Credit card fraud
Graham
details as a deposit. On the same day that I sent these details, there was
a fraudulent transaction on my credit card, billing $19.99 to
Blizzard-Enterprises. The credit card company cannot tell me what time the
fraudulent transaction took place.
Google shows that Blizzard-Enterprises are commonly associated with this
sort of fraud.
Is it likely that the email itself (sent via Demon) was the source of the
fraud?
Does anybody here have any experience of this?
--
Graham J
SteveH
No - but I thought everyone knew not to send credit card details via
email.
--
SteveH 'You're not a real petrolhead unless you've owned an Alfa Romeo'
www.italiancar.co.uk - Honda VFR800 - Hongdou GY200 - Alfa 75 TSpark
Alfa 156 TSpark - B6 Passat 2.0TDI SE - COSOC KOTL
BOTAFOT #87 - BOTAFOF #18 - MRO # - UKRMSBC #7 - Apostle #2 - YTC #
Eeyore
Graham wrote:
> I recently send an email to a small hotel in France quoting my credit card
> details as a deposit.
You won't do that again will you ?
Graham
ato...@hotmail.com
On 19-May-2007, "Graham" <gra...@nospam.demon.co.uk> wrote:
> Is it likely that the email itself (sent via Demon) was the source of the
> fraud?
Unlikely that they are monitoring all their users emails 24/7 on the
off chance of getting hold of credit card details.
Could be your PC has a keylogger planted that emails keystrokes,
or possibly a rogue employee at the hotel.
I'm surprised that the credit card companies have not set up
a PayPal, or Google Pay, type of system. Then the payee
never gets to see your card details.
A local restaurant has been skimming cards, also petrol
stations, Heathrow Express machines. You buy a s/h PC
at a commercial effects auction, it's from a firm that's
gone bust, full of credit card details (name, address,
phone number) and verification
numbers. Give your card details to anyone and it's
potentially compromised.
I only buy on line from those who take PayPal, and
don't shop at TKmax.
It's Me
stephen
news:SZSdnRfkMexjmdLb...@pipex.net...
i had my credit card info put on a spoof Paypal account 2 months ago - still
not got all the money back......
>
--
Regards
stephe...@xyzworld.com - replace xyz with ntl
Keith Willcocks
"Graham" <gra...@nospam.demon.co.uk> wrote in message
news:f2mp1q$18q$1$8302...@news.demon.co.uk...
I recently had no choice but to send credit card details to the States. I
took the precaution of putting the details in a Word document which I then
password protected. The password was sent in one email and the Word
document was attached to a second one which was sent a bit later. Not
foolproof but safer than a straight email bearing all.
--
Keith Willcocks
(If you can't laugh at life, it ain't worth living!)
ato...@hotmail.com
On 19-May-2007, "stephen" <stephe...@xyzworld.com> wrote:
> i had my credit card info put on a spoof Paypal account 2 months ago - still
> not got all the money back......
But your credit card details were compromised first, then used to
create the PayPal account, and presumably an Unverified
PayPal account which has limits until it becomes verified.
Jay L. T. Cornwall
> I recently had no choice but to send credit card details to the States. I
> took the precaution of putting the details in a Word document which I then
> password protected. The password was sent in one email and the Word
> document was attached to a second one which was sent a bit later. Not
> foolproof but safer than a straight email bearing all.
If the recipient has some technical knowhow, GPG is perfect for
transmitting sensitive information. I hooked up Enigmail to my
Thunderbird client and nowadays send all emails signed; sensitive ones
encrypted as well. By defaulting to signed email, there's some
additional protection from impersonation.
The only downside is that most of the PGP keyservers seem to be in a
state of permanent semi-brokenness, so I just link to the public key on
my website.
--
Jay L. T. Cornwall, http://www.esuna.co.uk/~jay/
PhD Student
Imperial College London
John
Emails are not encrypted. Anything in an email is sent as clear text and if
anyone is sniffing your packets (Oo'er missus :o)) your credit card details
are there in plain sight, waiting to be abused.
John
Colin Wilson
> not got all the money back......
They'll probably still show the amount on your statement until their
investigation is complete - then it'll be taken off.
Ivor Jones
message news:_sudncql9ZN...@bt.com
[snip]
> I recently had no choice but to send credit card details
> to the States. I took the precaution of putting the
> details in a Word document which I then password
> protected. The password was sent in one email and the
> Word document was attached to a second one which was sent
> a bit later. Not foolproof but safer than a straight
> email bearing all.
Couldn't you have phoned them up..?
Ivor
dennis@home
"Ivor Jones" <iv...@despammed.invalid> wrote in message
news:5b91crF...@mid.individual.net...
How is phoning up a stranger and giving them your card details any safer
than sending it in email?
stephen
in message news:MPG.20b95f18d...@news.individual.net...
sonn as i figured out what was going on the CC got canned - so the money has
come back via the credit card guarantee scheme.
after all - dont know where else the details might end up....
Mark McIntyre
email leaves physical evidence of its passing at each server it goes
through, plus someone can capture the traffic on the wires.
Your phone could be tapped, true, but....
--
Mark McIntyre
Bob Eager
wrote:
If you have risky things like this to do again...set up an EntroPay
account. You can create a virtual card with exactly the right amount on
it, pay the money, then destroy the card - all online. You pay a small
charge for loading the account, but worth it IMHO.
--
[ 7'ism - a condition by which the sufferer experiences an inability
to give concise answers, express reasoned argument or opinion.
Usually accompanied by silly noises and gestures - incurable, early
euthanasia recommended. ]
Ivor Jones
message news:f2njjh$tjc$1...@news.datemas.de
Well it's less likely to be intercepted for a start, that is unless MI5 is
tapping your phone ;-)
You'd also have a better chance of getting hold of them again, a phone
number is far easier to trace than a throwaway email address. Unless it's
a PAYG mobile, of course. (Having said that, in the US you wouldn't know
from the number..!)
Ivor
Colin Wilson
> account. You can create a virtual card with exactly the right amount on
> it, pay the money, then destroy the card - all online.
Sounds interesting, but i've ended up sending them an email as I can't
find answers to a couple of basic questions (email follows...)
-----
I couldn't find anything in the FAQ about this, so I wonder if you
could advise...
Normally, a purchase made by credit card gives the purchaser
additional protection under Section 75 of the Consumer Credit Act,
where the card issuer is jointly liable with the vendor in the event
of problems with the goods.
Where do you stand as regards this, given that the payment is by
Visa (which might imply the protection above) ?
An additional question arises from a message about Entropay on a
newsgroup - it said you can create and destroy a virtual card, but
in the event of a vendor having to refund a payment back onto a
card you might have destroyed, how are the funds traced/returned ?
Bob Eager
<REMOVEEVERYTHI...@phoenixbbsZEROSPAM.co.uk> wrote:
> Normally, a purchase made by credit card gives the purchaser
> additional protection under Section 75 of the Consumer Credit Act,
> where the card issuer is jointly liable with the vendor in the event
> of problems with the goods.
>
> Where do you stand as regards this, given that the payment is by
> Visa (which might imply the protection above) ?
They're a 'small e-money' issuer, which may mean it works more like a
debit card (there are after all Visa debit cards). FSA site probably
says more.
> An additional question arises from a message about Entropay on a
> newsgroup - it said you can create and destroy a virtual card, but
> in the event of a vendor having to refund a payment back onto a
> card you might have destroyed, how are the funds traced/returned ?
It goes back to your Entropay account. Essentially, loading money is a
two stage business. You transfer money into a central Entropay account
(from one or more sources, chosen by you). You then create and destroy
virtual cards at will, filling and emptying them from/to the central
account. So it's quite logical for refunds to a destroyed card to go
back there.
Colin Wilson
> > additional protection under Section 75 of the Consumer Credit Act,
> > where the card issuer is jointly liable with the vendor in the event
> > of problems with the goods.
> debit card (there are after all Visa debit cards). FSA site probably
> says more.
Not giving the full protection of a credit card makes this far less
attractive - perhaps that's why they make no mention of it...
Incidentally, I got a reply back from Ixaris (who run Entropay) - but
not quite what I expected - this was sent to the official contact
email address from their site...
-----
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es)
failed:
in...@jackie.gauci
Domain jackie.gauci of <in...@jackie.gauci> does not exist.
------ This is a copy of the message, including all the headers.
------
Received: from smtp1.pri.skybb.uk.easynet.net ([87.86.189.69]
country=GB)
by sov-mail-b0013.gradwell.net with esmtp (Gradwell gwh-
smtpd 1.243) id 464fa435.884.a8
for in...@ixaris.com; Sun, 20 May 2007 02:28:21 +0100
(envelope-sender <xxx...@sky.com>)
Received: from 5ac3c67d.bb.sky.com ([90.195.198.125] helo=xxxxx2)
by smtp1.pri.skybb.uk.easynet.net with esmtp (Exim 4.62)
(envelope-from <xxx...@sky.com>)
id 1HpXyi-0002SK-5i
for in...@ixaris.com; Sun, 20 May 2007 00:04:48 +0100
Date: Sun, 20 May 2007 00:04:46 +0100
From: Colin Wilson <xxx...@sky.com>
Reply-To: Colin Wilson <xxx...@sky.com>
X-Priority: 3 (Normal)
Message-ID: <1996246181.2...@sky.com>
To: in...@ixaris.com
Subject: Entropay query
Lurch
<REMOVEEVERYTHI...@phoenixbbsZEROSPAM.co.uk> mused:
That would be enough for me not to use them.
--
Regards,
Stuart.
Bob Eager
<address@replyto_is_not.invalid> wrote:
> You could also get a Cahoot Webcard. This allows you to generate one
> time use CC numbers, with a time limit and maximum chargeable amount.
> You can use the one time numbers to pay for phone purchases, online
> purchases and, if you must, sending CC details by emaill. The CC can
> also be used as a normal CC card for payments by pin.
Same thing, basically (apart from, possibly, the CCA issue). I went off
Cahoot when they wanted to know details of my income, how long I'd lived
somewhere, and lots of other OTT infornation...just for a savings
account. Way more than needed for checks on money laundering.
Bob Eager
<REMOVEEVERYTHI...@phoenixbbsZEROSPAM.co.uk> wrote:
> > > Normally, a purchase made by credit card gives the purchaser
> > > additional protection under Section 75 of the Consumer Credit Act,
> > > where the card issuer is jointly liable with the vendor in the event
> > > of problems with the goods.
> > They're a 'small e-money' issuer, which may mean it works more like a
> > debit card (there are after all Visa debit cards). FSA site probably
> > says more.
>
> Not giving the full protection of a credit card makes this far less
> attractive - perhaps that's why they make no mention of it...
I did find the answer on the site...it works exactly the same as a Visa
debit card. OK, it *is* a Visa debit card.
Colin Wilson
> > attractive - perhaps that's why they make no mention of it...
> I did find the answer on the site...it works exactly the same as a Visa
> debit card. OK, it *is* a Visa debit card.
You're better off using your ordinary credit card then...
Bob Eager
Sometimes yes, sometimes no. With an ordinary credit card you get the
purchase protection, but no protection against fraudulent use of the
card. With the Visa debit, those two are reversed.
Bob Eager
wrote:
> >Subject: Entropay query
>
> That would be enough for me not to use them.
Maybe...but I did get an EntroPay account and it works well. When I was
adding an extra payment source, contact with them was swift and
efficient. Same when I had a query while setting up the account. They
even phoned me to help at one point.
Keith Willcocks
"Ivor Jones" <iv...@despammed.invalid> wrote in message
news:5b91crF...@mid.individual.net...
I did. They were adamant that they were not allowed take the card details
over the phone and were only permitted to accept them via post or fax. I
had to work on them just to use email.
alexd
> On Sun, 20 May 2007 12:12:50 UTC, Colin Wilson
> <REMOVEEVERYTHI...@phoenixbbsZEROSPAM.co.uk> wrote:
>
>> > > Not giving the full protection of a credit card makes this far less
>> > > attractive - perhaps that's why they make no mention of it...
>> > I did find the answer on the site...it works exactly the same as a Visa
>> > debit card. OK, it *is* a Visa debit card.
>>
>> You're better off using your ordinary credit card then...
>
> Sometimes yes, sometimes no. With an ordinary credit card you get the
> purchase protection, but no protection against fraudulent use of the
> card. With the Visa debit, those two are reversed.
I wouldn't be surprised if any card issuer refused any claim for
compensation where the cardholder had emailed their vitals in plaintext to
a merchant.
--
<http://ale.cx/> (AIM:troffasky) (UnSoEs...@ale.cx)
21:00:27 up 21 days, 23:00, 2 users, load average: 0.47, 0.25, 0.15
09 f9 11 02 9d 74 e3 5b d8 41 56 c5 63 56 88 c0
Lurch
mused:
>>> > > Not giving the full protection of a credit card makes this far less
>>> > > attractive - perhaps that's why they make no mention of it...
>>> > I did find the answer on the site...it works exactly the same as a Visa
>>> > debit card. OK, it *is* a Visa debit card.
>>>
>>> You're better off using your ordinary credit card then...
>>
>> Sometimes yes, sometimes no. With an ordinary credit card you get the
>> purchase protection, but no protection against fraudulent use of the
>> card. With the Visa debit, those two are reversed.
>
>I wouldn't be surprised if any card issuer refused any claim for
>compensation where the cardholder had emailed their vitals in plaintext to
>a merchant.
There will be a clause in most terms and conditions, for credit cards,
insurances etc.., that state that you should take as many reasonable
precautions as possible to protect your details\property etc...
--
Regards,
Stuart.
Colin Wilson
> purchase protection, but no protection against fraudulent use of the
> card.
I disagree on that one i'm afraid - if you tell them you are not
responsible for a particular purchase, it's down to them to prove you
did buy it, or refund the money in full. Usually the disputed amount
will show on the statement until the claim is investigated.
Bob Eager
That's my point. I once had a large disputed amount for a long
time...which affected my credit and the amount I could spend. yes, I got
it back eventually but it caused me grief.
Colin Wilson
> time...which affected my credit and the amount I could spend. yes, I got
> it back eventually but it caused me grief.
But by getting it on a credit card, you:
a) have additional protection against the vendor and card issuer
b) have to sit tight for a while if someone does pull a fast one
c) you get the money back eventually
Whereas fraudulent withdrawls against a debit card are gone forever,
and you have zero comeback if the vendor goes bust / does a runner...
Bob Eager
Well, sometimes one is better, and sometimes the other is better. I use
the EntroPay card for small transactions, so my exposure is limited.
I originally mentioned it as a possible solution for the OP; no-one is
being forced to use it, least of all you.
Colin Wilson
> being forced to use it, least of all you.
I didn't suggest otherwise, and i'm grateful for the heads-up :-)
Andy Furniss
Helen Deborah Vecht
> >
> > Couldn't you have phoned them up..?
> >
> I did. They were adamant that they were not allowed take the card details
> over the phone and were only permitted to accept them via post or fax. I
> had to work on them just to use email.
Isn't fax more secure than email, especially if you split details
between multiple faxes?
--
Helen D. Vecht: helen...@zetnet.co.uk
Edgware.
Keith Willcocks
"Helen Deborah Vecht" <helen...@zetnet.co.uk> wrote in message
news:3130303037363...@zetnet.co.uk...
> "Keith Willcocks" <bucc...@invalidaddress.inv>typed
>
>> >
>> > Couldn't you have phoned them up..?
>> >
>
>> I did. They were adamant that they were not allowed take the card
>> details
>> over the phone and were only permitted to accept them via post or fax.
>> I
>> had to work on them just to use email.
>
> Isn't fax more secure than email, especially if you split details
> between multiple faxes?
>
And of course have the facility to send faxes.
Keith