I have learned that a Merchant last week had its payments system compromised and data intercepted as it was sent. I know this as the merchant advised my bank and someone at my bank let it slip. I think this may be related to this incident.
LorraineWade, Would you mind PM'ing me the company so I can see if it was one I used that weekend. It certainly sounds feasible.
I won't release detail in public domain.
This type of thing has me worried. I’ve got security tokens for my MB account and the bank account I use for Aping; plus all up-to-date (free) virus software etc. However I was wondering if anyone knows the answers to these questions/concerns?
1) Is there any way for someone to access an MB or bank account that has a security token, without actually having the token? E.g. is it 100% safe?
2) Are the free software’s, such as, AVG, Ad-ware and Malware good enough?
3) With online bookies having so much information, such as, ID, bank statements, etc, how easy is it for someone to use that to steal from a bank account?
4) With so many bookie/casino transactions made on a bank account used for Aping, if one transaction to a bookie/casino was fraudulent, how could you prove this to the bank? Wouldn’t they just say it’s in line with all the other activity?
Not sure if all these questions can be answered, but any info would be much appreciated.
One day you have it........Next it's AllGone
I don't know about your questions but it does bring to mind one good reason to have a static IP address - if you only use your Moneybookers account from that single IP address and suddenly someone else uses it for a transaction(s) that are contested, it would be fairly decent evidence that the transaction(s) were fraudulent. And if you'd had ACLs put on your account so that transactions were only allowed from that one IP address, well then it's fairly trivial to prove the transactions were fraudulent.
So you want a single IP address to do all your transactions on I say.
As I understand it and I don't know everything about security
1) Using secure tokens are a much safer way of doing it. The token has an algorithm only know by the security companies which the software at the other end has as well. Hence both numbers must match. There "Should" be no way this algorithm can be cracked. But nothing is guarenteed.
2) I have never had any problems with the free software. Its very much what you prefer. Some like norton, Some like Mcafee, Some like AVG. All different. All have good points and bad points.
3) It would take a lot of work to steal from your bank account. Hence why most fraud is done online by someone sat in a house/a.n.other place halfway round the world cracking passwords. To steal from your bank account someone in the UK would have to reproduce all your documentation with their photo on it. Then walk into a bank with CCTV and hold their nerve to open accounts and transfer money around. Unlikely. But still can happen. They are more likely to try it with an online account but they would then need to have your passwords etc. A lot of work for not much money and even then the IP is trackable in the UK so banks are not that easy a target. E-wallets such as money bookers and online card fraud are much easier and safer targets.
4) This is what I am having to prove to Moneybookers at the moment. A) It was not me (Hopefully can be compared in the details used to open the account) B) I did not let my password go to anyone else. That I have to just say I didn't and they have to trust me. But hopfully that can be proved by the IP address being half way round the world and I would have no contacts.
Hope this helps. Just take the same amount of care with your online identity as you would with your wallet walking down the street.
You look over your shoulder before putting your pin into a cashpoint machine. Putting your password in is effectively the same on the computer just the malware/virus' are that person looking over your shoulder.
My attempt at answers fwiw
Originally Posted by AllGone
1) If your token becomes unavailable for some reason then I understand that you can ring them up and have it disabled, but I assume the security questions they ask are hopefully extensive.
2) None of these tools free or otherwise are very good things to rely upon. At best they give some protection against exploits which have been around for a while, the latest ones take time to be included. My approach is to not use Windows, and to diligently keep on top of the security updates/procedures for what I do use.
3) You *should* be protected against online fraud and be refunded. In theory.
4) Possibly. You can argue that transaction details are out of line e.g. from an unusual IP address etc. It must be difficult for them though. Most of us hedge off and so don't care about 'losses' or are expecting them and riding the variance. With some punters (perhaps with addiction problems etc) the temptation to try to retrieve the money from a loss by claiming fraud must be strong. The institution then has to make the judgement to take your complaint seriously, but not the other ones.
I have heard that if someone knows your date of birth. They can pass your security token. I don't own one so I don't know but this is what I have read before. So if it is that way I think it is pretty easy to pass.
Originally Posted by CountryLad
Just to remind people, in the interview they did, they said that if people emailed email@example.com they are able to put IP restrictions on logins.
"Bomber likes you!" R.I.P. Pat 1937 - 2004
But don't most people who use "high street" internet services have dynamic IPs?
Originally Posted by Mariner13
Normally, in this sort of instance, the name eventually becomes public knowledge - as it should seeing as possibly not everybody who was affected is contacted.
Originally Posted by lorrainewade
Tags for this Thread