Archived

This topic is now archived and is closed to further replies.

simmerhead

Credit Card Fraud - It does happen!

Recommended Posts

Seldom discussed, but one of my main concerns about the myriad of addon stores is safety of personal information stored in all those places. Seems my concerns were well founded as I just got a phonecall from my bank informing me that my credit card has been tried "emptied". Luckily my bank has good routines and since the amount was quite large they stopped it and called me up to ask for clearance. They have no idea how or where the hackers had gotten the info from, but since I just got a new card I know exactly where it has been used in the last two months - all transactins has been to online flightsim addon stores.

 

One of the things about Microsoft FLIGHT I applauded was that they took control over the addon store (to bad they had nothing in there to buy, and that they used the stupid Microsoft credit points as currency, but that's another story). Now my worst fears have come true, and hopefully in the future - if there is a new flight sim platform - they take complete control of addon distribution in a dedicated addon store. Of course, it is no guarantee that it too can't be hacked, but in terms of personal saftey, less is more. The fewer places that know anything about you online, the better.

 

Now, I hope all of you behave smart when you're online. Use good passwords, never use the same  password in two different places, and be selective. Don't throw around info about yourself anywhere online. Last but not least, limit your online surfing to neccessary sites and scan your computer regularly for malware and trojans.

 

 

Share this post


Link to post
Help AVSIM continue to serve you!
Please donate today!

some very good advice there for people to protect themselves from the bad things that happen on the internet.

 

I would add, use ad blockers for your internet browser and if you want a little more protection then use a script blocker as well.

 

Website adverts are the easiest way for your pc to get infected even if you visit safe websites.

Share this post


Link to post

There is a reason my Dad and I only use Paypal....

Share this post


Link to post

Same thing happened to my credit card recently... Just after buying a scenery in fact. That card is really only used for flightsim

Share this post


Link to post

I would add, use ad blockers for your internet browser and if you want a little more protection then use a script blocker as well.

You got a good program to recommend?

 

I do 95% of my Internet stuff on my iPads, but with FSX I'm forced online to downlad and obey to DRM and other online adctivation crap. I'm quite paranoid, but it seems you can't be too careful.

Share this post


Link to post

You got a good program to recommend?

Firefox with ADP and No Script is probably the safest thing...

Share this post


Link to post

If you use ad blockers on AVSIM, then you are dooming us to shutdown. Why? Because that is how we generate revenue to keep this site available to you. If you aren't reading the ads and frequenting the stores, then you will be sentencing us and other flight sim sites to a very quick plug-pulling party. Your choice of course. Just another way it is getting harder and harder to supply sites like AVSIM. And I can assure you; I am not going back to the good ol days of me footing the bill for this site.

Share this post


Link to post

If you use ad blockers on AVSIM, then you are dooming us to shutdown. Why? Because that is how we generate revenue to keep this site available to you. If you aren't reading the ads and frequenting the stores, then you will be sentencing us and other flight sim sites to a very quick plug-pulling party. Your choice of course. Just another way it is getting harder and harder to supply sites like AVSIM. And I can assure you; I am not going back to the good ol days of me footing the bill for this site.

I white-list AVSIM on my adblock:

 

Share this post


Link to post

Yes me too on Wednesday, fortunately the card company contacted me and stopped the card. Only three small 2 or 3 dollar transactions in the US, one to a 'religious organisation' and two to a company I've never heard of. I've reviewed my security and I seem to be as secure as one can be, but it happens I suppose!

 

 

Share this post


Link to post

I buy most of my add-ons now through my ipad for that little bit extra security as far as I know IPads can't be compromised like a PC can

Share this post


Link to post

 

 


Same thing happened to my credit card recently... Just after buying a scenery in fact.

 

Same happened to me with my AMEX (no names because it's a popular store and I don't want to drive away business and it's still under investigation by AMEX).  But I also was one of the 2.9 Million customers that got affected by the Adobe hack which is also under investigation.  Sadly most of these investigations come up empty.

 

BUT, be aware that not all Credit Card companies are the same, for example my BofA VISA was compromised and when I inquired with BofA they "refused" to give me any details of possible locations (merchants) where I made prior charges ... they just sent me a new card 3-7 days later.

 

However, AMEX was a completely different story with their response to fraud ... they caught the transaction as it happened and declined it.  They closed my account, and FedEx a new AMEX next day air (signature required).  Then, they sent me an email of possible merchants that could have been used to get my credit card info.  And finally, they keep me updated via eMail of their investigation.

 

So, I pretty much exclusively use my AMEX whenever possible.  In fact, if a vendor doesn't support AMEX I often will not purchase from them because of it.  I know they have to pay more for fees to support AMEX, but that's not really my problem and given higher levels of security with AMEX I'll continue using AMEX as my preferred.

 

I've worked extensively in my professional career with CC transactions so I know a lot about the industry and how it works.  In fact, I've had to do considerable work to ensure my company's software (that I create) is PCI DSS compliant.  Our merchants/clients will not be provided merchant accounts if the software they use is not PCI compliant.  I could probably write a book about the process and how it impacts architectural designs in software, but I digress.  It boils down to the belief that a public web server is somehow more secure than a public SQL server ... I tried to debate the Pro and Cons but PCI compliance isn't really debatable and security designs are often made in haste and don't address the real issues.  In most cases, if you hack into a public web server that can open the door to many many many SQL servers ... hack into one SQL server and that's pretty much it.  Risk management with effective solutions.  

 

In Adobe's case, it looks like they hacked into a Version Control server (like Visual Studio's TFS) got some source code which gave them the credentials they needed to get into customer information SQL servers.  The source code also provided them with the decryption key/method to access any encrypted data in the SQL databases ... assuming of course Adobe encrypted the sensitive data in the SQL database (which until recently wasn't required by PCI DSS standards).

 

Oh boy I did digress, sorry.

 

Rob

Share this post


Link to post

Another option is to get your bank to issue you a credit card with a small credit limit like $200-$300 and always use it online. You will have enough to buy addons and limit your risk.

Share this post


Link to post

Ive had my card number stolen 4 times in the past year turns out somone had installed one of those CC hacking devices in one of the gasoline pumps at a local gas station. Never cost me a cent though.

Share this post


Link to post

I buy most of my add-ons now through my ipad for that little bit extra security as far as I know IPads can't be compromised like a PC can

 

Your iPad/iPhone is currently less vulnerable, but mobile devices are now a much higher priority target for hackers.  Andriod devices are less secure.  iOS apps require Apple approval process and they can only run in a Sandbox and must ask for permission to use other features in iOS.  However, the fact they can use other features in iOS and the fact that "Apple created applications" can use all of iOS indicates there is a door.  So where there is a door, their is a way, I wouldn't be surprised if someone eventually found out how to open the door.

 

Now if you jailbreak your iPad/iPhone then you pretty much toss out any security you had ... it's a huge risk to keep any sensitive data on a jail broken iPhone/iPad. 

 

However, the security issue may not be your device, it's more likely the web site you are making the purchase from.

Share this post


Link to post

Yes me too on Wednesday, fortunately the card company contacted me and stopped the card. Only three small 2 or 3 dollar transactions in the US, one to a 'religious organisation' and two to a company I've never heard of. I've reviewed my security and I seem to be as secure as one can be, but it happens I suppose!

The crooks dip a toe in the water with a couple of minimal transactions with stolen card details to see if they get blocked, then go for the biggie if the little ones go through without a hitch.

 

A friend had her details hacked once; the crook used it for a long distance flight and a fair-sized donation to some Catholic charity in Mexico (conscience money maybe?).  The bank came through though and my friend didn't lose out.

Share this post


Link to post

It may be different from country to country, but here in Norway the burden of proof lays with the credit card issuer. If my card is emptied, I would refuse to pay the bill, send a claim and forget about it. If the issuer is unable to produce proof that I did the purchase, either by signature, IP-adress or via chip electronic signature, the issuer has a problem, not me.

 

I never use "debet"-cards though, those who deduct directly from my account, only true credtcards who send me a bill. Not that I would loose the money eventually, but just for the sake of not having my account emptied for then having to wait a few days to get the money back.

Share this post


Link to post

If you use ad blockers on AVSIM, then you are dooming us to shutdown. Why? Because that is how we generate revenue to keep this site available to you. If you aren't reading the ads and frequenting the stores, then you will be sentencing us and other flight sim sites to a very quick plug-pulling party. Your choice of course. Just another way it is getting harder and harder to supply sites like AVSIM. And I can assure you; I am not going back to the good ol days of me footing the bill for this site.

Sad to hear that. Trojans, hostile scripts, hacking of customer databases, spam e-mail, to name a few, is making it harder and harder to do anything serious over the Internet. I've been online since the late 1980s (BBS) and up until today viruses and hacking never happened to me.

Share this post


Link to post

My AMEX was also hacked recently, and a last few purchases were on fs stores (no names), and my card was used to buy an airplane ticket on Qatar airways. What an irony. Of course Amex called me to confirm the transaction, of course I denied it, my card was cancelled and the store is now being investigated.

 

 

 

Sent from my Lumia 900 using Tapatalk

Share this post


Link to post

kind of makes me glad my card has just expired and i have got a new one. wonder what store it is that some of you have had issues with.

Share this post


Link to post

 

And the same day my cc was hacked I buyed an app from Apple Store.

 

I don't know if there is a relation but I think probably is a web site related problem.

Share this post


Link to post

I had the same problem, my CC was emptied on Wednesday 15 oct, and recently I purchased from Flightsimstore.

 

The same day, beore fraud, I purchased an app from Apple Store. But I think the problem could be linked in flightsimstore purchase.

 

I have never had any problem before and purchased others addons from Flightsimstore, so I think they have no fault, maybe site was hacked.

 

 

Share this post


Link to post

flightsimstore uses a third party for transactions called eWAY but the chances are it could be any purchase you have made in the last few months. remember your cc details will be up for sale  for a while and it can take a while for a buyer to come along to buy those card details.

Share this post


Link to post

I do everything pretty much through PayPal these days, very secure I feel.

 

And given the system in aus, not only they give you a call if ur account was logged on from another country that you didn't register for, at any one time, the account used for any form of purchase I only have no more than $10 in it. Not only no money will get out of my bank account without my authorisation, but also nothing much to get out.

 

So guess the way I've chose I have a triple level failsafe.

 

Sent from my Nexus 4 using Tapatalk

 

 

Share this post


Link to post

 

 


is making it harder and harder to do anything serious over the Internet.

 

There is a LOT more truth in this than I think anyone wants to admit to ... I don't know what the future holds for "the internet" but I don't carry the same optimism that many do.  Which is a shame, because it had such great potential as a solution to a communications problem, but it has ultimately generated more problems than it's solved (piracy, fraud, no privacy, etc. etc.).  I don't know what's ultimately going to happen but I've been involved in enough security meetings to "feel" the sense of desperation, which is disconcerting to say the least.

 

The problem is in catching the criminals ... even if criminals are identified, because of the Internet's Global nature identification can be useless - can't really go to China, Russia, Somalia, Nigeria, India and demand one of their government staff be arrested and put in a US prison.  And you have to keep in mind that consumers are often the least cared about ... hence "just send them a new card" with an investigation that ultimately goes no where.

 

It's a big shame, there is so much potential for good that's being offset by the potential for bad ... and the good is losing the battle.

Share this post


Link to post

Knock on wood, I have never had my credit cards or bank accounts compromised.  I watch where I go on the net, and have Adblock (and now, noscript thanks to this post) installed in Firefox.   Regarding adblockers, Tom A. brings up an important point.  I make it a point to disable Adblock here, on Reddit, or any other site that serves a purpose important to me and derives a large proportion of their revenue from website advertising. 

 

As the sole user of my computer I can become complacent with browser and OS security, but a nasty virus attack that possibly installed a keylogger and other nasty spyware last December was a wake up call.   Also, a few friends and family have had their yahoo accounts hijacked, this seems to be a rising occurrence anywhere you look.  So I have learned from the experience and religiously backup my hard drives and certain folders with Acronis image backups to an external USB3.0 hard drive.  That is the single most important lesson I took from the virus attack, as I was forced to wipe and reinstall my OS and FSX drives and it took weeks to get back to where I was before.  Backup backup backup!

 

In this always on connected world, everyone must step up their game and remain ever vigilant against the malware threat, and the ever increasing occurrence of identity and password theft.   These are scary times folks.

Share this post


Link to post