My credit card info was stolen today, from a vapor website.

[KLWhitener]

No, the transactions weren't mine. There was a $30, 4-$10, and a $3.50. That last one was such a random amount but I guess if they hit enough people for $3.50 then it could really add up.
We have spyware on our computer that runs at a specific time every day, it catches key loggers and other things. Pretty sure it wasn't on our end but stranger things have happened. I sincerely wasn't trying to bad mouth these vendors. I'm a hard core tasty vapor lover and will not let this keep me from purchasing from them. I'm sure I will purchase from Viking vapor as well. They have THE best price on 36mg, 30 ml peach liquid that I've found, and the quality is great too. Like someone pointed out, it might not have even been from either of them. Coincidences do happen. I'm going to check out those pre-loaded cards for sure!

 

[Rickajho]

Did these happen to be accounts using MasterCard? I want a mini poll of people who have had issues. Was it a MasterCard or "other"?

I will explain as I go along.

 

[KLWhitener]

Edited the title to reflect that my card info was stolen. It seemed very accusing, sorry about that.

 

[KLWhitener]

Yes it was a PayPal MasterCard.

 

[Plumes.91]

It was for soap @ $2.99. Normally not very suspicious, but she's British.

Awwww c'mon.

lolwutttttttt

 

[Warren D. Lockaby]

This is just my way of looking at things but if I detect or suspect any security breach, especially if I'm running Windows or any MS software, the first place I'll expect to find a problem is in my own system. I'll start here & work my way out, first making sure all my software patches are up to date, my AV signatures updated, etc. Scan everything I can on my end. I try to keep all this stuff current & keep my guard up but Microsoft is a virus magnet and can't seem to help itself.

Also, I haven't been doing it but I like the idea of using a prepaid gift card of some sort... will have to look into that before my next purchase. Happy vaping to all!

 

[ITPython]

While it could very well be the vendor and a lack of proper security measures on their end (or they just stole it), don't rule out the possibility of a virus on your computer.

Most people who use computers nowadays have very little (or no) security on their systems. Most seem to think Norton AV and the Windows firewall is all they need, but what they don't know is that Norton is crap and windows firewall does virtually nothing to protect you from intrusions. And I am not even going to touch on the severe lack of security on Smartphones.

The three most basic things everybody should use on a internet connected computer is a good Anti-virus with real-time scanning and exceptional heuristic detections (no, not Norton), a firewall that is active (meaning it actually prompts/asks you when something wants net access), and a host intrusion prevention system (HIPS, this one is by FAR the most important). Usually the last two are bundled together (like with Online Armor, Comodo or Zone Alarm), but the AV should always be separate and not part of a 'suite'. Ideally you want individual security software that is from different companies, this way if one is compromised the others are not compromised either (which is a problem with all-inclusive suite software, as usually if the suite gets shutdown, all of your security is shutdown simultaneously). So with individual software even if one gets shutdown by an attack, the others are still active and can hopefully stop, warn, or slow whatever is going on.

Further layers of added security could be things like Sandboxes (such as Sandboxie, which I highly recommend). Computer security is all about layers, the more layers you have, the more protected you are from an outbreak or initial infection.

And please don't take offense to this, for all I know you are a 30 year computer expert who laughs at my suggestions. I am just writing this because I think the information is useful to know and something more people need to be aware of. Having a lot of security software/measures can be annoying at times because you may get prompted to allow/block requests all the time, but its worth the peace of mind that you are indeed secure.

 

[Rickajho]

Yes it was a PayPal MasterCard.

I have posted this matter as a poll:

http://www.e-cigarette-forum.com/forum/polls/267184-supplier-responsible-my-credit-card-fraud.html

I am betting over 99% of the account frauds involved a MasterCard. And it has nothing to do with a current purchase. It has to do with the Master Card processing centers that every transaction you do gets processed through. The account information theft is happening in these transaction processing centers on a massive scale. Oh - and that information was stolen over six months ago...

Will explain more at the poll page as this goes along.

Rick

 

[MrsCasey]

Just FYI I've seen two other threads today, one for Madvapes and one for Smartvapes, where people are complaining of unauthorized transactions. I don't think it's Vendor related.

 

[Rickajho]

Just FYI I've seen two other threads today, one for Madvapes and one for Smartvapes, where people are complaining of unauthorized transactions. I don't think it's Vendor related.

If it involved a MasterCard you can bet it had nothing to do with a recent purchase.

 

[MrsCasey]

Hey Rick is there any way to find out if your info might have been stolen? Both my husband and my grandma have M/C so this concerns me.

 

[Chillyb7]

I would highly recommend to anyone that uses their credit card online to look into a card that can generate a virtual account number to protect against these types of issues.

Virtual Credit Card, Safe Online Shopping | Money Talks News

 

[MrsCasey]

Thanks for the info ChillyB.

 

[dormouse]

One thing I do is always make sure any shopping site checkbox to remember my credit card info is unchecked. I also use virus protection and firewall on my computer and I never click on any popups when browsing, not even its supposed "Close" button or x because those can be fake and provide a click that allows it to install a virus on your system - instead I CTRL-Alt-Delete, bring up the task manager, and kill my browser. I never ever click links in emails that aren't from a friend. If a mail appears valid wanting me to fix my credit account or Paypal or whatever, I close the mail and use tools in mail (properties on the message) to view the source of the message HTML to see where the links really go. If it looks real I still do not click it - I go to the site myself and see if I have any alerts there. So basically I do everything I can to prevent keylogger trojans from getting on my computer (keyloggers can capture credit card info and passwords as you enter them on your keyboard then send them to somewhere else).

I've used credit cards at dozens of ecig and other sites including Tasty Vapor and Viking Vapor, and shop online every week, and have never had my credit card info stolen online. The one time it got stolen was when I had to go into a gas station in another state and hand my card to a person. And in my area, somebody got the key to gas pumps and installed credit card skimmers INSIDE the gas pumps and they were there a month stealing card numbers before they were spotted in the wiring.

So while it is certainly possible that an ecig site or their credit card processor could have problem that allows info to be stolen, it's not something that only happens to ecig sites, and credit/debit card info also gets stolen places other than online.

 

[Rickajho]

Hey Rick is there any way to find out if your info might have been stolen? Both my husband and my grandma have M/C so this concerns me.

Unfortunately - no.

When these massive thefts are discovered - the recent one involves an actual MasterCard processing center and affects MasterCard cards used between September 2010 and April 2011 - the CC companies do whatever they can to prevent the information from leaking out. They are actually under no obligation to notify the individual account holders that their account may have been compromised. MasterCard will, at best, notify the issuing banks - Bank of America, Chase, your private bank etc. - and provide your bank with a list of affected accounts. Then one of two things happen:

Your bank will not wait and automatically cancels your card and issues a new one. This typically happens with debit cards associated with bank accounts because there is "real money" involved with those accounts. But this is a bank by bank decision as to how they handle the accounts on "the list."

The second option is the card issuer flags all accounts on "the list" to monitor for suspicious activity, sits backs, and waits to see what happens. This is more cost effective for the bank and their position on credit cards is "Who cares? You won't be responsible for the charges anyway." But it is a bigger pain for the customer to have to take action after the fact. Or be royally embarrassed when you try to use your card and it doesn't work, only to find out that the issuing bank has frozen or closed the account for suspicious activity and you don't even have a clue as to what's going on.

How do you know if your account was on that list? Most likely - 99% - these things will happen:

The issuing bank will have reversed the fraud charges before you even know about them.

The account will be either closed or frozen because of the fraudulent charges before you are aware there is a problem.

You will be asked to sign an affidavit, declaring the fraud charges were not made by you. The bank will then never send the affidavit. Or they will send you an affidavit, but it won't have any of the fraud charges listed on it.

Don't bother to ask your bank if your account is on a list of compromised accounts. They can't tell you because of their contract with MasterCard.

If I were me there are two things I would do:

Update your alerts with your issuing banks. Make sure they have your cell number as your primary contact number if that's appropriate for you. If you can receive text messages or e-mail alerts make sure you are set up to do so.

Dump MasterCard anything associated with a real money account - like your checking and savings account.

Rick

 

[Plumes.91]

the virtual card sounds like a good idea. I do support greendot, althought they do charge a fee when reloading.

 

[rob5482]

While it could very well be the vendor and a lack of proper security measures on their end (or they just stole it), don't rule out the possibility of a virus on your computer.

Most people who use computers nowadays have very little (or no) security on their systems. Most seem to think Norton AV and the Windows firewall is all they need, but what they don't know is that Norton is crap and windows firewall does virtually nothing to protect you from intrusions. And I am not even going to touch on the severe lack of security on Smartphones.

The three most basic things everybody should use on a internet connected computer is a good Anti-virus with real-time scanning and exceptional heuristic detections (no, not Norton), a firewall that is active (meaning it actually prompts/asks you when something wants net access), and a host intrusion prevention system (HIPS, this one is by FAR the most important). Usually the last two are bundled together (like with Online Armor, Comodo or Zone Alarm), but the AV should always be separate and not part of a 'suite'. Ideally you want individual security software that is from different companies, this way if one is compromised the others are not compromised either (which is a problem with all-inclusive suite software, as usually if the suite gets shutdown, all of your security is shutdown simultaneously). So with individual software even if one gets shutdown by an attack, the others are still active and can hopefully stop, warn, or slow whatever is going on.

Further layers of added security could be things like Sandboxes (such as Sandboxie, which I highly recommend). Computer security is all about layers, the more layers you have, the more protected you are from an outbreak or initial infection.

And please don't take offense to this, for all I know you are a 30 year computer expert who laughs at my suggestions. I am just writing this because I think the information is useful to know and something more people need to be aware of. Having a lot of security software/measures can be annoying at times because you may get prompted to allow/block requests all the time, but its worth the peace of mind that you are indeed secure.

You would not believe the amount of security I use on my computers. ESPECIALLY BECAUSE I HAVE KIDS!!! 2 different virus programs, ad aware, spy-bot search and destroy, zone alarm, an external firewall and I go through a proxy. Not only that but I ghost my original setup and every 3-4 months re-image the computers, and I still make sure any site I give financial info to uses at least 128bit encryption.

Now this is not to say the other web site can be hacked but at least I do everything I can on my side.

PS never heard of sandboxie, have to look that one up.

 

[dspin]

I think its ridiculous to point a finger at any vendor or website. Heck, they have scanners now - person can walk by you at walmart, run the scanner and grab your card number while in your pocket.

My Visa has been compromised and stolen twice in the last 3 yrs. That's the world we live in, no sense in getting wild about it. Either use a card or don't have one. You aren't responsible for unauthorized charges anyway.

 

[Cynder]

Sandboxie is a pretty nifty tool, but I also use extra browser protections like keyscrambler, noscript, adblock, etc in firefox. Malicious software can be found in the most innocent of places, and not necessarily the site you made a purchase from.

 

[5vz]

I may be misreading, but please don't use 2 antivirus programs at once. They will conflict with each other. If you are just using one real time, and the other to scan as a 2nd opinion that may be okay. Both cannot be running simultaneously.

You would not believe the amount of security I use on my computers. ESPECIALLY BECAUSE I HAVE KIDS!!! 2 different virus programs, ad aware, spy-bot search and destroy, zone alarm, an external firewall and I go through a proxy. Not only that but I ghost my original setup and every 3-4 months re-image the computers, and I still make sure any site I give financial info to uses at least 128bit encryption.

Now this is not to say the other web site can be hacked but at least I do everything I can on my side.

PS never heard of sandboxie, have to look that one up.