Credit card security
This discussion has been closed.
Daz 3D is part of 
Connect
DAZ Productions, Inc.
224 S 200 W, Suite #250
Salt Lake City, UT 84101
Licensing Agreement | Terms of Service | Privacy Policy | EULA
© 2024 Daz Productions Inc. All Rights Reserved.
Comments
I am now using a password manager, so I have extremly complicated passwords for every site. I hope this will make a difference. I looked my email adress up in the link that ChangelingChick linked to, and it was comprimissed, so I changed the password.
The passwords I store in the password mangager are protected by a masterpassword and I choose a strong one, now I just need a good hiding place for the masterpassword
I stopped shopping at the above noted site after a similar and far reaching episode in early 2015 that affected a massive group of customers. Thankfully my bank was on the ball and blocked the purchases - promises were made to upgrade servers and security measures then but I wasn't about to chance shopping there after that - never mind what Studio Art Vartarian put out product wise.
I think it's bit sad that people in general tend to blame the sites for being insecure (and punishing them by not buying there anymore), rather than blaming the hackers for what they're doing. IMO it's sort of like the police blaming people for being robbed because they don't carry guns to protect themselves. Or blaming a woman for being raped because she dresses in a certain way.
Last week my bank called me to tell me they blocked my credit card after buying something from renderosity.They told me that i payed in a non safe environment so they blocked it just in case to be sure hackers couldn't use my credit card information.Perhaps that's the reason your creditcard info has leaked? Make sure it's secure when you are about to make a payment with your creditcard.
That is awesome they gave you the curtsy of informing you before your card was breached . I usually only get informed after my card has been compromised.
The only reason I stopped buying products at renderosity is because they are located in Nashville Tennessee and I live in NE Tennessee so they apply a 9% sales tax to everything i purchase on their site. so that is almost .10 cents on every dollar spent which adds up fast, totally ridiculous paying for sales tax on 3d items. . so that is the only reason I stopped shopping there, So unless rendo has a 20% off coupon which is almost never or the vender works a discount with me to compensate for the 9% tax. then I pass rendo over.
Oh speaking of Chip and Pin, my brother -- who lives in the US -- has a credit card that is Chip and Sign. I was kind of shocked that this was actually a thing...
@Ivy No, my dear Ivy, I received this email three weeks AFTER someone had bought $65 worth of Domino's Pizza in Brooklyn (I live in California). I caught the expenditure three hours after it had been made (on a Friday evening), notified my bank, which immediately canceled my card and sent me a new one overnight. I shall use PayPal henceforth @ Rendo.
As a Prime member (@ $30 or less annually), I have received MONTHLY 20% off coupons for the last 4-5 months; so, that may be another option for you.
Personally, I don't see it that way, I trust that when I'm using an online merchant service that they have the proper protocols in place to prevent credit card theft from happening - that particular card was only used at that site and one other which I've never had any issues with - and the site notified me with an email and a posting to their board more than 2 weeks after my information was compromised. It's more of a case of once bitten, twice shy . . .
3 weeks later afgter the hack, That sounds like what happens to me.lol I was a prime member at rendo for a long time, just like I was a was a pc member here at daz. But since genesis3 came out and its been so hard for me to work with in animation, I have lost interest in investing in it. So I dropped my memberships . because that is all that is offered anymore is G3 items and its not worth paying for a membership on something I'm not using much to get any benefit from. maybe its the powers that be telling me that I have to much crap..lol
I will say though most of the rendo venders are pretty good about having sales if you ask them or explain the situation to them and some venders have private sites and offer promo deals on other content. I wrote and asked rendo & told them about my predicament of the (% sales tax on 3d items) to see if they had a discount program for Same state customers. some sites do that. But said they don't so that is why I stopped shopping there. paying a extra dollar on a $10 items may not seem like much . but when you buy a $100 worth of content thats $10 I could use on more 3d items. like I said maybe its the Gods telling me that I have to much crap..lol
I've installed Ubuntu alongside Windows, and use Ubuntu for all my browsing and card payments. It's a far more secure operating system, and with such a comparitively small user base there is little incentive for anyone to write any malware for it. The great thing about it is that it can also run off a flash drive, so every time you need to do a payment, you can just plug it in, restart your computer and you're set.
The problem with using Linux is that while the consumer OS may be the least used OS, the internet (and its servers) run on Linux. So yes there hackers everywhere writing hacks for Linux, so using that isn't really effective either. It's a constant hoop-jumping enterprise to keep ahead of these people, and everytime a new way of avoiding them comes around, they crack that too. It's a sign of the times we live in.
Laurie
Interesting thread as my CC was blocked for suspect fraud yesterday. Called the company and they mentioned potential suspicious activity from a place i purchased from. I only use it for Daz so wondered if they have had any security issues. Nothing taken so far though
If you only use it for DAZ, you've established a pattern. When a charge came through for elsewhere, (based on what you said, it sounds like the charge was not with DAZ,) it broke your pattern and the program flagged that charge as suspicious. At least, that's how I think it works. Same thing happened to me last time, where they declined every charge that wasn't from a place I'd previously used the card at, and they called me the following day, (Monday am... not the kind of wake up call anyone likes to get!)
I'd agree.
But if you local bank didn't bother with locks on it, who would be responsible?
Naturally, those committing the crime, but the bank would be censured for not taking adequate precautions.
What applies to individuals, doesn't always apply to businesses. They have a responsibility to take reasonable precautions to protect others data/cash/whatever.
Ubuntu isn't the best choice security wise, you would be better with Debian.
Some cards have a shop safe feature. It's probably called something different depending on who offers the card. Bank Of America calls their's ShopSafe. You log into your account and click on the link. After you verify, you can create a temporary number. There are two kinds: one for a repeating charge and one for a single purchase. You get to set the max amount that can be spent and the expiration. Only issue that I know of is when you place an order and they backorder some of your items. They will probably be declined when the items become available and you'll have to give them another number. Also the temporary number is only good at the first place you use it at. So if you order $80 and they only ship $20, somebody can't use the "virtual" number at another store and spend the $60 remaining.
If your card is a Visa, it could be a victim of a Brute Force attack. I guess (unless they have changed it by now) that Visa doesn't check for multiple failed uses against multiple sites, so somebody can use some program to a lot of sites at once and get your information piece by piece. For example the number on the back of your card can be one of three hundred numbers so that they try your card at 300 sites at once and find the one that works. Apparantly they can get all the information in seconds. You can read about it on the web. Just search for Credit card Brute Force attack.
I know my card was compromised a couple of months ago. Somebody made about 7 charges within seconds of each other at mutliple sites. Fortunately they were all declined. I am signed up for alerts and I got a bunch of beeps all in a row. I was driving down the freeway at the time and I couldn't check the phone. At first I thought it was some alarm system going off or the phone was warning me that the battery was low. I wonder if it wasn't this brute force attack. And then I saw when I arrived at my destination that I had multiple charges to my account.
I have a Visa card issued by a local credit union. They are very proactive on potential fraudulent charges; they caught two some years ago (over a year apart), notified me by phone, and had a replacement card to me in three or four days. The card has a $4,500 limit - and, unlike other cards I've held, they do NOT automatically raise the credit limit. Instead, they mail out a form, indicating I qualify for a highr limit and, if interested, please fill out the application form . . .
This is my go-to card for all on-line purchases and all travel expenses when I'm on the road (and I need to notify them before hand about the travel if out of state).
Be aware that when you click the button to redeem your GC, apparently nothing happens, not even a status popup. We've complained about it, but nothing's been done yet. To confirm that it worked properly, go to your Account page and click on the Store Credit button at the top.
Thanks for the heads up.
I've had a card compromised too recently, one that I'd only used at Rendo and a couple of times at one other place, and that was right at the time of the first incident at Rendo so it probably happened there. I don't care too much, I'm still shopping there as I used to. Same with HiveWire3D, I don't mind shopping there either despite they were hacked too at some point.
I don't think any site is 100% secure today, so if you want 100% security you can't shop anywhere. Even the big banks with their very high level of security are being hacked sometimes. Maybe some day in the future we'll have 100% security but I think it's going to take a while before we get there, if we ever do. Besides:
"Credit card payments processed by Visa, MasterCard, American Express and Discover are subject to a “zero liability” policy—a guarantee that you will not be held responsible for any fraudulent charges."
http://www.consumer-action.org/english/articles/questions_and_answers_about_credit_card_fraud/
So except for the trouble of having issued a new card, I don't see it as a big problem. Personally I have 4 different cards - if one, or even two at the same time, are blocked, I can always use the others until the card(s) are renewed, and the credit card company covers all the expenses for renewal.
You made me look! lol...
Then I did a bit more research, because I use a Visa debit card, and found this directly from Visa:
"Visa's Zero Liability* Policy is our guarantee that you won't be held responsible for unauthorized charges made with your account or account information. You're protected if your Visa credit or debit card is lost, stolen or fraudulently used, online or offline."
https://www.visa.com/chip/personal/security/zero-liability.jsp
I also found a similar statement regarding Mastercard debit cards:
https://www.mastercard.us/en-us/about-mastercard/what-we-do/terms-of-use/zero-liability-terms-conditions.html
Though you have to go into the html to find debit cards specified...
Yes, but what is reasonable? A big wealthy company have more resources available to deal with security than a small content site. How much can you demand?
I think the responsibility for credit card security should rest on the shoulders of the credit card companies. If they allow a site to use their services, they should also ensure that the site has the necessary security measures in place to protect the transactions and card data to a reasonable degree. Apparently they're not doing a good enough job here.
Yea, it's not such a big deal to have your card compromised, has happened to me several times. Under normal circumstances you lose nothing.
Yesterday my credit card was compromised. The only place I used it was at Daz. I made the purchase with an iPhone using Safari.
You used a smart phone, and trusted it with your details?
well...
Which is why I italicised reasonable; I agree the risk is shared, and indeed the banks (etc) can refuse to reimburse you if they can prove that the individual was not taking adequate care.
I could see a post of 'I use the same password for every site' being used as an example of said lack of care. Not only does the person do such a thing, but they share it with everyone.
Intersting to see that's not only me. First time was Dec 2016, too and now 2 days ago.
I use PayPal for my online purchases, and have had no problems BUT.... I have received official looking PayPal emails saying my account needs something attending to, with a button to click and sign in. Thankfully there were enough signs to show these were not ligitimate emails from PayPal, and turned out to be fraudulent. So if using PayPal, still be very aware. PayPal will only contact you using your real name. Anything else, like.... dear customer, or your email address should always be viewed as suspicious.
Yes, that's a very bad idea, personally I've always used different passwords (long and only random chars) everywhere, and usually also different user names, if possible. If I'm allowed to, that is - some sites still don't accept passwords over e.g. 15 chars and/or no special characters which is unacceptable these days, security wise. And everything is stored encrypted in a very secure password manager.
My password manager (I used one called KeePass and I really highly recommend it) lets me use a crazy long main password so I set it to a couple lines from my favorite poem - easy to remember and no one is ever going to guess it since the last time I talked about poetry with anyone was 20+ years ago in college.
But that makes it open to dictionary attacks; a very effective way of cracking accounts.
... And that is two or three useful pieces of information; one you went to college, 20 years ago, and poetry played a part. Do you have a Facebook account? (Don't answer that question.)
And again, I don't discuss what if any managers I use; if a vulnerability is discovered in a piece of software (really does that happen?
), 'they' (whoever they are) don't have a head start.
I started typing earlier to offer a suggestion (like the poster I've quoted here), and changed my mind and deleted what I'd typed and wrote something else instead. Am I paranoid? Yes.
Am I too paranoid? I don't believe so; I believe the majority of people are a long way from being paranoid enough. But that is good for me, it means it is easier to not be a 'low hanging fruit'.