Discussion in 'Transformers General Discussion' started by DarthMagnificus, Jan 7, 2010.
Honestly, I'd personally go even one further and just outright report your card as stolen.
over a few bucks? no thanks. I use this same CC (debit card) for about 15 bill type auto-pays....and on a daily basis. besides, I'm "secure" to an extent with protection from my bank. If the card (God forbid) is misused, I'll report the charges and get reimbursed
I've only ordered one thing from them in the past, MP Megatron, when he was released. I just checked and I don't even have an account with them, it was so long ago. I'll keep an eye out on my CC account but I think my card has changed a couple of times since MP Megatron came out.
Hope you all are able to take care of this without too many issues.
Just to be safe, I sent an email to the guys at BBTS as well. Hopefully they'll keep a close watch on their own information.
That few bucks is a probe. If it works, they get bolder. That's how it works.
I guess like anything, it depends on your personal situation. If you have a $5K limit, and someone pops a charge that makes you go over that limit, and then you keep using the card, bad things can happen. A) While it's easy to get the fraud charges taken of, it can be a real bitch to get the subsequent overlimit fees and charges reversed. Sometimes if you go over your limit, finance charge rules can change as well. Even though a theft got you over the limit, it's not the CC companies fault that you don't watch your account closely. B) If you're overlimit, the CC company might start declining your "15 bill type auto-pays", and these 15 companies won't be sympathetic at all when it comes to late fees.
That said, watch your statements closely, and you'll be fine. Just depends how diligent you are.
Guys, c'mon, stop blaming TFSource for this - it wasn't their fault. Security can always be bypassed by some thieving asshat, regardless of how secure a website thinks they are. There is no such thing as 100% protection.
TFSource are good guys and I'm sure they are doing all that they can to get this stopped - assuming they are the target.
I too have to get a new card. Luckily I'll be able to do it during my lunch at the local bank branch - shouldn't be too difficult. I've also removed my card info from Amazon. I never had it with BBTS, I use paypal with them. Damn, that reminds me, I need to remove it from Paypal as well...
I did that too. I hadn't had any charges yet, so I'll keep my eye out just to be sure.
It really sucks because TFSource is always way better customer service in my opinion. And who doesn't love their packaging. Unfortunately, they don't have the security verification thingy that BBTS has.
Still, it's some pretty fucking shit PR for them.
i like them, they provide great service and stuff, but if in the back of my mind is the niggling doubt that i might have my CC details stolen using them i'll probably think twice before ordering, which is a real shame.
It can't be compromised client accounts either because that masks the card number - the backend db itself looks to have been touched up. Plus you can't change the payment details on their system without another valid CC number to go in, which is incredibly annoying.
Look at the top left corner of BBTS. See all that security protection?
Find me that on TFSource. If I got hit with charges, I should feel dumb for leaving my card sitting there 'for convenience'.
I checked my account and no itunes charge or anything that looks out of the ordinary. I used my card for the last 2 months at TFSource, Amazon,Robot Kingdom, BBTS, Toy Arena, Walmart and many others.
...makes it appear they were.
That said, I'm not pissed off at TFSource, since they're almost certainly a victim here too. However, this suggests it's not as safe to do business with them as it is with other online sites. I've been very happy with their service but, until I see evidence that they've upgraded their security, I won't be doing business with them. And, even if they do upgrade, I'll be wary about placing any future orders.
It's a bit of a coincidence that it's happened to 5 or so of us, and that one of those 5 had a unique CC# given only to TFSource.
1 of 3 three things happened:
1) Someone on their staff stole it
2) Someone not on their staff stole it from them
3) Someone stole it from their CC processor
In either case, it's shoddy data protection, and I don't do business with companies that handle sensitive data this way.
So a Verisign icon is what you base website security on (the other products have nothing to do with cc protection)? Do you know what they actually do? They verify your card information against your address/personal info. They also offer Secure Socket Layer certificates. Both are low level security features and many sites use them without putting the verisign symbol on their site (Amazon, Best Buy, Walmart, are all clients - find the Verisign logo on their sites). Of course there are higher level security features that website use but, for obvious reasons, they aren't going to announce them on their site.
You're falling into the "paranoia" trap that media has put on us and jumping to hasty conclusions. In general, card usage on the Internet is very safe, but sometimes things do happen. Nothing is perfect. It's akin to an airline crash. Very rare and all security measures are taken, but they still happen.
Relax, take steps to cancel your card, and don't be so hasty to jump to conclusions - certainly don't blame TFSource. No online security is infallible.
I wanna start by saying i work in the Credit Card industry, so i wanna give you all a few tips here IF YOU HAVE A CHARGE thats not authorized.
1. File a police report. This covers your ass if anything happens down the road. The amount matters none. fraud cases are a tricky thing and the more you cover your ass the better.
2. if you can swing it and you dont already have it, i would invest in a credit monitoring service. preferably one that offers some sort of insurance. keep it for a minimum of 6 months.
3. if you cant do above, in 6 months pull your credit report. Depending on what info was lost, they can do more damage that just make a few charges. If someone gets a hold of your credit card, name, address, etc., they can access your credit bureau and go to town.
99% of credit card companies wont refund the "stolen" amount if its less that $50. These are rules set up by Visa, Mastercard, and Discover. Im not sure about Amex. But if its a trivial amount, your bank may just do it.
Monitor your old account number about 2 weeks after its closed. allot of times a credit card company will say they closed it but not really do it to give you time to change the number with subscription services.
contact all businesses you have that card with and advise them that card is no longer valid. This is just as a convenience.
If the rep at your bank says they will just remove the charge and issue a new card, request to speak to the fraud department. file a fraud case. Thats the only way thieves get caught.
they have an SSL certificate, they use HTTPS. technically that's a secure connection, the problem is elsewhere.
Click it, there is some unverified content. the unencrypted content is likely banners, flash or something like that and nowt to do with your creditcard details -
There would be literally no point whatsoever having an SSL certificate and not using https for your site's CC transactions. doubly so given that is precisely what they'd have bought the SSL cert for in the first place. If there was something seriously wrong with the security on Tfsource firefox would drop a lung as soon as you hit it, rather than just flagging some content as unsigned.
for what it's worth, the https thing basically prevents the internet equivilent of a 'wiretap' from intercepting the client's CC details before they reach the host server. it does this by encrypting traffic between the webserver and the client's browser.
BBTS does exactly the same thing, but use Verisign to provide the cert and they encrypt everything rather than just certain traffic. One SSL cert isn't really better than another, but people so like to see 'names they trust' on sites.
I'd bet irl money that the HTTPs thing is a big fat red herring, and the problem is unauthorised access to their Db. in the unlikely event that the database stores CC details in plaintext then we're all fucked along with the silly sod who wrote the ecommerce app, but even if they hashed the values it's not entirely foolproof - you just work it the opposite way to how you'd think - resolving generated CC numbers to hashes until you hit a match. But that's slow, processor intensive and would only mean some are compromised.
all in all, just keep an eye on your statements. phone your bank if you're concerned. we already know they're using itunes to test the cards so that's a head start and knowing is half the.. no, wait. wrong one.
yep, you're right. I learned a while back it's not safe to enter any payment info on site with this icon though.
Good idea, just did that. I called my CC company and no recent little transactions (since I just created an account with TFSource 2 days ago). However I'll still monitor it.
I really don't want to cancel my credit card though, had this # since 1996! Oh memories, I know this thing by heart. Ordering pizza during my school days, Xmas gifts on Amazon, and of course the many TF purchases...[cue montage featuring Lionel Richie's "Hello"]
Crap, well my credit card can take a long time before it shows you what you bought so I won't know.
Separate names with a comma.