Keep a close eye on your credit card statements

[spider362]

I don't see where there's much you can do to protect your CC when you use the actual card with all the skimmers, scanners, and pen and paper around. This is where you have to trust your CC company to keep a sharp eye out.

I've had my actual CC card number stolen twice. Once at a convenient store's gas pump and once at a restaurant. Luckily my CC company caught it right away and sent me a new card.

With "ShopSafe" you can cancel your own CC number and it doesn't effect your real CC number account at all. I'll usually go in and cancel the number soon after I receive whatever it is I order rather than waiting for the expiration time to pass. However, I think that once the number is used, with supplier A, for example, it can not be used with supplier B, even if there's enough money left on it. Also, even if the virtual number is stolen after you cancel it you'll not hear about it because as far as the CC company is concerned that number does not exist.

 

[Berylanna]

I'm using Bank of America, but I think the service is available from quite a few different ones.

You can call your CC's service center and ask. If they don't know just go online to your account and poke around and you might find it there. Look for "ShopSafe" (no quotes).

I'm using BofA and they told me they had no such service! I wonder what's up?

 

[tA71ana]

Freaking thieves
Yes I go the prepaid route...I haven,t had a real credit card in probably twenty years or so.
I load up exactly what I am going to use on it and use it up within the hour. I leave little more than a dollar on it when I am done.
I will check my activity too to see if somebody tried something.

 

[Plaz]

I'm using BofA and they told me they had no such service! I wonder what's up?

I just looked at the BofA website for my card and it has it as an option. I never knew it was there! Good stuff.

 

[UncHellMatt]

Norton, McAfee, Spybot S&D... Lump all of them up on your machine, and you'll STILL get hit. Just a matter of time. That and Norton's "suite" of tools also has a nasty habit of slowing your computer to an absolute crawl. But hey, you can't get a virus or get compromised if your computer is too slow to use.

As noted by someone earlier, prepaid cards are a good way to go, but if you really want to protect yourself from things like this, often caused by cross site scripting vulnerabilities, Java and Flash vulnerabilities, try this:

- Use FireFox and/or Google Chrome (NEVER, ever Safari or Internet Explorer)(Doesn't matter what Apple and Microsoft says...)
- Add to FF and CG "AdBlock Plus", as much of the malicious code out there is housed in ads, even on legitimate sites (yes, even happened to CNN)
- Choose one of those two browsers to be your "general browsing" tool, the other to be the "shopping / banking" browser
- Whichever one you're going to use for banking or purchasing needs, install "NoScript"
- NoScript WILL require some "tweaking", as in you'll need to go to your banking site and add exceptions for the bank and all its scripts, then ditto anyone you're buying from. When you visit a site for the first time, there will be a little button on the bottom right that shows NoScript is blocking activity. You can choose to "Allow all".
- Get in the habit of two browsers

I know this sounds sort of foolish, and kind of annoying, but honestly it's the best, safest method. A lot of compromises come in through banner ads and third parties OR compromised sites loading malicious code. But if your financial transactions are segregated from the rest of your web browsing, that adds a pretty hefty layer of safety.

Here is an example of a site where I haven't granted all scripts: Embiggenate.

Here is the exact same page after granting full access: Ditto.

In the first image, you can see the "Options" button. That allows you to inspect and choose to activate or deactivate selectively, or just allow all on that site. I could purchase from there, and as long as they're a legitimate vendor with a good rep, I'm fairly confident. Yeah, yeah... I can be paranoid But I've cleaned too many computers and helped too many people clean up after something like this.

 

[Rocketpunk]

I also ordered from AVE last week and almost $200 in fraudulent charges. Most are still "pending", but the bank says I should get everything back. My card is currently blocked. So until it gets resolved, I won't be able to order anything online. Unless I get a gift card or something. Sucks because I was going to order more Boba's.

 

[jazon1]

Norton, McAfee, Spybot S&D... Lump all of them up on your machine, and you'll STILL get hit. Just a matter of time. That and Norton's "suite" of tools also has a nasty habit of slowing your computer to an absolute crawl. But hey, you can't get a virus or get compromised if your computer is too slow to use.

As noted by someone earlier, prepaid cards are a good way to go, but if you really want to protect yourself from things like this, often caused by cross site scripting vulnerabilities, Java and Flash vulnerabilities, try this:

- Use FireFox and/or Google Chrome (NEVER, ever Safari or Internet Explorer)(Doesn't matter what Apple and Microsoft says...)
- Add to FF and CG "AdBlock Plus", as much of the malicious code out there is housed in ads, even on legitimate sites (yes, even happened to CNN)
- Choose one of those two browsers to be your "general browsing" tool, the other to be the "shopping / banking" browser
- Whichever one you're going to use for banking or purchasing needs, install "NoScript"
- NoScript WILL require some "tweaking", as in you'll need to go to your banking site and add exceptions for the bank and all its scripts, then ditto anyone you're buying from. When you visit a site for the first time, there will be a little button on the bottom right that shows NoScript is blocking activity. You can choose to "Allow all".
- Get in the habit of two browsers

I know this sounds sort of foolish, and kind of annoying, but honestly it's the best, safest method. A lot of compromises come in through banner ads and third parties OR compromised sites loading malicious code. But if your financial transactions are segregated from the rest of your web browsing, that adds a pretty hefty layer of safety.

Here is an example of a site where I haven't granted all scripts: Embiggenate.

Here is the exact same page after granting full access: Ditto.

In the first image, you can see the "Options" button. That allows you to inspect and choose to activate or deactivate selectively, or just allow all on that site. I could purchase from there, and as long as they're a legitimate vendor with a good rep, I'm fairly confident. Yeah, yeah... I can be paranoid But I've cleaned too many computers and helped too many people clean up after something like this.

lol norton has not been like that since 2003 lol. unless your pc is 20 years old it shouldn't have any trouble running any of the newer anti virus.

as far as java goes just dont install it on your machine just to many security risks involved with it, i haven't used it in years other then site's that have it running on there end.
flash on the other hand i would love to get rid of as well but just to many people still using it to ignore it,just keep it up to date and you should be mostly safe.
as far as browser settings go i just set mine up to clear all history,passwords,cookies on close.

 

[spider362]

I'm using BofA and they told me they had no such service! I wonder what's up?

Go into your account where it lists your transactions. Look on the right side of the page near the bottom and you should see "ShopSafe" and 2 links; "Use ShopSafe" and "Learn more".

The name would lead you to think it's some sort of ad, not a service.

 

[UncHellMatt]

lol norton has not been like that since 2003 lol. unless your pc is 20 years old it shouldn't have any trouble running any of the newer anti virus.

as far as java goes just dont install it on your machine just to many security risks involved with it, i haven't used it in years other then site's that have it running on there end.
flash on the other hand i would love to get rid of as well but just to many people still using it to ignore it,just keep it up to date and you should be mostly safe.
as far as browser settings go i just set mine up to clear all history,passwords,cookies on close.

No, unfortunately the new one as well, in particular the package which the ever so good folks at Comcast will install on a computer unless you stop them. It adds in all sorts of "nifty" tools to prevent ID theft, a perfectly insane firewall that, by default, pretty much bricks your computer, as well as a host of other useless addons. Just straight up AV, it's great (or on par with a number of others), however their "complete package" is a nightmare. I think in the last 6 months, I must have done ... maybe 20 or 30 house calls to friends, family and co-workers to clean that crud off and get their computers usable again. A standard build PC with 4GB or RAM and that Norton package on there will slow to an absolute crawl, while the method I suggest? No more than the browsers, a good AV, maybe Spybot and/or MalwareBytes, and you have a nice, zippy little PC.

At least now they have a single download uninstaller you can get from their site to clean it up. I now keep that and the one from McAfee on a thumb drive in my pocket.

 

[jazon1]

weird ive never had a problem with norton on any of my machines but i have all custom lga2011 rigs 32GB ram and all that junk,tho i do know that the Comcast constant guard that most people click on comcast's site thinking they are closing a pop up will totally destroy your net.

 

[Leatherneck]

Advise on browser and PC safety is fine and all, but it can lull people into a false sense of security. The problem might well have nothing to do with the client machine, but could be further up the line anywhere between the buyer and the seller. I've been using pre-paid cards for years without issue, because there's no risk. I fill it with good old fashioned cash and it's in no way attached to my banking account.

 

[retrox]

Crap, I ordered from AVE last week too. Nothing suspicious has shown up yet. Might go ahead and cancel the card anyway.

 

[exnihilo]

Same here, AVE. Got dinged last Thursday. If he doesn't handle, i will.

cg

 

[Plaz]

I didn't see anything fishy, but closed my account and opened a new one just to be safe. The volume of people reporting issues is getting a bit ridiculous. I figured it was only a matter of time, and went proactive.

 

[jazon1]

Advise on browser and PC safety is fine and all, but it can lull people into a false sense of security. The problem might well have nothing to do with the client machine, but could be further up the line anywhere between the buyer and the seller. I've been using pre-paid cards for years without issue, because there's no risk. I fill it with good old fashioned cash and it's in no way attached to my banking account.

yea a good majority of the time card info is hacked/stolen from the sellers site,nothing you can do about that except use disposable cards and the like,or just buy from places that use secure billing service company's.

 

[exnihilo]

Someone mentioned BofA's ShopSafe feature. I looked into it, and it only applies to credit cards. Just an FYI to anyone who is interested. I just signed up for the Amex 'Serve' online card feature. It's loadable and online, free. https://www.serve.com

cg

 

[davelog]

From what I'm hearing, it's the upstream processor that's been compromised, not the vendors themselves. If this is the case, this is about to become very big news. There's a lot of commerce enacted online.

 

[MikeA5]

From what I'm hearing, it's the upstream processor that's been compromised, not the vendors themselves. If this is the case, this is about to become very big news. There's a lot of commerce enacted online.

I agree, I don't have proof, but I think it's CC processor companies are being compromised. I think, the problem in the ecig industry is that many of the big name CC processing companies don't want to do business with the ecig industry. So many of the ecig vendors use lesser known CC processing companies than they would have used otherwise. It's these lesser known CC processing companies, I think, where the CC fraud is originating, although it's just a guess on my part since I have no specific proof, just a hunch!

 

[davelog]

Very astute assessment. The number of processors that will work with e-cig companies is small.

 

[tA71ana]

Very astute assessment. The number of processors that will work with e-cig companies is small.

That's a real shame too, because Ecigs have the potential to become a really huge industry..its well on its way now.