I got FRAUD-CHARGE on my Credit Card too >>>

[Mike36609]

If your vendors take Amex, it is much cheaper to get a Serve card. It is still American Express, that you preload online, they send you the card in the mail when you sign up online. No charges whatsoever. I have been using one for a couple of weeks and it works fine. Serve dot com.

Thanks for the input. I've done some reading about this online already and found cards similar to Serve, I really needed to order juice ASAP and didn't want to extend the process in longer than necessary waiting on things to come in the mail. Got most of my juice in yesterday's vape mail, still waiting on my order from HHV, and it shipped yesterday.

Are there any companies that provide a way of using a virtual card, i.e., providing the necessary numbers/registration/etc., online so that you don't have to wait on the card in the mail? Lets face it, the numbers is the thing, the little piece of plastic is just a waste of resources in manufacturing and logistics.

I don't typically use AmEx, and would have preferred MC or Visa, but Target only had the AmEx and I wasn't going to other stores to look at their offerings.

 

[PaymentsExpert]

7 pages of comments; not going to read them all.

I am in the credit card industry, as I set up businesses to accept cards. Been doing this since '94. Most times, when your card is compromised, it is a local retailer or restaurant that has a POS System that is not secure, and has been hacked with a key logger or another malware that can grab your card data before it is sent to the processor. This happens way more than any online retailer being hacked. See reports on Zaxby's, Barnes and Noble, Michaels, Schnucks Grocery, and many many more. Those are just the bigger ones.

One easy way to rule out an online merchant compromise: Ask if your fraudulent card was card swiped. If it was, it could not have been stolen from an online merchant, as they do NOT have the full contents of your mag stripe in which to create a cloned card. Only a card swiping merchant has access to all that information at the time of sale.

I would not point any fingers at any specific merchant unless I've only used that card at that merchant.

Don't use your debit card!!!! If it gets compromised, your whole checking account can be cleaned out before you even know anything happened, and if you have overdraft protection, it can even clean out your savings. Granted, you should get it back, but in the meantime it creates a huge hassle trying to pay bills.

 

[PaymentsExpert]

One quick other point. It doesn't matter when and where you used your card last. The card thieves sell the card info and it can be months before they start using the information. My wife's card was compromised at a local tackle store in August of 2010, and wasn't used until December of 2012. So who you used it at last or recently is not a good indicator of where it was compromised.

 

[Ferrel1134]

Interesting. I wish more local places where around makes me want to use cash way more.

 

[iceman68]

One quick other point. It doesn't matter when and where you used your card last... So who you used it at last or recently is not a good indicator of where it was compromised.

I used my card recently to make several purchases at a few different online vendors, and then it was compromised. I hadn't used this card in more than two years. It just seems like too much of a coincidence that after using the card for the first time in two years it gets hacked.
I'm betting if I hadn't used this card it wouldn't have been compromised. Of course I could be wrong, but with the sequence of events it seems logical. Unfortunately I'll never know for sure.

 

[ilovehugehits]

As your bank for a separate card number.
It will be a free standing account like savings.
You can transfer funds through mobile banking.
Wells Fargo does this. I'm sure other banks do too.
I plan on using Apollo much more now.
The fact that they take Paypal is huge.
They'll send you a free disposable if you pay $2 shipping.
Even have them in coffee & cherry.
It's a great way to see if you like their juice.

 

[Schnarph]

7 pages of comments; not going to read them all.

I am in the credit card industry, as I set up businesses to accept cards. Been doing this since '94. Most times, when your card is compromised, it is a local retailer or restaurant that has a POS System that is not secure, and has been hacked with a key logger or another malware that can grab your card data before it is sent to the processor. This happens way more than any online retailer being hacked. See reports on Zaxby's, Barnes and Noble, Michaels, Schnucks Grocery, and many many more. Those are just the bigger ones.

One easy way to rule out an online merchant compromise: Ask if your fraudulent card was card swiped. If it was, it could not have been stolen from an online merchant, as they do NOT have the full contents of your mag stripe in which to create a cloned card. Only a card swiping merchant has access to all that information at the time of sale.

I would not point any fingers at any specific merchant unless I've only used that card at that merchant.

Don't use your debit card!!!! If it gets compromised, your whole checking account can be cleaned out before you even know anything happened, and if you have overdraft protection, it can even clean out your savings. Granted, you should get it back, but in the meantime it creates a huge hassle trying to pay bills.

Too bad you didn't read it all. The Visa debit card I use to buy things online or anywhere for that matter never has any more money in it than I am about to spend +$20 at the most. The savings account it's tied to has $5 in it. I do not write checks. The account has no overdraft protection. This is through a credit union, free checking, no minimum balance. They credit union does not charge me anything. My current practices and experience may not be helpful to many so I apologize if reading this wastes your time. I'm not sure how this would be risky but I am happy to have advice from a credit card or banking expert. Thank you for the tips!

 

[ScottP]

Really it's just a matter of time before Banks/CC companies start allowing use of OTP (One Time Password) tokens for online transactions. For those that have never heard of this it is generally a hardware device that generates a single use passcode that is synced with the remote server. Without this hardware "key" knowing a credit card number would be useless. To use it online you would enter your normal credit card info but instead of entering the 3 digit code from the back would would enter a number that is currently showing on the hardware device. The transaction would go through and the number that the device was showing would change to a new number making the old number invalid for someone to hack.

This technology is already used to access many secure server environments, remote access to companies, even online video games. I am not sure why banks haven't jumped on board with this already.

 

[qorax]

^^Nice.
This is exactly the system which is used in Dubai. We used to receive a 'code' in our cellphone the moment we did an online transaction. We had to punch that 'code' to proceed further with the payment process. No, it didn't take time -- the code used to come on the mobile in a matter of milliseconds.

 

[cags]

...........
Are there any companies that provide a way of using a virtual card, i.e., providing the necessary numbers/registration/etc., online so that you don't have to wait on the card in the mail? Lets face it, the numbers is the thing, the little piece of plastic is just a waste of resources in manufacturing and logistics.
.............

I use citibank. with them you can get a virtual cc#. I generate the # online, it takes less than 5 min. and I'm shopping. it is a one time use number. I believe bank of america has something called shopsafe or safeshop. I think it is just a #, but I'm not sure

 

[iceman68]

I use citibank. with them you can get a virtual cc#. I generate the # online, it takes less than 5 min. and I'm shopping. it is a one time use number. I believe bank of america has something called shopsafe or safeshop. I think it is just a #, but I'm not sure

Discover card has a similar feature. It is a random account number generated online. When you use the number to make a purchase with a specific vendor, that number is then tied to ONLY that vendor. So if a hacker tries to use the number with any other merchant it won't work. That is what I was told when I talked to Discover customer service. Also, you can cancel the number anytime and generate new ones as you need them.


I know Discover isn't as widely accepted as Visa or MC but I've been able to find several vendors that take it. I'll feel a little more secure with this added layer of protection.

 

[Caridwen]

Mods keep shutting down these fraud threads.
Say that vendors can't respond.
Every time the op has said, that the offending vendor was contacted.
I guess the solution is to post this issue,
in the negative supplier forum?
Paypal needs to realize, that vapor products are not cigarettes or booze. That would permanantly fix the problem.

That's because people are blaming suppliers/vendors and it may not be the case that it is that vendor. If it is an issue with a supplier, they're usually the first to let everyone know if their site is compromised. By all means, contact that supplier. But you can't just guess and say it's from the last person you ordered from unless you know that for sure.

 

[basylica]

Too bad you didn't read it all. The Visa debit card I use to buy things online or anywhere for that matter never has any more money in it than I am about to spend +$20 at the most. The savings account it's tied to has $5 in it. I do not write checks. The account has no overdraft protection. This is through a credit union, free checking, no minimum balance. They credit union does not charge me anything. My current practices and experience may not be helpful to many so I apologize if reading this wastes your time. I'm not sure how this would be risky but I am happy to have advice from a credit card or banking expert. Thank you for the tips!

I don't think you understand that sometimes theft occurs by the person trying random numbers ... Not to mention again network security being my paid gig.... My previous job was for a hotel chain and not only did our customers have this happen fairly frequently but at least one of my fraud incidents were theft over wire. Ie someone grabbed my card info off wifi which is unsecured unencrypted data. You don't have to use credit card online to have theft.

Funny part was my last fraud was a couple years ago and the thief tried to buy an iPad. He must have known I was a nerd! Hahah!

 

[Racehorse]

There are only a small handful of CC processors that deal with the ecig industry.

That is where the fault lies. The fact that an entire community related to ecig stuff, pretty much all experiencing a massive hacking experience, points to a breach w/in those handful of PROCESSORS who serve the ecig community.

The idea that a keylogger attack does not mesh with the reality of the way this community has been hit. Keyloggers hit everything, and I have 2 other credit cards I don't use for ecig stuff...only other online stuff.

The specific CC I use ONLY for ecig biz is the one that got hit.

I was able to perform this careful separation of fault with my bank.

 

[Bubba]

As your bank for a separate card number.
It will be a free standing account like savings.
You can transfer funds through mobile banking.

Just make sure you get a stand alone checking NOT savings

With savings, you're limited to 6 withdrawals/tranfers per statement cycle. All banks follow this, it's a federal regulation, not something specific to your bank. Typically banks will charge you fees for going over the amount of transactions you're allowed per statement. If you go over too often, you'll find your savings has been converted to a checking account (believe it or not, banks often do this to try to protect you from getting these fees)

Also, most banks will not issue you a card with a Visa/MC logo on savings account for this reason. You can usually get an ATM card, but that's it. This would negate the ability to purchase online.

Finally, make sure you don't have OD protection on this stand alone account. This will prevent leeching from your other accounts, basically making it one-way. Transfer money in, make purchase.

Edited to add: Notice in all this I'm referring to banks, not credit unions. They play by a different set of rules that I'm not totally familiar with

 

[Schnarph]

I don't think you understand that sometimes theft occurs by the person trying random numbers ... Not to mention again network security being my paid gig.... My previous job was for a hotel chain and not only did our customers have this happen fairly frequently but at least one of my fraud incidents were theft over wire. Ie someone grabbed my card info off wifi which is unsecured unencrypted data. You don't have to use credit card online to have theft.

Funny part was my last fraud was a couple years ago and the thief tried to buy an iPad. He must have known I was a nerd! Hahah!

Great point. There are many weak links in the chain from my computer to the vendor and on to the processing company and back. And like you say, it is entirely possible for my number to be found and used at random. My point was that the only account I use to purchase things with via a card number has almost no money in the account unless I am about to spend it. I use my account like others use their pre-paid cards, except I don't pay anything to use it. When I put money in the account, I spend it within an hour. The day my account gets hacked and I lose my $20 will be a sad one, but unless my identity is stolen and accounts are opened in my name without my knowledge I only have about $20 to lose.

That's as careful as I am willing to be, all the gold hoarders out there take a real beating every few years and I'm not falling for that one. Cash has long been king in my world and the day I get mugged or lose my wallet with a freshly cashed check in it I will take my lumps. If you have something worth taking, someone out there wants to try and steal it. I do what I can to leave nothing available for thieves. I did say before that my way of taking precautions is not convenient for many people but it works for me, maybe someone will find it useful. I am no expert on this subject. I honestly appreciate any knowledge on this subject, especially from those that know what they are talking about.

 

[ilovehugehits]

I'm not doing business with the processor or hacker.
If my money is put at risk, I blame the vendor.
We usually hear about the same ones getting hit.

 

[qorax]

I'm not doing business with the processor or hacker.
If my money is put at risk, I blame the vendor.
We usually hear about the same ones getting hit.

True. But unfortunately, those 'same ones' r nearly "everyone" in the vape-business as we speak.

As I said before, our industry is in the nascent stages, things r tough - and the Big-T/Big-P combine, alongwith their cohorts r making it tougher. Not to mention the ignorant media and the masses in general. Our vendors might just not have a choice. Thus, we can't blame them - rather should support them. As long as the vendor is courteous, accepts the grey-area, tries to assist - we should be OK with it.

We have miles to go before we...
And our days will come!

 

[basylica]

There are only a small handful of CC processors that deal with the ecig industry.

That is where the fault lies. The fact that an entire community related to ecig stuff, pretty much all experiencing a massive hacking experience, points to a breach w/in those handful of PROCESSORS who serve the ecig community.

The idea that a keylogger attack does not mesh with the reality of the way this community has been hit. Keyloggers hit everything, and I have 2 other credit cards I don't use for ecig stuff...only other online stuff.

The specific CC I use ONLY for ecig biz is the one that got hit.

I was able to perform this careful separation of fault with my bank.

Absolutely....there is def something going on with the CC processing company the ecig guys are using. Time to call out PCI!

You really cannot control what someone does on the backend, and you cannot live your life without a credit card/debit. card numbers can be tried at random, pilfered from trash, read out of your purse/wallet using scanners (I kid you not), through cookies and cached files on your computer, OR through an online merchent.

The best defense is insurance - ie, use accts with little or no money, or prepaid. Make sure your bank has good anti-theft policies and will cover you for any thefts, hopefully will actually catch and deny transactions, and so on.

I've had err....atleast 3-4 theft attemps on my numbers. never came out of my pocket, on atleast one of the attempts they called me (the others my number had changed...so no fault there) and I immediately authorize them to shut off my acct.

Luckily (unluckily?) since my divorce I have no credit cards and no debt for several years. Also have crappy credit. I now have a checking/debit which I use and its NOT overdrafting into my savings which has a fair bit in it, and also my investment portfolio. I have another debit-like card through wells fargo that my child support goes into (all whopping 500 bucks a month. whoo! gett'n rich! hahha) and I just opened a secured credit card that has 300 bucks on it to try and rebuild my credit.

I don't have a lot to "watch" so thats good I guess

 

[basylica]

I'm not doing business with the processor or hacker.
If my money is put at risk, I blame the vendor.
We usually hear about the same ones getting hit.

I'm sure the vendor didn't go out and google "most often hacked credit card processing company" and do buisness with them. YOU didn't know this company would be hacked, how was he/she?

now if they had customer info hacked several times and made no changes....thats an issue and i'd avoid that person.