My CREDIT CARD number got stole this week, I found out when I could no longer use my card! I called the CC company and they said the FBI caught someone with a bunch of account numbers and mine happen to be one of them although no charges where on my account that I didn't make they still closed it to be safe. I was hosted with ADDR.com last year is it possible that's where they got it from, I never use it in stores only for web hosting wouldn't ADDR delete my info after I left but who knows they could have got it from anywhere but my number got stole right after I heard about ADDR getting hacked!

The only thing I use a CC for is to pay for web hosting and my ISP but i'm also with another web host that keeps my CC info online in case I need to change it :angry: why do they keep that info online? I'm sick of how companies store your info online like that why can't they store it on a computer that's not connected to the net! I always make sure that when I give out my info to a host that it's encrypted 128bit if it's below that I don't use them heck I even shred and burn anything with my account numbers on them and that was before this happen.

Now I have to wait a week for a new CC and the problem is that i only had one card to use I can't wait for one because my ISP and web host bill me monthly and as luck would have it my next billing date is this weekend and this week what should I do? I can't afford to let them shut down my web sites and i'm sure they will since my old CC is no longer working, I don't know what to do.....:angry: it just makes me sick :sickface:

sorry if this is in the wrong forum but it is web hosting related in a way......

MAX

I have heard similar stories many times. Some online companies keep your credit card number online in their data base. Imagine if some one hackes in to their data base? I dont understand why they keep important info online!
Watch out for gas stations too.

Max,

I'm sure the hosting company your with will be understanding if you send them up a E-mail and explain the situation to them. I wouldn't wait until they billed you and they find out the card was rejected.

You just said that the only thing that you use your credit card for is those two hosts. But you said you went to purchase something and it wouldn't let you buy it? So what else do you use your credit card for?

I will bet you $5 that they got the number from somewhere else. Like if you've ever used it for gas, food, shopping, anything, those clerks sometimes keep the second copy of your receipt so they can use it later.

I'm guessing this because the fbi doesn't have a good way to catch online credit card theft, they probably caught him the old fasion way. And that's probably how your number was stolen as well.

Your credit card number is safer online than it is in your wallet. The media reports online credit card frauds from the internet in the news all the time, maybe only 10 large occurances of this have happened in the last 5 years. You don't really see the media post about the huge billion dollar credit card theifts that go on in the paper world everyday. Why? Because it's not trendy. Billions of dollars more theift happen in the real world vs. the very few incidents that actually happen because of the internet.

Also the cases that happen from the internet are usually cases where no security was even attempted. If somebody wanted to steal credit cards, they wouldn't bother to spend two years stealing them off the internet when they can go to the dumpster of any law office or office and find huge lists. The people who actually spend months cracking into credit card databases on the internet are usually more or less harmless geeks who do so to be 'cool'. Most never have the intention of running a mass money scheme.

and that is my boring two bits...

Well, Addr did have an old database downloaded or whatever by a system cracker. I don't think it's likely it was somewhere else. That's just my deduction though and my opinion. I think it's more likely to have been the Addr case. Surely, enough problems happen with gas stations and whatnot. Someone got into an argument telling me that online transactions are safer than in real life. I told them, sure, because it's handled by larger companies, but trasmitting the information via SSL doesn't mean **** if the information is stored non-encrypted on online servers, giving millions of potential criminals access, instead of one gas station attendant -- where you can watch them as they swipe it, if that's the case.

I have the opinion, and for good reason, that the transactions on the Internet as more of a risk, not less of one. There's still employee's on those CC places too online and they are specifically dealing with it all day, not some employee that just runs your card only. So, there's a lot more potential and more potential to getting that information from many more places, for many more reasons. I'll take that $5 bet!

ckizer,

Are you nuts?

I mean come on!

Hackers are getting more and more experienced everyday...


Experts predict the trend will get worse before it gets better. A study released Friday by GartnerGroup claimed that the economic cost of cybercrime will grow by 1,000 to 10,000 percent by 2004.

Who the hell are you?!

Why WOULD you need to keep the creditcards online?!

Some people's stupidy just makes me want to PUKE!
Go back to you shack in the woods you fool!


""""The people who actually spend months cracking into credit card databases on the internet are usually more or less harmless geeks who do so to be 'cool"""""


Any what do they do with the credit cards!!!

""""""""""""""
The credit card data appeared to be in circulation in the computer underground. Three of the customers contacted by MSNBC.com said they had discovered fraud on their accounts. Reggie Marks of Clayton, Calif., who runs “Excav8tor.com,” said his bank called a week ago and told him that $3,000 worth of computer hardware and software had been billed to his card. Steve Eisenberg of San Diego, Calif., who operates Thewebcoach.net, said he found $900 in false charges on his card in the past week. Another victim, who asked not to be identified, told MSNBC.com about $2,500 in errant charges caught by her bank.
A fourth victim, Cliff Hanna of Del Mar, Calif., called his bank after being contacted by MSNBC.com and discovered that just late Sunday a fraudulent $500 hotel room charge had been billed to his card.
Since the story’s initial publication, several other ADDR customers have written MSNBC complaining of fraudulent activity on their credit cards.

""""""""""""""


YOU MY FRIEND ARE A FOOL.

Hey now.. hey now.. let's all be pals.. :-)

People store the CC information for purposes of automatic re-billing, but there are better ways and they ought to be encrpyted. I mean, if you have CC information and someone root's your server, they can get it no matter what, but high encyprtion will at least make it unlikely, if not impossible for them to actually get data from said database. As for any other manner, there's no excuse and there's better ways to rebill.

Tim_Greer

I have my own merchant account....
and we do our billing offline.
I have NEVER found a reason to keep my database web accessable.

As soon as an order is placed, the information is transfered to our office server and with a click of a button...its gone from the web...

We have not had more than 3 credit card numbers online at a single time.

There is no need.

My brother got a fax consisting of 50 plus credit card transactions with all the details. After some investigating, the numbers were supposed to be faxed to a local grocery store. Their fax number is one digit different from his computer line. The numbers were all duplicate charges for the month. Makes you wonder.

My hosting provider requires a copy of my credit card to be kept on file. The faxed copy could be sent to the wrong number. My fax could be taken from the machine by a not so honest employee. A snail mail copy could be stolen in transit. Somebody could have a scanner and pick up the number from a portable/cell phone. My phone could be tapped. What can I do to keep my credit card numbers safe? :(

-Mike

Faxing is notoriously a security risk. There are many cases of very private and sensetive info being sent to the wrong sources via fax. Not just CC info but medical records, legal papers, school records etc.

True, there's never a no-risk way, just same are more risky. And, as I said, I agree this information shouldn't be kept on a server hooked up to the Internet. The most you can hope for online, is the company being honest and that they have a good policy about such things. Obviously some do not though, which is not excusable, as we all agree.

The only place i ever use my CC is online i tried to buy some flowers from 1800flowers.com and i they gave me some kind of error so i tired again and the same thing happen so i called my CC company and found out they had put my account on hold all they told me was that the FBI caught someone with a bunch of accounts they didn't go into detail about it so when they said a bunch of accounts i thought about ADDR.com but i was with them late last year i never buy food or gas etc. with a CC always cash so it had to be taken from on line somewhere, i wish i new where but they didn't even know i still think they got it from ADDR because the guy had a bunch of accounts he never used mine maybe he planed on selling them who knows and it happen right after i read about addr being hacked what's the chances of that? Im still pissed about how companies keep your info online 24/7 it shouldn't be allowed. I wonder what my current host would say if i wanted my CC info they have OFF line!! :angry:

Max, first of all, I would suggest you send an email to the billing department of yoru web host explaining what is going on. Second, if you are in the US, go down to your nearest 7-Eleven and get one of those rechargable American Express cards; you can use it just like a normal credit card and you get it instantly.

Wazeh a rechargable American Express card...... i never new of such a thing but i'll try to get one that's a great idea do any other stores sell them like Walmart etc


MAX

MBNA http://www.mbna.com has also unveiled a new limited-use Visa tool.

How it works, as I understand it... and realize I haven't really looked into it, I just saw an ad on TV:

You have your main MBNA Visa card with them.

Log onto their website, and they have an online tool that will enable you to create a "one-time Visa number" with a credit amount of whatever you specify.

(Say $35, as if for your webhosting fee)

You then take that one-time number and plug it in to the vendor, and the transaction runs through. If the number is "stolen" from the vendor's database, it doesn't matter... it was a one-time use and has been used up.

Of course this means managing your credit card account online. HOWEVER... what most people don't realize is that all their credit cards are already online, whether they choose to access them that way or not. May as well tie them up by creating passcodes etc. so someone else doesn't hijack the account and take liberties with it. The major banks are generally very good about security and while NO system is fool-proof... well if the fault lies with the issuing agency, well, you know who to run to. :)

I use a Citibank Platinum Mastercard, an internet-only card, for my internet transactions. It has a pretty low limit, but more than adequate for all my uses. What's more, it has a $0 fraud liability guarantee. Sweet.

As a clicks-and-mortar retailer I can attest that if someone broke into any number of retail properties, lodging offices, or proprietor residences (from your Ace Hardware owner's house to the local ritzy clothing store) they would gain access to thousands of hard-copy charge slips which we are required to keep on file for years. That means access to hundreds and hundreds of thousands of dollars in credit. (It's not THAT hard to guess a new expiry date...)

As for where the risks lie... they lie at every step along the chain. The scanning doesn't have to take place at the time of sale. There's nothing stopping a little snot from opening the register after you leave any copying the number, expiry & your signature down. In fact this happened to my mother, a 19-year-old "manager" at the local grocery store used the hard printout of my mother's Visa receipt to pay for 900# phone calls. It can, and does, happen at every single step along the way. Most people have no idea just how vulnerable their credit card numbers are.

Thankfully, this "internet awareness" has caused consumers to, at last, insist on better coverage by credit issuing institutions, so that many cards now carry a $0 liability. Thank heavens... it's long overdue!!!

~~~ My thoughts for the evening ~~~

:D Bailey

Bailey,

Actually I use the 'pimply snot at the store' story myself quite a bit. Whenever someone is horrified that I use my CC online, I just ask if they'd ever paid for a meal at a cafe' by credit. I've worked in them in years gone by and know exactly the type of people that work in the kitchens :rolleyes:

The simple fact of it is, for all this increased ease we have of spending our money now, it also increases other people having their hands in my back pocket too. At the end of the day it's a judgement call. You reduce your risk by opening your eyes. If it seems suspicious, don't do it. If you felt fine, and still got ripped off, then at least you tried.

As a business man I might moan about credit companies siding with the client, but as a consumer I can't really complain about it too much :blush:

Greg Moore

The sad truth is even with all the security procedures used and off-line storage there are still sooooo many ways someone unauthorized might get a hold of your CC info.

Years ago I worked at a catalog company that stored customer CC info on a central (off line) database. Anyone in the IT department could easily run an SQL query and print out pages upon pages of CC info! So much for security!

It's getting warm in here.

The only reason I said what I did was because of two things.

1. We work very closely with tripwire, and also know a great deal about how banks and closed circuit networks transfer funds (I've worked with this stuff for about six years)

2. My personal experiences when I was younger cracking in to databases and websites.


I may actually owe Tim_Greer $5 his points were well stated :-)

Addressing some of the other posts:

First of all, I've NEVER ever SEEN/HEARD of any database of credit cards being stolen from any website that was secured actively and properly. All of the websites that I know of to this date that have had credit databases cracked, neglected security! Most of the major sites (like egghead.com) knew there was an update to the software they were running but neglected to install the fix!!! Corporate people are too eager to hire anybody who has 'internet security' in their title. Most of these people are just your average system administrator who doesn't understand security, and how important it is. I properly security credit card database would be extremely difficult to hack, enough so that it would probably repel crackers, to move on and try somewhere else.

I would agree that the stupidity of keeping a credit card database is warranted in most aspects. If you HAD to have a database like that online, it would be wise to employ security services like tripwire, amex web secure, and 24hour monitoring. In most cases had they been paying for a team of techicians to sit in front of terminals 24/7 and monitor incoming tcp/ip streams they could have stopped the hacker cold before he even got a change to get the data. Credit card data should be guarded like the gold it is! Not completely left up to some software package. If companies guarding private information, more like we guard prisons and take an active approach vs. a passive one, we would have extremely few cases of online credit card theift. And the cases that did happen would be resolved quickly and efficiently.

And that's my two bits..

Tim_Greer in the case of this credit card issue I think you are right about the persons cc being stolen, email me your address at kizer@sharpwebinnovations.com and i will send you your $5 dollars, you earned it. :-) PS after emailing me post here, so i know it was you that request the the $5


That's my 2 bits...

akashik> :D I have worked at those places too... and it doesn't stop at the kitchen... how about the starving waitresses and the slick hosts who think they're too slippery to be caught... hehe. All retail/service industries have their weak links, thankfully thus far I have not hired any of them at my shop, but boy is it a scary thought!

ckizer> :) Your points are well-taken. As far as the online "chain" goes, absolutely, outside and internal security per software and hardware arrangements are necessary for ethical operation. Because I am not one of those people well-versed enough to make a good hiring decision about IT security, I use the old-fashioned "offline" system, myself.

The funniest part of all of this are the consumers who are infinitely irritated that I do not offer an online order-status system. They are incensed that they cannot check on what "stage" their order is in nor can they see if it's been shipped or get a tracking number.

They do not understand that this kind of system would require (1) I keep inventory online -- as in, keep dreaming, it's a 700 sq. ft. gift shop... (2) integrating the online system to my in-store system, which would put my entire physical operation at risk to outside influences including virii and crackers -- as in, keep dreaming... and finally, (3) that I keep their full client info including credit info online. And I just can't justify putting my operation at risk like that, from start to finish. Granted it's a little store, but it's my bread and butter and run completely by sweat equity and my own TLC. :blush:

And as a consumer myself, (grins @ akashik) I can't in good conscience put the kind people who I love to work with, at risk like that. Their credit info has no business being online.

It's hard enough trusting a third-party like Revecom with my webhosting client fees. But at this juncture I don't have a lot of choice, logistically. :eek:


:D Bailey

Where else can you buy a rechargeable American express card 7-Eleven here doesn't sell them?

ANother way to be safe:

I limit my credit card for online use at $300.00 and my offline use at $500. Just Cap the spending limit so when people steal it they can't really card much.

Somebody wanted to know about an online order status system that allowed people to check orders but was secure. hmm i think there are some third party companies that offer this service through them so that way if something happens it all there fault. You gotta love services like that. :-)

I'm going to put myself out on a limb here and probably get shouted at and say that for one CC number there is proactically no difference in using 56bit or 128bit SSL, to start with, it is such a small amount of data to work with to decrypt - also a hacker isn't going to waste 30-40 hours on getting your CC number from an intercepted SSL transaction, they would rather spend that 30-40 hours working on cracking an online database of CC number which holds a much better potential reward in terms of money and underground brownie points.

Ok.. lets take a scenario here.

Just say someone in Australia used a Malaysian card to buy about 200 bucks worth of webhosting.

If you were the owner of the card, and you found out that someone was using your card, what could you do?.. and how much would it cost to chase it up, and get the money back?

I think its important to know what could get done, and maybe look at ways to improve things.

I believe that the best way to stop a credit card thief would be to scare them with an email.

Im sure that there is nothing that can be done, if only $200 was taken.. its a small amount of money, and im sure it would cost 1000's to chase it up, and take it to court, etc.

Give me your opinions/facts on this matter.

Thanks

Originally posted by MAX
Where else can you buy a rechargeable American express card 7-Eleven here doesn't sell them?

I know its a little late to replay....

But I have the answer...

Check out Cobalt Card by American Express...
http://www.cobaltcard.com

There is no fee to have it, no interest, and the $$ is either debited out of your checking/savings account or another credit card.

I use mine all the time online - since I dont' have a regular credit card. :)

rockergrrl

The big problem with credit card fraud is the credit card companies themselves.
They do not have a real incentive to stop fraud and in some cases they actually
profit from it. The merchant is the one who gets screwed with no real recourse.

Lets say Joe Schmoe purchases a product/service from a merchant for $100.
The merchant runs the credit card and gets approval. Gives the customer the
product/service; customer then claims he did not order the product/service.
At this point the merchant is out the money and depending on his merchant
agreement gets hit with chargeback fee of anywhere from $15-$25. Then
depending on the credit card company the customer is responsible for the first
$50 in cases of fraud. So the banks and credit card companies actually profit from
this, whats their incentive to change?

On a related note about those #$ cc..... Always check the amount of the sale that they charge you, I have 2 examples:
1. I was charged for someone else's gas although I was only getting coffee, donut, etc......and of course I didn't pay any attention, so I guess I basically deserve to pay the $25 for not staying on top of things.

2. I used to work at a liquor store and my boss would always add $$ to drunk people's cc knowing they wouldn't notice it and then take the difference out in cash.

...just my 2 cents

Well, one good thing about webhosting, it's a product you can take away. It's not like a TV that you would have to track them down and repo it. So in this way, webhosting has it better than merchants who sell actual 'material' products. At least we arent out the actual product :)

Due to that, we dont see as much fraud as those other guys do. I mean, it's kinda stupid to fraud a WebHost, and in the end have nothing to show for it, yet be that much closer to getting caught..LOL