SDE - payment issues? (excised from Who's Next announcement thread)

QuadraphonicQuad

Help Support QuadraphonicQuad:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
I got hacked a few years ago involving some complicated system involving Google Pay, Amazon, PayPal. The charges actually hit my bank but I was able to head it off.
Yesterday I got a letter from American Clinical Solutions telling me they got hacked. I don't even know who they are, but apparently they had my information on file.

After the hacking incident I changed all my cards to two factor authentification. One of the CC companies did not even HAVE two factor available and I complained loudly. Shortly after it became an option just before I canceled the card. I want to say it was Capitol One but don't remember with absolute certainty.
 
Have any of us in the UK been hacked after using SDE? I haven't, and my purchases have gone via Shopify. I also run Norton 360.

If nobody has been hacked other than in the USA, then may be there is a weak link there, depending on the provider, websites can be mirrored in various locations, so could a hacker have got in only to the mirrored site?

The only cards of mine which have been hacked in the past were linked to the VISA payment system, and they really went for it, took a while to get the money back.
I always use paypal for online purchases, that way the retailer doesn’t have any card details
 
My credit card has also been hacked after the Who purchase, twice on the same day within minutes of the order, thank you for sharing this as it now clearly points the finger at which purchase was responsible for leaking the information, I would suggest contacting SDE and make sure they are firmly aware of this problem. This was using the PayPal option.
Really? PayPal's claim to fame is never sharing financial information with a seller.
 
After the hacking incident I changed all my cards to two factor authentification.
To be clear: you mean you enabled 2FA on the online accounts associated with those cards, correct? I'm not aware of any card issuers offering 2FA at point-of-sale. Too many disparate systems to make that feasible.
 
To be clear: you mean you enabled 2FA on the online accounts associated with those cards, correct? I'm not aware of any card issuers offering 2FA at point-of-sale. Too many disparate systems to make that feasible.
On this side of the pond I'm regularly asked to enter a code (sent via email/text) from my card issuers to confirm a purchase is valid, even happens via PayPal, sometimes PayPal sends a code followed by another one from the card issuer
 
On this side of the pond I'm regularly asked to enter a code (sent via email/text) from my card issuers to confirm a purchase is valid, even happens via PayPal, sometimes PayPal sends a code followed by another one from the card issuer
That's a very good point. PayPal aways send me a 4-digit confirmation number via a text message.
 
On this side of the pond I'm regularly asked to enter a code (sent via email/text) from my card issuers to confirm a purchase is valid, even happens via PayPal, sometimes PayPal sends a code followed by another one from the card issuer
I believe this can be enabled with US based card companies as well. I don't personally use it as a default for each transaction, but I have seen an extra layer (text confirmation) if the purchase amount is unusually high or if I hadn't used the card in a long time.
 
On this side of the pond I'm regularly asked to enter a code (sent via email/text) from my card issuers to confirm a purchase is valid, even happens via PayPal, sometimes PayPal sends a code followed by another one from the card issuer
And you enter this code at the point-of-sale, e.g. on the webpage or at the checkout counter?
 
And you enter this code at the point-of-sale, e.g. on the webpage or at the checkout counter?
If you're paying using PayPal, PayPal send you a six digit code. When the code has been authorised, the payment to them has been completed, they then send the money to the vendor, then the vendor sends you a confirmation that the order is complete.
 
If you're paying using PayPal, PayPal send you a six digit code. When the code has been authorised, the payment to them has been completed, they then send the money to the vendor, then the vendor sends you a confirmation that the order is complete.
But PayPal is not a credit card company. I've never used PayPal anywhere but online, and when I do, the 2FA is part of the login process rather than approving payment.
 
But PayPal is not a credit card company. I've never used PayPal anywhere but online, and when I do, the 2FA is part of the login process rather than approving payment.
There is a PayPal credit card. I used to have one but got rid of it years ago. They keep offering them to me.

My experience with paypal codes for login is the same as yours. No code needed at the time of purchase, but they do require one to log in to thier site. They also send an email everytime the account is used to make a payment.

My advise to everyone is to freeze your credit reports. A few years back I got hacked with several credit cards and online charge accounts being opened without my knowledge. It all stopped after freezing the reports and never re-occured. It's been over 10 years now. It's a pain because you have to unfreeze the accounts when ever you have to apply for credit, like a car loan or a new credit card, etc. But it's well worth the trouble.

I also signed up for Credit Karma. They send email notifications anytime something out of the ordinary happens with the reports and open accounts, etc. They also keep tabs on your credit rating. All free.

I would say, on average, I get notices every 2 months or so from companies telling me that thier database was hacked and some of my information might have been stolen. Sometimes it's from a company that I don't even recognize but they deal with a different company that I do know. I can't believe how often it happens.
 
There is a PayPal credit card.
Right, but the credit services are provided by Mastercard. It's no different from any other Mastercard issued by a bank, retailer, airline, etc.

My advise to everyone is to freeze your credit reports. A few years back I got hacked with several credit cards and online charge accounts being opened without my knowledge. It all stopped after freezing the reports and never re-occured. It's been over 10 years now. It's a pain because you have to unfreeze the accounts when ever you have to apply for credit, like a car loan or a new credit card, etc. But it's well worth the trouble.
Yep! I got a notice in the mail saying I had been approved for a new credit card (note: not pre-approved) and would be receiving my card soon. Having not applied for any cards, I contacted the issuer's fraud department to report it. Then, I froze my credit with all three major bureaus—Equifax, Experian, and TransUnion—and signed up for their free monitoring services. This prevents any new accounts from being opened. Of course, that still means someone out there has my Social Security number and full info... But the SSA won't close old accounts and issue new numbers for anything less than witness protection, it seems. 😒

I also signed up for Credit Karma. They send email notifications anytime something out of the ordinary happens with the reports and open accounts, etc. They also keep tabs on your credit rating. All free.
Credit Karma is now owned by Intuit, the same company behind TurboTax. There is a lot of advertising on the site/app, but it's easy enough to ignore and just get your free scores/reports.

I would say, on average, I get notices every 2 months or so from companies telling me that thier database was hacked and some of my information might have been stolen.
Another free service well worth signing up for is HaveIBeenPwned.com. They monitor dark web info dumps for your email address.
 
But PayPal is not a credit card company. I've never used PayPal anywhere but online, and when I do, the 2FA is part of the login process rather than approving payment.
Maybe PayPal's payment authentication works differently in the UK. Either way I use PayPal because I don't want to give my credit card details to loads of different vendors and increase the likelihood that it's details get stolen.
 
O.K. so this is anecdotal but... I preordered the Who's Next BD via PayPal three days ago. Today, my son received a fraud alert on his debit card with multiple charges across the U.S., and I was explaining that he should use PayPal online, and told him that's what I'd done at SDE Shop because of POSSIBLE problems there. Then he told me he'd actually considered buying the Who's Next BD for me as a gift and had entered all his card information at SDE Shop three days ago to see what the total cost would be, but didn't actually buy. I sent a note to the "contact us" email at SDE shop to let them know, even though it's not a definite connection.
 
Last edited:
And you enter this code at the point-of-sale, e.g. on the webpage or at the checkout counter?
The PayPal pay window pops up when you hit 'Buy' at point-of-sale check-out, sometimes PayPal then sends me a code to confirm its me (nothing to do with the seller's website though), but more often than not the credit card company then sends a confirmation code which I have to respond to before the PayPal transaction is allowed to go through to the seller.
 
Back
Top