I'm Skint

caleebra · Post by **caleebra** » Tue Oct 09, 2007 12:23 pm

My girlfriend recently had all sorts of bizarre unauthorised activity on her Paypal account, some dude in China or something ordering online gaming sh*t.

Not too long ago I had 12 x transactions for £100 exactly for iTunes on my credit card - a card I have never registered with iTunes.

Run Zone Alarm Personal, AVG and a hardware firewall at home

Post by **campbell** » Tue Oct 09, 2007 12:37 pm

There was a big scam running at a BP station in Edin a year or so back...Bruntsfield area I think...with a skimmer on the card terminal, installed by a rogue employee IIRC. A few people got hit, and I think one or two were actually on here?

robin · Post by **robin** » Tue Oct 09, 2007 12:45 pm

{cracked record mode on}
Don't use windows operating systems to do any online transactions
{cracked record mode off}

Seriously - if it transpires that your machine compromised your security details to a fraudster guess who is going to be liable for all damages:

(1) you
(2) the bank
(3) microsoft

I think you know the answer ...

As a second level of protection I am beginning to think that only use for debit cards online is via google checkout/paypal, because you can trust them to return funds if they make a mistake/you are ripped off. For everything else, there is mastercard. I *think* that if you get stung online with a credit card then you are more likely to be able to walk away from it just by denying that you were using the card, refute the entries on your bill and don't pay for them. In the debit card scenario you end up having to wait for money to be refunded which for some banks might take a long time.

Cheers,
Robin

Post by **campbell** » Tue Oct 09, 2007 12:51 pm

robin wrote:{cracked record mode on}
Don't use windows operating systems to do any online transactions
{cracked record mode off}

Seriously - if it transpires that your machine compromised your security details to a fraudster guess who is going to be liable for all damages:

(1) you
(2) the bank
(3) microsoft

I think you know the answer ...

As a second level of protection I am beginning to think that only use for debit cards online is via google checkout/paypal, because you can trust them to return funds if they make a mistake/you are ripped off. For everything else, there is mastercard. I *think* that if you get stung online with a credit card then you are more likely to be able to walk away from it just by denying that you were using the card, refute the entries on your bill and don't pay for them. In the debit card scenario you end up having to wait for money to be refunded which for some banks might take a long time.

Cheers,
Robin

[ignoramus mode on]

What is it about Windows, rather than the MS IE browser, that makes it vulnerable in an online transaction then? If the traffic is encrypted via an HTTPS connection from your browser, what else might be going awry?

[ignoramus mode off]

As it happens, I have always made it a rule never to use debit cards for online stuff, for exactly those reasons.

steve_weegie · Post by **steve_weegie** » Tue Oct 09, 2007 1:05 pm

robin wrote:{cracked record mode on}
Don't use windows operating systems to do any online transactions
{cracked record mode off}

Definatly.... In terms of online security, linux is king....

campbell wrote: [ignoramus mode on]

What is it about Windows, rather than the MS IE browser, that makes it vulnerable in an online transaction then? If the traffic is encrypted via an HTTPS connection from your browser, what else might be going awry?

[ignoramus mode off]

It's the long list of security problems in the underlying operating system that is the problem here - even if you switch to another browser like firefox, windows libraries are still used to perform a number of functions. Take this for example: you look at a picture on the web in firefox, firefox uses a windows library to display the picture on screen. Windows library has a security bug that displays the picture on screen, but also runs the code that mr hacker has hidden IN THE PICTURE! Thats right, just by looking at a picture that someone sent you can infect your computer with a keylogger, or other malicious code.... As soon as the code is on your PC, it will talk "back to base" via a standard HTTP or HTTPS session that you wont even know is there - and your firewall will allow out because it just looks like normal web traffic

The only way to stay ahead of the game is to constantly keep your PC updated, and thats for ALL apps and antivirus.... Infected PDF files were doing the rounds recently that did somthing similar.... Very nasty.....

If you want to be really safe, you can get things called "Virtual Machines" that are kind of like a PC within a PC... I run one of these for doing some online tasks, and you can get a linux one FREE OF CHARGE from vmware.... Piece of cake to setup and use too...

Cheers,

Steve

fd · Post by fd » Tue Oct 09, 2007 1:18 pm

What do you do with the transaction reciepts when you walk out of the shop ?

Depending on the vintage of the POS hardware the reciept may contain enough information to allow fraud . . . so always destroy your reciepts properly . . . I'd expect anything running chip and dip would be OK but it's good practice anyway . . .

I have recently seen card reciepts myself that do not have all the relevant data *'d out . . .

Also if you go into a shop and they do not take chip and dip (or bypass it) you need to be asking why . . .

Fd

Post by **campbell** » Tue Oct 09, 2007 1:22 pm

thanks fellas

am pretty diligent re: destruction of c-card receipts once the bill's been checked and paid each month, but a very good reminder nonetheless

alicrozier · Post by **alicrozier** » Tue Oct 09, 2007 1:39 pm

I submit all mine as expenses.

Post by **campbell** » Tue Oct 09, 2007 1:40 pm

alicrozier wrote:I submit all mine as expenses.

the accountants will be chuffed about that then...CC receipts don't count for VAT reclamation

but I admire the spirit of your actions!!!

alicrozier · Post by **alicrozier** » Tue Oct 09, 2007 1:48 pm

Don't ask about VAT in Nigeria.

I submit my UK expenses here which makes thing interesting...
CC receipts are fine.

Post by **campbell** » Tue Oct 09, 2007 1:51 pm

LOL.

Kinda knew you would say something like that!

Blaque · Post by **Blaque** » Tue Oct 09, 2007 1:57 pm

Talked to the banks fraud dept at lunch time.

Should get new card tomorrow, and funds will be back in friday/monday

Talked about what I should be doing to ensure that it doesn't happen again. Came away with the impression that there is absolutely nothing you can do to stop this happening. It's as likely to happen in a shop as it is to happen online, but did mention that garages are the main culprit.

The fraudsters favorite places to spend, Easyjet and Lastminute.com

BiggestNizzy · Post by **BiggestNizzy** » Tue Oct 09, 2007 2:28 pm

it can't be that difficult to catch these ppl they have to check in with passports and stuff, airports are supposed to be uber secure after all.

Andy G · Post by **Andy G** » Tue Oct 09, 2007 3:12 pm

Lastminute.com are a nightmare.

We used to supply them MP3 players - the level of fraud they experienced stopped them selling them in the end and cost us our largest customer

If the police took online fraud vaguely seriously and there were punishments that actually were a deterent then things might be different.

If buying online - 2 things.

Use a credit card
Never give out a pin

My business card got done last month - but the bank caught it within an hour! f***ers - wheres the death penalty when you need it

gorrie · Post by **gorrie** » Tue Oct 09, 2007 3:37 pm

Blaque wrote:It's as likely to happen in a shop as it is to happen online, but did mention that garages are the main culprit.

Most of my fill-ups are via fuel card thankfully... but I'm not sure how long I'll get away with that for the 'Liz, as I was really meant to have destroyed that card back in May