No better place than here to post what happened today.

I get my credit card statement and see 3 charges I never made to two different internet companies. One of them charged me twice in the same day for the same amount of money. I called my CC company and they were VERY helpful and credited my account for those amounts. I also invalidated the card and got a new one with a new number. I also checked my statement online to see if other charges have been made, and YES! another one for $20 charged by an internet company I've never done business with. :angry: :angry: :angry:

All in all, I should be happy the people at American Express are very good at helping their customers and getting this straightened out for me. Still it infuriates me to know that someone stole my number!!! Questions in my mind: For where? When? How? ARGH! :mad: :bawling: :angry:

Thank God I keep records of everything. The only companies I've used my AMEX card with are:
Yahoo!
eBay
PayPal
Half.com
Amazon.com
Health club
... to name a few.

Something tells me the leak is from eBay/Half or PayPal.

So now, what to do? In order to sell on eBay, you *have* to have a CC on their database. Same with Yahoo!. To sell on Half.com, you also need it. Should I stop selling/buying because I'm afraid this will happen again? :angry: :angry: :angry:

I'd love to hear your thoughts or recommendations.

Thanks everyone ... for listening.

Jessica

Lucky it wasn't $2000 :)

You're right! Just around $300 all together...

:(

Why would someone ever want to go through the effort to hack eBay or PayPal when they can just go in your garbage can or mail?

Low tech is a lot simpler and often gets better results.

Or it could be a brick and mortar merchant.

In any event, I hope this works out for you.

take the issue up with AMEX ?

$300 or $300000 or even $30 it's bloody theft and a deep concern that cc numbers have been stolen

it's hard enough explaining to some people that it's perfectly OK to use CC online and much safer than giving it over the phone to any Tom Dick or Harry without this --- people who know what they're doing being ripped off !!!! :angry: :angry:

bad stuff Jessiecam ! bad stuff !
keep angry

I've had my card cancelled 3 times so far because it got duplicated. All these high tech copycats are a pain in the behind.

did you get any further with this ?
was it ebay ?

IMO anyone that uses an AMEX card online is absolutely nuts!
Why would you put a card that has NO SPENDING limit even close to online?
Yes these are reputable companies but security can always be gotten around, don't ask me how but it does happen.

I'm glad that you received a refund from AMEX.
I would suggest getting a Visa or MasterCard with a limit of 500-1000 for small item purchases for online use only, such as eBay use.

I hate the idea of Paypal to be honest, considering it's like having access to your debit machine except it's online! Think about it for a minute.... someone gets your paypal login information and you have an AMEX card on the paypal account. What does this mean?

Unlimited spending through paypal for anything paypal can buy.

Just be careful and get a card with a lower limit. Also use multiple hard to guess passwords for each account. Sometimes it's not a hacked server but a simple password that is the problem.

Best of luck

AMEX said they would investigate this further. So I'm going to follow up on this next week. AMEX was very helpful during our phone call. Great customer service! :)

AMEX Blue, which is the card I have, works just like a VISA or MasterCard. It has a limit, you can carry a balance, and all that "good" stuff.

I'm going to start using Amex Private Payments as soon as I get my new card. It is good for one-time purchases. Basically, they give you a CC number to use which is linked to your real CC account. It has a limited life. You have to use a different Private Payment number for each transaction. This is not good for recurring charges but it's great when you're making a purchase from a lesser known merchant. Just another layer of security. For more info see this URL:
http://www26.americanexpress.com/privatepayments/faq.jsp

I still don't know what I'm going to do for eBay/Half.com. I don't feel safe giving them my CC number anymore.

Regarding PayPal, I wrote something on WHT long ago about a "safer" method of using it for those of us who do need it. The whole thing is on this threat (http://www.webhostingtalk.com/showthread.php?s=&threadid=53994&perpage=40&pagenumber=2) . Here's my post:

I still want to have a PayPal account though. So I thought of this: What if I open a free checking account and leave in there, say $20 - $50. That way, if PayPal ever tries to withdraw money, it won't have more than $20 - $50 to take. Furthermore, whenever I receive money via PayPal, I'd transfer the money from PayPal to my checking account right away AND withdraw it from my checking account as soon as possible too. This leaves this free checking account with a balance of $20 - $50 most of the time.

In addition to that, someone else suggested placing a low budget credit card with say $100-$300 limit to their PayPal account. Your suggestion about this, TowerHost, is great! I should have done so when the PayPal thread was posted. But never got around to. I've started calling some of my CC companies and haven't found one that will let me have a 2nd card with smaller limit yet. I'm going to keep calling.

It'd be intersting to hear more experiences on this issue.


Jessica

You are protected by federal law when you engage in credit card (electronic) transactions. All you need to do is notify your card issuer within 48 hours of discovering the error or fraudulent transaction. They are required to give you a temporary refund till the problem is resolved. Thieves have myriad ways of determining your number - they don't need to find it somewhere. Just relax and keep track of your transactions. Well, this is assuming you are a U.S. citizen.

I think this is what AMEX did because they refunded me the money right away while on the phone.

The doubt is always there though. Does the online shop have a security hole? ... etc

:(

There was a famous case where Victoria's Secret was taking telephone orders at a call center on the East coast, storing CC numbers on tape and transporting the tape elsewhere for processing. Someone was copying all of the numbers in transit and selling them. So, it can happen anywhere. When I worked at a bank we had charges pop up all the time, all over the world - there was nothing we could do but give the customer their money and let it go.

Originally posted by TowerHost
Why would you put a card that has NO SPENDING limit even close to online?
Yes these are reputable companies but security can always be gotten around, don't ask me how but it does happen.


I agree there. My online card (Visa) only has an AUD$300 spending limit on it. If I want to purchase anything higher, I simply transfer more money onto it so it's in credit.

Originally posted by Rotifer
There was a famous case where Victoria's Secret was taking telephone orders at a call center on the East coast, storing CC numbers on tape and transporting the tape elsewhere for processing. Someone was copying all of the numbers in transit and selling them. So, it can happen anywhere. When I worked at a bank we had charges pop up all the time, all over the world - there was nothing we could do but give the customer their money and let it go.

I don't know about overseas, but here in Australia eftpos machines (Commonwealth Bank in particular) actually print the credit card number on the receipt which I think is quite dangerous. The customer gets a copy and the merchant gets a copy.

From memory the merchant is required to keep these for >= 12 months. Unscrupulous employees (or people looking in the trash) could quite easily get access to them.

I've also seen many occasions (example was last week) where a customer has gotten their CC receipt, walked out of the store and thrown it on the ground. This receipt has their card # printed on it so it's asking for trouble.

I've never had any unauthorised charges and hope I never do, but it must be frustrating.

--Shaun

They ***** out the last series of digits here - didn't used to. I worked for a bank when debit cards were first widely introduced, boy were we taken for some rides. By the way, you are also entitled to a full refund even should you write your PIN on the card and they use it at an ATM (U.S. law). Crazy but true.