Warning: Credit Card Number Stolen from Vaping Supply site

[wv2win]

Just an fyi: this is a first for me and I have made more online vaping purchases over the last four years than I care to remember, most of them with credit cards and some through paypal.

About 2 months ago I decided to use only one credit card that I had not used in about 3 years for only vaping supply purchases so I could more easily check and track my purchases. Most other online credit card purchases I make are on just a few large sites like Amazon.com. So in the last two months I have only made 7 purchases with the card. I made a purchase last night and the previous purchase before that from a different supplier was on 3/19/13. The purchase last night was the first I had ever made with this well known supplier who specializes in DIY supplies. Well, I got a call about 3 hours ago from newegg.com asking if I had made a $569 purchase. Ofcourse I said no. They stated that the purchase was pending and would be declined. I then went online with my credit card company and saw that no other fraudulent purchases were made, thank goodness. I then called the credit card company and had the card cancelled. I must applaud newegg for their vigilance in calling a possible customer about a large order.

Since my previous purchase with this card was 12 days before and the fraudulent purchase came in less than 15 hours after my purchase yesterday, it seems likely that my information was somehow stolen from this site. I just sent them a contact message on this problem asking them to check their security and contact me.

I'm not trying to put a question mark beside the company I purchased from as I'm sure most sites can be vulnerable to having information stolen. Their site does have a big icon exclaiming their securtiy software. I will be interested as to how they respond to my message. If they don't respond quickly and effectively, I will be letting everyone know.

Anyway, this post is just to let you all know to check your statements carefully and frequently and I would not use a debit card for any online purchase.

 

[DJ RyckRak]

Thank You wv2win for posting this.

Quick posting of this type of theft could possable save some others from the trouble this kind of ***P poses.
Yes, thank goodness newegg was on the ball ! KUDOS NEWEGG !

Happening all to frequently...
going to hurt CC internet sales unless someone fixes it.

Again- Thank You !

 

[rotku]

I had seen a couple threads about this. I thought it might be a good idea to get a pre-paid credit card for online purchases. When I looked into it a bit further I was disappointed. It seems that pre-paid cards have monthly fees plus extra fees that make it not cost effective. If anyone knows of some possible solutions or work-arounds I would be all ears. I only have one credit card and it could pose a substantial liability if compromised.

 

[monacelli]

I had seen a couple threads about this. I thought it might be a good idea to get a pre-paid credit card for online purchases. When I looked into it a bit further I was disappointed. It seems that pre-paid cards have monthly fees plus extra fees that make it not cost effective. If anyone knows of some possible solutions or work-arounds I would be all ears. I only have one credit card and it could pose a substantial liability if compromised.

Unfortunately I don't think any of them do this anymore, but some banks used to offer one-use disposable credit card numbers for use online. I'm also going to start looking in to other options in light of all of the reports of hax0rs targeting vaping shops.

 

[RonsPlc]

I use nothing but prepaid Credit Cards for online use.
The Card I use charges a flat rate of 4.95 to load (regardless of how much I put on it), and 1.00 per purchase. No monthly fees etc.
Pm me, and I'll let you know which one I use as I don't know if I'll get in trouble for mentioning the name of it in here.

 

[Kayte]

I use nothing but prepaid Credit Cards for online use.
The Card I use charges a flat rate of 4.95 to load (regardless of how much I put on it), and 1.00 per purchase. No monthly fees etc.
Pm me, and I'll let you know which one I use as I don't know if I'll get in trouble for mentioning the name of it in here.

I would appreciate it if you would send me that info.

 

[Big Screen D]

I had seen a couple threads about this. I thought it might be a good idea to get a pre-paid credit card for online purchases. When I looked into it a bit further I was disappointed. It seems that pre-paid cards have monthly fees plus extra fees that make it not cost effective. If anyone knows of some possible solutions or work-arounds I would be all ears. I only have one credit card and it could pose a substantial liability if compromised.

This was my situation last year while out of town. Only had the one card with me and it was hacked and shutdown. PIA having to change all the prepaid utilities and such that I had auto pay set up with. Not to mention having to hit the ATM everyday so I could pay my hotel bill at checkout.

Called my bank and had them send me a second, separate card that I use only for online purchases. If it gets compromised, it's no biggie. I have backups out the wazoo to tide me over until they can send another.

 

[salemgold]

I am able to create a credit card number through my bank for each purchase. I set the limit and it is only good for that single purchase. I bank with Bank of America and they call it a shop safe number. Other banks may offer it as well. Using this method of payment, even if your number is stolen it is no good to anyone. It is also free so may be worth checking to see if your bank offers it.

The charge goes to my real credit card but I use a 1 time use number for each purchase. I have had zero issues since I started using shop safe

 

[mitzeli]

New Egg is diligent. They also caught fraud on my card, twice! But it has never cost me anyting when this does happen so I don't worry about it. It seems to be a new fact of life with shopping online.

 

[patkin]

Another thread like this... sorry to hear it.... and another of my same responses. It does none of us any good not to know what vendors were involved... not accusing them of theft but of possibly using a bad processing center where the theft is actually happening. Not only does naming vendors protect the backs of fellow vapers but it also has the backs of vendors using safer processing centers as well as not hurting THEIR business when vapers are afraid to buy anywhere because there's such a rash of this happening. Imagine a noob coming in here and seeing that any unknown number of unnamed vendors can't be trusted. It gives all the vendors a bad rap. Some of the other threads do name vendors (I really appreciate that) and at least one of them has/had their site down to fix the problem. The future will tell if they succeeded. I have contacted all vendors I deal with and am keeping a list of the processing centers they use after I went to the processing center sites and checked their security myself. The vendors who either couldn't be bothered answering or didn't want to tell lost my business. As a consumer, I have the right to know who my private information is being sent to and just how safe it is.

 

[kushka]

I am able to create a credit card number through my bank for each purchase. I set the limit and it is only good for that single purchase. I bank with Bank of America and they call it a shop safe number. Other banks may offer it as well. Using this method of payment, even if your number is stolen it is no good to anyone. It is also free so may be worth checking to see if your bank offers it.

The charge goes to my real credit card but I use a 1 time use number for each purchase. I have had zero issues since I started using shop safe

Citibank Citicards also offer this - they call it virtual credit cards - and you control the dollar limit and expiration date - and it can be used by only one vendor. Besides one time perchance, they are also great when joining subscription services - that sometimes try to keep charging after you cancel.

 

[Rocketpunk]

Happened to me too for the first time.

Got a pre-paid card.

 

[Bullette the Cowdog]

Yes. I also would like to know vendor names where credit cards are compromised. But how can we be certain if the vulnerability is a specific vendor or processor or a key logger we picked up from some random site. Not fair to name a vendor without certainty.

 

[Rickajho]

You guys are opening yourself up for slander liability. Unless you know - and can prove - a specific person at a specific vendor committed fraud with your credit card data... yup, that's slandering the vendor.

You have no idea how this system works. If you are lucky enough, you can have your credit card number stolen even before you get the card in your hand and use it. On the other end of the spectrum, your credit card info could have been compromised months before the data was actually used to commit a fraud. There are so many potential access points that can be hacked into that saying "it's the vendor" or "maybe it's not the vendor but it's the processing service they pay for" or "I made a charge 'here' and the same day there was a fraud so it must be their fault" is gross oversimplification.

The fact is that no credit card company - VISA, MasterCard, Discover, Amex et al - is under any obligation to disclose the source of known fraud. They won't tell your issuing bank, and they certainly won't tell you. It's in the disclosure agreement contract between the card company and your issuing bank. At most, all the likes of MasterCard will do is issue a list of known compromised account numbers. They will never tell your bank why they know an account number is compromised. So unless you know, for a fact and can prove it, that any given vendor was the actual source of fraud I'd pass on the finger pointing.

Beyond all that, considering credit cards have zero fraud liability, that makes the finger pointing even more pointless. If you want to you use credit cards - prepaid or otherwise - until MasterCard and VISA drag their security technology into the 20th century (yeah, I'm not even expecting them to reach for the 21st) you will have a fraud. Sooner or later. And more than once. But to say you know the source... chances are you really don't.

 

[exnihilo]

Amex has a service, I use, called Serve. Free, free, and free again. If the site doesn't take Amex, I move on. Unfortunate, but it is what it is.

cg

 

[DaveP]

My card is set up to email me when a charge is made. I get the email on my phone within minutes after I order. If it's not a charge I made, I can make a phone call and take care of the problem. That doesn't prevent fraud, but the heads up is valuable time to stop it before shipment of an online order.

Pre-paid cards or virtual cards that you create from your main card account are probably the safest way to operate. Don't most companies allow you to create a virtual card number with a low liability amount that you choose?

 

[Berylanna]

Dwolla sounds a lot cheaper than prepaid cards. You have to load it, as with a prepaid card. The downside is it seems to take 2-3 days for the load to take effect, so I have to keep it loaded with the amount I expect to spend on purchases in the near future. I keep it at about $60.

It requires an email confirmation at purchase time. http://www.dwolla.com

Too bad more vaping vendors don't take it, I think it's pretty cheap on their end too.

 

[Big Screen D]

I honestly do not understand the purpose of bothering with a pre-paid card in favor of a credit card. I get it for debit card users, since if an account is hit, there is a delay in having the fraudulent debits reversed. But a credit card?

The only entity that a pre paid card protects is the bank. And with the card holders money upfront.

 

[fatherdano]

Slander?

I love their juice but how can they prove it wasn't there site that got hacked?

Apart from the fact that they posted and shut down for awhile why they tried to figure out what happened.

Luckily i have chase accounts and they dismissed they fraudulent charges, pain in the ***

 

[patkin]

Its slanderous to say "I only used the card for ecig purchases at XYZ?" That's the way most seasoned ecig purchasers use their card and that's how one of the sites was discovered. Vendors don't keep CC info. They don't even see it... well I have seen one that asks if you want it kept on file and I didn't buy from them. No one is accusing any vendor of fraud. No one is stating what they don't know for sure but they do know where they've used their card and when. With that kind of reasoning, no one can say anything about their experience with any vendor and that would include the "Negative reviews" sub-forum right here. It would also include youtubes of the same and we all know how those are prefaced with "I did/didn't buy this but will tell the truth objectively." They do NOT say "I can't tell you the truth because I might get sued for slander." Come on! No finger-pointing... no blame... just the facts as they happened is all that's required and protective of consumer interests. But... aside from specific processing center security, are we all so disassociated and afraid in a litigious society as to be threatened into silence? Is there no "word-of-mouth" anymore to create a business reputation? If so... Something real wrong with that.