Edit
NOTE - It is not just dvdpacific customers but other places aswell. Many people who have had this problem were not and have never been customers of Dvdpacific.

This was posted on the dvdforums.
A lot of people has had an amount of $39.99 withdrawn yesterday via their VISA cards - one person has just had an additional $75 withdrawn today. All have been customers at Dvdpacific and it seems a major creditcard breach has happened there. So far people from Denmark, Norway, Australia, Finland, Germany and USA has been hit has had the amount withdrawn- all seems to be Dvdpacific customers. Make sure you check your account!
More details....
animeondvd forum thread USA site with amny UK users.
http://forums.animeondvd.com/showflat.php?Cat=&Number=586913&page=0&view=collapsed&sb=5&o=&fpart=all&vc=1
dvdforums thread (may need to register)
http://www.thedvdforums.com/forums/showthread.php?t=305568
Australia forum thread.....(need to register to read)
http://www.dvdplaza.com.au/forums/showthread.php?t=29194

Norwegian forum thread
http://www.dvdarkivet.no/forum/viewtopic.php?mode=viewtopic&topic=6927&forum=5&start=0

wow! :eek:
thanks for the heads up. not good news at all :thumbsdow i haven't actually bought anything from them myself, but it does serve very well a reminder of what can happen...be on your guard members
shame
monsieurblack

I ordered from there just last week: will be checking my card keenly.

Thanks to you, sir. If anyone's worried about such things you should bear in mind that your credit card should cover against instances of fraud such as this. Mine does. Barclaycard and Egg etc (I'm fairly certain) protect against internet fraud.

They should be able, at the very least, to chargeback to the source of the transaction.

Regards,
anephric

Havent ordered from them for a few months but thanks for the info all looks a bit fishy at the moment.

Very worrying. :( I have outstanding orders with them, and have ordered loads from them in the past. It will be a real pain of I have to change my credit card, as I also have orders outstanding elsewhere. I have e-mailed them, asking them to clarify the position, as a matter of urgency.

This is one of the potential problems with companies that store credit card details, and I will be seriously considering whether I want to continue using them, if this turns out to be a drama, unless they change their set up, so as not to store card details.

This is one of the potential problems with companies that store credit card details, and I will be seriously considering whether I want to continue using them, if this turns out to be a drama, unless they change their set up, so as not to store card details.

Yes, I far prefer sites that use Worldpay etc. I don't like having my CC details stored here there and everywhere (particularly sites that make it a condition of your joining); also particularly because I've worked at a mail-order firm where customer financial security was a joke.

I didn't consider that I'd have to change my card no: whenever I've had "odd" transactions I've just informed my card issuer and they've sorted it. Maybe I should really do that...

I didn't consider that I'd have to change my card no: whenever I've had "odd" transactions I've just informed my card issuer and they've sorted it. Maybe I should really do that...
The danger is that if a fraudster gets hold of your card details, there's nothing stopping them repeatedly charging your card, unless you change it. If you just ask for a re-issue, the fraudster then only has to guess the new 'Valid To' date, which isn't too difficult.

nothing untoward's gone on with my credit card so far :god:

Placed an order last week, which has been charged OK - but if you do use internet retailers you should always make regular checks on you account. Wouldn't dream of using an account the didn't allow me internet access to monitor transactions. More importantly, if you use suppliers infrequently and they hold details perhaps you should change the card number or put alphas in the number, until you use the company again. Most allow you to manage your own details.

Paul

Is this specifically to do with DVDPacific, or for CC's in general. I read the following on Tom's Hardware:

http://www.tomshardware.com/hardnews/20040722_052350.html

Might be a connection here.

It actually isn't hard to get hold of credit card numbers: until only recently if you were a legitimate company you could send off for lists (from the CC issuers) of credit card numbers to use for authorising purposes, etc. One of the biggest CC scams in history was pulled off in this way (with each number only being charged a couple of dollars so that the owner was unlikely to notice/care).

The idea of changing your CC number in between orders and filling with Alphas etc is actually a really, really good one. I've never thought of that. Jolly good idea, sir! Unfortunately with some types of e-commerce software (old versions of actinic) multiple copies would be made of your account details, so that even if you changed the CC details in your account online, they'd still be the correct CC details in past order history etc available offline to the retailer (and hence thief).

Dodgy as feck.

I e-mailed DVD Pacific with my concerns, and this was their reply. I should mention that the forum they refer to is not AV Forums:

Hi Simon,

We are aware of this and our IT department have been actively investigating. It has been determined that our system was not hacked externally and latest update posted last night to a DVD forum is below for your reference.


A further update for everyone.

Firstly I would like to thank the owners/moderators of this forum allowing us to post the information that we have to date. I wanted to write to you directly but was unable to locate exactly where I could do that and your forum has become a center for information to all and filtering through from here to other forums. So again thank you.

We have now almost exhausted our efforts to locate who is behind these fraudulent transactions and unfortunately I can report that the number of countries it involves has widened. What we have discovered though is that it appears much more elaborate than we initially realized and involves more people than just customers of DVD Pacific. With that knowledge we have now lodged a formal complaint with the FBI's Internet Fraud Complaint Center (www.ifccfbi.gov/) and obviously there resources far outreach what we have available to us and we now entrust them to continue this investigation.

The whole scam does appear to be a "not for profit" venture and for those of you that have expressed reservations concerning Lip Inc. and that they are the beneficiaries here I would at this time state that this is not the case and they truly are victims also.

My direct advice for now would be to carefully monitor your incoming credit card transactions and report anything suspicious immediately to your card issuer.

Obviously this has made us look long and hard at our own security and the only "flaw" we located was that we had card numbers visible to customers when logged into there account. If your browser was hijacked then this could lead to a problem so we have "masked" card numbers now. Many of you have shown though that you are very diligent in maintaining your own personal security on line with having software running regularly to alert you to these types of attacks so we feel that combined with the numerous different operating platforms and browsers involved with those that suffered fraudulent charges was not at issue here.

Lastly I would genuinely like to thank on behalf of all of us at DVD Pacific those that took time to e-mail in with details we requested and many of you also expressed support for us at that same time. It was sincerely appreciated.

Regards,

Brad S.

DVD Pacific Inc.
IT Management

Am I the only one who doesn't quite understand that? Is it just their customers or not? :confused:

I just asked for further clarification, as to whether it was just DVD Pacific customers who have been victims, or if it was merely a co-incidence that they also just happened to be DVD Pacific account holders, and got this reply:

Hi Simon,

You have read correctly. We have since this started heard from people who are not DVD Pacific customers and have also been subjected to the same fraudulent charges processed through Lip Inc. and we have been unsuccessful in locating where the information may have been leaked from and hence reported to IFCC.

Regards,

James S.

I wonder if it's worth giving them a link to this thread, to see if they want to respond - Mods / Admin, would that be OK?

Not my decision - I will refer this thread to Spectre...

Yeah if you want to tell DVD Pacific about this thread, that's fine.

If its happened with other sites it would suggest that they have been phishing or using trojans etc to get hold of accounts/passwords. DVDpacific only now has changed there system to hide your CC card details... so they could have got it that way. If DVDpacific had been hacked then you would expect lots more ppl reporting fraudulent charges

My tips also include :

Use a hardware and software firewall
Use Firefox or some other non IE browser
Don't every fill in details/use links from emails regarding sorting out account details etc etc

Matt

Use Firefox or some other non IE browser

That's always my first recommendation for anyone having phishing / virus / spyware problems.

I haven't touched IE for over a year (apart from getting Windows Updates). I am an Admin on a PC forum, and we get loads of people with lists of spyware as long as your arm, and 99% of them are IE users.

http://www.apax34.dsl.pipex.com/mozban1.gif (www.mozilla.org)

Does anyone know if this affects any other DVD retailer sites?

If you use IE, try installing Ad-Aware from Lavasoft as well: it's free and picks up most spyware/exploits/data miners etc (as long as you keep the definitions up to date).

http://www.lavasoftusa.com/software/adaware/

Yes, Ad Aware, in conjunction with Spybot and Spyware Blaster should keep you reasonably clean. If you suspect your browser has been hijacked, you can run a thing called Hijack This, which will give you a detailed list of running processes, but you do need a little bit of experience to interpret the results. Most PC forums allow you to post HTJ logs, and they will sift through them for you.

Ad Aware (http://www.lavasoft.de/)
Spybot S&D (http://www.safer-networking.org/)
Spyware Blaster (http://www.javacoolsoftware.com/)
CoolWeb Shredder (http://www.spywareinfo.com/~merijn/downloads.html)

Just thought I'd let you know that there are ppl who are not members at DVDPacific and had money withdrawn. Also if the person/persons behind this used the security hole on DVDPacific (you could see you creditcard number in your account), then it must mean they have your login/password. If they did this just to mess with ppl (why use multiple cards to buy liecenses to a program?) why didn't they just order loads of DVDs?

Yes it does seem is not just relating to dvdpacific - I will alter the thread.
Could a Mod please alter the Title of the thread - Thanks.

I also recommend Pest Patrol which goes far deeper than either Spyware Blaster and Spybot, ( i use all 3 ) you would be amazed at the amount of sites you can visit out there which stick spyware on your computer, they should pass some sort of law forbidding it.

Could a Mod please alter the Title of the thread - Thanks.

Done :smashin:

If you Credit Card does get ripped off- do Credit Card compaines have to give you all of the amount back? I remember reading somewhere that you only get £50 back or something!


How secure are Play.com, PlayUSA and Cd wow?

I think it depends on the bank. Sometimes you are only protected on certain amounts or sometimes you only get a % back. Most of the time though you are able to get it all back.

I've done two chargebacks for two Paypal transactions. Luckily for me I was able to get back all of it, this wouldn't have been possible if I had not used my VISA card. So I wouldn't worry about not getting all the money back.

I had a fraudulent transaction on my Halifax Visa for over £200, originated from Latvia, and I got it all back. It also depends if you have card protection insurance, I think.

How secure are Play.com, PlayUSA and Cd wow?

Never heard of any problems with them at all - also they do not hold your credit card details on their system which was the problem with DVDPacific I think.

Never heard of any problems with [CD Wow, Play, Play USA] at all - also they do not hold your credit card details on their system which was the problem with DVDPacific I think.
Not strictly correct. Play / Play USA do.

If you have kazaa or other file sharing software which alows people to access files on your pc then people can install files on your PC which can tell them your credit / debit cars details when you enter them in on a website

If you have kazaa or other file sharing software which alows people to access files on your pc then people can install files on your PC which can tell them your credit / debit cars details when you enter them in on a website
Any decent firewall would alert you if a program is trying to send out information, and some of them (Norton, I know), have a feature which specifically protects sensitive details, such as credit card numbers, bank details, etc.

Anyone who uses Kazaa wants their head testing anyway, as it's rife with trojans, viruses and spyware. Kazaa Lite is supposed to be spyware free, but it's still prone to all the other nasties. Better to try Shareaza, or WinMX.

Zonealarm will also let you protect sensitive details and inform you if any files are accessed/copied that contain those number sequences. It was a bit over sensitive, if anything (I use McAffee now).

I think at the last estimate 40-50% of files being shared on Kazaa/eDonkey/Morpheus etc were infected/spyware.

Just make sure that if you use a credit card, they specifically protect/insure you against internet fraud.

Having just got off the phone to the Halifax to report a fraud claim - I found this thread. TBH if I'd seen it before the incident I probably wouldn't have closed the account. I've been done for over £700 in 2 transactions on 15/07 :eek: . I am a Pacific customer, but until there's a proven link I'm not pointing the finger in their direction. I use this card all over the place.

With regards to security I have everything under the sun installed - I'm 99% sure the leak wasn't at this end.

Just hope I get this all back now.

I've done two chargebacks for two Paypal transactions. Luckily for me I was able to get back all of it, this wouldn't have been possible if I had not used my VISA card. So I wouldn't worry about not getting all the money back.

Paypal are absolutely, notoriously TERRIBLE for chargebacks etc (just look at how unreassuring their Ts and cs are).

They give you 28 days to apply for chargebacks (when it may take at least that long for you to realise that you need to do this). They remove any kind of insurance that your credit card would otherwise provide (against theft in transit, accidental damage, item not working after receipt). They are TERRIBLE at investigating fraud (and don't wish to do so, a la FleaBay) and will make it as difficult as possible for you to get anywhere. I know they've upgraded their protection recently for items bought on eBay, but it's still about 10% as protective as a (decent) credit card.

In short they are an absolute shower, and I only use Paypal for small transactions (usually within the UK). Any shop overseas that says they'll only accept Paypal for international orders is NOT WORTH YOUR TIME OR THE RISK. And again, absolutely never, ever perform a high-figure transaction with it. It's a joke: you might as well bung cash in the post.

Not strictly correct. Play / Play USA do.

Of course you are correct. In my defence I haven't used Play in a long time... :blush:

My bank has a feature called 'transact online' where you download an app after registering that allows you to generate a once off CC number. You can also set your own limit on the card so if anyone gets the number they can only draw up to that amount.
I presume that most banks would have this feature?
You don' have to use your real name either.

Corkonian, what bank is this? Down here in South Africa, none of the banks have such a facility! The idea that your bank has seems so simple and effective, I wonder why none of my country's banks have ever cottoned on.

cahoot have the webcard which is the same thing.. not all retailers accept it though.

Matt

ripclaw: The Bank is AIB (Allied Irish Bank). They do operate in other countries but not sure about SA.

Matt: I think that with AIB you can use your real name if you want so shipping address name would be same as billing, the card is a Visa so can't see there'd be a problem with most retailers.

I've used it with some Russian MP3 sites and had no trouble, using the bogus name as well.

I've used it with some Russian MP3 sites and had no trouble, using the bogus name as well.

Sounds salubrious...

Guys, further to this thread, my country's media has reported that eBay has apparently been hacked. Witness the following link : http://www.itweb.co.za/sections/internet/2004/0407281117.asp?A=EBU&S=e-Business&O=FPT

There is a related link further down the page. Moderators, if I have broken any rules by posting a link, I apologise.

I'm a DVD pacific customer and I’m not convinced this has anything to do with them, even though I've just got some fraudulent charges on my card. It stands to reason that DVD pacific customers will be signed up to other similar sites which may have caused the card details to be miss-used. Then when someone pointed their finger at DVD pacific over a coincidental reason such as “I just signed up” everyone else started to jump on the bandwagon.

Anyway, onto the detail of whats going on with my card….

I checked my card the other night and noticed it was over its limit by £47. At first I thought it was a glitch with the on-line system since it’s happened before. When coupled with the fact that nothing showed up on my on-line statement I didn’t give it much thought and decided to leave it until the next day.

I checked the next day and boom there was a charge on my card for e-mail services at: http://www.diage.com/

I'd never been on, seen or known of this website in my life until I found this charge. They had charged me $34.99. However the question still remained.. What about the rest of the money on my card which brought it over the limit? (nothing else was listed on my statement).

I phoned the bank (Halifax) and told them about the charge on my card and that I’d never ordered anything from the site in question and had never even heard of or seen the site before. This is where things got weird. Not once did "fraud" pass the Halifax rep’s lips, he just said "do you want to dispute this charge?".. which of course I said yes too.

He was going to end the call there much to my surprise...so I quickly said.. "well surely this is a case of fraud? Shouldn’t my card be replaced?"..

Only then did he actually offer to cancel and replace the card. I then asked what the rest of the charges were since they hadn’t shown up on my on-line statement yet. he said he couldn’t tell until they appeared (that seemed weird too).

The whole conversation seemed rushed and unimportant. I felt something wasn't right. So I phoned back again later on.

This time I got a women and I said I was phoning back because I wanted to make sure the charge was being taken as fraud. She said it was. I then mentioned how on my previous call I was never offered the cancellation and replacement of my card. she then replied saying “we usually only cancel cards when the customers requests it”.. Which I found absolutely absurd when a claim of fraud has been put in.

She then started to sound like she was trying to blame me for the charges. She said “I see you use this card on-line a lot, are you sure you didn’t buy stuff from them?”. This was after I had already said I’d never seen the site before. So she moved onto trying to confuse me for some reason. She said “I see you bought stuff recently for £129.99”.. This totally confused me since I hadn’t bought anything of that value for quite a while, so I said.. “that must be what’s maxing out the card, that must be the rest of the fraudulent charges against my card”.. she then said “its from game on-line”… at which point I thought.. “What bloody statement is she looking at?” .. After asking it turned out she was looking at my March statement for some reason…. *** is going on there? I tell you what.. It was plainly obvious she was trying to shift the blame by making me sound like some confused fool who doesn’t know what he’s ordering by referring to some statement from 5 months ago.

I’ve had my credit card with the Halifax for over 4 years now and this is the first time it’s happened to me and I’ve been ordering things online on nearly a weekly basis for 4 years straight. Not to mention my profession is an IT technical specialist, I know how these scammers work so I’m not the kind of person who replies to the fake e-mails, fills in personal details on false sites or hands my information over on the phone to people claiming to be the bank.

I also run hardware and software firewalls to monitor all communications so it’s not like anyone can plant a key-logger on my computer or hijack my browser window. I also use Mozilla rather than IE to keep the spy ware off my PC. As an extra measure I also run spybot and ad-aware even thought I don’t use IE.

Now that I’ve ranted on how I’m not some fool lets get back to the phone call. She also told me about recent charges from a “wbsales.com” for £217. I said “let me check that site, I’ve never heard of that”.. as I was checking for the site and found it didn’t exist she said “its been shut-down”.. she didn’t elaborate on that further however and that was also very weird. Anyway that ended up being the rest of the fraudulent charges.

£217 from wbsales.com and £19 ($34.95) from diage.com

My dealing with the Halifax have been unusual during this to say the least… it was like I was speaking to Argos Christmas staff.

Anyway, with the Halifax’s attitude I have a feeling the Halifax are going to try and stitch me out of the £240 charges some fraudster has placed on my card. But we will have to wait and see, I’m supposedly being contacted in “due course”. *rolls eyes*

It’s annoying not knowing where my card details were taken from because I’ll not know which on-line shops to miss when re-registering my card details.

I dealt with the Halifax last week in a similar situation. They did cancel the card straight away and recommended it as the best course of action. What annoyed me was that they were far keener in gettng a new card out to me than the form to progress the fraudulent charges. I would agree they didn't come across like they were taking it seriously.
The quicker they start investigating these things, the more chance they of finding the perpertrators, firewall/transaction logs etc are likely to be deleted or overwritten the longer they are left. The transactions on my card were at legit UK companies that are in business today.

This card will get a cancellation once the 9months interest free are up. The Halifax can forget my mortgage soon as well.

I also run hardware and software firewalls to monitor all communications so it’s not like anyone can plant a key-logger on my computer or hijack my browser window. I also use Mozilla rather than IE to keep the spy ware off my PC. As an extra measure I also run spybot and ad-aware even thought I don’t use IE.
Hang on, you're not me, are you? :grin: That's identical to my set up! :smashin:

Anyway, I have had my mortgage, and banked with the Halifax for over 20 years, and when I had a similar situation with my credit card a couple of years ago, they sorted it within a few days. I had to raise a 'dispute' against the fraudulent charge (about £140, I think), and although they never actually shouted "POLICE!! FRAUD!!", they did take my matter seriously, and issued a new card immediately. I had the withdrawn funds recovered in about 10 days, from what I recall. The same thing happened with my Barclaycard (does anyone remember the A&B Sound security breach?), and although no money was taken fraudulently, they immediately killed my card and issued a new one.

I think the problem these days is that the customer services departments in a lot of major financial institutions, are so isolated and removed from the actual customer, by having call centers in Dubai, or wherever, the person on the other end of the phone (when you eventually get to speak to a human being), really couldn't give a sh*t about you or your predicament. All they seem to be interested in is getting rid of you as soon as possible, so they can get on to the next call.

Well i just got done - £19.56 taken out by diage.com - Never heard of them ? had a look online and they are some sort of email site. Cancelled my card.
Been using dvdpac for over a year - very annoyed But still dont know if its them or not as i use my card on lots of sites.

The same thing happened with my Barclaycard (does anyone remember the A&B Sound security breach?), and although no money was taken fraudulently, they immediately killed my card and issued a new one.

Yep I remember that very well. My Egg card number appeared on their homepage. I have to say that Egg handled that situation superbly. They were on the phone to me before I knew anything about the hack.

Just checked my credit card statement and low and behold, £19.44 taken by diage.com. The original amount was £34.95 USD but my statement mentions the Netherlands. Hopefully a concidence, but I've just bought from DVD Pacific. The banks gonna send out a form so they can investigate it.

They have got me too.
I just recently ordered from DVD Pacific and noticed this morning £19.55 had been taken by diage.com. My statement also mentioned the Netherlands. Hopefully my credit card company can sort it out.

Stung for £20.59 from "diage.com" must be dvdpacific as I have only had problem after using them. very very very ****ed off!!!! :mad: :mad:
credit card company have told me they will look into it!

I see from their wepage (diage.com) that I guess CERBER "Professional Anti-Fraud System" does not work very well...

Almost seems virus like the way it seems to be working.. and the fact its hitting a website which gives you email services.. maybe its a automated way of checking the card is valid.. hence if you see the charge cancel the card immediately before they really go spending...

Cheers

Matt

I had a look at the animeondvd link that Captain posted and a number of people have had responses from DVDPacific saying that their site is secure etc etc. This is the first order I've placed with them and then I get this. I'm not saying it's anthing to do with them, just rather coincidental. My bank hadn't heard of diage.com before. There must be a fair old number of DVDPacific customers in the UK, and I can't believe I'm the only HSBC customer that's been hit by this.

I wonder how we can find out for certain, if there is a direct connection with DVD Pacific, or if it's coincidence? It's certainly looking bad on them at the moment, and if it could be proved that their system has indeed been compromised, despite their categorically denying any breach of security on their website, I think they would have a lot of questions to answer. I'm starting to wonder whether to cancel my card, as a safety measure, but I do have a number of outstanding orders on it, so it would be annoying if it proved to be unnecessary.

I suppose if people were to post the date(s) they've placed orders with Pacific then the date(s) they received the diage.com entry on their CC statement, it might be some something to show DVDPacific that it's more than just coincidence. Although, reading this thread, it doesn't appear that there are that many Forum members who have been affected.

Has anyone contacted diage.. they are based in the uk ? to see if they have noticed loads of charges... not sure how its being charged to them as I would expect you would need a account to be billed against ?

Matt

I'm going to try them now. let you know what they say.

OK...rang the number: 0 800 076 7300, and a recorded message says "The number you dialied is not recognised, please try again"

Fake website, perhaps?

Just checked out Ruby Services Ltd and Diage.com using Yell and BT and nothing listed. I would of though there would be an entry in one of those, particulary as the site quotes a freephone number (is 0800 still free?)

I've just clicked on their sigin up button and get:

Sign up today for your Digital Age account! A monthly subscription fee is only $6.95 or $34.95 for 6 months period. Start the registration process by selecting a login name, which will serve as your email address. If you are a current Digital Age user, please return to www.diage.com and login to your account.

$34.95!! - ummm, seems to be the same amount as charged on my card.

ok i'm less sure dvdpacific has nothing to do with it now..

damn it.. they are so cheap too. great place to get my anime dvd's from.. Guess i'll have to hold out on using my new card with em'.

I was stung for the LIP,INC charge last month, but decided to give DVDPacific another chance with my new card; now I've been charged USD 34,95 by Diage.com. Ive only used the new card at dvdpacific and layoyo (layoyo doesn't store, or even handle credit card details, they use the Hong Kong and Shanghai Banking Corporation payment gateway). I've more or less ruled out malware. Unfortunately, it seems the problem is with dvdpacific, and it's still ongoing.

yup, it certainly seems to be dvd pacific 100% now. they have my other card on record as well.. gonna have to wait for my statement on that one and then see if there is anything on that too

if there isnt i'm going to pay it off and then cancel it.

Something is definitely amiss at DVD Pacific. Can anyone log into their account? I keep getting an error message "Please enter the correct information", and I know my user name and password is correct.

Anybody notice the new security logo's at the bottom of the main page.

Makes you wonder if its some ticked off ex employee doing all this lol thankfully I havent got hit but I continue to keep an eye on my account online, first sign of dodgy charges off to Barclays i go.

But im going to continue to use them as they still have some of the best prices, shipping times and probably one of the best customer services around.

You say that, but I emailed them this afternoon about this diage.com thing, and they haven't replied. The fact that I can't log into my account also rings alarm bells, which is why I was hoping others would try and report back.

Simon, no problems logging on here. I'd be very interested to know what their response is....assuming they do respond.

I've cancelled my card & requested new everything. I've also got a claims form on the way, but whether I'll ever see my 20quid again I don't know!?

I can now log into my account, but still no reply to my e-mail. :( On a more positive front, I spoke to my card issuer (Virgin), who are aware of the diage.com thing, and their system will flag any suspect charges. I asked if I should cancel my card, and they advised me to sit tight and wait for something to happen, as I would not be liable in any case. This is preferable to replacing my card, as it would have been a hassle dealing with pending orders, had my card been cancelled. I do highly recommend Virgin, as their customer service is extremely good. No phone queues, and they wern't in a hurry to get rid of me, like some banking services. 10/10!

I've now had a reply from DVD Pacific:-

Hi Simon,

We are also aware of this fraudulent activity that has surfaced but already we have heard from a UK person who is not our customer, never registered with us and supplied the card details to us that was charged and we have confirmed is not in our database but has a charge from Diage.com. It seems almost an identical situation to the recent Lip Inc. charges we eventually heard from a handful of people who were not our customers but who were also affected by the same charge.

We most certainly do agree with you in terms of the importance security must be held and I am sure you have noticed that we recently engaged the services of an independent 3rd party forensic internet security specialist to also fully evaluate our security. They ran in excess of 2000 separate tests and we passed all and consequently are now site certified by them as can be seen by the Security Metrics logo at site. This was deemed necessary in light of the concerns being raised relative to our security and should provide all customers a further level of confidence.

We will continue to evaluate security on a daily basis and make changes as is necessary to combat those new threats that are out there and evolving on a day to day basis. We have an excellent team in our IT department and please be assured that they will do all within there power to ensure all personal details we hold for you and all customers are safe.

Regards,

James S.

We are also aware of this fraudulent activity that has surfaced but already we have heard from a UK person who is not our customer, never registered with us and supplied the card details to us that was charged and we have confirmed is not in our database but has a charge from Diage.com.
That bit is slightly odd - why would they hear from a UK person who is not their customer, and never registered with them? :confused:

I have just sent this response:-

Hi James,

Thanks for your detailed reply.

It seems to me that the only (virtually) fool proof way to safeguard sensitive information, is not to store it in the first place. Many other websites I deal with store personal details, such as name / address, but do not store credit card details. OK, so this means that credit card details have to be entered for each order, but I feel that is a much more secure method, and would significantly reduce the risk of card details being compromised, should any breach of customer database security occur. May I suggest, if you have not already done so, that you look into this alternative method? I know several people on various forums I visit, who much prefer to deal with retailers who do not store credit card details, and some people will not deal with those that do, at all.

Best Regards,

Simon

not that i have been stung by these people, but i did a WHOIS in the internet for Diage.com and this came back (see below). hope you find it useful

Organization:
Edge Corporation
Jeremy Wilde
1704 Westland Road, 8401
Cheyenne, WY 82001
US
Phone: +1 800 356 3159
Fax..: +1 800 356 3159
Email: info@diage.com

Registrar Name....: Register.com
Registrar Whois...: whois.register.com
Registrar Homepage: http://www.register.com

Domain Name: DIAGE.COM

Created on..............: Fri, Apr 28, 2000
Expires on..............: Fri, Apr 28, 2006
Record last updated on..: Mon, Apr 26, 2004

Administrative Contact:
Edge Corporation
Jeremy Wilde
1704 Westland Road, 8401
Cheyenne, WY 82001
US
Phone: +1 800 356 3159
Fax..: +1 800 356 3159
Email: info@diage.com

Technical Contact:
Edge Corporation
Michael Mann
1704 Westland Road, 8401
Cheyenne, WY 82001
US
Phone: +1 800 356 3159
Fax..: +1 800 356 3159
Email: info@diage.com

Zone Contact:
Edge Corporation
Jeremy Wilde
1704 Westland Road, 8401
Cheyenne, WY 82001
US
Phone: +1 800 356 3159
Fax..: +1 800 356 3159
Email: info@diage.com

Domain servers in listed order:

NS1.PRIMARYDNS.COM 216.219.239.7
NS2.PRIMARYDNS.COM 216.219.239.8

Had a further reply to my inquiries:-

Hi Simon,

We appreciate your comments. I would like to make a few points that you may not be aware of in cases where you do have to enter card details each time you visit and your belief that they are not then stored.

This is not effectively true in most cases. A merchant must retain card details for a transaction as required by the agreements with a merchant processor for a period of 6 months and this a fairly standard merchant agreement. This is in the case of a chargeback where you will be required to provide details on the charge etc or if a credit needs to be provided to the customer. If you have ever been in this position yourself you would have not have needed to provide your card details again as they would have been held by the merchant. This is also the case with the merchant processor and acquiring bank. Also as we do not debit until we ship so there is also that requirement to have card details available when an order processes. Finally there really should not be any necessity to be concerned about this if you have the necessary security in place to ensure all details are safe. That is certainly the case with our web site and we are extremely confident in that security.

Regards,

Randy M.

Well, that told me! http://www.apax34.dsl.pipex.com/smileys/bricks.gif

All,
Think it was mentioned briefly before but can't recommend the Cahoot virtual webcard highly enough, each transaction you generate a unique cc just for the amount you wanted debited. You can even use it on those websites :blush: which have "trial" offers but then try to automatically debit further payments !

Rgds

Rich

That bit is slightly odd - why would they hear from a UK person who is not their customer, and never registered with them? :confused:

possibly because forums all over the net are directly blaming pacific for this... and people do the strangest things :zonked:

weird.

never heard of Spy Sweeper before - but run antivirus, firewall, adaware and another spyware program - Spy sweeper found usual cookies but also this

Securybanks Phishing trojan

Bit worrying - anyway its been deleted - but its odd that I can't find any reference to this name of Trojan anywhere on thenet ?

Cause to be concerned or just Spy Sweeper weirdy ?

Only website we've bought from recently is Toysrus/Babiesrus - what is odd is that both sites are now down saying "under construction" weird or what ?

http://www.toysrus.co.uk/

Mark.

If you have a decent firewall, and are not just using the built in XP effort, even if you have a trojan, the firewall should block it from sending any information, unless, of course, someone is daft enough to allow it when the firewall flags the warning. Norton Firewall has a feature where you can guard against sensitive information leaving your PC, such as your credit card number. It's just a shame that it also significantly slows down your browsing speed, so I use Sygate Pro. Currently, the Windows XP Firewall only monitors incoming traffic, but the imminent major Windows update (SP2) will put that right.

Thanks - should be OK then :)

I use Zonealarm Security Suite now - I did originally splash out and buy Norton Security 2004 - but after 6 months I got fed up with how much it slowed my PC down - and my PCs not slow (P4 3.0G + 1 gig of RAM) - took NIS2004 off and put on Zonealarm and it feels twice as quick web browsing now.

I've also had SP2 installed on since last night - just downloaded the "professional" version off Microsofts website - works just fine.

Mark.

Hmmm... I'm holding out on SP2 for a little while, as I've heard reports that it conflicts with Norton Anti Virus, which I still use. As soon as NAV issues an update to correct any problems with SP2, I'll install it.

I did originally splash out and buy Norton Security 2004 - but after 6 months I got fed up with how much it slowed my PC down.

Buckster, don't want to sell your copy of NIS 2004 do you?

I've also been hit with this charge from Diage.com - which was on the 11th August. Couldn't believe it when I first saw it. Last time I ordered with dvdpacific was back in May this year - to difficult to say if they are linked as I order from a lot of online retailers. This is the first time in 5 years I've been hit with anything like this.

Now I also tried phoning that freephone number for the UK, and someone else on here also pointed out they had done the same, it doesn't exist.

I also emailed them late last night, briefly explaining my CC details had been used on their site for some sort of subscription and that I was going to report them for fruadulent use of my details. I also pointed out that their phone number didn't work. Now to my suprise I drag myself out of bed, read my emails this morning and find a response from Diage.com.

Here is the response I got from them.

Hello,

We looked at your transaction and it seems that it was a fraudulent one.
We have refunded the payment and closed the account associated with that
payment. We, therefore, kindly ask you to cancel your dispute at the credit
card organization if you have already done it. Normally, your money should
be reflected on your card account in 2-4 days.

Regards,

Diana Wingrow
Support
Diage.com

No mention in the email about the dodgy telephone number.

I won't be cancelling my "dispute with my CC company" do they think i'm stupid, my card has been comprimised, it needs to be cancelled.

Has anyone else had any respsonsed back from this company yet.

After trying the phone number and finding it didn't work, I assumed the company was bogus. As you've had a response by email, I think I'll fire one off to them as well.

I can't imagine my cc company are going to allow any other transactions to take place with this company so shouldn't be a problem. I also will not be swayed into asking the cc company to stop any investigation. I'm expecting the dispute form to come today, so any response from Diage will be attached.

Do make sure you dispute the transaction with your bank and cancell your card as some people have also been hit with £200+ charges from Wbsales ?? a day or so after the Diage charge.

My "Diage" entry appeared on the 10th and I noticed it on the 11th. I immdeiately rang the CC company and disputed it over the phone. They said they didn't advise customers to cancel their cards at this stage but would send out a form to dispute the charge. Upon receipt of that form they would then start an investigation.

Even if I get a response from Diage and my money back, I fully intend to send the form back along with any responses.

I have asked Diage to provide me with details of how they came by from details. I don't expect a response to that, as crazyhorse69 didn't get to the telephone number question, but if I don't get an answer, I'll keep trying.

I use Internet Banking and check my account quite regulary. Since the 11th, I've been checking it every day...no more dodgy one so far.

CrazyHorse, if they are going to refund your card, they must have your card details stored and as Fatti said, how did they got your details, maybe it would be best to cancel your cards as you don't know the source of the compromise, or who else has your details.

Can we be certain that diage.com are not also victims of a fraud here? Maybe a disgruntled ex-employee using their system to charge credit cards, the details of which he may have obtained elsewhere? I'm not defending them, of course, because if that is the case, they shouldn't have allowed their system to be compromised, but it's all speculation at the moment, until one of the CC company's investigations give some answers.

I agree, if it is some third party involved in the fruadulant transactions, and it sounds as if it could be, as there have been several companies named that people have had charges from, then there may be more companies targeted by whoever is doing this.

It would be quite ironic if their system had been comprised as they say their mail server system some of us have payed for has the highest level of security and privacy :laugh:

Fatti, your brothers website is awesome. Sorry for going O/T

Well, i've just been to my local Bank, they are about as much use as a chocolate fireguard. I virtually had to get down on one knee and beg them to cancel my card for me, but she did it in the end.

She also gave me a phone number to call to get my "dispute form", so that they could put the money back into my account. I've done that and the forms are on the way.

Has anyone tried signing up for a new account on Diage, when you go to the sign up page to enter your details, it doesn't look to be using any kind of encryption at all!!!

Also all the other telephone numbers doen't exist when you go into the refund policy section the phone number is an 0800 number but a different one to the one in contact information. I tried phoning that one as well, but no joy at all.

This company has Fake written all over it for me.

Yes, it's definitely an unsecure server. Well spotted. VERY DODGY. :eek: I wonder who's answering the e-mails? I would be surprised if anyone promised refunds actually gets any money back, so don't withdraw your disputes. Anyone live near Dorking, who could check out the address?

Well, i've just been to my local Bank, they are about as much use as a chocolate fireguard. I virtually had to get down on one knee and beg them to cancel my card for me, but she did it in the end.

She also gave me a phone number to call to get my "dispute form", so that they could put the money back into my account. I've done that and the forms are on the way.

Has anyone tried signing up for a new account on Diage, when you go to the sign up page to enter your details, it doesn't look to be using any kind of encryption at all!!!

Also all the other telephone numbers doen't exist when you go into the refund policy section the phone number is an 0800 number but a different one to the one in contact information. I tried phoning that one as well, but no joy at all.

This company has Fake written all over it for me.


When I spoke to my bank as reluctant as they were to cancel my card I did find the reason why! it's costs the bank £50 to cancel and re-issuse a card.
So much for customer care!

Hey guys, look what I got:

'Dear Ian,

We looked at your transaction and it seems that it was a fraudulent one.
We have refunded the payment and closed the account associated with that
payment. We, therefore, kindly ask you to cancel your dispute at the credit
card organization if you have already done it. Normally, your money should
be reflected on your card account in 2-4 days.

Regards,

Michael Mann
Support
Diage.com'

Where's my form - I can't wait to fill it out :devil:

Now where have I seen a reply like that before........

Only this time it's from that very famous employer Michael Mann.

I wonder which randomly generated name they will pull out the hat next time.

My feeling is they want us to wait for 2-4 days for this so called "refund" while they try to use our cards a few more times.

I wonder who gets the stock reply next, I am eargerly awaiting the next one.

Maybe it would be worth sending them an email with a ramdom name, saying they have charged your card and see if you get the same reply.

My feeling is they want us to wait for 2-4 days for this so called "refund" while they try to use our cards a few more times.
My feeling is that in 2-4 days, they might be gone!

Fatti, your brothers website is awesome. Sorry for going O/T
Thanks leapfrog, I'm sure he'll appreciate the response. All his own drawings, paintings and sculptures.

Back to Diage, look what I got:

Dear Jon,

We looked at your transaction and it seems that it was a fraudulent one.
We have refunded the payment and closed the account associated with that
payment. We, therefore, kindly ask you to cancel your dispute at the credit
card organization if you have already done it. Normally, your money should
be reflected on your card account in 2-4 days.

Regards,

Michael Mann
Support
Diage.com


I got Michael Mann as well :clap: with what now appears to be a scripted response. Looks like the random name generator has gone tits-up. I've responded asking (again) where they got my details from.

My feeling is that in 2-4 days, they might be gone!
I think you may be right Simon, but might as well give it go.

Maybe it would be worth sending them an email with a ramdom name, saying they have charged your card and see if you get the same reply.

Went one stage further and just tried filling in their 'application form' on their sign up page, made up a fictitious address with contradicting information in it, went on to their unsecured credit card billing screen again filled in a load of contradicting information clicked on submit and sure enough the next screen detailed that the payment had been successful.

Well dodgy

According to a post on dvdforums ... Diage UK was dissolved on 15/6/04 (Ruby Services Ltd)

Seems very fishy.

That was mine, quick check at Companies House and as you can see VERY recent indeed.

Very fishy.

I've just got the exact same reply but from Diana Wingrow. Somehow i'm not confident they'll be paying money back into my account.

Hello, first-time poster please don't bite :)

Discovered that £19.53 had been debited from my account by Diage.com
this morning and found this thread on a Google search.

Shot off an (admittedly slightly snippy) email to Diage and got the following
reply:

"Hello,

We looked at your transaction and it seems that it was a fraudulent one.
We have refunded the payment and closed the account associated with
that payment. We, therefore, kindly ask you to cancel your dispute at the
credit card organization if you have already done it. Normally, your money
should be reflected on your card account in 2-4 days.


And one more: we are answering to each email and refunding to each
request. Anyone whom says other don't ask us.

Regards,

Michael Mann
Support
Diage.com"

Last paragraph seemed a bit odd, and sure enough a couple minutes later:

"Hello once again.

Anyone whom says other doesn't ask us.

Sorry for mistyping in previous letter. I'm a little nervous about this situation.

Thanks you.


Regards,
Michael Mann.
Support"

Even if the refund is forthcoming, I will probably cancel my card and get a
new one anyway - it's obviously been compromised somewhere along the
line (and yes, for those keeping track I have ordered from DVDPacific in the
past).

Has any had a successful refund yet?

Anyone whom says other doesn't ask us.
Last paragraph still seems a bit odd....I don't understand what that means.

No sign of a refund here. The dispute forms gone back to the bank with a copy of the email I sent and the reply from the 'nervous' Michael Mann.

it means anyone that hasn't had a refund hasn't asked for one.
Doesn't sound like English is his/her first language though.

Got home from work tonight, just checked my Statement online, and I can't believe what I am seeing.

It's a refund from Diage.com, yes you did read correctly. My dispute forms have also arrived today from the bank and I was just about to start filling them in as well.

The only thing is with the refund is that its a different exchange rate to when they money was taken. So they took $34.95 at a rate of 1.78956 which is £19.53.

Now the amount payed back is $34.95 at a rate of 1.88715 which is a refund of only £18.52, so i'm still at a loss for £1.01.

My dispute forms have also arrived today from the bank and I was just about to start filling them in as well.
I take it your still going to send the dispute form back to your bank.

Just got this from DVD Pacific:

Dear Njål XXX XXX,

Our web site has recently been subjected to various hacking attempts. We upgraded our security measures in lieu of this to ensure the
personal information we hold for you is fully protected. Part of these security enhancements have provided us information that led us to
believe that some data had been compromised by way of a worm on the server. No anti virus or spyware was able to detect this but we now
have information that contact had been made with an IP address outside our network. We attempted to capture this information without it
leaving the server so as to determine exactly what was being transmitted. Unfortunately this worm had some type of self detection available
and as soon as it realized we had discovered it, it self destructed leaving no trace evidence.

Yesterday the IP addresses we suspected behind this launched a malicious code attack on our SQL server and this allowed us to track their
IP addresses to their source and we have identified ISP's in Russia and the Ukraine. We have contacted the FBI, Secret Service and filed
a full report at www.us-cert.gov. Further a report has been filed with FSB.ru.
We have blocked any possibility of this type of attack being successful but as a
precaution we have auto updated all member account access passwords and now sending you your new temporary password as indicated
below.

Your Login - XXX
New Password - XXX

We would also request that you pay particular attention to your credit card statement to ensure that your not subject to any fraudulent
transactions and if so notify your credit card issuer immediately. We will be providing a list of all cards we have on file to each of the credit
card issuers so as they can also monitor any suspicious activity.

We will continue to monitor this situation closely as we have been since it arose and you can be assured our efforts to provide you with the
safest shopping environment online will always be of the highest priority.

If you have any questions in relation to this issue please direct them to webmaster@dvdpacific.com

Regards,
DVD Pacific Inc.
Customer Information Support
www.dvdpacific.com
www.cdpacific.com
www.adultdvdpacific.com


This is pretty much what I suspected, but IMO they should have informed customers of the possibility at an earlier date.
I had already changed my password.

Just received this message too. I find it somewhat concerning that following the obvious concerns rasied by customers it has taken them this long to contact their customers. Surely this drives many customers away to sites that do not store credit card details. Just a thought mind.
:lesson:

Got the same email - glad its been sorted - lets hope they catch the idiots who did this.
As for the delay in informing customers i would think thats due to the investigation dvdpacific have been doing - it must of been a right bugger to track/ find that worm. At least they have now told us what has happened. Once i get my new CC i'll be using them again as they are a great etailer.

Got home from work tonight, just checked my Statement online, and I can't believe what I am seeing.

It's a refund from Diage.com, yes you did read correctly. My dispute forms have also arrived today from the bank and I was just about to start filling them in as well.

The only thing is with the refund is that its a different exchange rate to when they money was taken. So they took $34.95 at a rate of 1.78956 which is £19.53.

Now the amount payed back is $34.95 at a rate of 1.88715 which is a refund of only £18.52, so i'm still at a loss for £1.01.
Just checked my online statement, and I've also been refunded...mines 85p down.

So, it was them after all. I am very dissapointed in DVD Pacific. Not only did they not inform customers earlier, but they categorically denied any compromise of security in their system. Basically, they lied. I will be thinking long and hard before using them again.

Hi all,

If it hadn't been for this site and members i would probably have been non the wiser about the Diage fraud. After following the advice from you guys and after a debit of £19.55 i have now been credited £19.57 a result!!!.

I'd better not let the missus find out about my profit or she'll spend it. :laugh:

I've found one on my statement from WBSale.com in Iceland. It is 480.95 in their currency (£268.25). This appeared on my statement at around the same time as I got the warning email from DVD Pacific. It is either an honest error on someone's part, or another fraud - I've never heard of them anyway!

Like you guys I am disappointed in the way this has been handled...

Another worry I have is that I have the same password for all online shops I am registered with - I don't know how internet password security works so have no idea if that password has been compromised? Do you think this is now a vulnerability? Is it likely that these guys would identify each customer by name and then start looking around at where else they are regisitered?

That's a good point about passwords Lex, I also use the same password for different sites, I do think you should all consider cancelling you cards though, as our card details are in the hands of some fraudster and could be used again in the future.

It's a good point, and worrying, Lex. I also tend to use one of only two passwords for online shopping. I suppose the only danger might be from sites which store card details, but even so, that's probably about 50% of the ones I use. On this occasion, I have yet to receive a fraudulent charge to my card, in connection with the DVD Pacific thing, but it has made me slightly uneasy about using this card, and I think I would ba happier if it were cancelled and replaced.

Something else to ponder - Without wishing to scaremonger, I believe (although I don't know for certain), that website security doesn't come cheap. It makes me wonder if the websites which are cheaper than most, i.e. Pacific, DVD Soon, etc, may be cutting corners on security, in order to keep costs down, so as to keep prices attractive?

I'm now weighing up whether to cancel my card, even though I haven't been 'had' yet. I think I would feel safer if I did. DVD Pacific haven't been totally honest so far, so we really don't know how deep this issue goes, and just how much information was compromised.

There's no chance of the money being refunded into my account as I cancelled my card straight away so they have my old details, so I'm still waiting for the cliams form to come through before I start whooping some fraudster ass :mad:

Something else to ponder - Without wishing to scaremonger, I believe (although I don't know for certain), that website security doesn't come cheap. It makes me wonder if the websites which are cheaper than most, i.e. Pacific, DVD Soon, etc, may be cutting corners on security, in order to keep costs down, so as to keep prices attractive?

I'm now weighing up whether to cancel my card, even though I haven't been 'had' yet. I think I would feel safer if I did. DVD Pacific haven't been totally honest so far, so we really don't know how deep this issue goes, and just how much information was compromised.


DVDsoon don't store credit card details, which is a big :smashin: for me.

Something I don't understand -- the DVDPacific email implies that the sites at fault are in Russia etc but it seems that cards are being charged/credited in US dollars. Can you do that from abroad or does it imply that in fact this is a US based company and maybe that Wyoming USA address has a basis in reality?

£19.55 was debited from my Mastercard account on the 10th august. The problem lies with dvdpacific. I know this because I have used my Mastercard only three times in the five years I've owned it, all on dvdpacific.com.

I had £19-80 debited on 30-Jul-04. When I called Barclaycard they told me to try and get a refund out of diage.com first, or it'll take them 3months to recredit me :(

Dan

Something I don't understand -- the DVDPacific email implies that the sites at fault are in Russia etc but it seems that cards are being charged/credited in US dollars. Can you do that from abroad or does it imply that in fact this is a US based company and maybe that Wyoming USA address has a basis in reality?
Well, who knows the intricacies of the hacker?! I suppose Diage.com could also be 'victims', and maybe the fraudster is using other companies as a back door to test out the cards before putting them to further use, but that website of theirs is definitely iffy. What seems odd to me is the way in which they seem to be willing to issue refunds. If they themselves were the fraudsters, would they even bother to reply to e-mails? I'd love to know the outcome, when somone gets to the bottom of this, but I doubt we shall hear any more, once it has all died down. I wonder how many people have been charged by Diage, and not bothered to check their card statements?

Also strange, is DVD Pacific stating that people who have nothing to do with them have also been charged fraudulently. How do they know? Why would people who don't hold accounts with them, and have never dealt with them, contact them? It all seems extremely fishy to me. Although I don't think DVD Pacific are in essence 'disreputable', following this, I do think they knew more than they were letting on, and it probably goes back to the Lip Inc thing a few months ago, again, which they denied all responsibility for. They now seem to imply that only passwords 'may have' been compromised, and that 'as a precaution' we should watch our card statements, but can we take them at their word that the security breach wasn't much greater?

Now I've received my refund from Diage, I've started pestering my bank to make sure they still act upon the the dispute form I sent back. The response I had suggested that as the money had been payed back, everything was OK, to which I politely reminded them I had not used Diage so who had got hold of my CC details and how. I told them I will keep phoning to see how things are progessing.

I've found one on my statement from WBSale.com in Iceland aswell for £201.98. This appeared today on my statement and at the same time got the warning email from DVD Pacific.

Have put the matter in my cc company.. Halifax.

Regards

Hi,

I'm also a DVDPacific account holder and having checked my statement today, an amount for £245.93 has been taken with the same 'wbsales.com' reference that Worm has. Already logged a query with my credit card company.

I have also checked the www.wbsales.com website and it looks like they are a Worldpay style online payment company based in the US. Anyway, I've e-mailed them to dispute the transaction.

One thing's for sure, if I can't retrieve the payment, I somehow can't see DVDPacific reimbursing me for loss caused by their security lapse and apparent unwillingness until it's too late to own up to their balls up. Think I'll add dummy credit card details to my account as I don't trust them to delete my records if I close my account. I am not a happy bunny.

Mike.

I saw that too, but it looks a bit lacking in information to me to trust it. The WorldPay site is much larger with more contact possibilities than this. I was suspicious that it just gave another opportunity to link card numbers with names.

I've just tried that link to wbsales, and the website 'cannot be found'. I've also just tried to put dummy card details in on the DVD Pacific site, but it wouldn't let me use '*' instead of numbers, and I didn't want to put numbers in, in case it was someone else's card! I suppose it would have been OK, as nothing else would have matched, but I changed the expiry date instead, which would have been good enough, but then I decided to cancel the card altogether. Inconvenient, but at least it will give me peace of mind.

Apologies, the website giving the option to e-mail is www.wbsale.com. They ask for the first 4 digits and last 4 digits of your card number to verify you are the cardholder for the payment. I've had a quick wearch on Google and they seem to be used by a casino, DVD retailer (not DVDPacific may I add) and other companies so they don't seem like con merchants.

Already received an e-mail back asking me to phone them to 'troubleshoot' the problem but it was an American phone number so asked for a UK number to call. Have also sent a rather stern e-mail to DVDPacific so we'll see what they've got to say. I've changed the credit card details on my DVDPacific account to 1111-1111-1111-111 as no-one is going to have that number.

Will let you know how I get on.

From their website:-

WBSALE systems are housed at highly secure Internet facilities.

WBSALE offers all consumers peace of mind while shopping on the Internet.
http://www.apax34.dsl.pipex.com/smileys/pmsl.gif

Hi guys,
I've also had wbsales take £200+ from my account this morning. In talking to the bank tonight I've also discovered a number of authorisations requested in the last few days totaling another £200, but until the money is actually withdrawn they can do nothing for these. I'll be talking to the fraud team tomorrow about these ones. I've also just fired off a terse email to DVDPacific to the effect that they do not appear to have responded all that professionally to the numerous security suspicions surrounding their business over a number of weeks now which has resulted in the current situation.

I've also updated my account with "demo" billing details but I fear that horse has long gone.

Regards

John S

I have had the same e-mail as everyone else

Dear,

We looked at your transaction and it seems that it was a fraudulent one.
We have refunded the payment and closed the account associated with that
payment. We, therefore, kindly ask you to cancel your dispute at the credit
card organization if you have already done it. Normally, your money should
be reflected on your card account in 2-4 days.

Regards,

Michael Mann
Support
Diage.com



Have looked at my statement today, I also got the refund, with the exchange rate problems as mentioned above so I am £1.06 out of pocket.

As for my bank LLoyds TSB, I was told there was no need to cancel my card as this was a one off event. If I had read this forum first I would have cancel my card there and then, I just think I ring the bank and say I lost the card and get a new one anyway.

What a mess! :(

I seem to have escaped any fraudulant activity but I have cancelled my credit card today just to be sure - personally (as others have already said) I would recommend everyone do the same...

Note, we have yet to hear a response from DVD Pacific. I would write to them myself, as I have done on two previous occasions, but I feel their attention should be primarily focussed of those people who have actually been defrauded, rather than on those of us who have been lucky. I will, however, be letting them know, in due course, that I have cancelled my credit card, and have been put to a significant degree of inconvenience in having to do so. I then have to make a decision as to whether to use them again.

I haven't read through the entire thread, but since some of you are changing your credit card details, may I suggest...

Visa Image Library (http://www.visaeurope.com/pressandmedia/imagelibrary.html)

I'm guessing that other credit card companies do the same, but apparently the number on these sample Visa cards is a valid credit card number that is connected to a dummy account. Anyone trying to use these numbers is immediately flagged and reported. If you're changing your credit card details, this might be a good way to do it. (just make sure you don't actually try and order anything after changing them)

I don't have any evidence of this, however. It's just something I heard someone say in another forum.

Had another charge I don't recognise last night for £91 from a company in London caliing itself 'Mailboxes'. Anyone eles seen that one?

I cancelled my card straight away last week, but I've just got a refund of £18.50 from Diage.com.

Maybe they think that if they refund everyone, no-one will report them. If they take £1.03 off everyone they ripped off, they will still be making a packet.

...or maybe it was just an elaborate scam to highlight the security flaws of a certain e-tailer?

If they take £1.03 off everyone they ripped off, they will still be making a packet.
I would of thought that as they had taken 34.95 USD and then refunded 34.95 USD they wouldn't be making a penny (or should that be Cent). Because of the exchange rate fluctuations, its the CC companies that would be making money (assuming the exchange rate went the right way). I was 81p down but jjcook was 2p up.

Yeah I realised after I wrote it that it was to do with the exchange rates, I was too lazy to change it

I've been a pacific customer for a long time - they've not sent me the email, and I've (so far) not had any dodgy charges on my card. So... I'm wondering if they do actually know exactly who's info was compromised :god: and are only sending the email about their server worm to customers that were affected. I doubt they'd want to let on about it to customers that weren't affected as it would obviously have an adverse effect on their business, so they're only confirming it to those that are being hit with dodgy charges and hoping the rest are remaining oblivious to whats going on.

Just a thought, as if there aren't enough conspiracy theories floating around already. I can't help but wonder though. :confused:

I've not been hit by fraudulent claims (yet), but have received the stated e-mail from DVD Pacific yesterday, maybe it just takes them a lot of time, i don't know.
I think i will order from them again in the future because they have improved their security measures and hve had their lesson from this incident.

I've not been hit by fraudulent claims (yet), but have received the stated e-mail from DVD Pacific yesterday, maybe it just takes them a lot of time, i don't know.
I think i will order from them again in the future because they have improved their security measures and hve had their lesson from this incident.
Ditto. Received e-mail, but no fraudulent charges, although I have now cancelled my card. I will, however, be giving them a wide berth for a while, before I consider using them again. They have obviously cut corners on security, to enable cheaper prices, and they have handled this incident quite poorly, in my opinion. They need to realise that customer's data security is paramount.

Have now received a reply to my e-mail to DVDPacific asking how this was allowed to happen and what they intend to do to rectify the situation. Very non-committal as expected.....

"We are aware of two companies presently Lip Inc and Diage.com that have
processed fraudulent transactions but certainly not discounting anything at
this time and yours could well be related.

Your credit card issuer should reverse this transaction once you have
informed them that it is fraudulent. If they require any information from us
at all please have them contact me directly and I will be glad to assist.

I would point out that this was not a lapse in our security as you note but
rather an attack from a previously unknown or documented threat and
unfortunately when doing business on the internet it is an ever evolving
threat and is our duty to continually monitor and protect our customers
against any and all attacks. We have been successful in that for almost 10
years now that we have been on line and we will continue to be diligent in
this regard always.

Regards,

Brad S.

DVD Pacific Inc.
IT Management
www.dvdpacific.com"

I would point out that this was not a lapse in our security as you note but rather an attack from a previously unknown or documented threat
Well, surely if there was no lapse in their security, the threat wouldn't have got through? To be honest, I would have more faith in them now, if they held up their hands and said "Sorry, we messed up", like A&B Sound did, immediately after the threat was realised. At least then, people could have cancelled their cards, and wouldn't be going through the hassle of trying to recover their money.

I think an even more disturbing factor to this saga is the mixed messages I'm seeing from people who've contacted their card provider & the support offered. As soon as you notify a credit card company that (you feel) there has been a fraudulent transaction, the transaction should be reversed. This was certainly the case for me. The card company should then investigate and will either let the reversal stand, or if indeed later decide the transaction was valid retake the amount in dispute. At all times should you feel there is a chance that your card has been compromised you should inform the card company who should instantly close that card account. A real pain as I’m now finding out, but better than having to scrutinise your transactions online all the time. Worse still if you have to wait for a month at a time for a statement.

Paul.

I checked my latest credit card statement and found a charge of £19 from Diage.com.

I have not received any mail from DVD Pacific about a change of password (unless I accidentally deleted it), and my previous password no longer works there.

I've contacted Barclaycard about it, and they are going to send me a form to fill in. Has anybody else followed this path, and if so has it been successful?

Alan, I contacted my bank and got them to send me a dispute form which I signed and sent back. A few people on this thread (myself included) have emailed Diage asking for their money back and have been refunded. I phoned the bank to tell them that Diage had refunded the money and asked if they would still pursue it as it was still a fradulent transaction.

They have sent me a letter telling me they are pleased to tell me that a credit has been applied to my account and to phone Customer Services if I have any questions. I get the impression that as the money has been refunded they aren't bothered. I'm slightly out-of-pocket even after the refund, so I'll keep onto the bank a see what happens.

Thanks to everyone who posted. At least I understand what's happened now!
Mine's in the hands of the CC company now.
Good luck to all in getting the matter resolved.....

Thought I should add that as far as I'm concerned, the source of my DIAGE charge appears to be DVD Pacific. I do a lot of shopping online, but have never had this happen. Hopefully it will be resolved and DVD Pacific will win back consumer trust. They're my number one Region 1 supplier (for several years now) and will continue to be with a second chance.....if I get my money back and they accept my new card....!

I have also been charged 34.95USD from diage.com, and have never visited their site. But i havn't bought anything at DVD Pacific, so serveral other webshops must be involved. Only shops where I have used my VISA card are:
101cd.com, amazon.co.uk, ebay.de and paypal.com. The last three I doesn't suspect for anything but 101cd.com seems a little suspicious to me, even though i recieved the cd without any problems.

Some hackers must be using our cards, i'm getting my closed asap. :mad:

It would certainly be interesting to see if there are any other links, apart from DVD Pacific, between those who have had fraudulent charges to their cards. 101cd are another company who store card details. I don't think there's much doubt now, though, that DVD Pacific had their security compromised.

From what I can gather from this thread, is that it's mostly VISA and, to some extent, MasterCard users. Has anyone with Diner's Club or American Express been hit?

I just looked for wbsales.com on Google and found this thread. I'm glad it not just me!

In the last month, I've had 3 payments amounting to over £400 taken from my account. 2 from wbsales.com and 1 from diage.com. I've been to my bank today (Lloyds TSB) and they said they'll refund the money to my account straight away, and then try and chase the money, then replace my card with a different numbered card.

I buy a lot over the web, but nowhere that might seem suspicious. I'll always check them out first. Buying over the phone isn't much better, as they may keep a record of your card details anyway.

It is really frustrating that this can happen, it really can waste your time sorting it out.

I just looked for wbsales.com on Google and found this thread. I'm glad it not just me!

Welcome Hillbilly. Did you use DVD Pacific? it seems that there are a few people that have been hit that haven't.
Those scammers must have a lot of cc numbers if more than one site has been hit. DVD Pacific have owned up but it would be useful to know which other sites have been hacked. Some people use different cards on different sites. Who know's how and when the hackers will use use the info in the future.
:mad:

It might be useful if people posted lists of the companies they use, particularly the ones which store credit card details. That way, maybe other links can be made between people who have been 'had', and it may be possible to establish any other companies who might possibly be victims, but don't know it yet.

Soddin' hell.....just checked my statement and now I've got FOUR entries from DTV*DIRECTV SERVICES in California for 437.20 USD totalling £246.07. This time as there are four entries, the bank has classed this as fradulent and cancelled the card. Anyone else had these B******s yet?

Maybe a stab in the dark, but has anyone whose got hit used DVDMode? I used them once some time ago but the item was discontinued so they cancelled it. Their site's been down for 'maintenance' for a number of weeks but now there isn't even the message. Maybe a coincidence...

Another site which has been down for ages is DVD.com.

What I cant understand is, if someone has been harvesting credit card details and they show up on your statements as Diage, wbsales, Directv etc, how are the individuals actually getting the money. Are these websites just a front. Directv's is quite elaborate and looks legitimate so a lot of work would of had to go into it. Diage's maybe a bit dodgy as the sign-up process wasn't secure but someone did reply to the emails and refund the money. Surely a legitimate company would know that they had money from people who didn't actually have an account. :(

Hi all

I have had the same problem as everyone else with Diage.com. I e-mailed them, got the standard reply. I also cancelled my card with barclays and they've sent me the form which has been sent back. No sign of the credit from the bank yet tho.

The main point of this post it that, a friend told me about the earlier problem with another company taking money (through DVD Pacfic )and i hadn't had any trouble.
I received a new "chip & pin" card and only entered my new details after DVD Pacific had "allegedly" upgraded their security. This was the only site i had put my new number on and hadn't even used it anywhere else apart from the cash machines when i got hit. Seems to me that no matter what they say DVD Pacific have to be to blame.

Received my new card the other day. Needless to say i haven't given the new number to DVD Pacific.

Hey everyone!
I found this site after Googling diage after I found they'd taken $34.95 off me too. I've e-mailed them and I'm going to the bank tomorrow to have it out with them.

For the record, I'm with Barclays, I only ever pay online with my Visa debit card, and I have never visited the DVDPacific website you guys are talking about! So it's obviously not just limited to them. The only sites I use are 101cd.com, Amazon (UK and .com), cd-wow.com, play.com and I think I have my card details on Paypal. But anyways, I'm gonna cancel my card tomorrow and let the bank know what's going on. Hopefully it'll be sorted out soon enough cuz I kinda need the money - ahh, the student life! :grin:

andyp1977 I received a new "chip & pin" card and only entered my new details after DVD Pacific had "allegedly" upgraded their security. This was the only site i had put my new number on and hadn't even used it anywhere else apart from the cash machines when i got hit. Seems to me that no matter what they say DVD Pacific have to be to blame.

Some charges to your old card number will be moved to your new card automatically (ie if you placed an order the week before with the old card it may still go through even if the card is 'cancelled').

That's what my bank told me and they were correct as it's happened. They did say they still keep an eye on the old account. Sounds strange to me but it seems true.

If unsure contact your bank and don't be so quick to blame unless you have some real evidence.

Some charges to your old card number will be moved to your new card automatically (ie if you placed an order the week before with the old card it may still go through even if the card is 'cancelled').
Yes, I think that's true. If you cancel your card, no further transactions may be carried out with it, but any transactions made before cancelling the card (even if it's only an hour before), will still go through, and may appear on the new card, although many CC companies actually close one account down, and draw up a final statement when all transactions are complete. Then they merely transfer the balance of your old account to the new one. It obviously depends on how your bank / CC company works, but it's best to keep check on both old and new accounts for at least a few days after closing the old account. In any case, your bank / CC company should have known what transactions were still pending on the cancelled account, and blocked anything suspicious.

I think in andyp1977's case, you should check with your card issuer, when the fradulent transaction was actually made, which will be a few days before it appeared on your statement, then you may be able to establish which card was affected.

Just discovered I've been hit by this scam also :mad: Suspect its been through dvdpacific... not a happy :censored: bear!!

Four entries on my credit card each for identical sums of £463.23, so almost£2,000 in total. Transactions were dated 19 August. Unfortunately I don't have the details as I write this at the moment, but I recall the company was something like SKR Holland. I think I spotted them before the transactions were cleared, but I am waiting for the first statement on my new card to see what damage there is. I am a DVD Pacific user. Bit disappointing that my credit card company didn't think that 4 identical payments on the same day looked suspicious!

I'm another DVD Pacific customer: just discovered a payment of $450 to wbsale.com on 17/8/04. :(

Does Anyone Not Think This Fiasco Is Getting Out Of Control? What Ar The Police Doing About This???

The police are too busy with there Speed cameras :grin: to worry about a bit of internet fraud :mad:

Pacific reckon the FBI are involved now, but they'll be too busy covering up the ongoing alien invasion of the earth to do much either. And even if they do get it sorted I doubt word will filter down to the bods that have been stung.

Someone should tell George Bush Al Queda are using this to fund their terrorist activities and he'll send in the marines. job done.

It's really frustrating to see something like this going on for this long with seemingly no end to it.

That would seem to be take on it too Captain.

I had cause to make a complaint official several weeks ago about alleged fraud and despite being promised several return phone calls, not one materiialised.

Funny they can get their arses in gear when a speed camera is vandalised, but not so fast when punters are being conned or property trashed.

Apologies if I have taken this excellent thread off topic.

I've just been stung by diage.com for $34.95 but have not been any where near DVDPacific

Diage.com s telephone number is down so is their CS email
they said:
"We apologize for inconvenience. Our service is temporarily unavailable.
If you have any questions concerning your previous payments for our services please refer to your financial institution."

I find their website very Suspicious and can't help suspecting they are part of a scam. The site asks for CC details WITHOUT encryption. Something Very wrong there. They need to be exposed and taught a lesson

I've just been stung by diage.com for $34.95 but have not been any where near DVDPacific

Diage.com s telephone number is down so is their CS email
they said:
"We apologize for inconvenience. Our service is temporarily unavailable.
If you have any questions concerning your previous payments for our services please refer to your financial institution."

I find their website very Suspicious and can't help suspecting they are part of a scam. The site asks for CC details WITHOUT encryption. Something Very wrong there. They need to be exposed and taught a lesson

Hi Folks
I have just discovered that I have been had by 'diage.com' for the sum of
£20.50 this morning. I did buy from Dvd Pacific also and that's where I think my cc details were compromised. I got on to my bank pronto to cancel the card and order a new one.

Like everyone else I fired an email to diage.com asking how they got hold of my details.

"Dear Customer,

We apologize for inconvenience. Our service is temporarily unavailable.
If you have any questions concerning your previous payments for our services please refer to your financial institution.

Best Regards,
Support team"

This was the reply that I got. I am beginning to wonder if we will get refunded or indeed any answer from these cowboys.

Thanks for this thread and I will follow the latest developments.

Brian

Hi Folks
I have just discovered that I have been had by 'diage.com' for the sum of
£20.50 this morning. I did buy from Dvd Pacific also and that's where I think my cc details were compromised. I got on to my bank pronto to cancel the card and order a new one.

Like everyone else I fired an email to diage.com asking how they got hold of my details.

"Dear Customer,

We apologize for inconvenience. Our service is temporarily unavailable.
If you have any questions concerning your previous payments for our services please refer to your financial institution.

Best Regards,
Support team"

This was the reply that I got. I am beginning to wonder if we will get refunded or indeed any answer from these cowboys.

Thanks for this thread and I will follow the latest developments.

Brian


WHY are Diage still allowed to trade? One too many fraudulent transactions for my liking.

is it safe to use DVDpacific again or still hold off for a while?

is it safe to use DVDpacific again or still hold off for a while?
I used them the other day, but with a Cahoot Webcard, which is only valid for one transaction. Means you have to amend your card details each time, but I don't use them all that often, so it won't be too much of a hassle.

hi, have been stung this morning for the princely sum of 400.00 u$ dollars by wbsales in iceland. conyacted barclaycard who cancelled the card straight away, and are sending me a claim form to get a reimbersement. i have only used dvdpac 2 times.the chap one the phone at barclays said the bells started ringing straight away when i pointed out that they wanted u$ dollars even though they are in iceland.

Don't hold your breath waiting for the claim form from Barclaycard. I've been waiting over a week so far.

Don't hold your breath waiting for the claim form from Barclaycard. I've been waiting over a week so far.

Geez my first post & i get to whinge. :)

Yes another dvd pacific buyer although when i immediately contacted visa concerning the email i'd recieved from DvdP there were no charges mentioned and now, i think i might have to contact them again incase diablo (sp?) have had me too! I am concerned about using Pacific again. :(

As for barclays and chargebacks.....they forgot about my FIRST (and only) chargeback after continually telling me by phone for months, that, it was in dispute. After calling i was then told they had forgotten about it, and resent another form to me AFTER i had given all relavent info back in May of this year! Why they couldnt just do it on the computer is amazing. All this was after going through a very lengthy process with Paypal who after saying "they had done all the investigative work for my case" would not accept from me a sellers own email to me, admitting the goods that he sold were not as described, from an ebay sale. For 3 weeks i heard nothing from paypal while they investigated nothing with me, and was then told to get (at my expense) a Letter from a company stating what i said about the goods!!! after losing money shipping/import duties and a handling charge....Yeah right!

Online transactions are ok, till they go wrong. After all i had to read at Paypals site after this event....i agree what was said earlier. Small transactions maybe a better bet. Rant over. :)

Still seems to be going on, my cc fraud dept wrote to me today about two transactions totalling £1500 :eek: on same day to :censored: Ladbrokes!! (???) So that's my card cancelled, and I won't be trusting dvdpacific with the new one for a very, very long time.

I would think dvdpacific is one of the safest places to shop now after their recent misfortune. I certainly will still be using their excellent service.

A recent correspondence from them:

We are aware of the current publicity and is unfortunate and certainly thank you for your continued support. I can supply the following information which comes from our IT department:



You can be assured that now we are aware of the means this breach has been perpetrated we put in place enhanced security measures to ensure that we can never again be subjected to same or similar threats.



We are Security Metrics site certified, we are Visa U.S.A. CISP Compliant, MasterCard SDP Compliant, American Express Compliant and Discover Card Compliant so the security in place does meet the very exacting standards required by these card issuers and unfortunately this attack was by a previously unknown or undocumented threat. It certainly has made us more vigilant and we will do our utmost to protect the information you provide us.

Why can't the use the Verified by Visa thing, like they do on DVD Soon, and other etailers? I will only use them now, with a single transaction card, such as Cahoot Webcard.

But I have not purchased an online DVD.

I did get an email from support@wbsales telling me an internet transaction had been approved. The mail was so obviously a dud I mailed and requested full details to help an investigation. What I got back was an automated response asking me to call an American phone number. Fearing a huge dialing charge I called my CC company instead and sure enough there is an unuathorised CC transaction today for £273.11p.

A little investigation on line dug up some info and I sent this mail to the relevant hosting companies as well as directing the CC to begin fraud investigations. My card was stopped instantly because I caught this within hours of it being processed.


If these details help anyone else then I'm glad to have helped.


Sent: 04 September 2004 01:22
To: 'abuse@level3.com'; 'hostmaster@maxil.com'; 'afoster@cablebahamas.com'; 'abuse-mail@mci.com'; 'abuse@securehost.com'
Subject: abuse

Dear Sirs,

I am writing to make you aware of a possible fraud that is being perpetrated from a set of websites hosted by yourselves.

Members of the public including myself are having fraudulent entries made on their credit cards. I have received mails from support@wbsale.com and bt-ltd@net-member.com advising that a credit transaction has been authorised. Checking with my credit card company today verified that a fraudulent charge was made, and this is being investigated by the fraud department. Further evidence can be seen here… http://www.avforums.com/forums/archive/index.php/t-142625.html

The mail I received today is below:

World Wide Marketing Services
Your Internet Purchase has been Approved
Your Credit Card Statement will reflect the billing company as:
wbsale.com 8667660556
If you have any questions you may reach customer service at the above number or email us at:
support@wbs