Link to the RPG.net thread.
RPGnow recently merged with DriveThruRpg.com, and Adam has recommended RPGnow to me in the past. Luckily for me, I only use Paypal, so I'm not affected. However, if anyone else stored their credit card info on the site, check your spam filters right away.
Full Version: READ THIS NOW IF YOU SHOP RPGnow
http://forum.rpg.net/showpost.php?p=676834...41&postcount=52
That post is probably the most informative of them all.
That post is probably the most informative of them all.
this is why I keep a tiny credit card for online purchaces. 500 doller limit is all I need and I'd rather deal with trying to get that back than my normal credit card.
| QUOTE (imperialus) |
| this is why I keep a tiny credit card for online purchaces. 500 doller limit is all I need and I'd rather deal with trying to get that back than my normal credit card. |
Same here.
| QUOTE (imperialus) |
| this is why I keep a tiny credit card for online purchaces. 500 doller limit is all I need and I'd rather deal with trying to get that back than my normal credit card. |
That's actually a really good idea. I think I'm going to start doing that.
Some companies will actually provide you with one-shot credit card numbers for use online. I think washington mutual does.
| QUOTE (Slump) |
| Some companies will actually provide you with one-shot credit card numbers for use online. I think washington mutual does. |
That's an idea that deserves support.
I could never understand how credit cards are supposed to work, if all you need is the number and the name that are so incredibly easy to obtain, since you have to use them all the time, to cause all kinds of trouble.
Bye
Thanee
Duh, guys, you keep one credstick with just a bit of money and you use that for your main public purchases -- don't get it under your real name.
Get it as a DBA (Doing Business As), or simply use an assumed name, which you can do in many locales as long as you're not doing something illegal (something illegal under an assumed name is a federal identify theft crime - the law may differ in your area, though).
Then you have a real credstick that has more access, but you never use it unless it's an emergency. Don't hook that first credit card up to your phone.
Get it as a DBA (Doing Business As), or simply use an assumed name, which you can do in many locales as long as you're not doing something illegal (something illegal under an assumed name is a federal identify theft crime - the law may differ in your area, though).
Then you have a real credstick that has more access, but you never use it unless it's an emergency. Don't hook that first credit card up to your phone.
| QUOTE (Slump) |
| Some companies will actually provide you with one-shot credit card numbers for use online. I think washington mutual does. |
Bank of America does this as well, since they bought out MBNA's credit card side.
And if your particular credit card company doesn't offer this service, many places that sell gift cards are now offering pre-paid debit cards branded by the major credit card companies.
Thanks for the heads-up, Cain. This would have passed me by if you hadn't posted. Can't remember if I stored any info there or not, but I mailed them anyway. Better safe than sorry.
| QUOTE (Slump) |
| Some companies will actually provide you with one-shot credit card numbers for use online. I think washington mutual does. |
AMEX also has a special raeder that basically craetes a temp acct the same way.
Me, I just use a pre-paid Master card for buying on line.
The easiest protection: Do NOT EVER choose the option to store your CC# on a vendor's site. Those CC#s that were compromised are only from the people that chose that option (as mentioned in the second line of the post Adam linked to). However if you are buying from a dubious vendor, like *cough*pron sites*cough* or a site that (for whatever reason) feels you must keep your CC# on their site then using a limited value/debit card is good backup.
| QUOTE (Thanee) |
| I could never understand how credit cards are supposed to work, if all you need is the number and the name that are so incredibly easy to obtain, since you have to use them all the time, to cause all kinds of trouble. |
Well, as a customer service person for a credit card company, I've got a pretty good idea of how it works for visa and mastercard, at least. Discover, American Express and other smaller cards may work differently in the fine details.
Basically the merchants have to meet minimum standards of how they handle the credit card info, and so do their credit card processing companies.
Long story short, the merchants promise not to defraud the credit card companies, and the credit card companies promise not to screw the merchants. Once the authorization has been granted (i.e. you run your card through the machine and the merchant computers call our computers), the credit card company is then obligated to honor that transaction and pay the merchant. The flip side is that the merchant has to maintain on hand proof that the charge is valid (i.e. the signed slip) and provide a copy of said proof on demand, in less than 30 days (45 for out-of-country merchants).
If they can't provide the proof, the merchant get's "charged back," meaning the credit card gave them money, and now it's taking it back. For non-card transactions (i.e. online), the proof is a little more hinky. Basically the merchant has to have a 'reasonable idea' of who they're dealing with and provide, on demand, applicable personal information about the buy, which is primarily shipping or contact info.
Also, whenever companies find out about breaches, such as what happened to spawn this thread, they usually contact all the affected credit card companies, who fraud departments either shut down the number right away or put blocks on them while they try to contact the customer. In low-risk compromises (don't ask me what that means) they may just put a 'watch' on the card, so the 'out of the ordinary' filters are hypersensitive.
So while credit cards are relativly easy to defraud, in theory, it's not so easy in practice because the merchant has a vested interest in preventing it (because they're the ones who lose, just like if the product had been shoplifted and they had to pay for the paperwork), and the credit card companies have a vested interest in preventing it (because they lose money on investigations, because they have to pay the investigators). Plus, automated fraud detection programs are usually pretty good at catching something out of the ordinary. The company I work for has been known to shut people out if they charge more on a single day than 2x the average for the previous month -- I hate the christmas shopping season, way too many calls to transfer to fraud -- or if they make charges more than about 50 miles from their residence address.
Oh, as an aside and a generally handy tip:
You know the secret number that's on the back of your card in the signature block, the one not encoded on the magnetic strip and not embossed on the front? The one that's used for fraud protection on many transactions these days? (I think it's called the CVV number, but I believe different companies use different terms for it.)
I copied mine down and keep it seperate from my card. Then I stuck a small sticker that reads "Please Check Photo I.D." over the portion of the signature block with the secret number. For one, it lets me know which cashiers are actually paying attention when they compare signatures (not that cashiers ever compare signatures anymore), but more importantly, it keeps the secret number secret, even in situations like at restaurants where the server has to take the card and go somewhere with it.
You know the secret number that's on the back of your card in the signature block, the one not encoded on the magnetic strip and not embossed on the front? The one that's used for fraud protection on many transactions these days? (I think it's called the CVV number, but I believe different companies use different terms for it.)
I copied mine down and keep it seperate from my card. Then I stuck a small sticker that reads "Please Check Photo I.D." over the portion of the signature block with the secret number. For one, it lets me know which cashiers are actually paying attention when they compare signatures (not that cashiers ever compare signatures anymore), but more importantly, it keeps the secret number secret, even in situations like at restaurants where the server has to take the card and go somewhere with it.
It's called the CVV2 (card verification value 2) but more commonly called the SPC (signature panel code)
Those backing are usually pretty slick and things don't stick to them very well. You might want to go all out and scratch it out with a needle or the end of a paperclip, then put a sticker over it to keep the tear from spreading.
Those backing are usually pretty slick and things don't stick to them very well. You might want to go all out and scratch it out with a needle or the end of a paperclip, then put a sticker over it to keep the tear from spreading.
| QUOTE (RunnerPaul) |
| For one, it lets me know which cashiers are actually paying attention when they compare signatures (not that cashiers ever compare signatures anymore)... |
I've found that in the last year or so more and more cashiers do. Or at the very least pretend to as they hold my card until I sign and glance at the signature and the back of the card at the same time.
Also I had an old card near expiry that had the back rubbed to the point you could barely see the signature anymore and I was getting picture ID checks occationally.
This is Alberta, Canada BTW. Perhaps there has been a push by the card companies locally to enforce due diligence and get nasty with stores by erring more on the side of charge backs?
That said there are some gas station chains around here that you "pay at the pump", and one gas station chain where they just run your card through the strip reader and that's it, where it doesn't even require a signature. But those aren't particularly large purchases, the product bought isn't easily returned or resold for profit, and I bet fuel purchases are easy problem domain for the theft detection software to work with.
So, why is this in the SR4 forum and not in the general SR forum?
| QUOTE (RunnerPaul) |
| Oh, as an aside and a generally handy tip: You know the secret number that's on the back of your card in the signature block, the one not encoded on the magnetic strip and not embossed on the front? The one that's used for fraud protection on many transactions these days? (I think it's called the CVV number, but I believe different companies use different terms for it.) I copied mine down and keep it seperate from my card. Then I stuck a small sticker that reads "Please Check Photo I.D." over the portion of the signature block with the secret number. For one, it lets me know which cashiers are actually paying attention when they compare signatures (not that cashiers ever compare signatures anymore), but more importantly, it keeps the secret number secret, even in situations like at restaurants where the server has to take the card and go somewhere with it. |
| QUOTE (Slump) |
| Those backing are usually pretty slick and things don't stick to them very well. |
Been doing this for 4 years on two different cards. Never had a problem. Either I've got awesome stickers, or those signature panels aren't as slick as you make them out to be.
| QUOTE (Brahm) |
| I've found that in the last year or so more and more cashiers do. Or at the very least pretend to as they hold my card until I sign and glance at the signature and the back of the card at the same time. |
So far, my "Check Photo ID" sticker is averaging one request per year's worth of transactions.
| QUOTE (Wounded Ronin @ Jan 7 2007, 06:09 PM) |
| So, why is this in the SR4 forum and not in the general SR forum? |
Because the SR4 forum is where all the cool kids hang out?
A little more seriously, this is the more active forum and as far as I'm concerned for me the general SR forum. Certainly this is ironic given Cain's history of gnashing his teeth at SR4. There are likely lots of people that bought SR4 products at RPGNow. How many people bought SR3 products there in that time period and don't come to the SR4 forum, I'm not going to speculate. But it wouldn't surprise me if it was less.
Should the thread be in the General Gaming forum instead? Yeah, probably. It might get moved. The reason for it getting created here is like the same though. More eyes, because it is about an awareness.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.