PDA

View Full Version : Stolen credit card number!!!!


GregH-BBPearl
12-08-2006, 04:31 PM
Beware people. I went to handango this morn. And bought blackberry alerts!

My card was then used fraudulently. Luckily my credit card co. noticed 4 transactions in and stopped them.

Beware!!


GregH

kathrynhr
12-08-2006, 04:44 PM
Scary. I almost bought the same thing from the same place last night, and then decided I'd wait another few days until my trial period was completely over.

Not sure what to do now! :-o

I am sorry that happened to you. Thank for posting your experience.

paulbblc
12-08-2006, 04:52 PM
Have you contacted Handango to find out if they know anything?

NJBlackBerry
12-08-2006, 05:00 PM
<RANT>
And companies complain about the burden of PCI (credit card security) implementation. My wife just had a CC number stolen - same type of deal - shortly after she used it on an Internet transation. I hope Visa and Mastercard take these companies credit card authorization priviledges away. Then people would take online security seriously. They have compromised servers and do NOT follow PCI guidelines..
</RANT>

wichita
12-08-2006, 05:17 PM
Wow! Thanks for the heads up on this.

GregH-BBPearl
12-08-2006, 05:58 PM
My bank called me. They noticed the action was different then mine. I am getting it all back. I was thinking of trying to tell handango but would they really be able to do anything? GregH

jenniwal
12-08-2006, 05:58 PM
Hey thanks for posting this...scarey! I almost bought something today from Handango too! Good thing I didn't.

secrecyguy
12-08-2006, 05:58 PM
You can't blame on the company because someone could have hacked in when you were doing the transaction. All they have to do is "listen" in. That's it.

NJBlackBerry
12-08-2006, 06:01 PM
On a legitimate 128 bit SSL conversation? How do the hack in and listen to that..

StanSimmons
12-08-2006, 06:03 PM
It is much more likely that you have a trojan horse program on your PC that keylogged the CC info and sent it to the bad guy.

NJBlackBerry
12-08-2006, 06:05 PM
OK, let's eliminate that one also.

Assume, for the minute, that my wife's PC doesn't have a virus, worm, rootkit, trojan or any Spyware. Because it is scanned constantly by active AV and active anti spyware.

Nope - I am sticking to the compromised servers scenario. Check out credit card info at restaurants. Do the blank out everything but the last four digits? I just saw one that didn't. So easy to steal.

GregH-BBPearl
12-08-2006, 06:18 PM
It is much more likely that you have a trojan horse program on your PC that keylogged the CC info and sent it to the bad guy.

I don't think this is so. I did it from work and we have programs monitoring each workstation as well as the server. I can't be sure but I don't believe that to be the case. I believe it is in the transaction during the handango check out. That's not to say they know about it just that it's the most likely point of outside access.

GregH

StanSimmons
12-08-2006, 06:18 PM
Most CC number theft is by "man in the middle" attacks...

The waiter gets the number on the way back to the register, an order processor writes down (or downloads) numbers while processing the order, etc.

I'm guessing that Greg lost his CC info to an insider at Handango.

NJBlackBerry
12-08-2006, 06:20 PM
So was it hacking into the transaction or an insider?
We are guessing. But I think it happened at the vendor side.

StanSimmons
12-08-2006, 06:24 PM
My first guess was a trojan on an unprotected pc, but most business pc's in large companies are fairly well protected... So now I'm guessing an insider.

GregH-BBPearl
12-08-2006, 06:32 PM
It's very hard to say from this side.

I am very happy with my bank wamu
They were on top of it big time!

I would say dont let this stop you from on line buying.
It's still the future. I will get a low limit card just for internet now. The banks monitor it for their own saftey as well as yours. It's just part of the risk.
I have notified handango and will post their reply. I think this will be of interest for future buys at their site.

GregH

NJBlackBerry
12-08-2006, 06:34 PM
I have a credit card that I only use for Internet transactions. Limits the exposure. The banks are doing a much better job monitoring fraud - since THEY have to pay for the fraud and not the vendors...

apple85
12-08-2006, 09:01 PM
I will definatly NOT be buying anything from handango!

flash24
12-08-2006, 09:18 PM
thanks for the warning

Alimah
12-09-2006, 05:40 PM
I am curious what they will say. I have purchased MANY items from them - including this particular one. I did not get ripped off on my credit card but the vendor never sent the authorization code after several days and repeated requests and I had to get Handango to process a refund.

secrecyguy
12-09-2006, 10:05 PM
Ok... now since you just said you did it at work, are you using a wireless Internet connection?

If so, people can listen in even though it might be secured.

Do you work with several people and can people see what you are doing?

I got my credit card number stolen when I was at a place the provides high speed internet connection. There was several people and computers. I thought no one was looking but I was wrong. Apparently, this person is smart because he didn't use it until several months later when they no longer have a recording of the surveillance camera at the place where I was using the computer and he got the card working so it will scan.

But my Wells Fargo bank was even smarter. They knew it was unusual for someone to spend lots of money on a video game system and games at Blockbuster. How many people will do something like that? Not many. Most people will go to Best Buy or Circuit City. I could get a recording of the surveillance camera at Blockbuster but that require me to get a lawyer and so on so why bother.

For people who have Wells Fargo, now you know your card won't work at Blockbuster to buy video system and games.

Dark Knight
12-10-2006, 11:21 AM
I noticed a few posters are under the impression that their Anti-Virus software is an all-in-one solution to preventing intrusion which is a false assumption. For one thing Anti-Virus software do not scan for Rootkits. Second it's best to do a firewall port test to ensure you don't have any open ports where it's easier for a cracker to obtain personal data being transmitted or even stored on your system. Also ensure the software you're using is not comprimised. Also some people use Firefox for added security but fail to routinely check for updates. On Linux Firefox can be automatically updated through system update utilities such as SUSE Linux "ZMD Updater", YAST or even SMART. On Windows Firefox users need to check the auto-update section in the user preferences of Firefox. If you're using a wireless connection in you LAN ensure you're not leaving access open to anyone other than your trusted network.

Reference:

Rootkit: Rootkit - Wikipedia, the free encyclopedia (http://en.wikipedia.org/wiki/Rootkit)
Firewall (Network): Firewall (networking) - Wikipedia, the free encyclopedia (http://en.wikipedia.org/wiki/Network_firewall)
Black Hat (aka: Cracker): Black hat - Wikipedia, the free encyclopedia (http://en.wikipedia.org/wiki/Black_hat)
SUSE Linux: SUSE Linux distributions - Wikipedia, the free encyclopedia (http://en.wikipedia.org/wiki/SUSE_Linux_distributions)
SMART Package Manger: Smart Package Manager - Labix (http://labix.org/smart)
Firefox: Mozilla - Home of the Firefox web browser and Thunderbird email client (http://www.mozilla.com/)
WIFI Protected Access: Wi-Fi Protected Access - Wikipedia, the free encyclopedia (http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access)

koleary19067
12-10-2006, 12:01 PM
I have bought alot of items from Handango without any issues. I do have a CC on File with them, so I am now going to change that.

funkym
12-11-2006, 09:16 AM
MobileSoftMarket (http://www.mobilesoftmarket.com/) seems to let the transactions handle by PayPal. Their product range is still nothing compared to handango but I bought some stuff there and am quite satisfied. (Don't forget to click the "return" button ;))

Winston S.
12-11-2006, 11:45 AM
When I make online purchases I use one-time use CC numbers. Citibank and Discover allow you to generate these numbers for particularly these types of instances. Citibank will also allow you to limit the amount that can be charged and set an expiration month for the number.

After downloading the program you can also drag and drop the virtual number into IE so that you don't have to re-type the whole thing and have it logged. However, your user name and password can still be compromised that way.

I was also looking into purchasing some software from Handango since there was a recent promotion for 25% off. Didn't have a chance to pull the trigger though and looks like the deal is expired.

GregH-BBPearl
12-11-2006, 06:55 PM
Hardwire cat5e
Server with firewall protection and everything in and out goes through a hardware fire wall. again I can't be sure but I would tend to think it was on the handango side.
I am waiting still to see if they reply. I will post the reply if they do. My bank is taking care of me so it's really not all that bad.

namtheho
12-11-2006, 10:21 PM
scary....

forcedfx
12-13-2006, 11:52 AM
When I make online purchases I use one-time use CC numbers. Citibank and Discover allow you to generate these numbers for particularly these types of instances. Citibank will also allow you to limit the amount that can be charged and set an expiration month for the number.

After downloading the program you can also drag and drop the virtual number into IE so that you don't have to re-type the whole thing and have it logged. However, your user name and password can still be compromised that way.

I was also looking into purchasing some software from Handango since there was a recent promotion for 25% off. Didn't have a chance to pull the trigger though and looks like the deal is expired.

Merrill Lynch offers the same service through ShopSafe. I use it ALL the time. It's like a disposable credit card number.

NonCom
12-13-2006, 03:21 PM
I've used the Citi Virtual Credit Card system for a few years. Never a fraudulent charge since I can define the maximum amount available and auto-expire the "card". As ForcedFX says, it's like having a disposable credit card.