed them it probably isn't them but their processor.. they didn't seem to really care...

 

[Leslv]

I was hit on Monday as well. My CC company contacted me right away and had already shut down the card. They started with $1 then 2 for $10. then they really got brave $79 and $759, both of those the CC company had declined. I had ordered from 4 Ecig sites just previous to this happening. I have shopped online for a long time and this is a first for me. I did email all 4 companies, not to blame but to let them know there may be a problem. I got responses from all 4 thanking me for letting them know. I figure if we don't tell them they may have no idea it's happening and consider changing their processor before they lose customers. I had a new card overnighted to me but I will either use a prepaid or check out the B of A deal, I didn't know anything like that was available. Thanks for that info.

 

[doots]

I've had to replace my credit card twice in the last 3 weeks. Because it is a Bank of America card, I started using ShopSafe after it happened the first time.

The second time it happened a ShopSafe number was used and there were only 2 possible vendors it could have been. One I won't name, because no one else has, and they are not as well known. The other was ecigexpress. Even so, I don't blame ecigexpress but instead the credit card processor they are using. I've never allowed any of these sites to save my card information.

It turns out that ShopSafe was much more helpful to BOA than it was to me. There were 3 attempted fraudulent charges, 2 were immediately declined I assume because of the $40.00 limit on this card number, the 3rd was only for $1. I still have to wait once again for a new credit card despite the fact that my real number was not stolen.

That really does suck. I thought the whole idea of shopsafe was to protect the original card from having to be replaced..

 

[Sdh]

I just got taken for $400 too after ordering from MVS. I let them know and they said their security is great and tried to blame it on me having a computer virus which is also bs since I build my own archlinux OS. I informed them it probably isn't them but their processor.. they didn't seem to really care...

Sorry to hear that. It seems like allot of folks are getting their cards compromised. BTW what does MVS stand for.