Internet Insecurity

Well, this was a new one on me: Got up this morning to find an email confirming my Ticketmaster purchase or $500 (!) in tickets for a sporting event that evening–which I of course hadn’t purchased. The email noted that per my request, the e-tickets were going to be sent to a third party’s email. Seems to me the ability to have fraudulently purchased e-tix sent to a party other than the account holder is a huge security hole.

So my day started with calls to fraud personnel at both my credit card company, which cancelled my card and is issuing a new one, and Ticketmaster, which reversed the charge. I’m going to suggest that you folks delete your credit card info from your Ticketmaster account and just re-enter it each time you buy tickets–the convenience of quick checkout is not worth the hassle if it all goes awry. This has me pondering if I should do the same on my Amazon account and others. It seems that companies are completely unable to keep their info secure anymore, so the less my credit card info is out there, the better.

Are you sure that your Ticketmaster account did not get cracked through an easily guessed password, or that your computer did not get cracked?

My password was a decent one, but my name is a tricky one, so no one would ever find it randomly. I’m sure there are a number of routes this kind of thing can take, but that’s the problem. Breaches in one form or another are getting to be routine, so not allowing one’s credit card info to reside on various websites seems to be a smart precaution.

Yes, I try not to have any active credit cards residing online, as there are too many breaches for my peace of mind. I know a guy who rarely pays anything but cash. He’s formerly worked for a bank and just prefers cash, even when he travels. Personally, I’m not comfortable carrying large amounts of cash and prefer to take my chances with credit cards.

I always uncheck the box that says save credit card information for future transactions. Even so, sometimes I will go to a site and be surprised to find my info there.

I wonder if it would be cost effective for credit card companies to shorten expiration dates? Then there would be fewer valid cards floating around in cyber space.

How do you delete credit card info from Amazon?

Igloo, sign in and you can do it from your account settings. From your drop down menu go to “your account” then under “payment methods” go to “manage payment options” then part of your credit card info will open up. Click the arrow next to your card and a delete option will open.

I think some Amazon services (auto delivery) might require a credit card on file.

It also seems like some poor basic security policies for TicketMaster to not require re-entering credit card information because of the new destination email. As I recall, if I want a new address for my Amazon account I can’t just start sending stuff there right away without re-entering my credit card info. For my frequently-recurring “one-click” settings to my regular address it makes sense for convenience to have my credit card info on file, and for the very rare instance that I’d add/change that destination address I don’t view it as excessively burdensome to re-enter that information.

@deega123, Thank you.

You need to be cautious. While it isn’t a panacea, using Paypal, where your paypal account is tied to credit card, is one way to distance things, to use it would require someone knows your paypal account and the password on that (yes, someone could crack paypal). Obviously, if they have a trojan horse on your pc, or a keystroke logger, they can crack that, so nothing is secure, but it is better than leaving credit card info on a site (and don’t assume that saying “don’t save my credit card info” is going to be that safe, that company could still have that info somewhere on their system, or the processor could, and get hacked.

One of the biggest no no’s is never, ever use debit cards online! While if that gets cracked, thieves will be limited in theory to what you have in your linked bank account, don’t count on that, and the banks are absolutely horrible with debit cards in crediting back lost funds, they encourage you to use debit cards as credit cards, but are amazingly slow and nasty in reversing bogus charges. The other day I was getting my hair cut, and a woman was talking about how her debit card got hacked, and she was doubly screwed, she had some ridiculous number of charges done in literally seconds, and her scummy bank’s systems didn’t detect the fraud and freeze her account, even though doing 10 grand worth of transations in a couple of seconds should raise red flags. Worse, her account had overdraft protection that used money from savings to cover overdrafts, so it got hit, too. The bank was not one of the large commercial banks, it was a credit union, so likely their systems are going to be a bit antiquated. According to the woman, even though it was pretty evident it was fraud (the products were being shipped to someplace down south, she lives in NYC), they are giving her a hard time.

One good note, I have relatively few credit cards, an amex and a visa, and both of them have been pretty good when stuff gets hacked, and they also both have decent fraud detection , they ping me via text is something suspicious happens and let me okay it or deny it), so with them at least your liability is limited… But the banks? Scummy is a pretty good word, if your bank accounts get hit, expect them to drag their feet and treat you like a criminal.