Not exacty new, but a WARNING to all

[Wimpy]

I'm Wimpy, and I've been around for awhile. I stalk/read, mostly about modding. I need a few more post/replies to post a warning for EVERYONE in the modders forum.

I wanted to build a DIY atomizer using wire and stainless steel mesh for wicking. I went on a Google hunt for ss mesh and found pnjresources (dotcom) website online, supposedly in Beloit, WI. Though, the website registration shows it is registered in Alabama. (?)

I ordered stainless steel mesh 400 from pnjresources (dotcom) website at 12:21 AM on 3/28/12. At 1:53 PM on the SAME DAY, I received notice from my bank that my account was overdrawn. It took less than 13 hours.

Pnjresources (dotcom) uses Mal's E-commerce as its "secure" online credit card processor. The website is mals-e (dotcom). I investigated to find that they are located in the UK. ALL of the fraudulent charges on my card were from the UK. Coincidence? NO. It is confirmed.

Warn everyone NOT to order from PnJResources (dotcom) or ANY website that processes payments through Mals-e (dotcom). I do not normally use my personal card online for anything, NOR have I ever been in the UK. One charge was to run my credit report from an agency in the UK (huh?).

Help me out by replying to me so that I can POST THIS in the Atomizer Modders forum? I would HATE for this to happen to anyone else. It has been an absolute nightmare.

Thanks!
Wimpy

 

[Bronte]

That's awful Wimpy I'm sorry you had to go through that. Thanks for the warning and I'll be on the look out for Mals-e from now on!

 

[markfm]

There is a big story on MSNBC today, a credit card processor apparently got whacked, up to 10 million MC and Visa compromised.

 

[Hoosier]

Wow, that was quick...

 

[markfm]

It might not be Mal's per-se. I just did a quick check, found that Mal's e-commerce shopping cart system orders, at least in some cases, gets processed via Global Payments (see the Credit Cards section here: SHADOW THEATRE - Subscribe).

Guess what firm is implicated in the just-announced breach?
(Hint: "The Wall Street Journal followed up with an article saying that processor Global Payments is the vendor that was breached. Global Payments (GPN) shares fell 9% before trade was halted.")

In other words, it might not be a Mal's thing directly, but rather whether a given firm uses Global Payments.

 

[classwife]

Good find Mark !

 

[sanjosse]

Ah man… that SUCKS!

It's happened to me, but it was some place in Mexico.

 

[markfm]

This latest breach is a biggie in terms of how many cards were compromised. Nothing to do with vaping directly, but bad news overall.

 

[iKN0WaGH0ST]

This is the exact reason why I have a separate checking account just for online transactions.

 

[Iffy]

I'm presently awaiting a new card after my old one was compromised last week.

The offending turd tested my account with a $3.97 purchase and then tried to buy a $500 airline ticket... insufficient funds! I don't keep much money in that account, thankfully.

 

[TN_Snoopy]

I too keep online separate from personal finances. I have a Visa CC with a $500 limit. I use it for online, and then pay it off myself once a month. This way, if it gets compromised, my maximum exposure is $500, which I am sure to get back from Visa. Keeps my personal finances safe. Thanks for the update guys. Good find.

 

[mooreted]

Wow, these card processors need to get it together.



Sent from my easy chair using brain waves.

 

[IVapus]

I read about this story earlier and wondered if any of the vendors used GPS Inc. I immediately came here and did a forum search for global payment systems an hour ago and came up empty and thought, well, I guess not. I guess the real question now is how many.

 

[emberl]

'Massive' credit card data breach involves all major brands - Mar. 30, 2012


link to the massive creditcard data breach

 

[Wimpy]

Wow. Thanks for the link! And, THANK YOU ALL for getting the word out!

"Global Payments" makes sense. My payment to pnjresources (dotcom) was processed by Mals-e (dotcom) in the UK. Now, I don't really understand why any company (pnjresources) located in the USA would use an ecommerce provider located in the UK to begin with... that doesn't make sense at all. Paul at pnjresources told me that Mal's E-commerce has been his provider for five years.

 

[Snus]

Stuff is always getting hacked.... just look at what they did to Sony and their PS3. The online service was down for months and all the credit card info was stolen. Obviously, this doesn't have to do with e-ciggys, but just the fact that we tend to order a lot of stuff online using our cards means that some of us will have been effected by this! Damn! Mine got stolen years ago when TJ Maxx was hacked....

Thanks for the info! Maybe some of the vendors will step up and identify themselves for us....

 

[Wimpy]

I use PayPal and have for ten years. Never had an issue. I wish more vendors here would accept PayPal. But, it is my understanding that PayPal doesn't allow payments for e-cig products. Can anyone confirm that for me? Thanks again.

 

[RedFox]

+1 on PayPal wish that more vendors accepted. Not sure about the ecig though?

I have had my account information jacked before also. Nothing will get you more PO'ed more quickly than knowing that some JA took off with your money. Identity theft is an ever growing problem. Good luck and thanks for the heads up!

 

[markfm]

Global Payments is out of Atlanta.

That pnj might use mals-e is no surprise. They are a shopping cart software provider, it's country-agnostic stuff, all done with encrypted tunnels.

I haven't seen anything indicating that Mals has any fault -- sounds like it's a credit card processor (GP) breach.

You have multiple separate pieces. There's the widget vendor, with a Web site. There's the Shopping Cart software vendor, for instance a Mals, that has the proper secure sockets layer shopping cart tools. There's the credit card processor, the middleman that handles the actual transaction, gets the CC info from the Shopping Cart software, again using encrypted tunnels.

What you ran into could be entirely separate, but I wouldn't be at all surprised if it's part of this recent story on the news.

 

[markfm]

On Paypal, their policy doesn't let US PV vendors use PP. There are a handful of exceptions, such as liberty-flights and Totally Wicked, but that is because those firms, while having noticeable US presence, are based out of the UK (so the PP US policy doesn't apply). Paypal is doing CYA, due to the ambiguous state of PVs in the US (blame the FDA and BT/BP); Paypal doesn't want to get in trouble if FDA does something to hose up PVs.