Security issues with online ordering?

[SBARC]

In that case, can you remove sprue brothers from the title please? Thx.

Terry

Good idea......I have adjusted the subject line.

[RiderFan]

I guess my purpose is to notify all, IF MicroSoft has really been compromised, it's gonna happen alot more often to all of us!! There is NO SUCH thing as a SECURE site, now more than ever!!

I VERY seldom use my CC on line!! I cringe when I think of ever 15 yr has a PC with time on their hands to CHALLENGE the security system!! About the time a defense is designed, there are those hard at work to defeat it!! And sooner, rather than later, they do!

So my suggestion to all y'all, is to WATCH IT!!

Bo Roberts

Again, more hyperbole.

You are of course aware that the overwhelming majority of websites in the world are not hosted on Microsoft systems. Roughly 90% of them use Apache servers. The CC transaction systems are most often unix/linux based working with Oracle databases. Outside of the browser you use (which uses at minimum 128bit encryption) Microsoft isn't involved in the process at all.

[Hawkeye's Hobbies]

First I would check to see if your computer has any malware installed, such as a keystroke reader that captures your CC information.

Using a secured shopping cart online is safer than handing your card to a clerk or waitress who takes the card out of your visual sight. In the back room or under the counter they can swipe your card to gather the necessary information needed to sell your information to a third party.

A while back we had one such individual at a local convenience store who was doing just that as folks paid for their purchases. Within 30 minute of him swiping the victims cards the information was sold to a third party online which he was transmitting through his laptop. He was caught and convicted.

Somewhere along the line you have been tapped by someone through your computer or through a place of purchase outside your home. Thieves will do anything to get your information. With all of the security issues even the banks and financial institutions have been experiencing, your information could have been subject to theft. Get your computer checked, think back on any new shops you've visited and made purchases. Look over any subscriptions you might have that are paid for using your card as method of payment.

Keep in contact with your CC company to make sure the issue is resolved, not just left hanging. I also suggest installing http://noscript.net/ on your computer.

As long as it is profitable to steal and the consequences acceptable if caught, it will continue to happen. What was the saying..."Spare the beatings and he who steals will steal again."

Edited September 15, 2010 by Hawkeye's Hobbies

[Kalashnikov-47]

I highly doubt the problem lies with Microsoft as well.

Bill Gates & Co. are pretty quick about patching problems

as soon as they're found. Of course there are people

who don't update their computers when updates are

issued by MS.

[Les / Creative Edge Photo]

Vigilance,

Most credit card numbers or debit card numbers are skimmed at POP terminals in brick and motor stores. These stores should all make it impossible for a thief to quietly come in and replace the hand set with one that skims. The thief's come back a few days later and quietly replace it back again.Many more stores are physically mounting these hand sets to keep such swapping out to a near impossible point.

Next NEVER, REPEAT NEVER! let your credit card out to any employee out of sight Never give a waiter or waitress the card to walk back out of sight to run the sale. Always make sure you see the card and what is going on with it.

Online selling is probably the most secure way to use a credit card. Make sure the site is one you know and trust LOOK AT THE HTTP ADDRESS, verify it matches the name of the etailer. Scammers make false virtual fronts hoping you will buy and not realize your buying from a phony web page. LOOK AT THE HTTP address before you buy. Also look for one that has the security in place. Do not just trust those banners on the page saying they are secure - verified stuff. LOOK at the header if its secure the sales point section will have an HTTPS in the address. If it does not have the S it is not SECURE!

Read your credit card statements vigilantly.

Those RFID cards need the blockers or blocking wallets, BUY ONE if you have any RFID based cards.

Don't be paranoid, just be vigilant, use common sense.

As to online security most info will be compromised AT YOUR COMPUTER. Too many people are lax in making sure they have their security updates running efficiently. If you have especially a Windows based machine you really should have your Window updates set to AUTOMATIC so you do not have to run them yourself. If you are going to have a computer you must developed proper responsibility and care. Too many people are just blind and ignorant.

IN THE END IT'S UP TO YOU!

Edited September 15, 2010 by Les / Creative Edge Photo

[jabow]

I would say you owe Sprue Brothers a apology Bo, you did plaster this over every modeling forum you could find without getting the scoop first

Yeah I understand, do I need to apologize to myself, too?? LOL!! I'm NOT trying to harm anyone, rather give a 'heads-up' to everyone using CC for online purchase.

I asked this question to the 'Professional Security/IT' person: "Is it possible that retailers don't even know that they have been compromised"?

His answer was, 'If Apple didn't know that a mirror site was operating behind theirs, I promise others don't either'!! I'm NOT a computer geek, for sure, but from what this pro said, the MS security was broken and now the crooks have all necessary info to set up mirror sites that you, I and the retailers don't know is operating. Data can be picked off at will!!

Again the bad guys don't stay in any one place, but move around making it hard, if not impossible to trace.

Bottom line is Sprue Bros. IS a great model retailer that trys everything possible to keep their site safe. BUT, it's also possible that these events are beyond their or any other mechant's ability to control. So we may all expect the CC compromise a lot more in the future!! Just guessing of course. The above applies equally to each of our own attempts to secure our computers!!

Bo Roberts

Edited September 16, 2010 by jabow

[crazydon]

Yeah I understand, do I need to apologize to myself, too?? LOL!! I'm NOT trying to harm anyone, rather give a 'heads-up' to everyone using CC for online purchase.

I asked this question to the 'Professional Security/IT' person: "Is it possible that retailers don't even know that they have been compromised"?

His answer was, 'If Apple didn't know that a mirror site was operating behind theirs, I promise others don't either'!! I'm NOT a computer geek, for sure, but from what this pro said, the MS security was broken and now the crooks have all necessary info to set up mirror sites that you, I and the retailers don't know is operating. Data can be picked off at will!!

Again the bad guys don't stay in any one place, but move around making it hard, if not impossible to trace.

Bottom line is Sprue Bros. IS a great model retailer that trys everything possible to keep their site safe. BUT, it's also possible that these events are beyond their or any other mechant's ability to control. So we may all expect the CC compromise a lot more in the future!! Just guessing of course. The above applies equally to each of our own attempts to secure our computers!!

Bo Roberts

Again Bo, the bottom line is you posted all over every site you use that Sprue had a problem without checking with your credit card company first to see if there was a issue there.

I know for a fact beginning of the year several credit/debit card companies and banks did have a issue with security. My own bank went the proactive route and issued new cards to everyone, odds are that was what happened to you.

This ain't a flame, just a statement of facts. I do use my debit card all the time on-line and have never had any issues. Same with my credit card, cus I keep a eye on them....anything sneaky happens I know what to do and who to call tp resolve the issue

[anotherP51nut]

Interesting, I had the same thing happen yesterday! I had just placed an order with an online hobby shop in the UK, and within 15 minutes I had a call from my bank fraud department asking about some purchases that were attempting to be made for over $1000.00 ( I didn't spend that much online!!). She told me that there was a small purchase of under $5.00 first (which I had not done), and then an attempt to authorize a purchase for almost $1300.00. In fact while she was talking to me they were trying to do it again!

I am so grateful that their systems caught the unusual activity! The attempts were obviously declined, and I am being issued a new card.

It seemed to me that the timing was too close to be coincidental, but I don't know enough about internet security to make that call. I contacted the retailer, who called his bank immediately. They told him their payment system was secure with no breaches. Which makes me wonder about my computer now. I have firewalls and virus protection, but should I be doing more? Should I be careful now about an-line purchases from my computer?

I'm glad I called the retailer first, my first instinct was to put warnings up on all the forums too.

I'm a little gun shy now!

Cheers,

RIchard

Edited September 16, 2010 by anotherP51nut

[jabow]

One more thing that I just now confirmed with my CC company: Instead of putting ur signature in that signature block on the back, write: 'See Photo ID'. Of course this don't help with on line orders, but makes it a bit harder for anyone to use a stolen card. I guess. At lease they can't dupe ur signature and sell it, too.

BTW Crazy Don, my CC company notified me that there was an issue, I didn't need to tell them. And they offered NO explanation HOW my card was compromised. Guessing they'd just be 'guessing', too.

Sorry Sprue Bros. if I caused any harm to your or your excellent company. But we'd all better be 'On Guard' alot more now.

Bo Roberts

[jabow]

I'm a little gun shy now!

Cheers,

RIchard

I hear ya!! This was my second time to be stung.

At least the word is getting out about this subject. We ALL don't know how involved this is.

Bo Roberts

[Steve McArthur]

One more thing that I just now confirmed with my CC company: Instead of putting ur signature in that signature block on the back, write: 'See Photo ID'. Of course this don't help with on line orders, but makes it a bit harder for anyone to use a stolen card. I guess. At lease they can't dupe ur signature and sell it, too.

I've been doing this for a few years and I can count on one hand how many times I actually get asked for ID. Most people that take your card don't even think to look at the signature.

[jabow]

I contacted the retailer, who called his bank immediately. They told him their payment system was secure with no breaches. Which makes me wonder about my computer now. I have firewalls and virus protection, but should I be doing more? Should I be careful now about an-line purchases from my computer?

Cheers,

RIchard

Richard,

What I know about computer security, you couldn't fill a thimble; but, why would the crooks monitor an individual and get one set of info, when they can monitor a business and get MANY sets of info?? I'm guessing even a crook will go to places they can get the most for their efforts!!

And my computers are as safe as I know how to make them without taking a hammer to 'em!! Then they'd be safe!! LOL!!

Sign of the times I guess. Never had car thieves until we got cars!! LOL!!

Bo Roberts

[ReccePhreak]

One more thing that I just now confirmed with my CC company: Instead of putting ur signature in that signature block on the back, write: 'See Photo ID'. Of course this don't help with on line orders, but makes it a bit harder for anyone to use a stolen card. I guess. At lease they can't dupe ur signature and sell it, too.

Bo Roberts

Writing "See Photo ID" on the back of your credit card will cause certain retailers to refuse to accept it, including the USPS. And they are legally within their rights not to accept your card, especially if it says "Not valid without signature". Trust me, I used to do that, until the Post Office and other establishments refused my card.

Just my 2¢.

Larry

[RKic]

well damn, I was just going to order some models, but with two of you getting hit in one week, I'm more than a little reluctant at this point...

would love to hear something from the net security community about this. Any news stories or links anybody has seen?

[kenlilly106]

Writing "See Photo ID" on the back of your credit card will cause certain retailers to refuse to accept it, including the USPS. And they are legally within their rights not to accept your card, especially if it says "Not valid without signature". Trust me, I used to do that, until the Post Office and other establishments refused my card.

Just my 2¢.

Larry

Yep, unless your legal name is "See Photo ID" then its not allowed per your cardmemeber agreement and the retailers are within their rights to refuse the card per their merchant agreement. And per the merchant agreement retailers are not allowed to ask for ID, the card is considered ID.

Also leaving the back unsigned is a bad idea too, a store is within their rights to refuse it and if a theif gets the card, then can sign your name in their handwriting and it will always match the sales slip.

well damn, I was just going to order some models, but with two of you getting hit in one week, I'm more than a little reluctant at this point...

2 out of how many ARC members? That's a random coincidence, not evidence of a crime wave.

Ken

[jabow]

Also leaving the back unsigned is a bad idea too, a store is within their rights to refuse it and if a theif gets the card, then can sign your name in their handwriting and it will always match the sales slip.

Ken

Strange, because just today, I asked my CC Company about that when I got my new card. He said he would ask, put me on hold, then returned in 30 secs or so and said that would be just fine to do so. My conversations was 'recorded for security/training purposes'. That CC is NOT and ID. Airlines even require photo ID to board. Guessing security issues are taking priority over some outdated agreement.

Granted, if I don't have photo ID, a merchant would be advised to refuse a transaction!! I do have several business that ask of photo ID and I thank them for asking. If the name on the CC and photo ID are the same, and I resemble that ugly mug in the photo, to me, it's added security.

Also, a travel advisor lawyer has suggested that this should be on your CC as well. Given that, any merchant is within their right to refuse ANY transaction.

Bo Roberts

[RKic]

2 out of how many ARC members? That's a random coincidence, not evidence of a crime wave.

Ken

Very true, but I want to know more about whats going on first

[jabow]

Writing "See Photo ID" on the back of your credit card will cause certain retailers to refuse to accept it, including the USPS. And they are legally within their rights not to accept your card, especially if it says "Not valid without signature". Trust me, I used to do that, until the Post Office and other establishments refused my card.

Just my 2¢.

Larry

Larry,

You two guys got me concerned, so again, I called my CC Company's Customer Service and asked that same question in two different ways. Again, that conversation was recorded for training/security purposes. Both times they said just writing in "see photo ID" along with a valid Photo ID, serves as proof of identity. I asked if I needed my signature and 'see photo ID' and they said; 'No, only 'see photo ID' is okay.

And, they did say any merchant can refuse any transaction for any reason; but, this is NOT a valid reason.

Bo Roberts

[RiderFan]

Interesting, I had the same thing happen yesterday! I had just placed an order with an online hobby shop in the UK, and within 15 minutes I had a call from my bank fraud department asking about some purchases that were attempting to be made for over $1000.00 ( I didn't spend that much online!!). She told me that there was a small purchase of under $5.00 first (which I had not done), and then an attempt to authorize a purchase for almost $1300.00. In fact while she was talking to me they were trying to do it again!

My bank is extremely proactive about CC protection. The day I proposed to my girlfriend, I called my bank and told them to expect a couple of high value purchases and that it really was me and please don't panic. So I buy the ring and take her to a 5 star restaurant. When I attempt to pay for the dinner the card was declined and the bank called the restaurant. It wasn't until they'd spoken to me that they saw the note on the file and let the charge go through.

So even after letting them know, they still took they still errored on the side of caution.

Edited September 16, 2010 by RiderFan

[Hawkeye's Hobbies]

CC companies keep raising the amount spent that requires a signature...around here anything under $25 requires no sig...over that and you sign for the transaction. Even at the Post Office if my cost is under that no signature required, they just hand me my copy of the receipt. So if someone had anyone's card they could go around making small purchases without being asked to even sign.

[Oroka]

Coincidence.

A card could have been swiped a month ago, they kept the number until now to use it.

Trust me, if someone hacked your computer to steal your CC number, they are not going to go buy shoes.

Do you live anywhere near where the fruad on your CC took place? If you do, I would look closer to home (friend, family, visitor).

[jabow]

My bank is extremely proactive about CC protection. The day I proposed to my girlfriend, I called my bank and told them to expect a couple of high value purchases and that it really was me and please don't panic. So I buy the ring and take her to a 5 star restaurant. When I attempt to pay for the dinner the card was declined and the bank called the restaurant. It wasn't until they'd spoken to me that they saw the note on the file and let the charge go through.

So even after letting them know, they still took they still errored on the side of caution.

And you know, I don't mind them using caution. That makes it safer for all of us.

Just today, my wife and her sister had lunch and when my sister-in-law used her CC, they came back to the table and asked for her 'photo id'. And they've been to that restaurant many times before and this was a 'first'!!

Bo Robertrs

[jabow]

Coincidence.

Do you live anywhere near where the fruad on your CC took place? If you do, I would look closer to home (friend, family, visitor).

No, unless you call 2000 miles close. I don't EVEN know anyone in Delaware!! Wait, isn't that where our VP, Joe Biden, lives??? LOL!!

Bo Roberts

[kenlilly106]

Strange, because just today, I asked my CC Company about that when I got my new card. He said he would ask, put me on hold, then returned in 30 secs or so and said that would be just fine to do so. My conversations was 'recorded for security/training purposes'. That CC is NOT and ID. Airlines even require photo ID to board. Guessing security issues are taking priority over some outdated agreement.

Per the terms of the merchant agreement (ie a legal contract), they are not allowed to ask for ID except in rare cases (ex. buying alcohol or tobacco)

If I buy a $50 widget and present what appears to be a valid card, that card is considered enough ID for them to complete the transaction (the CC is not a legal ID), if I refuse to provide any other form of ID that is not required to complete the transaction then the merchant cannot deny the transaction (once again, this is in their merchant agreement)

Furthermore, the merchant can refuse a card signed "See ID" or unsigned since the user (ie you) has not completed their part of the user agreement (ie the one you agree to in order to use the card).

Think about this too, most places have you swipe your own card any more, I think they only look at the card if the transaction is over a certain amount, otherwise the clerk never sees your card, so writing "see ID" won't work most of the time.

Ken

[ReccePhreak]

No, unless you call 2000 miles close. I don't EVEN know anyone in Delaware!! Wait, isn't that where our VP, Joe Biden, lives??? LOL!!

Bo Roberts

Isn't Wilmington, Delaware where MOST of the credit card companies are based?

Larry