Credit card stolen after a simmarket order?

[Bernard Ducret 783]

Interesting thread... Would be useful to know which countries are concerned by these security problems.

I am a regular client of Simmarket (for more than ten years) and never had such a problem, so I believe the credit card security system (or lack of) of some banks is the real culprit, not the vendor(s).

I live in Switzerland and whenever I make a purchase on Internet, I am very careful when checking out that there is a double security (it is called 3D Secure) available, meaning that after making sure that the payment page has the well known padlock symbol first, I enter my CC info and then comes another pop-up page from the bank on which I need to enter a personal code from the CC organisation (3D Secure: see this page if allowed by AVSIM this is not advertising but essential information regarding this very topic: https://www.swisscard.ch/en/cards/customer-service/a-to-z/3-d-secure/) that will legitimise my purchase. It is important to note that when you subscribe to this 3D Secure protocol, you have two options offered to you: (a) you can have your own password that you will create and change at will, or (b) you may receive an SMS from your bank with a code for each sale or through a free app (Transakt), all the above are free for the user. 

Simmarket has that system, so do plenty of Internet vendors in Europe, but - to my knowledge - none outside of Europe and (by far) not all vendors in Europe, but I would hint that (1) this might be limited to some European countries, (2) the credit card companies created this additional security filter and propose it to Internet vendors who have the choice to opt out (additional cost, or lost sales?). 

Two important notes regarding this security system: It has been noticed that vendors using it have seen their sales going down as a result of its "complexity" for the buyers(!!!!!...), and with such a system, in case of fraud, the financial burden switches from the vendor to the bank, hence banks have no interest to be complacent with the system! 

From the above, we can safely say that buyers expects the impossible: make it short AND safe! As always, we pay for our own laziness (in this case approximately 20 more seconds for a transaction...).

The latest 3D Secure 2.0 protocol has been written for all media (telephone, PC, TV, game consoles, smart watches). 

So if there is pressure to be applied to make our Internet transactions more secure, it is also with Credit Card organisations, I am always amazed how easy it is on some foreign sites to make a purchase with only basic CC info, this is not right, and our action should be to push CC organisations worldwide to adopt/propose/promote such double security systems like 3D Secure or others if existing, (2) incite Internet vendors to adopt them AND encourage buyers to use them, if you do not activate that free service, it wont be there on Simmarket or elsewhere. In my opinion, it is unfair to target a specific vendor if the above was ignored, or if such a double security system is not used by your CC bank or the buyer.

Food for thoughts? 

[pete_auau 1,152]

1 hour ago, Mallard said:

I've had this experience several years back on more than one occasion before switching to exclusive use of PayPal. Only had a prepaid credit card and only used that for flightsim purchases back then. Four cards got burnt over the years, allthough at least on one occasion the transaction was indeed not linked to simmarket, but another big flightsim store. A second hijack could not be directly linked to one store alone, as I made multiple purchases from seveal stores on one day - but simmarket was among them...

 

Cheers

 

Mallard

yep  just happened  to me   for the first time  in 15  years of using  my  credit  card online,   last  thing I purchased pf3 but of  course  cant be  certain. They  purchased  3  things  using my number,  sunbean corp,  event  corp  and  jbhi.  Anyway,  cancelled  card  and  now  waiting  for  the money  from the  bank. The  funny  thing  went  to  my  bank  when I noticed  the  first  with drawal being  the  sunbean  corporation  saying  I  had  nothing  to do  with  this, and  wanted  to  cancel the  card  there  and  than.The  bank  reply  was I had  to go  back the next  day  and  ring  sunbean  to make  sure I hadn't   bought  anything   from them  which I hadn't.  Any  way  in the mean  time  purchase  from jbhi   so    the bank  could  have  saved  themselves  some  money if  they would  have  cancelled  my  card  when I had  requested  too

[jabloomf1230 2,445]

Unfortunately, one can never tell for sure either how credit card information gets stolen or even who stole it. The one time that this happened  to me was right after using the card at a high end restaurant  in NYC. The dinner was on a Sunday  and by Monday  my bank's security staff called me about additional  suspicious  charges. The bogus charges were all cancelled and a new card was issued.

This left me with a bad impression of the restaurant. However, three weeks later, I received an email from an online vendor that I do business with in Minneapolis, that their database had been breached by a hacker and that users' credit card information had been stolen. The vendor hadn't even realized this until customers  started complaining. As it turned out, this website  was the source of my illegal credit card charges and not the restaurant.

[warbirds 555]

Finally happened to me. I pay a lot of things by card online such as streaming services and other bills so not sure which one was the leak. 

Funny thing is the only thing the card thief payed with my card was his Comcast bill. Comcast does not service my area and  I use Mediacom so the bank agreed there was something amiss. 

[Sesquashtoo 2,846]

7 hours ago, warbirds said:

Finally happened to me. I pay a lot of things by card online such as streaming services and other bills so not sure which one was the leak. 

Funny thing is the only thing the card thief payed with my card was his Comcast bill. Comcast does not service my area and  I use Mediacom so the bank agreed there was something amiss. 

Now, what's interesting about this...if someone was stupid enough to pay for his/her Comcast bill...with stolen credit-card information....(Darwin Award prospect...), then they have them dead-to-rights!  Your C.C. company should contact the local police, as they now have his or her Comcast account info...and can (with interaction of Comcast...)  arrest and prosecute.  Some of these idiots...are simply that.  He, or she, could have gone on-line and 'purchased' your stolen account info, from one of those grey market sites that post it for sale.  So sad...that anyone, can do this, and victimize another.  Pitiful sorts of Human Beings... 

It is my opinion, that the user of your stolen C.C. information, was in fact, a 3rP 'purchaser', as nobody who can hack a site, would be so stupid, as to leave a so well-defined 'cookie crumb' pathway, back to information regarding their identification.  Most likely your C.C. information was as I say, put upon a site (lots of this from Russia) 'for sale'....

Jerks,

 

[Greggy_D 935]

2 hours ago, Sesquashtoo said:

Your C.C. company should contact the local police, as they now have his or her Comcast account info...and can (with interaction of Comcast...)  arrest and prosecute.  

The CC companies and banks simply do not care.  They write it off and move on.

[Groovy_Kincaid 71]

Seeing that we are exchanging war stories. I used my credit card about 7 years ago on one of the stores, it might have been Simmarket, or it might have been someone else.

Anyway, the card was held jointly with the Mrs. She got a phone call asking if we had rented a hotel, hired the services of an escort agency, paid a power bill and purchased anything at the Apple Store.

I got a phone call from her at my office asking about a hotel and escort agency. Well, I can honestly say I never made those kind of charges, but it was a fairly "interesting discussion". I phoned the credit card company to get to the bottom of it. They never told her or she never asked, but the charges were for £13,000. I was never in England during that time. Over half was the agency, and about £2,500 at the Apple Store.

My wife and I had a good laugh and I hope that the responsible party had a good time and enjoyed their Apple Purchases.

I just had to get a form notarized indicating that I did not make those charges. 

Nearly did not have enough credit to book hotels and cars in South Africa.

That's my war story.

[lownslo 592]

3 hours ago, Greggy_D said:

The CC companies and banks simply do not care.  They write it off and move on.

And then pass the costs onto their customers... all of us.

Greg

[DLWbluues 17]

Yeah, It happened to me too after purchasing FSUIPC5. I used the card only at one other website and I know for sure it wasn't them. My CC company caught and alerted me. Luckily the charges were mostly small ones. There was one much bigger, but the card maxed out.

[swiesma 625]

6 hours ago, Groovy_Kincaid said:

 

I got a phone call from her at my office asking about a hotel and escort agency. Well, I can honestly say I never made those kind of charges, but it was a fairly "interesting discussion".

Ohhhhhhh boy, I can imagine that kind of conversation :-D

[stans 702]

8 hours ago, Greggy_D said:

The CC companies and banks simply do not care.  They write it off and move on.

They have increased the service fees and transaction rates charged to the retailers and implemented security fees, so it is not exactly written off.

[bic 44]

This is thread is interesting, as I have had my card hacked twice in the last two years.  The most recent was around Janauary and I am pretty sure I had just bought something.

 

At one of my old jobs in the 90s, I processed credit cards monthly.  Everything in the database was clear text and the file we sent to the credit card company was clear.  Completely laughable back then--maybe some businesses are still like that?  Surprised people don't have to be licensed, bonded and insured to interact with them.  Of course a hacker will never care about that.

[Jude Bradley 659]

Happened to me today, Yesterday SM purchase, today 3 non-authorized CC purchaces.