PDA

View Full Version : Online Purchases and CC Theft


halifax
09-22-2009, 5:50 AM
For the second time my CC has been fraudulently used after placing an order online. The first time it was minutes after placing an order with Sportsman's Guide about a year ago. Last week, it was an order I placed at a NY company for an Ohaus scale. Nothing fishy about either site, both claimed "secure" online ordering. How is my CC info being stolen? At the NY site, my CC was used by someone in New Orleans only minutes after!!

WTH

BTW, I've got the email address of the person who used my card in NO but what do I do with that information? (Fradulent charge was <$100.)

THT
09-22-2009, 5:59 AM
Are you sure your machine is clean? No keystroke logger/malware found its way onto your PC?

halifax
09-22-2009, 6:04 AM
I'm using ESET Smart Security and scan weekly. It has never found anything. The NY order was placed from work which is supposed to be secured (TrendMicro, I think).

ocabj
09-22-2009, 7:22 AM
It's possible that the vendor is compromised. Having a secure connection between the client and server is pointless if either is already compromised.

I had one CC with fraudulent charges recently and I've used the CC with legitimate vendors, but who were smaller outfits. It's most likely one of their servers which received the CC information was compromised.

scott.cr
09-22-2009, 7:26 AM
I JUST got nailed by some CC fraudsters. It was about a week after a trip to Florida... Florida, as I understand it, is quite the hub of credit card fraud. There are two ways I can think of that my CC info was stolen.

1. Waitress at Hooter's. (She took my card away to charge it to settle the bill.)

2. Info stolen over hotel's unsecured WiFi. BUT!!! I was purchasing over a 128 bit SSL... so this seems somewhat unlikely.

They charged my CC $1,800 over its limit and the bank never even said anything!!! I went to buy gas BEFORE this all happened and the card was declined. I ended up having to call the bank for an identity check.

BTW this is an HSBC card.

halifax
09-22-2009, 7:29 AM
Are you sure your machine is clean? No keystroke logger/malware found its way onto your PC?

Just scanned my computer at work with Trend Micro, it came up with dozens of Cookies flagged as spyware. Can cookies be a problem with CC information and access by un-desirables?

glcK23
09-22-2009, 8:10 AM
Yes I believe Keyloggers can be implemented in browser cookies.

I would try SuperAntiSpyware trial to detect anymore malware/spyware.

sfwdiy
09-22-2009, 1:07 PM
For the second time my CC has been fraudulently used after placing an order online. The first time it was minutes after placing an order with Sportsman's Guide about a year ago. Last week, it was an order I placed at a NY company for an Ohaus scale. Nothing fishy about either site, both claimed "secure" online ordering. How is my CC info being stolen? At the NY site, my CC was used by someone in New Orleans only minutes after!!

WTH

BTW, I've got the email address of the person who used my card in NO but what do I do with that information? (Fradulent charge was <$100.)

It's very likely that your personal info was compromised in some much more mundane fashion. Most identity theft occurs when people steal credit card statements out of your mailbox or trash can. Also, credit card skimmers are used by restaurant employees to steal card numbers. All the waiter has to do is keep one in his apron and swipe every card he gets though the skimmer as he walks over to the register.

Here's a very small card skimmer:
http://blog.creditorweb.com/wp-content/uploads/2007/12/skimmer.jpg

Your card info is saved on a flash card in the skimmer which is dumped to a PC later.

Card skimmers are getting more and more common on ATM machines as well. They look like this:
http://bp1.blogger.com/_KNXcFk4QWrU/Rmk53BaCJ3I/AAAAAAAAAAM/Y5Slo-oaaHs/s320/s1specs.JPG

These are custom-made to fit over the card slots on many brands of ATMs, as well as the card readers on gas station pumps.

It's also possible that it was an inside job by someone who works for the merchant or the credit card company. Both have been known to occur.

Spyware on your machines is another possibility.

The odds of a third party intercepting your credit card number over the Internet while you're making an online purchase are slim-to-none.

--B

bigmike82
09-22-2009, 1:52 PM
" Yes I believe Keyloggers can be implemented in browser cookies."

No keylogger can be implemented in a cookie. You'd have to use the cookie to do an attack on the browser, and I've never heard of a cookie-based buffer overflow attack in any current browser versions.

You could potentially have a case where someone stores your CC info in a cookie, but the cookie itself isn't a keylogger.

sfwdiy
09-22-2009, 1:54 PM
" Yes I believe Keyloggers can be implemented in browser cookies."

No keylogger can be implemented in a cookie. You'd have to use the cookie to do an attack on the browser, and I've never heard of a cookie-based buffer overflow attack in any current browser versions.

You could potentially have a case where someone stores your CC info in a cookie, but the cookie itself isn't a keylogger.

Yep, a cookie is just a string of text that stores preferences.

--B

SuperSet
09-22-2009, 1:58 PM
This happened to one of the AR15.COM vendors (GTS) last year and it affected many people, including myself. Keep a close eye on your statements.

Corbin Dallas
09-22-2009, 1:58 PM
There are MANY ways to get your information if you know HOW to get it.

Even "other" open web pages can become keystroke readers.

Best way to ensure a secure connection is to have only one browser open at a time and scan your PC often.

berto
09-22-2009, 2:11 PM
I got hit over the last month. The home and work boxes are clean. I bought from a few new online vendors and suspect one of them was compromised.

The CC company took care of it but they really need to find some better help in India.

halifax
09-22-2009, 2:23 PM
I got hit over the last month. The home and work boxes are clean. I bought from a few new online vendors and suspect one of them was compromised.

The CC company took care of it but they really need to find some better help in India.


^^^This is the one I suspect happened to me

artherd
09-22-2009, 3:56 PM
I know a little something about this...

CC numbers by themselves are absurdly easy to compromise. As mentioned it's usually via human error rather than machine. (ie card skimmers, leaks inside the CC companies themselves, etc.)

By comparison it is really rather difficult to snatch your CC number out of thin air when encrypted via an SSL certificate.

The real solution IMO lies in better fraud monitoring and prevention techniques.

JDay
09-22-2009, 5:16 PM
Your information was most likely stolen some other way (mail theft, digging though trash being more common than online) since its not likely that it would be used within minutes of being stolen.

halifax
09-22-2009, 5:38 PM
Your information was most likely stolen some other way (mail theft, digging though trash being more common than online) since its not likely that it would be used within minutes of being stolen.

Are you saying both times were just coincidences?

JDay
09-22-2009, 6:16 PM
Are you saying both times were just coincidences?

Quite possibly. The best thing to do if you want to be safe is to put a fraud alert on your credit, you'll get called to authorize every purchase.

THT
09-22-2009, 10:13 PM
This happened to one of the AR15.COM vendors (GTS) last year and it affected many people, including myself. Keep a close eye on your statements.

I thought what happened to Denny/GTS was someone hacked the store admin and skimmed the cards as the orders were placed. I was hit by that one and my AMEX was jacked. The thief promptly joined, I kid you not, match.com, eharmony.com, and truth.com ... three dating sites! Must be a lonely thief lol

artherd
09-22-2009, 10:25 PM
Quite possibly. The best thing to do if you want to be safe is to put a fraud alert on your credit, you'll get called to authorize every purchase.

TFAs placed on the 3 big CRAs will actually only restrict opening of new *credit accounts* in your name.

They will not act on the purchase-level.

SuperSet
09-22-2009, 10:41 PM
I thought what happened to Denny/GTS was someone hacked the store admin and skimmed the cards as the orders were placed. I was hit by that one and my AMEX was jacked. The thief promptly joined, I kid you not, match.com, eharmony.com, and truth.com ... three dating sites! Must be a lonely thief lol

You have better details than I.
GTS never informed me that my number was jacked until I noticed several weird purchases. Working backwards, it all went back to GTS so it was definitely a black eye for him.