SDE - payment issues? (excised from Who's Next announcement thread)

[mandrix]

I got hacked a few years ago involving some complicated system involving Google Pay, Amazon, PayPal. The charges actually hit my bank but I was able to head it off.
Yesterday I got a letter from American Clinical Solutions telling me they got hacked. I don't even know who they are, but apparently they had my information on file.

After the hacking incident I changed all my cards to two factor authentification. One of the CC companies did not even HAVE two factor available and I complained loudly. Shortly after it became an option just before I canceled the card. I want to say it was Capitol One but don't remember with absolute certainty.

 

[madscot]

Have any of us in the UK been hacked after using SDE? I haven't, and my purchases have gone via Shopify. I also run Norton 360.

If nobody has been hacked other than in the USA, then may be there is a weak link there, depending on the provider, websites can be mirrored in various locations, so could a hacker have got in only to the mirrored site?

The only cards of mine which have been hacked in the past were linked to the VISA payment system, and they really went for it, took a while to get the money back.

I always use paypal for online purchases, that way the retailer doesn’t have any card details

 

[birrrdy!]

Yeah, I keep getting this consistent monthly drain on my credit card from SDE! Oh wait, that’s my doing…

 

[splinter7]

My credit card has also been hacked after the Who purchase, twice on the same day within minutes of the order, thank you for sharing this as it now clearly points the finger at which purchase was responsible for leaking the information, I would suggest contacting SDE and make sure they are firmly aware of this problem. This was using the PayPal option.

Really? PayPal's claim to fame is never sharing financial information with a seller.

 

[SeeMoreDigital]

Really? PayPal's claim to fame is never sharing financial information with a seller.

Indeed... They don't.

 

[Muppet69]

I’m inclined to believe that SDE should be getting in touch with Shop Pay / shopify and alerting them to these issues. Perhaps more of us should alert Paul about this and let him see this thread.

 

[Frank Lovejoy]

Twenty-four hours after placing my order through Shop and I’m seeing no signs of hacking. I’m in the US, as well, and this is my third SDE order.

 

[JediJoker]

After the hacking incident I changed all my cards to two factor authentification.

To be clear: you mean you enabled 2FA on the online accounts associated with those cards, correct? I'm not aware of any card issuers offering 2FA at point-of-sale. Too many disparate systems to make that feasible.

 

[DuncanS]

To be clear: you mean you enabled 2FA on the online accounts associated with those cards, correct? I'm not aware of any card issuers offering 2FA at point-of-sale. Too many disparate systems to make that feasible.

On this side of the pond I'm regularly asked to enter a code (sent via email/text) from my card issuers to confirm a purchase is valid, even happens via PayPal, sometimes PayPal sends a code followed by another one from the card issuer

 

[SeeMoreDigital]

On this side of the pond I'm regularly asked to enter a code (sent via email/text) from my card issuers to confirm a purchase is valid, even happens via PayPal, sometimes PayPal sends a code followed by another one from the card issuer

That's a very good point. PayPal aways send me a 4-digit confirmation number via a text message.

 

[stoopid]

On this side of the pond I'm regularly asked to enter a code (sent via email/text) from my card issuers to confirm a purchase is valid, even happens via PayPal, sometimes PayPal sends a code followed by another one from the card issuer

I believe this can be enabled with US based card companies as well. I don't personally use it as a default for each transaction, but I have seen an extra layer (text confirmation) if the purchase amount is unusually high or if I hadn't used the card in a long time.

 

[JediJoker]

On this side of the pond I'm regularly asked to enter a code (sent via email/text) from my card issuers to confirm a purchase is valid, even happens via PayPal, sometimes PayPal sends a code followed by another one from the card issuer

And you enter this code at the point-of-sale, e.g. on the webpage or at the checkout counter?

 

[SeeMoreDigital]

And you enter this code at the point-of-sale, e.g. on the webpage or at the checkout counter?

If you're paying using PayPal, PayPal send you a six digit code. When the code has been authorised, the payment to them has been completed, they then send the money to the vendor, then the vendor sends you a confirmation that the order is complete.

 

[JediJoker]

If you're paying using PayPal, PayPal send you a six digit code. When the code has been authorised, the payment to them has been completed, they then send the money to the vendor, then the vendor sends you a confirmation that the order is complete.

But PayPal is not a credit card company. I've never used PayPal anywhere but online, and when I do, the 2FA is part of the login process rather than approving payment.

 

[Robert van Diggele]

I have had no problems after paying in the SDE shop, using Shop as payment option.

 

[LuvMyQuad]

But PayPal is not a credit card company. I've never used PayPal anywhere but online, and when I do, the 2FA is part of the login process rather than approving payment.

There is a PayPal credit card. I used to have one but got rid of it years ago. They keep offering them to me.

My experience with paypal codes for login is the same as yours. No code needed at the time of purchase, but they do require one to log in to thier site. They also send an email everytime the account is used to make a payment.

My advise to everyone is to freeze your credit reports. A few years back I got hacked with several credit cards and online charge accounts being opened without my knowledge. It all stopped after freezing the reports and never re-occured. It's been over 10 years now. It's a pain because you have to unfreeze the accounts when ever you have to apply for credit, like a car loan or a new credit card, etc. But it's well worth the trouble.

I also signed up for Credit Karma. They send email notifications anytime something out of the ordinary happens with the reports and open accounts, etc. They also keep tabs on your credit rating. All free.

I would say, on average, I get notices every 2 months or so from companies telling me that thier database was hacked and some of my information might have been stolen. Sometimes it's from a company that I don't even recognize but they deal with a different company that I do know. I can't believe how often it happens.

 

[JediJoker]

There is a PayPal credit card.

Right, but the credit services are provided by Mastercard. It's no different from any other Mastercard issued by a bank, retailer, airline, etc.

My advise to everyone is to freeze your credit reports. A few years back I got hacked with several credit cards and online charge accounts being opened without my knowledge. It all stopped after freezing the reports and never re-occured. It's been over 10 years now. It's a pain because you have to unfreeze the accounts when ever you have to apply for credit, like a car loan or a new credit card, etc. But it's well worth the trouble.

Yep! I got a notice in the mail saying I had been approved for a new credit card (note: not pre-approved) and would be receiving my card soon. Having not applied for any cards, I contacted the issuer's fraud department to report it. Then, I froze my credit with all three major bureaus—Equifax, Experian, and TransUnion—and signed up for their free monitoring services. This prevents any new accounts from being opened. Of course, that still means someone out there has my Social Security number and full info... But the SSA won't close old accounts and issue new numbers for anything less than witness protection, it seems.

I also signed up for Credit Karma. They send email notifications anytime something out of the ordinary happens with the reports and open accounts, etc. They also keep tabs on your credit rating. All free.

Credit Karma is now owned by Intuit, the same company behind TurboTax. There is a lot of advertising on the site/app, but it's easy enough to ignore and just get your free scores/reports.

I would say, on average, I get notices every 2 months or so from companies telling me that thier database was hacked and some of my information might have been stolen.

Another free service well worth signing up for is HaveIBeenPwned.com. They monitor dark web info dumps for your email address.