Sure seems risky buying ecig supplies.

[ITPython]

I have been purchasing things online with a credit card for just about a decade now, I take all the steps necessary to insure my CC info is safe, such as making sure the connection is encrypted, making sure the site is legit, well-known and proven to be safe, and also take steps on my own PC (and network) to insure that it is malware free and as secured as possible (actually a hobby of mine).

Well, since I have ventured into the world of ecigs, I have had my credit card number/information stolen twice and used fraudulently. It could very well have nothing to do with purchases from ecig vendors or not, but there is just too many coincidences for me to truly believe that. And like I said, I have been using credit cards online to make a lot of purchases for about a decade now, and coincidentally the only times I have gotten my number stolen was shortly after doing some binge ecig shopping (eliquid, PV's, parts, etc).

The first time this happened was a little over a year ago, and at first I just figured I had done so much shopping all over the net that it was bound to happen eventually. Well, the second time it happened was today. Coincidentally after I had gotten back into ecigs (about a week or two) and started making purchases at several different vendors (made one yesterday at a ejuice vendor and it seems the most likely place, but I cannot be for sure).

I dunno, could just be one fat coincidence, but both times it happened were after I had made purchases at several different ecig vendors, well known ones too.


I really wish more vendors would use Paypal, because it seems to me that since there is such a HUGE amount of ecig vendors out there, that they are just too small to properly secure their sites or methods of payments and are likely pretty big targets for hackers. A lot of ecig places are basically mom & pop kinds of places, and don't have the time or resources to properly secure their sites. To me places like this should be using paypal, as paypal specializes in keeping information secure and acts as the middle-man between you and the seller. So the seller could be compromised, but it wouldn't matter as your CC is safe with PP and the seller doesn't see any of it.


Perhaps I am just unlucky, but has anybody else had similar experiences? I'm sure most of us have a massive list of vendors we have purchased from, as that seems to be the way it is in the ecig world. I am really thinking about getting a credit card that is specifically used for online purchases, and I believe Citi has a card that allows you to create temporary virtual card numbers that can only be used once (or have a separate number per vendor kind of thing), which would be pretty awesome!

 

[Thrasher]

theres several threads about people getting jacked. happened to me about 6 months ago, the only time i go buy some cheap crap too. lol its not so much the vendors fault as it is as many see an opportunity to make money and get whatever halfwit processing company they can for CC processing. never had a problem going to some of the better mod vendors or overseas.

got a prepaid debt card just for some of this stuff, cant charge an empty card

 

[cags]

US paypal doesn't allow ecig transactions......
see if your CC company offers virtual one time use numbers...citibank does...

 

[Criticalmass]

As someone who has been in IT for 20+ years with 10 of those being spent reading over tens of thousands of data logs following thousands of legitimate and wannabe hackers digital trails, I can say that the systems in place are only secure until the next hole/bug/exploit is found, but you probably have more to worry about with the NSA than you do most of the small-time hackers into credit card and identity theft. The only exception to this is growing cyber-crime syndicates that are largely based in a few key countries outside of the U.S. but have taken to employing U.S. citizens to help them obtain information on their targets.

In other words, if you are on the Internet, you are not secure. Everyone has their fingers in the Internet pudding these days and the fat kid shoving everyone else out of the way is our own government.

My information was compromised by the state of South Carolina. Hackers got into the SC's tax records and stole 3.7 million people's information. Social Security numbers, tax ids, and if they used plastic to pay for their tax returns with South Carolina, then they got those too.

Best thing to do about it? Make sure your banks, credit card companies, etc. Offer fraud protection. And stop worrying. It is just another fact of life now.

 

[DetraMental]

The only time I had trouble was using paypal on an overseas purchase. They tried to wipe out my account and caused me to have to get a new debit card. Just a big fat hassle.

 

[Stosh]

.....<snip> I am really thinking about getting a credit card that is specifically used for online purchases, and I believe Citi has a card that allows you to create temporary virtual card numbers that can only be used once

I have a Bank of America card that has the feature. You create a temp number with a limit on the $$ that can be charged. Never had any problems with using it, of it being hacked, in 3+ years of ordering.

 

[K_Tech]

I have a Bank of America card that has the feature. You create a temp number with a limit on the $$ that can be charged. Never had any problems with using it, of it being hacked, in 3+ years of ordering.

Just started doing that with one of my credit cards recently (Citi) after a fraudulent purchase was made with it (resolved within two hours, I am happy to report!).

 

[Myrany]

I got dinged once by someone taking my cc info from ecig shopping. Ever since I use a prepaid and only load on it what I am going to spend. They can't steal what isn't there.

 

[Rocketpunk]

Same here. Prepaid card is the way to go. Ya can't complain in hindsight if ya got the advice already. ;-)

 

[denmonkey]

I deal with fraud for a financial institution here in Australia. As Doug said I'd you're on the net you're at at risk. Hell you don't even need to use your card to experience fraud in it. Whislt you can't stop fraud happening you can sure minimise the amount of funds you have at risk to it. Your best defence is to have your cat's attached to an account with minimal funds in it. Zero funds is even better. When you want to make a purchase drop some money into it and away you go.
It's simple and only takes a minute to transfer the amount you need.
This is good practice anyway but even more important if you're using the net or travelling.

sent from mobile

 

[ITPython]

Just started doing that with one of my credit cards recently (Citi) after a fraudulent purchase was made with it (resolved within two hours, I am happy to report!).

I applied to Citi as they have virtual account numbers, which is a pretty amazing feature IMO. I am only going to use the card for online purchases and will always use a different number per website. So how does the temp number work, can you set a limit, or is it only good for a one-time use? And when checking statements does it show what virtual number was used for the charges?


In a similar manner I have unlimited email aliases/pseudonyms I can create with my email provider, that way I never have to reveal my actual email on registration forms and whatnot and it all gets routed to my main email address. I can even send mail from my alias addresses. I learned about email spam the hard way back when I first starting messing around on the internet, it was absolutely miserable! Since then have primarily used aliases, so if one gets compromised, and reporting to Spamcop does no good, I just delete it and no more spam.

 

[ITPython]

I got dinged once by someone taking my cc info from ecig shopping. Ever since I use a prepaid and only load on it what I am going to spend. They can't steal what isn't there.

I am thinking this probably would have been the easier route rather than getting a whole new credit card with virtual numbers, lol. Oh well.

So with the prepaid card, can you add money to it instantly (say via their website), or does it take ~24 hours or so before the money is approved for use?

 

[K_Tech]

I applied to Citi as they have virtual account numbers, which is a pretty amazing feature IMO. I am only going to use the card for online purchases and will always use a different number per website. So how does the temp number work, can you set a limit, or is it only good for a one-time use? And when checking statements does it show what virtual number was used for the charges?

The number is good for one merchant only, but I'm not sure how many transactions can be processed using that number. I assume one transaction, but I can't say for certain.

 

[wv2win]

US paypal doesn't allow ecig transactions......
see if your CC company offers virtual one time use numbers...citibank does...

You took the words right out of my laptop on both points, lol

You can use paypal for most suppliers outside the US as well as a few inside the US who are headquartered outside the US. Liberty Flights is one example.

I don't think the problem of having our CC hacked is the actual vaping site but the credit card processors they are using. I also now use citi cards virtual numbers and have had no problem since making that change.

 

[wv2win]

I applied to Citi as they have virtual account numbers, which is a pretty amazing feature IMO. I am only going to use the card for online purchases and will always use a different number per website. So how does the temp number work, can you set a limit, or is it only good for a one-time use? And when checking statements does it show what virtual number was used for the charges?.............................

citi gives you several options. If you just do the regular temp number, it is good for any amount for one month but only at the site you first used it at. Or you can put either a dollar amount limit on it, a date limit on it or both but in all cases it is only valid at the one site you specifiy.

 

[Rickajho]

Last year I had fraud on a CC that was never used to make an e-cig purchase. When the bank issued a new card, one payment was made on the card - that's it - yet the new account number was frauded within 14 days of being issued.

If you think you can simply connect the dots from "I made a purchase here..." and "A fraud happened there..." - you can't. Don't go slandering merchants unless you have absolute certainty that a particular merchant picked your account numbers and started going on a personal shopping spree. Credit card fraud today rarely, if ever, happens that way any more. We are decades beyond "flip flaps", carbons being fished out of dumpsters & waitresses copying down your card number. Now, if only the major credit card transaction processing centers would catch up and bring their security protocols into the 21st century as well. In the mean time, if you have a credit card you are at risk for fraud - if you use it or not. You aren't liable for CC fraud anyway so quit taking it so personally. Sure, it's annoying. It's also part of living in the year 2013.

 

[ITPython]

Last year I had fraud on a CC that was never used to make an e-cig purchase. When the bank issued a new card, one payment was made on the card - that's it - yet the new account number was frauded within 14 days of being issued.

If you think you can simply connect the dots from "I made a purchase here..." and "A fraud happened there..." - you can't. Don't go slandering merchants unless you have absolute certainty that a particular merchant picked your account numbers and started going on a personal shopping spree. Credit card fraud today rarely, if ever, happens that way any more. We are decades beyond "flip flaps", carbons being fished out of dumpsters & waitresses copying down your card number. Now, if only the major credit card transaction processing centers would catch up and bring their security protocols into the 21st century as well. In the mean time, if you have a credit card you are at risk for fraud - if you use it or not. You aren't liable for CC fraud anyway so quit taking it so personally. Sure, it's annoying. It's also part of living in the year 2013.

I don't appreciate the hostility, but I agree CC fraud is just something we all have to deal with, unfortunately.

And I didn't list any merchants for a reason, because there is no certainty.

 

[Stellaboots]

Out of curiousity, was your purchase with an overseas vendor? Like, FastTech or HealthCabin?
I've been buying from US vendors with rated sites (security check rated), so I haven't been too concerned, but maybe I'm wrong.

 

[meanckz]

As someone who has been in IT for 20+ years with 10 of those being spent reading over tens of thousands of data logs following thousands of legitimate and wannabe hackers digital trails, I can say that the systems in place are only secure until the next hole/bug/exploit is found, but you probably have more to worry about with the NSA than you do most of the small-time hackers into credit card and identity theft. The only exception to this is growing cyber-crime syndicates that are largely based in a few key countries outside of the U.S. but have taken to employing U.S. citizens to help them obtain information on their targets.

In other words, if you are on the Internet, you are not secure. Everyone has their fingers in the Internet pudding these days and the fat kid shoving everyone else out of the way is our own government.

My information was compromised by the state of South Carolina. Hackers got into the SC's tax records and stole 3.7 million people's information. Social Security numbers, tax ids, and if they used plastic to pay for their tax returns with South Carolina, then they got those too.

Best thing to do about it? Make sure your banks, credit card companies, etc. Offer fraud protection. And stop worrying. It is just another fact of life now.

you funny
it's a real concern, but you're right: fraud protection is the best route
and Hello back fellow vaper and SC'ian

 

[meanckz]

also...maybe you could find out exactly when the fraud occurred after which purchase from which site/vendor (if that is possible) and we can start a "buyer beware" thingy going here.