Re: opening a new email account

A fraudulent charge was attempted on my CC at 4:30 AM this morning. My card issuer declined it. I didn't recognize the charge. They cancelled my card and are sending me a new one.

99% of my transactions are done at Amazon, Chevron and a few other vendors that I trust to be PCI-compliant. I've never shopped at Target. The hack must have come from one of the few small vendors I've done business with. It's cash or cheques to them from now on.

Re: opening a new email account

I've had the best protection from fraud at the biggest banks...BoA, Citi, Chase, Amex. I keep them paid off, and rotate use when a forgery occurs so that the banks are always purging an old account while they send me a fresh card. They all know my spending habits so well that simply buying winter clothing instantly hit alerts, since I'm a shorts in cold whether kind of person. All my habits and tastes actually help they 'protect' me! Isn't that wonderful?

I'm getting to the point that I don't want to buy anything at all, except that every project seems to need more stuff to go with it, or more tools...but at least Home Depot is online now! And paying for home delivery is cheaper than owning a truck year round!

The best safety for online buying is always use a credit card, even at Paypal, and always ship to your home address. As for cash, make sure you have the bank records with the money for when you get raided...anything over a few hundred is deemed drug money. Right now, a little preparation goes a long way toward covering your assets.

Re: opening a new email account

http://www.washingtonpost.com/busine...d1394&hpid=z14

No technology is fail-safe. Just ask PayPal President David Marcus.
Marcus said hackers probably cloned his credit card during his recent trip to the United Kingdom, even though the card was outfitted with chip technology that makes it harder to replicate plastic.

He explained in a series of tweets Monday that there were a “ton of fraudulent transactions” on his card. Marcus suspects his card was compromised at a hotel through a skimmer — a device thieves hide inside card readers to capture credit and debit information when people swipe cards.

“They cloned [the card] and went on a shopping spree,” Marcus wrote.
The admission is unnerving because the chip, known as EMV (short for Europay, MasterCard and Visa), is the same technology the credit card industry is offering up as a solution to reduce fraud in the U.S. payment system.

Security experts have pointed out that chip cards are susceptible to online fraud, but the high-tech plastic is suppose to be all but impossible to counterfeit. EMV-enabled cards, which are widely used in Europe, communicate data to payment terminals or ATMs that are supposed to generate random numbers to securely authenticate transactions.

But researchers from the University of Cambridge say they discovered a flaw in the system in 2012. They noticed that some payment terminals in the United Kindgom produced numbers with predictable patterns that were easily exploited by thieves. Once hackers could predict the “random” numbers, they could record the data and play back the information later — tactics known as “pre-play” attacks.

The Cambridge team collected data from more than 1,000 transactions at more than 20 ATMs and point-of-sale terminals. They began researching vulnerabilities in the system after learning about customers in the United Kingdom whose banks refused to reimburse them for fraudulent transactions, said Ross Anderson, professor of security engineering and an author of “Chip and Skim: Cloning EMV Cards With the Pre-Play Attack.”

“The random-number attacks have only been seen in one actual dispute case so far, but we have found noticeable patterns in the supposed random-number generators of slightly under half the terminals and ATMs tested,” he said.

It is unknown whether PayPal’s Marcus was the victim of this sort of breach, but his experience highlights a potential weakness that EMV is supposed to prevent. Security experts say the technology is far superior to the magnetic stripe cards that most Americans use.

Credit card issuers are pushing for widespread adoption of the chip cards by October 2015. Banks and merchants have been squabbling over the multibillion-dollar cost of conversion, though they generally agree that upgrades are necessary.
Thomas Borton of the Information Systems Audit and Control Association said the United States needs to adopt complementary antifraud technology such as tokenization, which generates a unique code for each transaction.

Proponents of chip card technology agree that additional antifraud controls are needed, but they stress that chip and pin cards should be a baseline for security.
“The Fed must not let banks do the same liability shift that occurred in Britain, and indeed also in Canada,” Anderson said.“All the fraud costs are dumped on either the merchant or the card-holder [in Britain], despite the fact that it’s the bank that operates the systems and pays the fraud detection agencies.

In his string of tweets, Marcus, who was not made available for further comment, never said whether the charges on his card were cleared up. He did take the opportunity to plug PayPal’s safeguards, saying the theft of his data would not have happened if the merchant had accepted PayPal.

“Obfuscating card data online, on mobile and now more and more offline remains one of Pay¬Pal’s strongest value props,” he said.