Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | [2] | 3 | 4 | (show all)   Print Thread
Standard User bobble_bob
(knowledge is power) Tue 07-Feb-17 17:18:56
Print Post

Re: Credit card details stolen from website.


[re: TrishaH] [link to this post]
 
Agree with that. I had £400 once stolen from my account 7 or so years ago, and although i got it back quickly it effected me for many months. I would check my account every day online and get anxiety while logging in wondering if anymore had been stolen. Went on for a very long time, and even now i check my account daily (minus the anxiety) which all stemmed from that

I do buy stuff online now but just careful which sites i use

Edited by bobble_bob (Tue 07-Feb-17 17:20:19)

Standard User TrishaH
(knowledge is power) Tue 07-Feb-17 17:43:40
Print Post

Re: Credit card details stolen from website.


[re: bobble_bob] [link to this post]
 
Exactly how any breach affects us too. It's unpleasant to say the least.

In fact, I even hated logging into our bank accounts more than absolutely necessary ...still do keep it to a minimum, but scrutinise activity whenever I do.

We can do little more though than keep decent security software running, and be vigilant when visiting new sites ...after that, we've done just about all we can.

After all that, I need to go and pay my bank CC bill now! smile

Standard User caffn8me
(knowledge is power) Tue 07-Feb-17 17:51:55
Print Post

Re: Credit card details stolen from website.


[re: Lars] [link to this post]
 
In reply to a post by Lars:
I think we should be 100% sure before using about cards anywhere online. We should boycott companies which are not following guidelines suggested by PCI DSS.

Basic security like SSL, Anti-Virus, Firewall, cannot be overlooked in any manners.
SSL in all its iterations is already deprecated and up to date browsers will no longer connect to SSL sites. PCI-DSS now mandates a switch to TLS v1.1 or higher - the original deadline for which has already passed and been extended because businesses struggled to comply.

One problem is that it's difficult to determine whether a vendor is actually PCI-DSS compliant. Quick scans of a number of UK banks and building societies show that quite a few have online banking websites which aren't PCI-DSS 3.2 compliant [example].

I've looked at about ten sites and the only UK online banking site I've so far found that is PCI-DSS 3.2 compliant is Halifax.

But that's just websites. Even if a website is PCI-DSS compliant it doesn't mean that the rest of the business is. Do businesses print out credit card slips with the full PAN (Primary Account Number)? What happens to these printouts afterwards?

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs


Register (or login) on our website and you will not see this ad.

Standard User caffn8me
(knowledge is power) Tue 07-Feb-17 18:01:48
Print Post

Re: Credit card details stolen from website.


[re: bobble_bob] [link to this post]
 
My feeling is that regular logins from a computer you trust to check your account activity are necessary these days to detect fraud.

There are so many ways that fraudsters can obtain credit card details that the sooner you discover a problem and report it to the bank, the better.

Even if you cancel a card (credit or debit), the fraudsters can work out what the number of the replacement card is because the card numbers follow a predictable sequence. Not all online sites require the CVV number to be entered. Amazon doesn't, for example.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Standard User Malwaremike
(committed) Tue 07-Feb-17 18:16:26
Print Post

Re: Credit card details stolen from website.


[re: caffn8me] [link to this post]
 
I agree it's difficult to understand bank security sometimes, like yourself we rely on common sense, checking accounts twice a week, and using up-to-date AV software. At login our banks still prompt us to download Rapport although it's already running according to its own 'dashboard'. The Firefox team says that Rapport is old software which cannot cope with today's techniques ... what more can we do?
Standard User bobble_bob
(knowledge is power) Tue 07-Feb-17 18:23:16
Print Post

Re: Credit card details stolen from website.


[re: caffn8me] [link to this post]
 
Im more concerned if my personal details on a particular site are stolen than bank details. Bank details can be changed and stopped. Your name, address, DOB etc cant be and fraudsters can probably do more damage with that information

Edited by bobble_bob (Tue 07-Feb-17 18:23:26)

Standard User TLM
(legend) Tue 07-Feb-17 19:24:28
Print Post

Re: Credit card details stolen from website.


[re: Michael_Chare] [link to this post]
 
By coincidence (or not?) I was also informed on Sunday that a suspicious transaction of over £900 with my credit card was attempted, but blocked. Usually, to my annoyance, these things are me, trying to buy something legitimately, but this one wasn't.

The implication is that the details were stolen, but they didn't (or couldn't) give any indication where they might have been stolen from, or whether it was even online. They asked if I'd left the card unattended (No!)

They told me the website where someone tried to use the card - which was a US website I'd never heard of, and now can't remember. Tops something? But of course, it does not follow that this is also where the breach occurred - and, as I couldn't recall ever having visited, let alone bought from the website, it's unlikely.

Like yours, my card has had to be stopped and reissued, but I wasn't given a choice about this - I was told, not asked.

If I'd had a choice, I might have decided to leave it, as it's inconvenient, to say the least, and the attempted fraud wasn't successful. If it had been, it would have been the cc Co's loss in any case, as I had not been negligent (left the card anywhere, or lent it to anyone). But that is one reason they wouldn't have allowed me to keep the card. If the fraudsters tried again, successfully, they, not me, would have been the loser - so obviously, they weren't going to let a situation like that prevail. The card had to be stopped, whether I liked it or not.

They apologised for the inconvenience, but made clear it wasn't negotiable.

The whole thing might be quite coincidental, but having also had my card stopped, on the same day, your post caught my eye.
Standard User TLM
(legend) Tue 07-Feb-17 19:30:35
Print Post

Re: Credit card details stolen from website.


[re: Michael_Chare] [link to this post]
 
Very similar to my experience. The voicemail sounded genuine - I took steps to verify the number online before calling back.

Was asked some simple security questions (not from a choice, but things only I would know), and it was pretty straightforward and obvious it was really them.

Now waiting for the new card.
Standard User Michael_Chare
(fountain of knowledge) Tue 07-Feb-17 21:37:15
Print Post

Re: Credit card details stolen from website.


[re: TLM] [link to this post]
 
My new card arrived this morning, very quick as I had called them on Sunday. Hope you have similar luck.

Michael Chare
Standard User TLM
(legend) Tue 07-Feb-17 22:20:42
Print Post

Re: Credit card details stolen from website.


[re: Michael_Chare] [link to this post]
 
That's good - my provider told me it could take up to ten days, so I was expecting a long wait. Let's hope they were talking worst case, and it will arrive a lot quicker. I only phoned them yesterday, after picking up a voicemail from Sunday night.
Pages in this thread: 1 | [2] | 3 | 4 | (show all)   Print Thread

Jump to