Shinyitis Support Group

[Punk In Drublic]

@Eskie - Typing all of that on a phone is pretty impressive – especially on a NY subway. I’ve lived in NY, volunteered to assist after 9/11. Lots of subways rides!

There are many issues in life financially, where we do not have control over. The waiter in the restaurant and skimmers on ATM’s are both good examples of this. I am sure we can fill the forums with other examples. But just because these unfortunate incidents take place, one should not just throw in the towel and not use caution and or common sense when submitting personal information online.

The systems we have in place should be there to protect the consumer. They should implement backups to their backups to prevent reverting to some old archaic unsecure way of transferring information. They also need to remove as much ignorance as possible from being a risk. When CC systems are down, the transaction does not happen – for online sales the transactions will get queued until the systems are back online. How many of us would shop at a online retailer that stated their CC system is unavailable and that customers are required to email their CC information to the stores support address? I certainly would not, and this is a level of mitigating risk

Your age verification systems need to implement the same level of reliability and remove as much risk due to ignorance as possible. Based on what I have learned here they have not met those requirements. And if a vape shop, or any age restricted retailer cannot provide that level of security for online transactions, they should not be in business.

@NolaMel mentioned a signature and ID is required to accept delivery of alcohol. Is this also a requirement for vape products?

Locking your accounts to prevent credit checks is an excellent way of mitigating risk. This should be implemented with all agencies by default forcing a user to remove the lock should they choose.

@Opinionated – you bring up a valid point in that we should not let crime control our lives. However, the unfortunate reality is that it does. But we still need to use common sense to mitigate risk. This is not about trying to control the things we cannot control, Equifax being a good example. It’s about controlling what we can control, such as sending sensitive information over a nonsecure link.

 

[stols001]

I'm buying something. Maybe. IDK. I am going to poring through the RTA section because I saw something I REALLY desired and I can't remember what, exactly. After I get through these bouts of alerts. Gotta bathe and whatnot.

I feel less snifly but I am TIRED.

Anna

 

[Opinionated]

@Eskie - Typing all of that on a phone is pretty impressive – especially on a NY subway. I’ve lived in NY, volunteered to assist after 9/11. Lots of subways rides!

There are many issues in life financially, where we do not have control over. The waiter in the restaurant and skimmers on ATM’s are both good examples of this. I am sure we can fill the forums with other examples. But just because these unfortunate incidents take place, one should not just throw in the towel and not use caution and or common sense when submitting personal information online.

The systems we have in place should be there to protect the consumer. They should implement backups to their backups to prevent reverting to some old archaic unsecure way of transferring information. They also need to remove as much ignorance as possible from being a risk. When CC systems are down, the transaction does not happen – for online sales the transactions will get queued until the systems are back online. How many of us would shop at a online retailer that stated their CC system is unavailable and that customers are required to email their CC information to the stores support address? I certainly would not, and this is a level of mitigating risk

Your age verification systems need to implement the same level of reliability and remove as much risk due to ignorance as possible. Based on what I have learned here they have not met those requirements. And if a vape shop, or any age restricted retailer cannot provide that level of security for online transactions, they should not be in business.

@NolaMel mentioned a signature and ID is required to accept delivery of alcohol. Is this also a requirement for vape products?

Locking your accounts to prevent credit checks is an excellent way of mitigating risk. This should be implemented with all agencies by default forcing a user to remove the lock should they choose.

@Opinionated – you bring up a valid point in that we should not let crime control our lives. However, the unfortunate reality is that it does. But we still need to use common sense to mitigate risk. This is not about trying to control the things we cannot control, Equifax being a good example. It’s about controlling what we can control, such as sending sensitive information over a nonsecure link.

All a vape shop needs is confirmation that the over-age ID being presented matches the credit card and mailing address.. meaning ,they need to see the DOB and the name and mailing address on it..

They don't need your social security number, or even the ID number.

I AM careful, I'm so careful I've yet to have my card hacked... what I'm not is paranoid to the point of ignorance or inconvenience.

I won't do business online with some vendors, I use a reloadable prepaid visa for online purchases and only put on it what I need to use in the immediate time, I protect what I can, but I'm not going to stop life or freak out because someone wants me to email them a photo of my ID, allowing me to black out some of the more pertinent information. .

I'd rather do business with shops who are above board and making certain of the ages of their customers than the fly by nights who don't care if they get shut down tommorow. A fly by nighter is more likely to sell or steal your information.

 

[NolaMel]

The Hussar looks way better, all matchy now!

View attachment 784611

Stop buying things I like that cost more than I want to spend!!!!!.

 

[Punk In Drublic]

All a vape shop needs is confirmation that the over-age ID being presented matches the credit card and mailing address.. meaning ,they need to see the DOB and the name and mailing address on it..

They don't need your social security number, or even the ID number.

I AM careful, I'm so careful I've yet to have my card hacked... what I'm not is paranoid to the point of ignorance or inconvenience.

I won't do business online with some vendors, I use a reloadable prepaid visa for online purchases and only put on it what I need to use in the immediate time, I protect what I can, but I'm not going to stop life or freak out because someone wants me to email them a photo of my ID, allowing me to black out some of the more pertinent information. .

I'd rather do business with shops who are above board and making certain of the ages of their customers than the fly by nights who don't care if they get shut down tommorow. A fly by nighter is more likely to sell or steal your information.

We also have age regulations here in Canada and any retailer who does not adhere to those regulations face fines and or prohibition. If regulations are put in place, then a secure and stable system needs to be implemented and set as a standard. Providing personal information across a secure link into a verification database is a standard. Asking for ID for verification via a non secure email is not what I consider a secure standard.

You blacking out pertinent information is a level of mitigating risk. But that system does not remove the human factor out of the risk equation. Others, who may not be aware of the risks involved may not black out the pertinent information, therefore take on a higher risk of being compromised. This system is open to failure, and the said failure will cost everyone involved more than what theft was able to accomplish. This added cost will trickle down and end up costing all consumers in the end. A better system has to be put in place.

 

[NolaMel]

@NolaMel are you still happy with the Detonator ? Liking the SL and considering another 21700 device.

Still use it daily. I worried about the durability of the firing “trigger” because mine goes in and out of my pocket a hundred or so times a day. It doesn’t get caught going into my jeans pocket, still solid. Side by side with the DB (about the same size) I like the chip on the Detonator a bit more. It’s a touch smoother. The first thing I did was turn off the lights that come on under the lip when you fire. I’m anti vape lights lol, but if you like them, you CAN change the color to one you prefer.

 

[NolaMel]

Rain rain go away,must mean I should buy a mod today?

Nasty day all day looks like. It was starting yesterday on my drive, drizzled from Bham to Ttown. Good day to sale hunt, maybe TWO mods will make the icy rain seem bearable

 

[AngeNZ]

Morning shinies

Agree with Mel, that Molly is gorgeous @Sickbxy

Wicked the rba head for the toptank mini finally. I've now got awesome flavour

 

[TrollDragon]

Bombertech Pindad with all the accessories and a Rainbow B2K for the Delta inbound.

 

[NolaMel]

All a vape shop needs is confirmation that the over-age ID being presented matches the credit card and mailing address.. meaning ,they need to see the DOB and the name and mailing address on it..

They don't need your social security number, or even the ID number.

I AM careful, I'm so careful I've yet to have my card hacked... what I'm not is paranoid to the point of ignorance or inconvenience.

I won't do business online with some vendors, I use a reloadable prepaid visa for online purchases and only put on it what I need to use in the immediate time, I protect what I can, but I'm not going to stop life or freak out because someone wants me to email them a photo of my ID, allowing me to black out some of the more pertinent information. .

I'd rather do business with shops who are above board and making certain of the ages of their customers than the fly by nights who don't care if they get shut down tommorow. A fly by nighter is more likely to sell or steal your information.

I am currently awaiting a new card for a hacked account.

I have a debit card with a bank other than our regular one. I used it for direct deposit of paychecks when I worked. I now put a little $$ before I leave town and take only it with me for vacations . I used it once last week , at the checkout of an expensive, organic grocery (you can figure that one out). Uber, three hours later, denied the attempted charge (I don’t Uber, so no account there). Had to be a skimmer as I was alone in line. Made it easy for the bank, that was the only charge in over two months, and it’s only used in person, never online. So, yes, it can happen no matter how careful/paranoid you are about protection.

 

[Eskie]

@Eskie - Typing all of that on a phone is pretty impressive – especially on a NY subway. I’ve lived in NY, volunteered to assist after 9/11. Lots of subways rides!

There are many issues in life financially, where we do not have control over. The waiter in the restaurant and skimmers on ATM’s are both good examples of this. I am sure we can fill the forums with other examples. But just because these unfortunate incidents take place, one should not just throw in the towel and not use caution and or common sense when submitting personal information online.

The systems we have in place should be there to protect the consumer. They should implement backups to their backups to prevent reverting to some old archaic unsecure way of transferring information. They also need to remove as much ignorance as possible from being a risk. When CC systems are down, the transaction does not happen – for online sales the transactions will get queued until the systems are back online. How many of us would shop at a online retailer that stated their CC system is unavailable and that customers are required to email their CC information to the stores support address? I certainly would not, and this is a level of mitigating risk

Your age verification systems need to implement the same level of reliability and remove as much risk due to ignorance as possible. Based on what I have learned here they have not met those requirements. And if a vape shop, or any age restricted retailer cannot provide that level of security for online transactions, they should not be in business.

@NolaMel mentioned a signature and ID is required to accept delivery of alcohol. Is this also a requirement for vape products?

Locking your accounts to prevent credit checks is an excellent way of mitigating risk. This should be implemented with all agencies by default forcing a user to remove the lock should they choose.

@Opinionated – you bring up a valid point in that we should not let crime control our lives. However, the unfortunate reality is that it does. But we still need to use common sense to mitigate risk. This is not about trying to control the things we cannot control, Equifax being a good example. It’s about controlling what we can control, such as sending sensitive information over a nonsecure link.

Ah, you know the joys of the NY subway. I got delayed because there was a stabbing at one of the more popular stations that several lines run through so it screwed up most of the system. That's like so rude. They couldn't have waited an hour so I could get home first?

I don't know any vendor who asks for an email of your ID anymore. That's a request sent over and uploaded from within the verification plug in the vendor supplies for the shopping cart, so it's always encrypted end to end, and the vendor is excluded from that part of the process. There may still be mom and pop stores who try to sell online with a manual system, but I'd never do business if that's the mechanism they rely on.

I think they try to keep it as secure as the verification companies can make it. But again, they may have vulnerabilities we know nothing about. But I guess it's as secure as they can achieve for an online transaction.

Some states like Texas do require an adult signature on delivery for "tobacco products", but that adds about $6 onto the shipping fees. It's not universal. Those verification companies after the initial setup, which itself isn't all that expensive end up charging far less. I can't give you solid quotes but it's under $0.50 a verification, just not sure how much less. There are one or two vendors who in addition to verification still insist on an adult signature on delivery, but they try to eat part of that cost for the many states that have no such requirement.

Speaking of 9/11, my first office was in the
WTC. I was out by about 1991, but still had friends down there and lost two of them that day. That was a very grim time. It's still upsetting for me to go there even now, with the site pretty much rebuilt. That was a real inflection point, pre and post 9/11. While true for the US, it was felt far more personally in NY. I imagine you saw that as well when you were here.

 

[Punk In Drublic]

Speaking of 9/11, my first office was in the
WTC. I was out by about 1991, but still had friends down there and lost two of them that day. That was a very grim time. It's still upsetting for me to go there even now, with the site pretty much rebuilt. That was a real inflection point, pre and post 9/11. While true for the US, it was felt far more personally in NY. I imagine you saw that as well when you were here.

So sorry to hear about your loss.

I supported a financial institution that resided in both WT5 and Liberty Plaza across the street. Fortunately, all my NY colleagues made it out safely. I arrived in NY about a week after 9/11 and would enter Liberty Plaza almost daily to retrieve equipment - so yes, first hand experience with Ground 0 while it was still smoldering (and smelled awful!). The first few months had to have been the most stressful time of my life and there were days where I struggled to hold back emotion. But I am so grateful for meeting the most amazing people in NY, many of which I am still in communication with today.

One of my most memorable moments was St Paddy’s day. I worked late so didn’t join the festivities until dark. Found a Irish Pub on 7th and 54th (actually called The Irish Pub!), it was packed with people falling out the front door. I squeezed in trying to make my way to the bar and in doing so I upset some guy who told me to chill out in choice words. When I apologized he asked where I was from, when I replied I was from Canada, he grabbed my arm (at that moment I thought there was going to be fight), raised it the air and screamed at the top of his lungs “We have a Canadian”. The whole bar cheered and continued to praise me through out the night. I did not pay for a single drink that evening and nursed 2 day hangover just to give an idea of what was consumed.

Amazing city and such beautiful people.

Below is about 2 weeks after 9/11. Was on my way to enter Liberty Plaza (dark building to the right). Behind the fencing was a National Guard checkpoint.

 

[Skunk!]

Nice and stealthy. It must be pretty ijiot proof, because I haven’t been able to flood it. Bottle installation was easy too. Good starter setup

Glad you like it! Squonkers are my favorite for out and about. Can't beat them for juice capacity and compact size. I saw your post about the DRSQ. 35W on a singlecoil with a FC is a nice spot with the SQ.

 

[chanelvaps]

Larger merchants contract with a third party like Veratad to do the authorization. It may or may not pop up mid complete transaction with a prompt if the initial attempt with name and address doesn't match their preexisting database. I don't know the behind the scenes step by step, but they provide the API for the website to incorporate into their shopping cart, so it's passed by SSL, assuming that's properly configured, and the certificates are up to date, and, and,.........you're in the field and know the pitfalls far better than me.

If that first pass screen fails (common if you've recently moved, didn't keep your address up to date with DMV and whatnot), they will pop up still within the SSL link and request your last 4 SSN numbers. If that doesn't hit they'll ask for a photo of your ID, passport or drivers license. You are allowed to block the DL number (I do although it really is pointless as most DMV records are public already) and I guess even your photo I but fail to see the point of that, and other than backing out the license number to satisfy some irrational belief that makes it safer, you upload it. They'll do an OCR scan for name and DOB. Rarely, and again, Veratad is the largest but there are lots of other players in the market, including some that opened up just to cater to the vape market like Blue Check, they might rarely ask for a selfie of you holding the ID just to verify you don't look 12 years old. The verification authentication approval is passed back to the vendor who is now able to complete the transaction and charge your method of
payment. The vendor doesn't get anything from the transaction other than the authentication number or whatever from the verification service. In the event of an FDA drop by they can demonstrate that all orders were cleared before completion by the age verify people. So they can demonstrate an audit trail which the FDA can go chase with Veratad or whoever.

Initially as all this got imolemented in late 2016 early 2017 small vendors did it themselves, literally printing out a hard copy of your ID and sticking it in a folder for the FDA should an enforcement SWAT team descend on them. Needless to say, most vapers didn't get behind that I'll advised approach, and so third party authentication is used by just about any vendor large enough who's dealt with on this forum. There's even a thread listing which method and service is used by each vendor to keep members aware of who and what thru were dealing with. It's still occasionally active and around, but not sure it's been kept up to date as much these days.

So unless the vendor is still doing their own hand verification and saving files for production if ever approached by the FDA I'd say all of the larger online sites rely on third party companies for simplicity, real time verification at the time of order ( no need to wait until the end of the day for your 19 year old part time employee to try and match up the emails with ID'S to the orders, who will probably use at least one of those accounts you've given them access to to order a dozen pies from Domino's for their friends one Saturday night), and avoid the liability of keeping that primary data in house where the above event can occur.

How secure are those verification services, well, according to them very, and rave about all the giant companies who rely on and trust them. I'm sure they're well run and try to runs things securely.

Oh, did I mention one of the other very big companies who do this has a division just for age verification. That's good old Equifax. So there's that.

And verification through the cc alone wouldn't be sufficient as who's to say you're not using Dads Amex. Now you could still use Dad's Amex as you probably know his DOB, you might have his SSN, and could have grabbed a photo of his DL with your phone (same thing I used to photograph my own DL, I just keep one saved in my photos that I blacklined the #, as I frequently order from my phone and it's easy to get it if I need to). As a matter of fact, a woman filed a complaint with the FDA during those underage hearings about her son doing precisely that and the kid got the package, so clearly they were still selling to minors despite the rules. I kid you not, she insisted it was the vendor's fault despite the kid swiping dad's ID

So that's the process. It means well, it's implemented in a manner that should be secure, but we all know there are still limitations under the best practices used to secure our data.

My answer to it is a lock on my credit reports so no one can query unless I provide preauthorzation to the credit companies like Equifax, check my accounts for activity almost every day (which now is so simple to do online it's silly not to), notify the travel department of my bank card issuers when traveling so they know to expect activity outside my usual geographic area, and find the fraud departments have gotten really good with 5 am texts to verify if I was really trying to send money to Cuba. It's a pain to get a new card and number and update all the autopay stuff like Netflix and Spotify, but I'm about as safe as I can make it for myself short of cutting myself off and only completing transactions in cash.

Yes, I use two factor authentication whenever it's available and never give out anything ever over a phone call or even in response to an email unless I log onto the inquiring service through an Addy I type in myself. I don't click on links no matter how "real" the email looks or reads, and I never open attachments unless they're expected, regardless of the sender.

One time I got an email from my daughter with a subject line that just read wrong for her style. I called her and of course she didn't send it, and we found her contact list got hacked. Even tracked it down to her use of a "free" public wifi connection at the airport when traveling. Probably logged in through one of those spoofed routers they set up in public spots with wifi, hoping you select the one that looks legit even though it's off by a letter or two when you chose it. She now uses a VPN. And that email was digitally shredded. Even the trash isn't really safe enough for me for things like that.

I recently moved. Cross country. Of course I updated this new change of address with my CC company but I am getting requests to verify my ID now. I assumed this is because the companies I am ordering from had my old address and now it has changed. I have just complied and sent in a copy of my DL. My DL actually still has my old address on it but it went through anyway. I guess the point is, the change of address triggered it but what they are really looking for is my age. I assume this is to satisfy the FDA if they ever raided their place, to show they have proper procedure in place.
I do not worry about anyone stealing my identity to access my credit as I have, long ago, froze my credit (the safest way to make sure you are not targeted) I have all the credit cards I need and never apply for car loans. No need to have it out there waiting for someone to hack it. If and when I do need it, I have a file with pin numbers to "thaw" it. BTW the sending in of my ID went through my phone. They sent a link

 

[chanelvaps]

@Eskie – WOW….that’s what I call a response. Truly hope you did not go through all that trouble just for my sake. A simplified version would have been sufficient. But honestly…thanks for the response (the Punk learned something today!).

There is no real full proof process – it’s about mitigating risk while providing an easy to manage service for the consumer. What you have mentioned above, to me, is convoluted and open to failure. And when the process fails we now rely on an unsecure method of transferring sensitive information that does not follow any set standards. You may be educated enough to perform this while mitigating risk, but not everyone will think or even act the same which could open the opportunity for compromise. The validation through CC was just a napkin idea – and one I think could work well. A secure link to the CC company is required for the purchase – any failure here means no sale (or delayed sale until that link is re-established). You have to provide a DOB to obtain a CC so the info is already available. Retailer has to confirm card #, name and funds with the CC so a simple yes/no to “is the buyer of age” would not be that difficult to implement.

I’ve never dealt with Veratad, so on a contingency level I have no idea what they have in place. I do know that financial institutions and CC companies invest greatly into contingency’s and DRP (disaster recovery plans) for any down time could mean a huge loss in profits.

As for little Johnny stealing your CC to buy age restricted items online - if he has access to your CC he also has access to your DL, SSN and probably other stuff you may not know about. Little Johnny probably also has a friend of age who buys him liquor and cigarettes – every town/city/community has that one old dude who just caters to minors. It’s a sad reality.

But thanks again for the reply – looking forward to the movie (joking)

Of course it is faulty. The vendor is just doing what he needs to do as per the rules. I do not think anyone here is vouching that it makes sense and is foolproof. Wouldn't it be great if we lived in a world where it is. I, like someone else said, just go with it because our info is out there

 

[VapourFlavour]

It’s not a matter of what a good hacker can pull off. I know my home is not burglar proof, but I do not leave my front door wide open for all to enter and take what they want. If I do my part and reduce risk then I also reduce the temptation of compromise from the not so good hacker…or the curious who just wants to see what they can get away with.

The Canadian vape websites have it easy, they put it all on Canada Post for age verification, which is why I got into an argument with the lady at my local post office yesterday. Instead of delivering my packages to my mailbox, they leave a notice for you to go in and pick it up with I.D. I knew my ejuice order from Canada and my package from Serbia were there and she wouldn't look for them and told me to go back today, she obviously didn't know the Shiny impatience.

 

[Susaz]

Nice and stealthy. It must be pretty ijiot proof, because I haven’t been able to flood it. Bottle installation was easy too. Good starter setup

Another little RDA you will enjoy with that is the Dead Rabbit SQ. It's a restricted lung hit and it's quite spillproof. I hope you can give it a spin!

 

[Letitia]

PM me if anyone is looking to get in on a group deal for a Detonator.

 

[Punk In Drublic]

The Canadian vape websites have it easy, they put it all on Canada Post for age verification, which is why I got into an argument with the lady at my local post office yesterday. Instead of delivering my packages to my mailbox, they leave a notice for you to go in and pick it up with I.D. I knew my ejuice order from Canada and my package from Serbia were there and she wouldn't look for them and told me to go back today, she obviously didn't know the Shiny impatience.

With age verification they are not suppose to leave it in your mailbox and are required to drop it off at your local post office where you can prove you are of age. I don’t know about the requirements from out of country shipments, but the package from Canada is required by law to verify your age.



FTR, my comments here were not to discredit anyone, if anything it is to bring awareness of the risk. If verifying your age is done over an encrypted link, then I can understand that and feel that is a secure method. But according to the comments here, that is not always the case and that sensitive information is transmitted across non-secure connections. Given the small hand full of responses to this conversation, at least 2 people have come forth and stated their accounts have been compromised. That is an alarming high percentage. So we have to ask why. These compromises cost everyone money, including those who do practice safe security.

Locking access to our credit account is mitigating risk. That maybe enough to prevent someone from running our credit through the roof, but is it enough to prevent someone from stealing our identity that could be used for other crimes? What about gaining employment with stolen SNN and running up a tax dept, or stealing from that employer? It is true that most of our personal information can be obtained – but there are barriers and levels of security one has to go through in order to obtain that information. The average Joe is not willing to put forth the effort nor the risk. Removing those levels of security we are inviting the average Joe to take our identity and do what ever with it.

 

[VapourFlavour]

With age verification they are not suppose to leave it in your mailbox and are required to drop it off at your local post office where you can prove you are of age. I don’t know about the requirements from out of country shipments, but the package from Canada is required by law to verify your age.



FTR, my comments here were not to discredit anyone, if anything it is to bring awareness of the risk. If verifying your age is done over an encrypted link, then I can understand that and feel that is a secure method. But according to the comments here, that is not always the case and that sensitive information is transmitted across non-secure connections. Given the small hand full of responses to this conversation, at least 2 people have come forth and stated their accounts have been compromised. That is an alarming high percentage. So we have to ask why. These compromises cost everyone money, including those who do practice safe security.

Locking access to our credit account is mitigating risk. That maybe enough to prevent someone from running our credit through the roof, but is it enough to prevent someone from stealing our identity that could be used for other crimes? What about gaining employment with stolen SNN and running up a tax dept, or stealing from that employer? It is true that most of our personal information can be obtained – but there are barriers and levels of security one has to go through in order to obtain that information. The average Joe is not willing to put forth the effort nor the risk. Removing those levels of security we are inviting the average Joe to take our identity and do what ever with it.

I have a good understanding of how the age verification works with Canada post.

The point was that she wouldn't look for my packages and told me to go back today