Credit card security
This discussion has been closed.
Daz 3D is part of 
Connect
DAZ Productions, Inc.
7533 S Center View Ct #4664
West Jordan, UT 84084
Licensing Agreement | Terms of Service | Privacy Policy | EULA
© 2025 Daz Productions Inc. All Rights Reserved.
Comments
Suggestion about passwords:
Come up with some 'system' to name passwords.
Like, your base password is (and I'm totally making something up) Dinkleburg556
Now, you add, say, the first letter of a given site to the end and the last letter to the beginning, so Daz Studio = o + Dinkleburg556 + D = oDinkleburg556D
This way, you have a password that you can reasonably easily remember for all your stuff, while also making it reasonably hard to crack and even if it is, it's different on every site. Because most of the time, it's something someone got in a list and feeds into an automated system, and not someone sitting there trying to figure it out.
And then every once in a while you redo all your passwords with a different core password and possibly change up your 'system.'
I honestly don't think there are any security issues at daz. They probably could have a better password policy but I'm frankly a bit glad I don't need to reset my password frequently.
Credit card info is sold on the dark web and is easy for hackers to guess since it is a string of numbers with other strings of numbers. Computers can run this numbers through unscrupulous sites until one goes through.
People give their credit cards to clerks and to cashiers and waiters to run in back rooms where the info can be removed and copied. Gas stations too can be hacked and those cards read when you swipe your card for gas.
I honestly think that credit cards as a method of payment are quite dated as is using social security numbers as any form of identifier.
unfortunately I have had my personal information stolen several times now. My health insurance company was hacked and all my health info was compromised. I've also had my info hacked from stores like target when their credit card scanners were compromised.
ive also been notified that my personal data was available on the dark web which is unsurprising since I've had my data stolen at least 3 times that I'm aware of.
In the end nothing that is written or is enters into a computer is safe and people should expect this to be a continued problem as long as stuff is available online it can be hacked by someone.
How would one go about doing that? I've had similar issues in the past week and am only going to be using paypal to buy gift cards from now on.
This type thing very much! Also consider a sentence or phrase that is longer such as "TheRedBirdLandsOnBranch" easy to remember but crazy hard to crack. You can even have a picture to remind you but someone walking up to the computer won't even guess it is part of your password SCHEMA.
You just buy a gift card and email it to yourself. When you claim it it becomes store credit.
Oh ok, I thought it would be more involved than that.
After having four cards compromised since late December I now have one non-networked, clean-installed PC just for internet banking and one debit card for online shopping. I never shop from the banking PC and keep the balance of the DC at around $5.00 or less ($US 3.50ish).
Just before hitting purchase, I go to my banking machine and transfer the amount. Still expect to have cards comprised but not to lose anything.
Router is still a weak point.
Edit: Bloody spelling.
I've been shopping online since 2004 and I've never had my card information stolen. For international purchases I've used debit and credit cards directly or Paypal. For domestic (I live in Europe) online shopping, there are usually no need for using card, since there are a lot of other ways to pay.
Nowadays I also use a password manager, so I don't have to remember more than one (master) password and still have a good strong password for every site requiring one.
I have edited the title of this thread as the original did not seem to be read as the poster intended
Thanks, Richard Haseltine! , That's better
Thanks for the great advice, especially about the passwords, I need to come up with a new system.
I have a prepaid debit card that isn't linked to any bank account and has no actual "credit". It only has the amount of money I put on it, which is very little...just enough to get some of the things I wanna get every month. If anyone snags that CC number they won't be getting much ;). Been working quite well.
Laurie
You need to read this:
https://consumerist.com/2017/02/01/why-is-credit-card-fraud-still-rising-in-the-new-chip-pin-era/
I've had problems with credit cards being compromised in the recent past as well, and I limited all my online purchases to exactly three companies.
The sad news is that not only is this type of crime is on the rise, but that there is nothing you can do as a consumer to stop your information from being stolen from a company you have shopped at once the info is stored on their servers. Credit card security codes are only 3 digits long, so once your full number is stolen it's fairly simple for a program to run through the permutations and start making purchases. Even if you practice the most robust security and cyberawareness on your end, it doesn't really matter if your data is hacked from a company you trust. And companies may not make you aware that your data has been compromised for months - if ever.
It's reached a point where I pay in cash at stores unless they have a chip reader and where I use a store-bought gift card to make internet purchases. Banks may be eating the cost on fraud, but as a consumer you are paying for lost time setting up new autopayment information, being interviewed by your credit card company, and losing some peace of mind at minimum. The last time my data was compromised, it was near Christmas time and would have interfered with gift giving had I been without other options.
The hard fact about the 'conventional' credit cards is that once someone has all the necessary details, they can initiate an online transaction by impersonation. There are two common ways to avoid this, assuming the card issuing authority implements these:
1) 2 Factor authentication (2FA) - Some issuers (such as Standard Chartered in my region) forces 2FA for all online transactions - i.e. they would issue a temporary PIN via SMS to the registered mobile number which needs to be provided during transaction processing.
2) Virtual credit cards with preset limits - Again some issuers (such as ICICI bank in my region) provide alternate CC details (number, expiry, CVV) and all transaction using those details are linked to your primary card. The benefit of using that is that a) you can block the alternate card without blocking your primary b) more importantly, it allows one to set a predefined limit at any time that could be charged to their alternate card.
The benefit of pre-defined limit is that you can maintain it at 0 by default so that even if your alternate card information is compromised, the issuer would not allow the transaction because it is above limit. You can access your card issuer account page to change the limit temporarily just before making an online payment. In most cases the limit changes are immediate.
comment deleted
I'm not a security expert, but I tend to worry more about the PC itself. If I accidentially install a single piece of malware, it wouldn't matter if I only used a credit card at one vendor's site. The malware could monitor my outgoing web traffic, or it could log my keystrokes...all kinds of ways to get someone's card number or password(s) if you're a malicious executable/service running on their system.
The only truly secure internet 'things' seem to be those which use 2 factor authentication (password and phone sms/authy/etc), since it's impossible to crack without my phone. And if someone steals my phone, at least I know about it pretty quick.
That's what I use anytime paypal is not available. For security, but also I don't believe in using credit cards at all.
I think we may have solved the problem.
Change it? In this day and age you need to STOP it right now!
Seriously, this is precisely how people's logon information got stolen from Yahoo!
Is your security important to you or not?
And I'll put in another vote for PayPal. And, um...don't use the same password for PayPal that you have for Yahoo.
Renderosity reported last month that they'd had a data breach and purchases made between the 9th and the 12th may have been compromised. This may be your problem.
Yesterday evening I got a messeage from my bank telling me they would send me a new card and that the old one was blocked. And just now I saw that someone had bought a subscription with Netflix using my card. My firtst thought was; why Netflix? It's easy for me to just call them and tell them about it, thus getting whatever account was being used shut down. It's rather silly.
I have no idea how they got my card info since on none of the places I use it have reported being compromised in any way. And I avoid using it on small sites I'm not sure of. This is also the second time in 4 months this have happened. Before that it had never happened to me. And now I have to wait a few days for a new card, again. This is getting ridicoulus.
They're probably using your card to get a netflix account and rip content as fast as possible, piracy essentially. I believe the same thing happens at daz - someone will use a stolen card to download a load of content and re-upload it. They're not re-uploading content out of the good of their hearts either, it's usually just bait to distribute malware or steal more information.
I don't know if this is general for all cards (I'd think so though), but with some cards the card is locked if you enter the wrong code 3 times in a row. That's a reasonably good security measure, though 3 digits isn't much, 4 or more digits would make it much more difficult to hit the correct number by chance.
That's true for most of the piracy of DAZ products, according to what DAZ_Jon said a while ago. And that's what makes it difficult to stop the piracy - it's hard to track down who "purchased" the stuff, when they use stolen card data.
As someone who has worked most of his life in the internet security space, I can offer some advice. In the interest of transparency, I should start by saying that I am employed by a large security software company. I am not going to list my company because I don't want my comments to be interpretted as a sales pitch. I should further indicate that these are my personal views and are not necessarily the same ones shared by my employer. This should not be considered legal advice and should be used at your own risk. Please evaluate what fits best for your own security practices.
1) Don't use pirated software. Someone who gets their operating system software for free from a torrent site can probably expect that there's already a back-door inside their computer. Obviously this won't always be the case, but you have to imagine that it is fairly common. Every piece of illegitimate software you install exposes a massive risk of inviting a hacker inside.
2) Protect your PC by investing in a trustworthy anti-virus/anti-malware program. Most people balk at the idea of paying for anti-virus and rely on free versions. While free software can offer you some protection, I don't feel it compares to what you receive when you purchase a reputable security product. It's sometimes hard to justify purchasing software like this when there's no obvious or immediate benefit. But when you read the stories in this thread, I think you might agree that an anual AV subscription is a lot smaller than the money and time you could lose if your system gets compromised. I would also caution anyone from believing that AV is unncessary simply because the system you use is a Mac or a mobile device. While those might be less attacked than PCs, they are still valid targets. As a device becomes more and more popular, it will be become more and more prone to malicious software.
3) Use a separate password for every site. Obviously, remembering a large number of passwords is a challenge so you either need a system that incorporates a base password and multiple variations or a password manager. In this day in age, I would strongly recommend a password manager. Every year, technology advances. This means that what might have once been considered a strong password can be cracked in minutes.
4) Use strong passwords. This means a minimum of 8 characters, using a combination of lowercase, uppercase, numbers, and special characters. Avoid dictionary words. Avoid easily guessable things like important dates or names of loved ones. If you use a password manager, this part is easy. It can generate a 20 character, completely random password that incorporates all of those characters.
5) Use exceptionally strong and unique passwords for all of your financial sites and email. If you do nothing else, please consider this one. Banks and financial institutions tend to have good security. If you protect that with a good password, you will generally have good security too. Unless... you use that same exact password for some website that has weak security. A security breach on your Playstation account may not seem like a big deal, unless those same credentials provide hackers access to your bank. Since almost everything ties back to your email adress nowadays, it is very important to restrict that access. Anyone that has access to your email can likely reset that password for any of your other sites and gain immediate access.
6) Using PayPal is good advice... but you may want to link it to a credit card instead of debit or checking. The reason is that debit or checking transactions are generally treated as cash transactions and have less fraud protection than credit transactions. If your Paypal accont were ever to be compromised, you have the credit card company as an additional layer of protection to stop fraudulent purchases.
7) Consider mixing up your security questions. How hard do you think it really be for someone in this day-in-age to discover your mother's maiden name or your hometown? If a site gives you an option to set your own security questions, use that option instead. Many however, only offer a limited selection of choices. In this case, consider modifying the answer you provide to make guessing more difficult. Instead of your hometown being "Chicago", it could be "Trunkmonkeyville". If you use a password manager, these answers can be tracked there if you are likely to forget them for each site.
SO MUCH THIS
I am constantly on my family about all these things they pass around, and I remind them what their security questions are for their banks.
I'll also add-- add 2-factor authentication to everything that you can. It really helps. It's not perfect, but it's definitely helpful.
I'll also have to disagree with the "system" for passwords. Any system you come up with will make it easier to hack you. None of your passwords should be anything remotely like each other, and you should change them monthly. Once you've used a word as part of a password, if that password gets discovered, every iteration of that word will be put in a dictionary to run against you in the future.
If you really want to feel bad about internet security, put your email address in here ( https://haveibeenpwned.com/ ) and see if it's ever been compromised and what breaches it was involved in. If it comes up, that password should be dead to you and never used again... nothing even remotely close.
Hello,
I've missed this, where did you see this?
Oh, I'll also note that a lot of times, when a CC number gets stolen, it's put on a list for sale later or sat on for a few months (so if it's used in December, it was probably stolen several months earlier). This makes it more difficult to track down the origin of the breach/theft. The list is then sold off to the highest bidder (or bidders) and used later (of course there are always small-time folks that will just steal one and use it). You'll get a small "tester" charge to see if the card is still active before they try to use it for bigger purchases. November to December is the most likely time to get your stolen cards used because clerks are less likely to check ID and consumers are less likely to notice extra charges immediately. The sales rush in that time period is heavy. Also, even if you don't use a card outside of your home for internet purchases, it can still have the data stolen while you're out and about. Keep the cards you have in RFID blocking wallets/purses.
@mathiaskristoffersson They sent me an email, the text of which I paste below:
Dear Renderosity Customer,
Recently, we became aware of a potential compromise to our store check-out process that may have exposed personal information such as customer name, address, and credit card. After a thorough investigation, our team has determined that the exposure began on March 9, 2017 at approximately 4:39pm (cst) and was resolved by staff on March 12, 2017 at approximately 1:28pm (cdt). Renderosity does not store credit card information as a matter of policy so this only affected orders placed during the time-frame detailed above.
Renderosity deeply regrets that this incident occurred. We have implemented additional security measures as a result of this event. Also, we continue to offer an alternative checkout process via the PayPal service that is widely used and highly secure.
For your protection, we recommend that you contact your bank or credit card company and make them aware that your card details may have been compromised.
For further information and assistance, please contact [link removed to avoid deletion of post].
Regards,
Tommy Lemon
VP of Renderosity
Yeah, in the last 6 months, I've had a credit card compromised twice; the most recent being two weeks ago, but I don't believe that Daz was the culprit. Someone used it for a $35 order at Taco Bell. LoL. The previous times they were simply withdrawals in large amounts to people I'd never heard of.
I've pretty much stopped using my debit card locally and started using cash, since I honestly believe the compromising occured at a convenience store, or a possible fast food purchase and not online.
Indeed.