I placed an order with MV over the weekend and got the email. Just wandering if anyone has actually had fraudulent charges put on their card.
I see your point and I think it's great that they're following the law in their state.
Now, I'm going to play the bad guy here (just go with me on this for a moment): Where is the public statement? Buried in a subforum ECF? There's no "conspicuous posting of the notice" on madvapes.com. Wouldn't that be a better place for a public statement? But, the law in their state doesn't call for that unless specific criteria are met. But, still, if they're going to be completely open & honest, wouldn't a conspicuous notice on the homepage be just a wee bit better than a post in a subforum on ECF? No?
Correct, THIS thread was, not the "public statement" by mad vapes.
This thread was started by an ecf member who posted the email received from mad vapes.
So, I maintain the position that if mad vapes is being transparent they can go beyond the letter of the law and post a notice on their homepage so ALL customers can be informed, not just the ones they contact directly or happen to see the postings on ecf.
Mad vapes are under no legal obligation to do so, however. They are required to do what the law in their state specifies, and other than a post buried in a sub forum on ecf, that's what they seem to be doing. So, in effect (in my opinion) they are doing what the law in their state requires, which is great and I commend them for that.
And it has been acknowledged, but all it involved was a post on a forum, not their website.Mad vapes already has gone past what they were required to do.
Acknowledged many times.Coming into this forum and facing the very people who likely got hurt by this is NOT required by the law.
Let's get real. They didn't have much of a choice. By law they had to notify their customers and I'll bet there was a lot of discussion on what to post on ecf. With all the credit card fraud being discussed lately they had to post something after notifying their customers who may have been directly affected.Frankly I think it took a great deal of courage to do.
Again, acknowledged many times. But, the "more" equals a post on a forum (which is actually kind of buried). That's it.Sending out the emails to the customers directly is all they had to do. They did more.
Sorry guys for all the hassle, I'd be mad at us too as I'm mad at myself . Unfortunately on this one it had nothing to do with our cc processor. Someone broke into the backend of our website and was able to change settings which possibly allowed viewing of data after orders we're placed. I'd like to think that most e-cig vendors have good cc processing but guess I'm not sure. For us, we go through a national bank and get the same rates online as our retail stores do for face to face sales through first data. Our cc processor is well known and not scammish at all.
hoog
Just a friendly reminder that I've not seen here.
If you have "accounts" with any of the vendors who were robbed of data, change your passwords immediately. If that user name and password is also used anywhere else (bad practice...) change those too.
If you've ordered in the past and ordered this weekend then your cc may have been visible to the hackers but only if you placed an order between 6/14/13 2:00 pm or before 06/17/ 9:03 am EST. Orders placed before or after were not at risk.
hoog
Just got off the phone with MV. Ended up re-placing my order from over the weekend. Dude said that in the future, I can just put whatever items I want in my online shopping cart, give them a call, have them pull it up, and pay for it over the phone. Sounds about as secure as swiping my card at a B&M store to me.
I do agree with your points. My only point is that this could happen whether its a hacker online, or a disgruntled employee at a pos (point of sale, not, well, you know lol). To place ALL the blame on the vendor is overlooking the bigger issue, which is that there is a massive amount of fraud in all areas of the virtual spending world which no legal agencies seem to be doing much about these days. Not to mention the issuing agencies which do next to nothing proactively (like immediately sending an e-mail as soon as they found a problem) unless you pay extra for their fraud monitoring services... I think you and I are on the same page here, I was just making the point that the blame goes far beyond just the vendor...Yea....I'm an IT guy, and I'm going to go ahead and disagree with you right there.
We are dealing with massive amounts of credit card fraud, SPECIFICALLY within the vape community, because of SHADY CC processing companies.
While I understand that being an e-cig vendor means your options are limited as to choosing a CC processing company, nonetheless, the vendors need to take responsibility. You are offering a service to people, and willing to take people's credit cards and private info.....then you need to be willing to admit it when something goes wrong on YOUR end (any company that you hire to do work for you, including CC processing companies, would be on YOUR end).
The consumer has EVERY right to be mad at the e-cig vendor. THEN, the e-cig vendor can go after the CC processing company. THEN, the cc processing company can go after the hacking ring targetting them (or wherever the infiltration lies). THAT is how it works in the real world.
To say "If they want your info, they are going to get it" really has nothing to do with this thread, nor this issue of CC fraud in the vape community. What is specifically happening is e-cig vendors are using shady CC processing companies, and therein lies the problem.
Most online businesses are relatively secure. Especially if they do everything right. OF COURSE no one is 100% fraud/hack proof.....but this massive amount of fraud in the ecig community really needs to be taken care of.
I honestly hope that I didn't make you feel worse about this, I never intended to insinuate that you were in the wrong for being mad at madvapes, just saying that the blame doesn't stop at their door... Personally, I do think it says something that they let you know though, a lot of places wouldn't bother. While it can never make up for what happened, they at least didn't take the money and run, and leave you in the dark. Very little consolation, I know. But I do recognize that you were the victim and have every reason to be upset about this...Thank you for that post, I was starting to feel as if I was alone in placing partial blame on a vendor who allows this to happen. We are on the same page.
The same thing happened to me. Did you send in a ticket?Welp, I placed an order right in the beginning of the time frame referenced... but my card was charged, and I got the shipping info via email. Normally, I would have gotten the package by now, but it hasn't arrived yet... And oddly, the tracking number shows nothing on the USPS tracker other than "Electronic Shipping Info Received"
To add to what others have mentioned, I too use a "disposable" pre-paid credit card for my online ordering and keep just enough on it for orders and to keep it active when not using it. I currently have about 9 bucks on it lol...