Cigar Asylum Cigar Forum  

Go Back   Cigar Asylum Cigar Forum > Non Cigar Specialty Forums > Misc > General Discussion

Reply
 
Thread Tools Display Modes
Old 07-25-2009, 01:00 AM   #1
Scottastic
ROFLCOPTER
 
Scottastic's Avatar
1
 
Join Date: Jul 2009
First Name: Scott
Location: Santa Rosa
Posts: 217
Trading: (8)
Partagas
Scottastic will become famous soon enough
Default Identity Theft

If this is the wrong section forgive me, but I just wanted to give people a head-up...

I have only made 3 online purchases in the past 2 months, and all three were in the past few days. I recently recieved an email from my bank that my checking account was overdrawn, which made no sense. Looking into it, there was a charge for almost $1000 to a website call flypgs.com, based in Istanbul.

It may not be caused by one of these sites, as I have heard good feedback on all three. I feel pretty confident that it is not due to a security breach of my computer, as I am running a fresh install of a Linux distro I have used regularly in the past.

The sites are as follows:

Cigar.com -- have received package
Egars.com -- have received package
cigarhumidors-online.com -- have not received, but is not late

Do with this as you will.
Scottastic is offline   Reply With Quote
Old 07-25-2009, 07:38 AM   #2
G G
BR549
 
G G's Avatar
 
Join Date: Oct 2008
First Name: Greg
Location: Taylor, FL.
Posts: 12,730
Trading: (10)
Bolivar
G G has a brilliant futureG G has a brilliant futureG G has a brilliant futureG G has a brilliant futureG G has a brilliant futureG G has a brilliant futureG G has a brilliant futureG G has a brilliant futureG G has a brilliant futureG G has a brilliant futureG G has a brilliant future
Default Re: Identity Theft

Everytime I read one of these stories it makes me that much more nervous about ordering from over the pond.
G G is offline   Reply With Quote
Old 07-25-2009, 07:58 AM   #3
mikeyj23
Feeling at Home
 
mikeyj23's Avatar
 
Join Date: Oct 2008
First Name: Michael
Location: Texas
Posts: 635
Trading: (10)
HUpmann
mikeyj23 will become famous soon enough
Default Re: Identity Theft

Quote:
Originally Posted by ggainey View Post
Everytime I read one of these stories it makes me that much more nervous about ordering from over the pond.
All three he mentioned are US companies...
mikeyj23 is offline   Reply With Quote
Old 07-25-2009, 10:28 AM   #4
Scottastic
ROFLCOPTER
 
Scottastic's Avatar
1
 
Join Date: Jul 2009
First Name: Scott
Location: Santa Rosa
Posts: 217
Trading: (8)
Partagas
Scottastic will become famous soon enough
Default Re: Identity Theft

Quote:
Originally Posted by ggainey View Post
Everytime I read one of these stories it makes me that much more nervous about ordering from over the pond.
Quote:
Originally Posted by mikeyj23 View Post
All three he mentioned are US companies...
Yeah, one of the first things I do is run a WHOIS search on the site I am buying from. Then I ask friends, check forums, etc. All three checked out.

It's possible it wasn't one of these sites fault, but the math adds up.

Update: BofA will do nothing until the transaction posts. I think that's rather backwards, no? If I were a bank, I'd bend over backwards to cancel payment before it was made.
Scottastic is offline   Reply With Quote
Old 07-25-2009, 10:31 AM   #5
hotreds
Ephesians 2:8
 
hotreds's Avatar
13
 
Join Date: Oct 2008
Location: 5 miles past "Resume Speed"
Posts: 11,665
Trading: (63)
Bolivar
hotreds has disabled reputation
Default Re: Identity Theft

Cigar.com is a legit and very big outfit. Never heard of the other two- doesn't mean anything necessarily, but I don't think the problem is/was with cigar.com
__________________
God loves you so much, that he made you read this, just to let you know.
hotreds is offline   Reply With Quote
Old 07-25-2009, 10:38 AM   #6
icehog3
Admiral Douchebag
 
icehog3's Avatar
15
 
Join Date: Oct 2008
First Name: Tom
Location: Clermont, Kentucky
Posts: 71,440
Trading: (60)
HUpmann
icehog3 has disabled reputation
Default Re: Identity Theft

Lots of trusted sites are being hacked every day, without any wrongdoing by the site owners. Welcome to 2009, I work in a mid-sized suburb (80,000) and we see a dozen of these cases every day.
__________________


Thanks Dave, Julian, James, Kelly, Peter, Gerry, Dave, Mo, Frank, Týr and Mr. Mark!
icehog3 is offline   Reply With Quote
Old 07-25-2009, 11:02 AM   #7
bobarian
Cranky Habanophile
 
bobarian's Avatar
3
 
Join Date: Oct 2008
Location: Wine Country
Posts: 8,869
Trading: (51)
ERdM
bobarian has disabled reputation
Default Re: Identity Theft

Sorry this has happened to you, Scott. One of the dangers of our tecnology driven world is that others may be able to gain access to our personal information. I hope things get fixed quickly for you. However, you should know that it is very dangerous to use your ATM card for making online purchases. Your agreement with your bank and ATM card are very different from Credit card agreements. As Tom said, this happens daily to the tune of billions of dollars and may or may not have been the result of an online cigar purchase.
bobarian is offline   Reply With Quote
Old 07-25-2009, 11:05 AM   #8
M1903A1
Have My Own Room
 
M1903A1's Avatar
 
Join Date: Oct 2008
Location: 1060 W. Addison
Posts: 1,573
Trading: (4)
RA
M1903A1 will become famous soon enough
Default Re: Identity Theft

Quote:
Originally Posted by bobarian View Post
Sorry this has happened to you, Scott. One of the dangers of our tecnology driven world is that others may be able to gain access to our personal information. I hope things get fixed quickly for you. However, you should know that it is very dangerous to use your ATM card for making online purchases. Your agreement with your bank and ATM card are very different from Credit card agreements. As Tom said, this happens daily to the tune of billions of dollars and may or may not have been the result of an online cigar purchase.
Absolutely. This is why I use a credit card only, and with a very low (comparatively speaking) limit.
__________________
"It's the cigars that bring us together, but it's the people that cause us to stay."
M1903A1 is offline   Reply With Quote
Old 07-25-2009, 11:13 AM   #9
fxpose
Park Drive Smokehouse
 
fxpose's Avatar
 
Join Date: Oct 2008
Location: Los Angeles
Posts: 337
Trading: (0)
fxpose is on a distinguished road
Default Re: Identity Theft

Best thing to do is get rid of your debit/check card or any other type of card which is tied to your cash/checking account. Use a credit card instead for all your on-line purchases and pay the balance in full each month so no interest accrues.

Even though the bank will eventually credit your checking account, it is a huge inconvenience while your checks are bouncing left and right, drawn from that same checking account.
fxpose is offline   Reply With Quote
Old 07-25-2009, 11:49 AM   #10
greenwit
Guest
 
Posts: n/a
Default Re: Identity Theft

I've been a victim of identify theft twice in the past twenty years. The last time about a year and a half ago. Someone made a purchase from an online clothing store which appears to be targeted toward the young crowd. Made purchases of about $500. I notified the CC company and they investigated. Turns out the items were delivered to my doorstep and signed for in the afternoon when I wasn't home! (BTW, I don't have children.) And the signature was not in my name. The CC company thankfully forgave the charge....thankfully 'cause it made me look as guilty as h*ll. Since then I upped the security on my computer and home network. Have no idea what happened.
  Reply With Quote
Old 07-25-2009, 11:56 AM   #11
markem
Bunion
 
markem's Avatar
16
 
Join Date: Oct 2008
First Name: Mark
Location: Second Star on the Right
Posts: 22,625
Trading: (47)
HUpmann
markem has disabled reputation
Default Re: Identity Theft

I'm gonna drop some info here because it is convenient, not because I'm bashing anyone. I've been involved in information security since time immemorial (at least it seems that way). I used to teach graduate information security and some of my former students are in very secret places as well as very critical places for protecting the financial health of (at least) our country. I speak with them often about the state of affairs.

Credit card theft (it's not identity theft) has been going on for years and years. It is one of the reasons that the credit card companies are required by law to limit your personal liability in case of provable compromise. In the old, old days, they sort of needed to somehow get hold of your card, but not anymore - technology is your friend, you will recall.

Credit card companies calculate the costs to see if better security is worth it for their customers. Customers rarely demand better security because of a lack of personal liability and because it often makes using the card harder (e.g., no online/telephone transactions).

The universal use of the CCV (or similar, the code on the back of the card) has largely rendered this supposed security feature useless. The code is fairly easy to calculate from the card number and some other information, but it is easier to just plain steal.

People think of the vendor being at fault when charges appear on their cards. This is rare. A legit vendor wants your repeat business and can't really gain by fraud since the CC company will refuse the charges. The vendor is hurt at least as much as (if not more) than the card holder.

The card processing companies have become huge targets as have the CC issuers themselves. One of the nasty little secrets is that almost no company encrypts their backup tapes and any company of any size stores them offsite in a so-called "secure facility". Some of the largest thefts of the past 5 years have been of backup tapes going to/from secure locations.

There has been a lot of talk about devices placed on ATMs, CC swipe readers, etc. to steal card info. These work pretty well, but only manage to get a small number of cards. But since people swipe their cards frequently, they get a bunch of press.

The short of it is that a legit vendor will likely never bilk you via CC (prices, now, well, that's a different story). An unscrupulous employee might, but not the vendor. The systems that they use to process your online trasnactions are almost never owned by the vendor, but a hosting company that works with the processing company. The processing company is the big fish here.

If you are in the US, you really can't really lose if your CC is compromised except that you may have to go without for a few days while they send you another. Cards tied to bank accounts are a different matter - not a good idea at all. The onus is on the issuer and the issuer puts great pressure on the processing company. Processing companies often handle millions of transactions a day, so your little cigar vendor is a small fish in a very lucrative pond.

All this is to say that casting aspersions at the vendor is largely misplaced. You wanted something they had, you chose to use your CC online where it can be stolen easily, you (at least in the US) are almost immune to any losses, but somehow you want your pound of flesh. Not really a sane thing to do, in my opinion.

Yes, my CC has been compromised. I was issued a new one, all fraudulent charges reversed and I went about my merry way. For me, it was 2 emails and three days, but I have a very tech-savvy bank.

Finally, a word about ATM cards. Keep very little money in the account tied to the ATM card - just a couple hundred or so. This way, you can get emergency cash if you need it but also limit your inconvenience in case someone steals that card information. The ATM card offers substantially less protections in case of compromise, btw.
__________________
I refuse to belong to any organization that would have me as a member.
~ Groucho Marx
markem is offline   Reply With Quote
Old 07-25-2009, 12:09 PM   #12
fxpose
Park Drive Smokehouse
 
fxpose's Avatar
 
Join Date: Oct 2008
Location: Los Angeles
Posts: 337
Trading: (0)
fxpose is on a distinguished road
Default Re: Identity Theft

A month ago I received an email alert from B of A asking me to immediately call them about several unusual on-line CC transactions ranging between $20-$30 each. So I immediately called their customer service to "verify" these purchases. None were mine and they immediately canceled my CC account and issued me a new CC.
These fraudulent transactions did not fit my profile and purchase pattern, therefore I was immediately alerted by my bank.
They were 'testing' the card with petty purchases before attempting to make a sizable one.
fxpose is offline   Reply With Quote
Old 07-25-2009, 12:16 PM   #13
SilverFox
Guest
 
Posts: n/a
Default Re: Identity Theft

Quote:
Originally Posted by markem View Post
I'm gonna drop some info here because it is convenient, not because I'm bashing anyone. I've been involved in information security since time immemorial (at least it seems that way). I used to teach graduate information security and some of my former students are in very secret places as well as very critical places for protecting the financial health of (at least) our country. I speak with them often about the state of affairs.

Credit card theft (it's not identity theft) has been going on for years and years. It is one of the reasons that the credit card companies are required by law to limit your personal liability in case of provable compromise. In the old, old days, they sort of needed to somehow get hold of your card, but not anymore - technology is your friend, you will recall.

Credit card companies calculate the costs to see if better security is worth it for their customers. Customers rarely demand better security because of a lack of personal liability and because it often makes using the card harder (e.g., no online/telephone transactions).

The universal use of the CCV (or similar, the code on the back of the card) has largely rendered this supposed security feature useless. The code is fairly easy to calculate from the card number and some other information, but it is easier to just plain steal.

People think of the vendor being at fault when charges appear on their cards. This is rare. A legit vendor wants your repeat business and can't really gain by fraud since the CC company will refuse the charges. The vendor is hurt at least as much as (if not more) than the card holder.

The card processing companies have become huge targets as have the CC issuers themselves. One of the nasty little secrets is that almost no company encrypts their backup tapes and any company of any size stores them offsite in a so-called "secure facility". Some of the largest thefts of the past 5 years have been of backup tapes going to/from secure locations.

There has been a lot of talk about devices placed on ATMs, CC swipe readers, etc. to steal card info. These work pretty well, but only manage to get a small number of cards. But since people swipe their cards frequently, they get a bunch of press.

The short of it is that a legit vendor will likely never bilk you via CC (prices, now, well, that's a different story). An unscrupulous employee might, but not the vendor. The systems that they use to process your online trasnactions are almost never owned by the vendor, but a hosting company that works with the processing company. The processing company is the big fish here.

If you are in the US, you really can't really lose if your CC is compromised except that you may have to go without for a few days while they send you another. Cards tied to bank accounts are a different matter - not a good idea at all. The onus is on the issuer and the issuer puts great pressure on the processing company. Processing companies often handle millions of transactions a day, so your little cigar vendor is a small fish in a very lucrative pond.

All this is to say that casting aspersions at the vendor is largely misplaced. You wanted something they had, you chose to use your CC online where it can be stolen easily, you (at least in the US) are almost immune to any losses, but somehow you want your pound of flesh. Not really a sane thing to do, in my opinion.

Yes, my CC has been compromised. I was issued a new one, all fraudulent charges reversed and I went about my merry way. For me, it was 2 emails and three days, but I have a very tech-savvy bank.

Finally, a word about ATM cards. Keep very little money in the account tied to the ATM card - just a couple hundred or so. This way, you can get emergency cash if you need it but also limit your inconvenience in case someone steals that card information. The ATM card offers substantially less protections in case of compromise, btw.
Having spent much time in the Finance World in Canada including a very large online company that dealt primarily in credit cards I can say that everything mentioned in this thread applies to Canada as well.
  Reply With Quote
Old 07-25-2009, 01:28 PM   #14
GoodFella
out to sea
 
GoodFella's Avatar
 
Join Date: Oct 2008
Location: SC2FL
Posts: 588
Trading: (7)
ERdM AirForce (Active)
GoodFella has disabled reputation
Default Re: Identity Theft

3000+ was done on my CC not to long ago. all the charges were done from london. The same day that this happend i use my CC online from a shop in london. i dont blame the company but makes me worry more. i know it was not there fault. every thing is almost over now that i got a new CC but i did have to sign a few things.
__________________
GoodFella is offline   Reply With Quote
Old 07-25-2009, 04:02 PM   #15
G G
BR549
 
G G's Avatar
 
Join Date: Oct 2008
First Name: Greg
Location: Taylor, FL.
Posts: 12,730
Trading: (10)
Bolivar
G G has a brilliant futureG G has a brilliant futureG G has a brilliant futureG G has a brilliant futureG G has a brilliant futureG G has a brilliant futureG G has a brilliant futureG G has a brilliant futureG G has a brilliant futureG G has a brilliant futureG G has a brilliant future
Default Re: Identity Theft

Quote:
Originally Posted by mikeyj23 View Post
All three he mentioned are US companies...
Totally missed that part.
G G is offline   Reply With Quote
Old 07-25-2009, 05:43 PM   #16
Scottastic
ROFLCOPTER
 
Scottastic's Avatar
1
 
Join Date: Jul 2009
First Name: Scott
Location: Santa Rosa
Posts: 217
Trading: (8)
Partagas
Scottastic will become famous soon enough
Default Re: Identity Theft

Quote:
Originally Posted by markem View Post
I'm gonna drop some info here because it is convenient, not because I'm bashing anyone. I've been involved in information security since time immemorial (at least it seems that way). I used to teach graduate information security and some of my former students are in very secret places as well as very critical places for protecting the financial health of (at least) our country. I speak with them often about the state of affairs.

Credit card theft (it's not identity theft) has been going on for years and years. It is one of the reasons that the credit card companies are required by law to limit your personal liability in case of provable compromise. In the old, old days, they sort of needed to somehow get hold of your card, but not anymore - technology is your friend, you will recall.

Credit card companies calculate the costs to see if better security is worth it for their customers. Customers rarely demand better security because of a lack of personal liability and because it often makes using the card harder (e.g., no online/telephone transactions).

The universal use of the CCV (or similar, the code on the back of the card) has largely rendered this supposed security feature useless. The code is fairly easy to calculate from the card number and some other information, but it is easier to just plain steal.

People think of the vendor being at fault when charges appear on their cards. This is rare. A legit vendor wants your repeat business and can't really gain by fraud since the CC company will refuse the charges. The vendor is hurt at least as much as (if not more) than the card holder.

The card processing companies have become huge targets as have the CC issuers themselves. One of the nasty little secrets is that almost no company encrypts their backup tapes and any company of any size stores them offsite in a so-called "secure facility". Some of the largest thefts of the past 5 years have been of backup tapes going to/from secure locations.

There has been a lot of talk about devices placed on ATMs, CC swipe readers, etc. to steal card info. These work pretty well, but only manage to get a small number of cards. But since people swipe their cards frequently, they get a bunch of press.

The short of it is that a legit vendor will likely never bilk you via CC (prices, now, well, that's a different story). An unscrupulous employee might, but not the vendor. The systems that they use to process your online trasnactions are almost never owned by the vendor, but a hosting company that works with the processing company. The processing company is the big fish here.

If you are in the US, you really can't really lose if your CC is compromised except that you may have to go without for a few days while they send you another. Cards tied to bank accounts are a different matter - not a good idea at all. The onus is on the issuer and the issuer puts great pressure on the processing company. Processing companies often handle millions of transactions a day, so your little cigar vendor is a small fish in a very lucrative pond.

All this is to say that casting aspersions at the vendor is largely misplaced. You wanted something they had, you chose to use your CC online where it can be stolen easily, you (at least in the US) are almost immune to any losses, but somehow you want your pound of flesh. Not really a sane thing to do, in my opinion.

Yes, my CC has been compromised. I was issued a new one, all fraudulent charges reversed and I went about my merry way. For me, it was 2 emails and three days, but I have a very tech-savvy bank.

Finally, a word about ATM cards. Keep very little money in the account tied to the ATM card - just a couple hundred or so. This way, you can get emergency cash if you need it but also limit your inconvenience in case someone steals that card information. The ATM card offers substantially less protections in case of compromise, btw.
I should probably state a little clearer what I think may have happened. I don't think any of these retailers purposely compromised my card. Like I said, I've heard good things about all three of these sites. What I think may have happened is that the security of one of those sites may itself be compromised. Especially with the recent news of denial of service attacks, it wouldn't be outside the realm of possibility.

I don't mean to slander (lible?) any of these sites. I know that a (few) ticket(s) for a airline based in Istanbul would not be worth the loss of business. For all I know, it may have been completely and purely my fault (virus, spyware, etc.) but I doubt it. I'm very careful about my computer and my network. And again, I just freshly installed a Linux distro that I am very familiar with. There are viruses and spyware for Linux, but not many.
Scottastic is offline   Reply With Quote
Old 07-25-2009, 08:29 PM   #17
MarkinAZ
Formerly MarkinOR
 
MarkinAZ's Avatar
10
 
Join Date: Oct 2008
First Name: Mark
Location: Sun City West, AZ
Posts: 6,221
Trading: (40)
Navy (Served With Honor)
MarkinAZ is a splendid one to beholdMarkinAZ is a splendid one to beholdMarkinAZ is a splendid one to beholdMarkinAZ is a splendid one to beholdMarkinAZ is a splendid one to beholdMarkinAZ is a splendid one to beholdMarkinAZ is a splendid one to behold
Default Re: Identity Theft

Quote:
Originally Posted by markem View Post
I'm gonna drop some info here because it is convenient, not because I'm bashing anyone. I've been involved in information security since time immemorial (at least it seems that way). I used to teach graduate information security and some of my former students are in very secret places as well as very critical places for protecting the financial health of (at least) our country. I speak with them often about the state of affairs.
Thank you for your input Mark
__________________
"Don't worry, God will work out His plan for your life..." Psalm 138 8
MarkinAZ is offline   Reply With Quote
Old 07-25-2009, 08:33 PM   #18
ucla695
Neither here, nor there
 
ucla695's Avatar
 
Join Date: Oct 2008
Location: The Pool
Posts: 3,696
Trading: (5)
Montecristo
ucla695 has disabled reputation
Default Re: Identity Theft

Quote:
Originally Posted by fxpose View Post
Best thing to do is get rid of your debit/check card or any other type of card which is tied to your cash/checking account. Use a credit card instead for all your on-line purchases and pay the balance in full each month so no interest accrues.

Even though the bank will eventually credit your checking account, it is a huge inconvenience while your checks are bouncing left and right, drawn from that same checking account.
I only use 'pure' credit cards for online transactions for this very reason.
ucla695 is offline   Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -6. The time now is 11:21 PM.


Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
All content is copyrighted jointly by Cigar Asylum and the content provider.