I have been visa card frauded.

[DiapermanAl]

Hello i was checking my bank account and saw 95.04 dollar charge. Found out it was from sears.com. Some one ordered a book economics of health care. Sears is refunding my money. The lady i spoke to thinks it came from a card reader at a gas pump. My bank said maybe an internet interception. So no more pay and pump for me. Im wondering if a site don't accept paypal if calling them and ordering will help protect me?

[Creepymouse]

The chances are you were among the customers whose data was stolen at some point in the recent past. It is very rare for criminals to directly intercept cards between you and webpages, but you should always make sure that any internet storefront uses HTTPS for card entries.

[DailyDi]

Step-dad had that happen from a gas pump reader. Card acted weird, had to swipe 4 times... someone was skimming data as they (gas station) send it via satellite internet. Within hours the card was being used in another country.

[Dill_Pickle]

krebsonsecurity sez it's just an extra reader on the front of the real reader....and a wifi transmitter....on front of ATMs or gas pumps.

[DiapermanAl]

The more i think about this. The more i feel violated. Im going to be more care-full from now on. I have read about it happening to others but never dreamed it would happen to me.

[feralfreak]

get a new account number and a new card, and if you ever have to use a pay at the pump thing, grab the thing the card goes into and pull, if it comes off, well you know what that means, then turn it in to the gas station and call the police to report it.

[DiapermanAl]

Yeah i stoped my card soon as i discovered the problem. Im going to be super carefull for now on.

[Bettypooh]

Yeah i stoped my card soon as i discovered the problem. Im going to be super carefull for now on.

[rusty pins]

I'm old style.

[DiaperPony]

When you pay by check you're giving them your checking account number. I'd rather pay by credit card, then if it gets stolen, etc, I'm not out anything.

[painterfox]

I had both my card no's stolen by my computer.

[Dill_Pickle]

Security point #2: Windows Internet Explorer is extremely insecure, and generally disrecommended. Use Opera or Firefox.

Heck, Windows itself is not recommended. Use ubuntu, and a live boot cd or dvd if what is happening on your puter involves large amounts of money, and go see krebs on security for instructions.

[dlover49]

Actually, the ones who end up taking the hit on fraudulent use is usually the business who sells the product. I own a business that accepts CC's and get chargebacks several times a month.

[repetitivediaperwetter88]

Ever since I heard of Card Reader gas Pump Fraud I completely QUIT using my card at the pump, I either pay inside, or use my card inside, NEVER AT THE PUMP. I always like to read my bank statements as well. One time I got a new debit card and got it activated and had to call my cell phone provider and Internet provider up and update my card info. My Internet tried to charge me 3 times. I had to have my bank Fax the transaction of their charge to them. Stupid asses.

[Santiago]

You are fooling yourself to think avoiding pay at the pump saves you.

[DiapermanAl]

Update. It was a local person who made the purchase. It's in the police hands now. They wouldn't tell me who it was but they will give the police the info.

[redneck diaper boy]

I had this happen to me in Orlando FL.

[dl_ashlee]

Well as long as they haven't stolen my identity I figure it is something that can happen.

[DiaperPony]

Your math is slightly incorrect, but your theory is sound (longer is much better!)

Number of letters and numbers (no symbols) is: digits+uppercase letters+lowercase letters=10+26+26=62. If an 8 position password of those possibilities is used, the number of combinations is 62^8=2.18*10^14. Or, represented as a number of bits of entropy in a key, that is log(62^8)/log(2)=47 bits.

DES used 56 bit keys and can be brute force cracked in a matter of days. What happens if we add symbols? If we exclude spaces, that means we can use chars 33 - 126, which gives 94 possible characters. log(94^8)/log(2)=52 bits. Still not enough to match even the very weak DES.

What if we simply added another character position instead of adding symbols? That gives log(62^9)/log(2)=53 bits. Simply adding a character is stronger than adding symbols... and, it's a lot easier to remember.

Of course, an attacker has no way of knowing what characters or password length you might have used. So far I assumed they did. But, it turns out the shorter passwords dont help very much. Even adding those in (and ignoring that most sites have a minimum password length), the 8 position password is still only 47 bits and the 9 position password is still 53.

[cm90210]

Hello i was checking my bank account and saw 95.04 dollar charge. Found out it was from sears.com. Some one ordered a book economics of health care. Sears is refunding my money. The lady i spoke to thinks it came from a card reader at a gas pump. My bank said maybe an internet interception. So no more pay and pump for me. Im wondering if a site don't accept paypal if calling them and ordering will help protect me?

You didn't by chance recently place an order with unique wellness did you? Mine was recently stolen and used on sears.com as well.

[DiapermanAl]

Yes i did infact. I ordered samples. But that was a few weeks before this happened. Also found out it was someone in my town who used it. So not sure there. It happened right after i used a smoke shop i normally didnt shop at. Its foreign owned. Im waiting to see what the police find out.

[ranger]

get a new account number and a new card, and if you ever have to use a pay at the pump thing, grab the thing the card goes into and pull, if it comes off, well you know what that means, then turn it in to the gas station and call the police to report it.

[feralfreak]

[DiapermanAl]

Yes agree. The stuff they can do is very scary.

[astrodiaper]

I'm no entirely sure how mine got jacked, but I actually had my bank call me and ask where I was. Turned out, someone was trying to use my DC in Amsterdam. Needless to say, I stopped the card and got a new one quickly. The issue I've seen most often were the phone calls where the person/robot on the other end claim to be your bank and ask for your cc info. I would call my local branch back and see if it was legit, and would give them the phone number that showed up. BTW...has anyone had any experience with LifeLock?