[GregH-BBPearl]

Beware people. I went to handango this morn. And bought blackberry alerts!

My card was then used fraudulently. Luckily my credit card co. noticed 4 transactions in and stopped them.

Beware!!


GregH

[kathrynhr]

Scary. I almost bought the same thing from the same place last night, and then decided I'd wait another few days until my trial period was completely over.

Not sure what to do now!

I am sorry that happened to you. Thank for posting your experience.

[paulbblc]

Have you contacted Handango to find out if they know anything?

[NJBlackBerry]

<RANT>
And companies complain about the burden of PCI (credit card security) implementation. My wife just had a CC number stolen - same type of deal - shortly after she used it on an Internet transation. I hope Visa and Mastercard take these companies credit card authorization priviledges away. Then people would take online security seriously. They have compromised servers and do NOT follow PCI guidelines..
</RANT>

[wichita]

Wow! Thanks for the heads up on this.

[GregH-BBPearl]

My bank called me. They noticed the action was different then mine. I am getting it all back. I was thinking of trying to tell handango but would they really be able to do anything? GregH

[jenniwal]

Hey thanks for posting this...scarey! I almost bought something today from Handango too! Good thing I didn't.

[secrecyguy]

You can't blame on the company because someone could have hacked in when you were doing the transaction. All they have to do is "listen" in. That's it.

[NJBlackBerry]

On a legitimate 128 bit SSL conversation? How do the hack in and listen to that..

[StanSimmons]

It is much more likely that you have a trojan horse program on your PC that keylogged the CC info and sent it to the bad guy.

[NJBlackBerry]

OK, let's eliminate that one also.

Assume, for the minute, that my wife's PC doesn't have a virus, worm, rootkit, trojan or any Spyware. Because it is scanned constantly by active AV and active anti spyware.

Nope - I am sticking to the compromised servers scenario. Check out credit card info at restaurants. Do the blank out everything but the last four digits? I just saw one that didn't. So easy to steal.

[GregH-BBPearl]

Quote:

Originally Posted by StanSimmons

It is much more likely that you have a trojan horse program on your PC that keylogged the CC info and sent it to the bad guy.

I don't think this is so. I did it from work and we have programs monitoring each workstation as well as the server. I can't be sure but I don't believe that to be the case. I believe it is in the transaction during the handango check out. That's not to say they know about it just that it's the most likely point of outside access.

GregH

[StanSimmons]

Most CC number theft is by "man in the middle" attacks...

The waiter gets the number on the way back to the register, an order processor writes down (or downloads) numbers while processing the order, etc.

I'm guessing that Greg lost his CC info to an insider at Handango.

[NJBlackBerry]

So was it hacking into the transaction or an insider?
We are guessing. But I think it happened at the vendor side.

[StanSimmons]

My first guess was a trojan on an unprotected pc, but most business pc's in large companies are fairly well protected... So now I'm guessing an insider.

[GregH-BBPearl]

It's very hard to say from this side.

I am very happy with my bank wamu
They were on top of it big time!

I would say dont let this stop you from on line buying.
It's still the future. I will get a low limit card just for internet now. The banks monitor it for their own saftey as well as yours. It's just part of the risk.
I have notified handango and will post their reply. I think this will be of interest for future buys at their site.

GregH

[NJBlackBerry]

I have a credit card that I only use for Internet transactions. Limits the exposure. The banks are doing a much better job monitoring fraud - since THEY have to pay for the fraud and not the vendors...

[apple85]

I will definatly NOT be buying anything from handango!

[flash24]

thanks for the warning

[Alimah]

I am curious what they will say. I have purchased MANY items from them - including this particular one. I did not get ripped off on my credit card but the vendor never sent the authorization code after several days and repeated requests and I had to get Handango to process a refund.