On-line Credit Card Fraud.

[kiwinoz62]

Hi everyone,

I thought I ought to share this with everyone here, so hopefully anybody won't go through the angst , I am, at the moment.
On-line Credit Card Fraud.
Over the past fortnight I have given the plastic fantastic abit of a shake, several guitar building items.
Most of the vendors use Paypal, some of them do not, but you assume their on-line security is intact.
Anyway, my Credit Card was hacked, only by AU$200 - $300 (hundred dollars) thankfully, and probably only because I keep a record of what I purchase, cost, dates, etc. plus I also check my on-line banking account statement frequently, hence the reason I realised something was'nt right.
I noticed a few discrepancies and contacted my bank straight away, they cancelled my Credit card immediately and have now begun the process of trying to capture these scoundrels.
I will be reimbursed as I know I have done nothing wrong, I also contacted the vendors that I have recently purchased from, to inform them of my situation and to ensure that they check their on-line security is up to date.
I also wish to add I have bought from these vendors before with no problems occurring, this is just an unfortunate instance that has happened to me and hopefully never again.

My point is. . . You can never be too safe, buyer or vendor.
The festive season is about to begin, all the more reason to be aware when you purchase on-line or by personal shopping.
There are career criminals out their waiting for their moment of opportunity & when it happens somebody always gets hurt.

Now, I have experienced Cyber Fraud first hand.

[kiwigeo]

I got off a job earlier on this year and rocked up to my hotel to find the card had been blocked by the bank. Someone had been doing small test transactions and the bank had picked up on the illegal activity and zapped the card. Luckily the hotel let me check in without taking my card details otherwise id have ended up sleeping on the pavement.

Not sure how the crooks got my card details as Im extremely paranoid about cyber crime and never use the card with suspect vendors.

[tippie53]

When in doubt don't
As a business we try very hard to be as secure as we can. I have to say that I never had a issue since I started using Paypal Ccard terminal. I have had card denied until the customer called their card company to assure this was legit. I would rather be declined than depleted
NEVER GIVE OUT INFO IN AN EMAIL UNLESS IT IS HTTPS
also never go to a payment site from an email unless you know the people you deal with. Hackers are good at making the hacked pages look legit.

[Dave]

I've had it happen 3 times so far twice where my bank stopped the transactions and once where I had my statement come through and I found things on my statement which shouldn't be there

The two that the bank stopped were for a larger purchase in Thailand which I never visited and the second was for a £560 purchase from Tesco online.

I know how the first one happened as a wa**ker at a petrol station scanned my card details (they did it too about 300 people).

The second one I haven't a clue how they got my card details as I have been really careful with how I used my card since.

The third one I noticed on my statement that I had bought something at Prague airport never been there either and had also treated someone to a large order from Domino's pizza and had also treated someone to I-Tunes downloads - this was from another account - I told the bank and they cancelled my debit card and refunded the money taken!

Since then I know use a pre-paid credit card for all the things I buy online (even Paypal) Its a little bit of a hassle but at least I know they cannot get access to my bank account!

Dave

[Nick]

Good advice Wayne and at an appropriate time of the year when the old plastic usually takes a bit of a pounding, just sorry to hear it happened to you! I'll either use sites that have a Paypal option or at least some form of security service on their credit card transactions.
I recently bought some (4) online purchases for a piece of music software I own, the company unfortunately doesn't have a cart set up so each 'add on' had to be a seperate purchase. It was comforting to me when, after having clicked 'purchase' on the third item, I received a phone call from the bank asking me if these were valid transactions otherwise they would have put a stop on my card.

[peter.coombe]

I cancelled my merchant facility because it was becoming too difficult to do international transactions, and as a result it was not being used much at all. The amount of international credit card fraud is now so high that many of the US banks have a blanket stop on all international transactions, and it is a PITA to get them to lift it for one transaction. Paypal is the way to go nowadays.

There are many ways the crooks can get your credit card details, so I would not assume they got it through your on line purchases of guitar parts. Some crooks can generate valid credit card numbers and then guess the expiry date until one card works so it can be a random thing that has nothing to do with what you have done. There are also programs that can get installed onto your computer that capture key strokes that are then downloaded to the crooks. These programs get installed when you visit certain web sites, or can get installed similar to how you get viruses on your computer.

There are a few ways you can protect yourself. As a minimum, before you enter any credit card details, make sure the web site is using SSL (i.e. HTTPS). You can determine this by looking for the locked padlock, and you can check if it is a valid SSL certificate by clicking on the locked padlock. If there is a path to VeriSign, then it is a valid SSL certificate that the vendor has paid for and it is probably safe to proceed. No locked padlock, or an invlaid SSL certificate then STOP and cancel. Other things to do -
(1) Absolutely essential - run firewall and antivirus softeware. Keep your firewall and antivirus software up to date. Run regular virus scans. Believe it or not, some people run their business on a computer connected to the Internet and don't run firewall software. They are a sitting duck and are one of the reasons we have botnets and denial of service attacks.
(2) Keep your OS up to date with the very latest patches
(3) Run web site checking sofrtware. McAfee have a free version. Only visit safe web sites. If the software pops up a warning sign, cancel. Don't visit that site.
(4) Run sofware (e.g. Spybot) that you can use to scan for malware and it will also block various malware that gets onto your computer through the browser. Keep it up to date with the latest detection rules.
(5) If you do send credit card details via email, then split it up across several emails. Fraud through email is not one of the most common methods because the crooks need to either hack into your email account, or hack into an email server and sift through millions of emails. There are easier ways and the crooks will always use the easiest method to get you. So, make sure the password on your email account is a strong password.
(6) Don't let Windows store any of your passwords. Keep them in your head.

Doing all this will greatly reduce the risk, but does not reduce it to zero. Virus protectors are not infallable, new viruses/malware can get downloaded onto your computer before you update the virus protector. You will still need to regularly check your credit card statement. However, note that if you have already been hacked then the crooks may already have your Internet banking details as well. Fortunately the banks have measures in place that do stop a lot of attempted hacks, such as if the IP address that is being used to log into your account is unusual (e.g. from China) then your account will get locked automatically. I do all of the above and have been purchasing all sorts of stuff off the net for years and have never had a problem. However, I don't have a great deal of confidence that it will never happen to me! My web site did get hacked once which caused all sorts of big big problems, but that was not my fault. Web hosting companies are not always as security aware as they should be.

I used to be an IT guy, heavily involved with IT security (yep, I'm a real geek).

[Ormsby Guitars]

http://www.heraldsun.com.au/news/nation ... 6527054509

In just the last year, we've had:

Two separate instances of unauthorised transactions totalling $1000

Twice the bank has called to query a transaction we didnt authorise

After having the biggest year so far, and getting an awesome home deposit together, one week before our home settled, someone managed to clear out funds from our iSaver account (which technically can only have money moved to ONE other account). The bank fixed that real quick, but they said it went to a paypal account. Can't tell you the amount of stress that caused...

Had one $6000 transaction decline, then their next card, then their next card... and whilst im doing all this the bank called to say they had been contacted by a US bank to decline the transaction. Less than two minutes it took.

New cards every time, new numbers to remember, pain in the butt.

In May, got a call from the bank "your account has been logged into from Bali" "We're in Bali" "Oh, good, couldnt find payments for flights on your card, nor anything else relating to a holiday at all, so called to confirm". Efficiency!

Back in 2006, I had a new cheque book send to me automatically. Wasnt expecting it. Our mail box was raided, and we didnt know what was even in there, but werent expecting anything important. Two weeks later got a call from the bank "did you just come into the branch??". Nope. Raced down there to find someone had used my LOGO as a signature, to take $50 out via cheque, then $100, then $200, Then $500, then $1000... Got away with $7000 all up in a week. I got the money back, because the signature didnt match, but it took a while. They caught the guy, but no charges were ever laid by the bank....

[peter.coombe]

Had one $6000 transaction decline, then their next card, then their next card... and whilst im doing all this the bank called to say they had been contacted by a US bank to decline the transaction. Less than two minutes it took.

That sounds all too familiar and is one reason why I cancelled my merchant facility. Major hassles getting paid.

After reading the article on the link, it is worrying that so many credit card details could be stolen from retailers. Credit card details collected by on line vendors should NEVER EVER be stored where there is any possibility they could be accessed from the net, particularlly if there are large numbers! It is not all that difficult to implement, but small businesses are reliant on IT vendors to do the right thing, and seems like that did not happen. Most small businesses don't have the resources to build their own IT systems so are dependent on IT vendors, and if the vendor's security system is flawed it potentially can affect lots of businesses and hence potentially can result in lots of fraud. Stuff ups and just plain incompetance in IT vendors is not all that uncommon in my experience. Unfortunately there is nothing the average consumer can do to protect themselves from that.

[kiwigeo]

One source of credit card info is vendors who store your credit card details on poorly secured computer systems. Eg. Qantas and Telstra have an option for you to store your credit card details when you pay via their websites.

[kiwinoz62]

Hi everyone,

Great outcome for myself , the bank has refunded all fraudulent transactions on my CC.
Hope they catch the mongrels that did it.