24 replies to this topic

[PhenixFire]

Today I made my normal purchase at the gas station I always go to in the morning with my debit card, and went on about my business. Later for lunch I went to use my card and it was declined, so I checked my bank to find out why. It seems my card numbers were jacked and someone charged over $500 on xbox live. I only use my card on warpportal.com and since it was xbox live, I figured gamer here gamer there it might make sense.

THIS IS NOT SAYING THAT WARP PORTAL IS COMPROMISED OR THEIR SECURITY IS WEAK. I REPEAT
THIS IS NOT SAYING THAT WARP PORTAL IS COMPROMISE OR THEIR SECURITY IS WEAK. I'm just saying as a heads up, check your bank statements and transactions just in case something has happened.

[Nitro]

Shouldn't your bank be giving you a call since you never used XBL before?

[HEALTEE]

making me wonder does that have to do recent forum attack

[soudou]

Personally I think its easier to steal card numbers in physical locations like shops and stores etc. Temp clerks using fake swipers etc. If you use your card alot to buy stuff in stores like gas stations or to get food it may be another place of risk (as well as WP and anywhere else). Not saying it was those places, it could of been WP, but just a heads up.

[PhenixFire]

My bank canceled the card after they charges came up, so they were on top of it. I am pretty responsible with my card, it technically never leaves my sight, only when i'm sleeping. I don't own an Xbox, I've actually only played it once in my life.

I'm not familiar with the process, but if it's anything like playstation you need pretty much all the information on the physical card and I believe the address, which would lead me to believe somewhere I put my address in is the culprit.

[Heimdallr]

Certainly that is alarming and you are doing the right thing with communicating with your bank.

There is no way to get payment information from our servers. We keep NOTHING except a transaction identifier, not your CC info. We couldn't repeat a transaction for you, or steal your info if we or someone else wanted to.

That being said, the chargeback scenarios that have started to happen in the past few years is sickening. Every business, especially online, has to spend alot of money to keep chargeback % low, and make changes to service that make commiting chargeback (even successfully) less profitable. Wonder why item mall items are account bound, wonder why we don't allow people to freely make payments for friends; blame chargeback. Even a 5% chargeback percent can cripple a business due to fees and actual revenue loss; not to mention potential sale loss on in-game items.

Usually when we are contacted by credit institutes we see other online charges on the stolen credit cards. I don't know how "they" get numbers but the obviously have enough of them to fall back on to be able to do mega fraud (gold sellers) as the charges will be for itunes, us, other MMOs, tons of virtual goods that are exceptionally hard to "recover" for the company they were purchased from.

What you should do Phenixfire at this point is make sure you have contacted our payment department and make sure they know about your warpPortal account and its possible chargeback that is going to be incoming so we can alleviate any trouble game side and help you with your investigation. Make a ticket and select payment related.

[Heimdallr]

Followup: If you are doing business with a legitimate website, you are likely safer buying online due to the encryption and the extremely high level of security you MUST have to be allowed to do processing of information. Some websites want to store payment info to make the return customer's life easier, by regulation to store data like that requires whole new levels of security in place that are very expensive and constantly are reviewed and tested, think Amazon, paypal, newegg.

We purposely do not store such data as we do not want that level of liability, though we still more than meet regulations on how our payment processing works. For a brick and mortar your card numbers and name is all on the card and usually handled by a cashier, who sometimes has no more qualifications for security than their 5 minute instruction on how to use the telephone system for making payments. Some brick and mortar stores have opted to not let their cashiers touch the card just because of that fear, so customer swipes it themselves now.

Watch your bank accounts to see if 'surprises' show up there, if you don't use iTunes but $500 shows up suddenly you probably have a problem.

[Kinnay]

It's super easy to have your information stolen.

My grandmother had someone charge $2000 on her card for Verizon (her number was stolen from a reputable site). Then my old boss at work had her card taken right from her purse for a total of $1000 at target. My great aunt had a nurse take her card while she was in the hospital, also, to the tune of another $2000.

Some of this you can't stop... But still... THIS is why I support carding people.

If you work somewhere where you ring people out PLEASE check ID. At the very least do it if the transaction is over $100. I THANK people when they ask for mine. What's the worst that could happen?

Edited by Kinnay, 05 April 2011 - 03:50 PM.

[Tigra]

My great aunt had a nurse take her card while she was in the hospital, also, to the tune of another $2000.

That's pretty messed up. Getting it off a website I can understand, but seriously, a nurse?

[r0n1n]

PhenixFire, I would look at paypal as they are the payment processor and not gravity. If the only place you used it was warpportal, I would consider doing a full security scan on your computer to make sure you dont have a virus or rootkit on your computer..

Edited by r0n1n, 05 April 2011 - 04:49 PM.

[ensignfluke]

That's pretty messed up. Getting it off a website I can understand, but seriously, a nurse?

I've seen worse. One of the sheriffs or EMTs here stole the money from my brother's wallet after he had a fatal car accident. The world is full of scum unfortunately.

Edited by ensignfluke, 05 April 2011 - 05:08 PM.

[PhenixFire]

Yeah, the rootkit thing might be an issue, although i've never had it before, and i've used the same 4 virus protections since forever. I learned from my buddy that they need all the information on my physical card, and my address and what not to sign up a card on Xbox live, so i'm assuming it's either

A) Legit identity theft
Rootkit/keylogger and when I put my information in here, it was taken making it not a fault of gravity/paypal/warpportal.

Heim, I just submit a ticket and let them know something might happen? I don't think they are going to do anything with past transactions between warp portal, but I guess as a pre-caution you're saying?

[Tigra]

One of the sheriffs

doesn't surprise me at all.

[Mwrip]

I've actually read that the most common place to have a CC number stolen is one that you wouldn't immediately think of, but makes perfect sense - a restaurant. Since the card machine is in the back, whoever takes your card has plenty of time to copy down the info without anyone witnessing it.

Online theft does occur, but it's usually the result of phishing scams, not stolen databases... because most sites don't store your info in the first place.

[brokenguy]

Yeah, the rootkit thing might be an issue, although i've never had it before, and i've used the same 4 virus protections since forever. I learned from my buddy that they need all the information on my physical card, and my address and what not to sign up a card on Xbox live, so i'm assuming it's either

A) Legit identity theft
Rootkit/keylogger and when I put my information in here, it was taken making it not a fault of gravity/paypal/warpportal.

Heim, I just submit a ticket and let them know something might happen? I don't think they are going to do anything with past transactions between warp portal, but I guess as a pre-caution you're saying?

They'll ask you which charges or transaction is not yours and they'll charge back those transaction.

[Hacks]

some card processors have agreements with retailers prohibiting asking for ID when making card purchases. i worked for such a retailer at one point in my life and my average transactions were in the $2500 range. i knew of the processor agreement and asked for ID anyway, took a little heat for it and was eventually fired for there being "dust in my dept", which by the way was on a sign suspended 16 feet overhead, bull-_- reason to fire somebody. anyway long story short, as a result of my asking for ID, i pissed of a good 8 or so customers, told a drunk guy to GTFO, and caught almost 3 dozen people with fake IDs and stolen cards/checks in the span of 2 years. i cant even begin to count the number of people that thanked me for asking, had to be atleast 80 or so.

[Markus]

some card processors have agreements with retailers prohibiting asking for ID when making card purchases. i worked for such a retailer at one point in my life and my average transactions were in the $2500 range. i knew of the processor agreement and asked for ID anyway, took a little heat for it and was eventually fired for there being "dust in my dept", which by the way was on a sign suspended 16 feet overhead, bull-_- reason to fire somebody. anyway long story short, as a result of my asking for ID, i pissed of a good 8 or so customers, told a drunk guy to GTFO, and caught almost 3 dozen people with fake IDs and stolen cards/checks in the span of 2 years. i cant even begin to count the number of people that thanked me for asking, had to be atleast 80 or so.

At some restaurants I've worked at it is considered harassment to ask the customer to see their ID, and you would be fired fairly quickly for it. That being said, and to go with what you said, on about 1/10th of the cards I'd see the names didn't match the gender of the customer.

[valarauko]

Yeah, the rootkit thing might be an issue, although i've never had it before, and i've used the same 4 virus protections since forever. I learned from my buddy that they need all the information on my physical card, and my address and what not to sign up a card on Xbox live, so i'm assuming it's either

A) Legit identity theft
Rootkit/keylogger and when I put my information in here, it was taken making it not a fault of gravity/paypal/warpportal.

Heim, I just submit a ticket and let them know something might happen? I don't think they are going to do anything with past transactions between warp portal, but I guess as a pre-caution you're saying?

That there is your problem. Having more than one active anti-virus program running on your computer can cause conflicts and stuff always gets by. Friends don't let friends use Norton, McAfee, Bit-Defender, AVG, Avast, or Trend Micro. Pretty much saw about 12 computers a day with multiple viruses, root-kits, etc and they easily pushed through the av software I just mentioned. I use Avira. It seems to work the best so far and doesn't take up much for resources. That's the active anti-virus software that works for me and I don't see many computers return after that's been installed. But you can't just rely on an anti-virus program. Gotta keep your OS up to date. But to detect and see if you've been compromised you should run and install the following free applications. Spybot-Search and Destroy, Malwarebytes, Hitman Pro, and just in case, run Combo-Fix. Most of the above you can find on download.com but for combo-fix, when you google it, click on the "Bleeping-Computer" link. It'll direct you to a guide where it shows you how to properly run combo-fix.

Also, run all the apps I mentioned while running in Safe Mode.

It's funny when someone thinks they're totally protected when they have more than one active anti-virus application on their systems. It's like they're shooting themselves in the foot. So, to be clear, Spybot, Malwarebytes, Hitman Pro (just the scanner, don't install the full program), and Combofix are not active anti-virus/spyware scanners. They don't always run while your system is on. They don't have any hidden processes, etc. Avira is an active anti-virus software.

Oh yeah, and remove your old AV software before installing any new ones.

[Rutana]

I don't know if this applys to US too, but here in germany, it's unfortunally common to steal your ec card data at ec cashpoints, gas stations, etc.
They hide a second card reader on top of the usually one, mostly not able to see at all. A cam is hided somewhere to read the pincode when you're tipping it in, or even a fake keybord over the originally one.
You pay with your ec card and all seems normal. Than, week's later, they remove the stuff and read the data out.
I guess this can be easily copied to steal credit card data, too, and because you're not in need of a signature when it comes to online payment, that's no burden as well.

[soudou]

That was shown on The Real Hustle too Rutana. But I'm not sure if I hear of it much happening in UK. I suppose it does but too small-fry for the big news stations. There was also a episode where they showed if a ATM has kept default factory settings how easy it is to hack it and steal hundreds of pounds (and unless they catch the thief the store owner with the ATM on their property is held accountable).

I agree about the 4 anti-virus thing. You only really need 1 good one, the others may just conflict with the first. Its better to use a range of security software that does different things. Anti-virus only is not always enough. I use anti-virus (Avira), anti-spyware (SUPERAntiSpyware) and Online Armor (firewall and program guard, basically the program guard monitors if anything starts without being manually executed by me).

Edited by soudou, 06 April 2011 - 03:08 AM.

[Cubical]

op using a bank card at a gas station versus a website are 2 totally different things. What probably happened was that who ever swiped your card their swiper must of been compromised. This happened to a friend of mine in dallas who used his bank card to pay for gas and had over $2,000 stolen in 2 hours.

I would call that gas station and let them know what happened then lock your bank account and go to your bank to fill out information claiming it wasnt you

Also the only real sure fire way to get your bank stuff stolen from a website is if the website in question has a weak security or you have some kind of trojan that looks at your bank numbers. Personally whenever i buy stuff from warp portal i always clear out my browsing history before closing firefox

Edited by Cubical, 06 April 2011 - 07:59 AM.

[Wizard]

lol... so you guys never use protection system in your cards at all?

I usually don't use cash... so I always use my credit/debit cards and I've never had a problem like that...

For my regular cards, I have set up that I can't use more than 500 dollars unless I authorize it... meaning if I wanna buy something more than that, my bank call me to verify it is me who's buying it before releasing the funds... and that works with my spending limit per day... plus everytime I spend more than 200 dollars, I got a txt msg and email per transaction so I can keep up with my expenses... that's nothing out of this world...

For my american express cards, I never had a problem either... heck... even if I go to a restaurant and I order food... after paying with it, I can call the bank and tell them not to charge the money on my card and they won't do it... they quickly charge back to the store or restaurant...

Nowdays banks themselves offer several ways to protection... just take your time and read or learn about them =S

For people who got money stole... it is rather easy to get it back just calling the bank and explaining the situation... they usually just change ur card number or close your account and open a new one for you and put all the money u lost in it...

[Markus]

I don't know if this applys to US too, but here in germany, it's unfortunally common to steal your ec card data at ec cashpoints, gas stations, etc.
They hide a second card reader on top of the usually one, mostly not able to see at all. A cam is hided somewhere to read the pincode when you're tipping it in, or even a fake keybord over the originally one.
You pay with your ec card and all seems normal. Than, week's later, they remove the stuff and read the data out.
I guess this can be easily copied to steal credit card data, too, and because you're not in need of a signature when it comes to online payment, that's no burden as well.

This is why I always wiggle the card reader when I go to use one. You can tell the difference between one with a skimmer on it and one with out. Skimming was 'popular' here for a while, but I haven't seen anything about it in years. The gas stations still keep an eye out for suspicious activity near the pumps and in the parking lots.

[Kinnay]

@Wizard - My bank does that and I love it! Pretty cool knowing if my card is stolen they're pre-emptive. I get a cell phone call for $150+ out of state purchases then have to authorize anything over $1000+.

Most credit cards don't have that kind of protection with them, which is retarded... More of a "Rack it up, please! We make interest off you!"

Edit: I forgot about this! My mother got a funny call from India saying "Your computer has virus! Very bad! Please go to computer and put your Credit Card info on website, and we will fix it no charge you!" Imagine how many old people might fall for that...

Edited by Kinnay, 06 April 2011 - 01:44 PM.

[KingOfBabylon]

Scumbags snatchin' errybody out hea. Hide ha cards, hide ya 'counts, and hide ya emails.

Edited by KingOfBabylon, 06 April 2011 - 02:33 PM.