Credit Card Fraud - It does happen!

[simmerhead 885]

Seldom discussed, but one of my main concerns about the myriad of addon stores is safety of personal information stored in all those places. Seems my concerns were well founded as I just got a phonecall from my bank informing me that my credit card has been tried "emptied". Luckily my bank has good routines and since the amount was quite large they stopped it and called me up to ask for clearance. They have no idea how or where the hackers had gotten the info from, but since I just got a new card I know exactly where it has been used in the last two months - all transactins has been to online flightsim addon stores.

 

One of the things about Microsoft FLIGHT I applauded was that they took control over the addon store (to bad they had nothing in there to buy, and that they used the stupid Microsoft credit points as currency, but that's another story). Now my worst fears have come true, and hopefully in the future - if there is a new flight sim platform - they take complete control of addon distribution in a dedicated addon store. Of course, it is no guarantee that it too can't be hacked, but in terms of personal saftey, less is more. The fewer places that know anything about you online, the better.

 

Now, I hope all of you behave smart when you're online. Use good passwords, never use the same  password in two different places, and be selective. Don't throw around info about yourself anywhere online. Last but not least, limit your online surfing to neccessary sites and scan your computer regularly for malware and trojans.

 

 

[gandy 18]

some very good advice there for people to protect themselves from the bad things that happen on the internet.

 

I would add, use ad blockers for your internet browser and if you want a little more protection then use a script blocker as well.

 

Website adverts are the easiest way for your pc to get infected even if you visit safe websites.

[JB3DG 225]

There is a reason my Dad and I only use Paypal....

[LeeL 272]

Same thing happened to my credit card recently... Just after buying a scenery in fact. That card is really only used for flightsim

[simmerhead 885]

I would add, use ad blockers for your internet browser and if you want a little more protection then use a script blocker as well.

You got a good program to recommend?

 

I do 95% of my Internet stuff on my iPads, but with FSX I'm forced online to downlad and obey to DRM and other online adctivation crap. I'm quite paranoid, but it seems you can't be too careful.

[Mean Aerodynamic Chord 269]

You got a good program to recommend?

Firefox with ADP and No Script is probably the safest thing...

[Tom Allensworth 1,532]

If you use ad blockers on AVSIM, then you are dooming us to shutdown. Why? Because that is how we generate revenue to keep this site available to you. If you aren't reading the ads and frequenting the stores, then you will be sentencing us and other flight sim sites to a very quick plug-pulling party. Your choice of course. Just another way it is getting harder and harder to supply sites like AVSIM. And I can assure you; I am not going back to the good ol days of me footing the bill for this site.

[Mean Aerodynamic Chord 269]

If you use ad blockers on AVSIM, then you are dooming us to shutdown. Why? Because that is how we generate revenue to keep this site available to you. If you aren't reading the ads and frequenting the stores, then you will be sentencing us and other flight sim sites to a very quick plug-pulling party. Your choice of course. Just another way it is getting harder and harder to supply sites like AVSIM. And I can assure you; I am not going back to the good ol days of me footing the bill for this site.

I white-list AVSIM on my adblock:

 

[GBOLS 2]

Yes me too on Wednesday, fortunately the card company contacted me and stopped the card. Only three small 2 or 3 dollar transactions in the US, one to a 'religious organisation' and two to a company I've never heard of. I've reviewed my security and I seem to be as secure as one can be, but it happens I suppose!

 

 

[stephenbgs 169]

I buy most of my add-ons now through my ipad for that little bit extra security as far as I know IPads can't be compromised like a PC can

[Guest]

 

 

Same thing happened to my credit card recently... Just after buying a scenery in fact.

 

Same happened to me with my AMEX (no names because it's a popular store and I don't want to drive away business and it's still under investigation by AMEX).  But I also was one of the 2.9 Million customers that got affected by the Adobe hack which is also under investigation.  Sadly most of these investigations come up empty.

 

BUT, be aware that not all Credit Card companies are the same, for example my BofA VISA was compromised and when I inquired with BofA they "refused" to give me any details of possible locations (merchants) where I made prior charges ... they just sent me a new card 3-7 days later.

 

However, AMEX was a completely different story with their response to fraud ... they caught the transaction as it happened and declined it.  They closed my account, and FedEx a new AMEX next day air (signature required).  Then, they sent me an email of possible merchants that could have been used to get my credit card info.  And finally, they keep me updated via eMail of their investigation.

 

So, I pretty much exclusively use my AMEX whenever possible.  In fact, if a vendor doesn't support AMEX I often will not purchase from them because of it.  I know they have to pay more for fees to support AMEX, but that's not really my problem and given higher levels of security with AMEX I'll continue using AMEX as my preferred.

 

I've worked extensively in my professional career with CC transactions so I know a lot about the industry and how it works.  In fact, I've had to do considerable work to ensure my company's software (that I create) is PCI DSS compliant.  Our merchants/clients will not be provided merchant accounts if the software they use is not PCI compliant.  I could probably write a book about the process and how it impacts architectural designs in software, but I digress.  It boils down to the belief that a public web server is somehow more secure than a public SQL server ... I tried to debate the Pro and Cons but PCI compliance isn't really debatable and security designs are often made in haste and don't address the real issues.  In most cases, if you hack into a public web server that can open the door to many many many SQL servers ... hack into one SQL server and that's pretty much it.  Risk management with effective solutions.  

 

In Adobe's case, it looks like they hacked into a Version Control server (like Visual Studio's TFS) got some source code which gave them the credentials they needed to get into customer information SQL servers.  The source code also provided them with the decryption key/method to access any encrypted data in the SQL databases ... assuming of course Adobe encrypted the sensitive data in the SQL database (which until recently wasn't required by PCI DSS standards).

 

Oh boy I did digress, sorry.

 

Rob

[Nathan3219 113]

Another option is to get your bank to issue you a credit card with a small credit limit like $200-$300 and always use it online. You will have enough to buy addons and limit your risk.

[z06z33 763]

Ive had my card number stolen 4 times in the past year turns out somone had installed one of those CC hacking devices in one of the gasoline pumps at a local gas station. Never cost me a cent though.

[Guest]

I buy most of my add-ons now through my ipad for that little bit extra security as far as I know IPads can't be compromised like a PC can

 

Your iPad/iPhone is currently less vulnerable, but mobile devices are now a much higher priority target for hackers.  Andriod devices are less secure.  iOS apps require Apple approval process and they can only run in a Sandbox and must ask for permission to use other features in iOS.  However, the fact they can use other features in iOS and the fact that "Apple created applications" can use all of iOS indicates there is a door.  So where there is a door, their is a way, I wouldn't be surprised if someone eventually found out how to open the door.

 

Now if you jailbreak your iPad/iPhone then you pretty much toss out any security you had ... it's a huge risk to keep any sensitive data on a jail broken iPhone/iPad. 

 

However, the security issue may not be your device, it's more likely the web site you are making the purchase from.

[Raindance 25]

Yes me too on Wednesday, fortunately the card company contacted me and stopped the card. Only three small 2 or 3 dollar transactions in the US, one to a 'religious organisation' and two to a company I've never heard of. I've reviewed my security and I seem to be as secure as one can be, but it happens I suppose!

The crooks dip a toe in the water with a couple of minimal transactions with stolen card details to see if they get blocked, then go for the biggie if the little ones go through without a hitch.

 

A friend had her details hacked once; the crook used it for a long distance flight and a fair-sized donation to some Catholic charity in Mexico (conscience money maybe?).  The bank came through though and my friend didn't lose out.