PDA

View Full Version : credit card fraud internet



imagine
24th October 2011, 12:43
i have had transactions on my credit card that are not mine,
i have reported to the bank fraud team and have sent me a new card,

i use my credit card on the internet,

what im not sure of is how this was done,

which is most likely?
compromised on a site i have used the card on?

or ,,,,, i have spyware on my computer,?

i run all virus and security on my computer, but nothing is found that might be the problem,,, though im aware that not all viruses and spyware are definatly found ,

one possibility i thought was could there be something in my browser posing as a genuine active x ?

appreciate any thoughts or advise on this

Steve.r
24th October 2011, 12:45
Good job you found it early, but I know nothing to help you. I am sure someone more tekky can shine some light on it.

imagine
24th October 2011, 12:50
thanks steve, im hoping so :xxgrinning--00xx3:

even though my card is covered for fraud,

it still makes you feel insecure

Bluebirdjones
24th October 2011, 13:29
It's probably not via the internet that you've been compromised.

I'll hazard a guess and suggest your card's been cloned whilst in a restaurant, or while buying petrol.

A few people got done recently in my local ... the barmaid was passing on the dets to her boyfriend

imagine
24th October 2011, 13:30
also could someone tell me if my wirless network properties are correct,,,,
security tab,
security type (no authentification (open)
encryption type (wep)

key index (1)

its the ( no authentification) im not sure of

imagine
24th October 2011, 13:31
It's probably not via the internet that you've been compromised.

I'll hazard a guess and suggest your card's been cloned whilst in a restaurant, or while buying petrol.

A few people got done recently in my local ... the barmaid was passing on the dets to her boyfriend

thanks bluebird
the only other place i have used it which was not on the internet was b&q, and iv never had any previouse problems with using it there

hawk
24th October 2011, 13:49
on sercurity should not say open it should have something saying wpa psk try doing this try access your wifi with a tablet or phone if you connect then its open and you need it secure

imagine
24th October 2011, 14:17
i connect wirless to my router with a second lap top i have,

changing that setting ,,, will it block this?

imagine
24th October 2011, 14:28
on sercurity should not say open it should have something saying wpa psk try doing this try access your wifi with a tablet or phone if you connect then its open and you need it secure

ok i tried some of the other settings but it wipes out my network security key

Englishman2010
24th October 2011, 15:05
Sorry to read about this Imagine. I hope that your bank sort it all out soon.

My banks have set me up with secure verification of passwords and DOB...etc whenever I buy anything on line. Every purchase I make is directed to the verisign website so that I have to input random characters from my passwords, it doesn't make the transaction process much longer, but at least it's another layer of security.

I've read somewhere that you should never use your credit cards over wireless connections, you should always do it while plugged into your modem via a Cat5 cable.

imagine
24th October 2011, 15:23
Sorry to read about this Imagine. I hope that your bank sort it all out soon.

My banks have set me up with secure verification of passwords and DOB...etc whenever I buy anything on line. Every purchase I make is directed to the verisign website so that I have to input random characters from my passwords, it doesn't make the transaction process much longer, but at least it's another layer of security.

I've read somewhere that you should never use your credit cards over wireless connections, you should always do it while plugged into your modem via a Cat5 cable.

thanks englishman,

i have that same verification too, but it doesnt get used on all web sites, i must admit i do feel much happier when it is used.
luckily my credit card is automaticaly covered for fraud, so although i have been billed for the transactions, they will sort it out and make investigations,

yes that might be a good idea not to use the wirless connection when using card over internet,,, by Cat 5 ? for me that would be by ethernet cable lap top straight to modem, then disconnect the wirless connection

tone
24th October 2011, 15:24
As a consultant on data protection whenever you connect to a web server that offers a secure connection (shown by a padlock) you have an encrypted Secure Sockets Layer (SSL) between your web browser and the server, so as long as any financial transactions are done in this context then you should not be open to prying eyes even over an open wireless connection.
Its best practise to use WPA - PSK with TKIP or AES - some routers offer both.
You should not use WEP to be honest and yes if you change security settings you will have to renter the pre shared key (PSK) pre shared meaning your router knows it and when you type that password into the tablet/laptop it then knows it.

WEP is weak and if someone decided to connect to your router and "sniff" the packets they would be able to see the key and log into your network, then they could easily sniff the network traffic and obtain data if the connection between you and the web server was not using SSL as mentioned above.

The two factor authentication that Englishman mentions is something all my cards are registered with "Secured by Visa/Mastercard" and is a good deterrent against fraud.
There are so many ways to steal data now - you should consider buying some internet security packages but new threats come out every day - these new threats are called "zero day attacks" and the AV companies may not have updated their virus/malware database as yet so you do have to be vigilant against accessing bad web sites, of which once the page has loaded it has already infected your computer.

I could go on and on to be honest but I'd suggest you used a few different AV/Malware checking tools and give your laptop a once over. You should always watch for some of the internet "game" sites the free games that people play they are rife with malware!
Also final piece of vital data for you - you have two types of user accounts on your computer - Administrative and "user" when browsing use a "user account" then should some dodgy bit of code want to infect your computer it cant work properly because your account hasnt the administrative rights to edit the system files/registry.
So create two accounts - protect the administrative account with a strong password - car number plates are useful as passwords they are ot in the dictionary (although password hacking is quite easy to be honest) so are often harder to uncover. Try not to use your own now that I have mentioned this so openly!

Hope this helps.

Tone

imagine
24th October 2011, 16:00
thanks tone:xxgrinning--00xx3:

questions,, i dont see wpa-psk,,,,,,, i have wpa-personal and wpa2-personal, 2 others that say enterprise, and 1 more that says 802.1x,
if im correct i assume wpa-personal would be the one to use?
the security password key i have for wep, is the same password i would use for wpa-personal, i do i need to create a new password,
im a bit concerned if dont do it right i will loose connection,

i have i think quite good security, this lap top, mcfee, firewall,site advisor and antivirus,
i also use emsisoft scanner for trojens spyware ect ,it does find anything the antivirus might miss, there are other reliable programs i occasionaly use, such as f secure,
my second lap top i use avast antivirus , and zone alarm, instead of mcfee,

user account,,, administrater, this the account when you have to sign in with a password when booting up ?

another question, if when about to make transaction on a site, and internet explore pops up saying blocked this site from displaying content with security certificate errors, then its not safe to enter payment details , am i right ?

Dedworth
24th October 2011, 16:07
Maybe it's been cloned by "students" from the indian sub continent working the till at your local petrol station.

imagine
24th October 2011, 16:39
Maybe it's been cloned by "students" from the indian sub continent working the till at your local petrol station.

lol, :laugher: no i dont use for petrol,,, usualy only on the net

tone
24th October 2011, 17:16
thanks tone:xxgrinning--00xx3:

questions,, i dont see wpa-psk,,,,,,, i have wpa-personal and wpa2-personal, 2 others that say enterprise, and 1 more that says 802.1x,
if im correct i assume wpa-personal would be the one to use?
YES Mate use WPA Personal - create a new password something you can easily remember - this only affect wireless connections from your laptop to your router - does not affect the routers connection to the exchange. Usually the password is a minimum of 8 characters long. Always good to use numbers and letters try not to use "words" that make sense.


the security password key i have for wep, is the same password i would use for wpa-personal, i do i need to create a new password,
im a bit concerned if dont do it right i will loose connection,

i have i think quite good security, this lap top, mcfee, firewall,site advisor and antivirus,
i also use emsisoft scanner for trojens spyware ect ,it does find anything the antivirus might miss, there are other reliable programs i occasionaly use, such as f secure,
my second lap top i use avast antivirus , and zone alarm, instead of mcfee,
Yeah thats all sounding good mate.
user account,,, administrater, this the account when you have to sign in with a password when booting up ?
Yes - if you go into control panel and then to users you can create a new account - call it "webuse" and make it a "standard user" account and set a password - use that to browse the internet on. There will be an issue when Microsoft updates need access (or other products sometimes) and they will pop up a "elevated privelege box asking for an account that has admin rights. The key here is that only that application asking for elevated rights gets it - not all the other stuff running so its more secure.
another question, if when about to make transaction on a site, and internet explore pops up saying blocked this site from displaying content with security certificate errors, then its not safe to enter payment details , am i right ?
Yes although some companies are damn lazy in getting their SSL certs updated its potentially an issue and if that happens best to call them or send a message saying your browser doesnt recommend you buy! See what response that gives you!!!

If you bank with main high st banks they usually provide a free AV license. I bank with Barclays and get Kapersky, MBNA give Mcafee (as do HSBC) dunno if thats any use but thought I'd mention it.

Good luck!

Tone

somebody
6th November 2011, 22:04
Do you have a RFID CC i think called paypass? Were they for low amounts?

imagine
7th November 2011, 01:23
Do you have a RFID CC i think called paypass? Were they for low amounts?

i just researched what that is, and no dont have that on my visa,
and its rare that i use it anywhere other than over the internet,

imagine
7th November 2011, 01:38
thanks tone as yet i havent implimented all of your advised changes, second user account i have already , i will later impliment the security changes to wirless, iv been pretty tied up with other things lately, i know it wont take long its just getting my finger out lol,

although i scan regular for trojens ect , most recent thing found was an attached pe script which showed up as malware, but this was found well after my card was done,
i still have that feeling theres something in my comp that not being found, things like my hearing the fan seems to come on often even when im not using as if somethings busy ,
so reluctantly im thinking maybe i should re install windows to get a clean wipe,
as yet iv not needed to use my new card over the net,

another security measure i have that bank advises is trusteer which gives more security for log ins and transactions, there may have been one site i forgot to use it on

les_taxi
7th November 2011, 08:11
Same thing happened to me last year a small amount was taken out,then next day larger account.
Something I bought off e-bay i think was the prob but not sure.
Wasen't a problem tho just contacted bank and they refunded within the hour,sent me a new card and no probs since.
I buy all the time on internet and it's not put me off one bit.
The bank will refund you so it's not really a big deal,just part of life in this hi-tech world we live in:)

somebody
9th November 2011, 01:10
thanks tone as yet i havent implimented all of your advised changes, second user account i have already , i will later impliment the security changes to wirless, iv been pretty tied up with other things lately, i know it wont take long its just getting my finger out lol,

although i scan regular for trojens ect , most recent thing found was an attached pe script which showed up as malware, but this was found well after my card was done,
i still have that feeling theres something in my comp that not being found, things like my hearing the fan seems to come on often even when im not using as if somethings busy ,
so reluctantly im thinking maybe i should re install windows to get a clean wipe,
as yet iv not needed to use my new card over the net,

another security measure i have that bank advises is trusteer which gives more security for log ins and transactions, there may have been one site i forgot to use it on

If you really are concerned that something is on your PC which is obtaining your details you simply formatting the HDD in the PC will not be enough. Plus there is a possibility the issue is in your Bios. basically anywhere there is a device which can be written to and data stored even when powered off, Sorry to make you para. Highly unlikely but worth not discounting if you really have a serious issue.



Trojans and malware can only be found once discovered or something similar enough for the AV to say hang on what we have here. Plus Even the best AV can't remove all malware and as you say you need to write completely over and in some very extreme cases where money and confidential data is involved i would advise a totally fresh HDD

Like Tone says never ever use a device day to day in Admin mode just asking for trouble..


The one of the best security polices and I hope Tone will agree with me is not to take short cuts or be lazy.

Often see people running in Admin or disabling on UAC on Vista. Disabling security checks or browsing the Web or using a network with weak security or in Admin account...

So what if you keep getting asked to input your password or have to choose to right click and run in admin if it makes you stop and think what your doing.

Another thing is there someone around you who maybe doing this sometimes easy to blame Technology could be simply a person looking at your credit card?

Many people use a prepaid card on line if it worth considering this for small purchases possibly even large?

What do you use your computer for? If like Tone says Peer to peer, user groups then I would advise you do not use the same PC for Banking or transactions.

Les your right in most cases the bank will refund but i could think of scenario's where if it was buying credits in a game where the device ie your mac address and ip were registered card details given it might become a bit more complicated saying you did not do..

Also the visa check where it asks for a part of password set up by Visa and your bank for approval is not a total failsafe if the website does not use then the money can still be withdrawn on the card..

For example if a malware connects to a gambling or porn site buys credits with your details and shows the device as connected very very hard to say you did not purchase the "credits"


Again possibly far fetch but best to discount I hope you get sorted soon :)

imagine
9th November 2011, 11:47
thanks somebody,,

actualy i think its just made me a little paranoid ,

il take the advised precautions, before i use again and see what happens:xxgrinning--00xx3:

imagine
9th November 2011, 21:58
well iv spent most of the day trying to set up WPA Personal but it gave me nothing but pain, iv tried but i lose my connection, trying different settings and the best i could get was wirless connection , but lost wirless internet to unrecognised network not connected,only connection was by ethernet cable. i wasnt able to figure out why,
so the best i could get was through the cd installer program for tp network adapter router, showing as wap 128 encrytion, with that set i have no problem connecting, though what i find strange is if i look in lap top security settings it shows wep( no authentification,)and security key is different from the settings made in tp-link set up. but works,, i tried matching the settings but wouldnt work, so i give up im now lost,
maybe easier if i use ethernet for transactions,
but i do have the webuse account now with password, though its a pain because all my favourites shortcuts folders ect are not there, i dont know if theres an easy way to import what i need from administrator account to webuse?

now i just hope i havent while playing about altered any other settings that matter,

and i thought it was going to be simple :icon_lol:

somebody
24th December 2011, 23:46
well iv spent most of the day trying to set up WPA Personal but it gave me nothing but pain, iv tried but i lose my connection, trying different settings and the best i could get was wirless connection , but lost wirless internet to unrecognised network not connected,only connection was by ethernet cable. i wasnt able to figure out why,
so the best i could get was through the cd installer program for tp network adapter router, showing as wap 128 encrytion, with that set i have no problem connecting, though what i find strange is if i look in lap top security settings it shows wep( no authentification,)and security key is different from the settings made in tp-link set up. but works,, i tried matching the settings but wouldnt work, so i give up im now lost,
maybe easier if i use ethernet for transactions,
but i do have the webuse account now with password, though its a pain because all my favourites shortcuts folders ect are not there, i dont know if theres an easy way to import what i need from administrator account to webuse?

now i just hope i havent while playing about altered any other settings that matter,

and i thought it was going to be simple :icon_lol:

Sorry not logged in since early November sir so missed your post sir. If in doubt use Ethernet, with out knowing the Router (plus Firmware version of said device) and the congig of your pc etc hard to say about the connecting to wireless. I have seen very cheap devices link up while more expensive wireless devices create massive issues so so hard to say with out a little info.

if you have not discovered a way to do its quite simple to copy your favourites over to your webuse account possible due to the size of the file is to take the favourites folder and zip it then email/copy over to your new account. The folder will be very small.

But hopefully the issue has cleared it self up Sir?:)