Possible creditcard fraud - WARNING!

[captaineyecatch]

Edit
NOTE - It is not just dvdpacific customers but other places aswell. Many people who have had this problem were not and have never been customers of Dvdpacific.

This was posted on the dvdforums.
A lot of people has had an amount of $39.99 withdrawn yesterday via their VISA cards - one person has just had an additional $75 withdrawn today. All have been customers at Dvdpacific and it seems a major creditcard breach has happened there. So far people from Denmark, Norway, Australia, Finland, Germany and USA has been hit has had the amount withdrawn- all seems to be Dvdpacific customers. Make sure you check your account!
More details....
animeondvd forum thread USA site with amny UK users.
http://forums.animeondvd.com/showfla...fpart=all&vc=1
dvdforums thread (may need to register)
http://www.thedvdforums.com/forums/s...d.php?t=305568
Australia forum thread.....(need to register to read)
http://www.dvdplaza.com.au/forums/sh...ad.php?t=29194

Norwegian forum thread
http://www.dvdarkivet.no/forum/viewt...orum=5&start=0

[monsieurblack]

wow!
thanks for the heads up. not good news at all i haven't actually bought anything from them myself, but it does serve very well a reminder of what can happen...be on your guard members
shame
monsieurblack

[anephric]

I ordered from there just last week: will be checking my card keenly.

Thanks to you, sir. If anyone's worried about such things you should bear in mind that your credit card should cover against instances of fraud such as this. Mine does. Barclaycard and Egg etc (I'm fairly certain) protect against internet fraud.

They should be able, at the very least, to chargeback to the source of the transaction.

Regards,
anephric

[chris110]

Havent ordered from them for a few months but thanks for the info all looks a bit fishy at the moment.

[Simon6776]

Very worrying. I have outstanding orders with them, and have ordered loads from them in the past. It will be a real pain of I have to change my credit card, as I also have orders outstanding elsewhere. I have e-mailed them, asking them to clarify the position, as a matter of urgency.

This is one of the potential problems with companies that store credit card details, and I will be seriously considering whether I want to continue using them, if this turns out to be a drama, unless they change their set up, so as not to store card details.

[anephric]

Quote:

Originally Posted by Simon6776

This is one of the potential problems with companies that store credit card details, and I will be seriously considering whether I want to continue using them, if this turns out to be a drama, unless they change their set up, so as not to store card details.

Yes, I far prefer sites that use Worldpay etc. I don't like having my CC details stored here there and everywhere (particularly sites that make it a condition of your joining); also particularly because I've worked at a mail-order firm where customer financial security was a joke.

I didn't consider that I'd have to change my card no: whenever I've had "odd" transactions I've just informed my card issuer and they've sorted it. Maybe I should really do that...

[Simon6776]

Quote:

Originally Posted by anephric

I didn't consider that I'd have to change my card no: whenever I've had "odd" transactions I've just informed my card issuer and they've sorted it. Maybe I should really do that...

The danger is that if a fraudster gets hold of your card details, there's nothing stopping them repeatedly charging your card, unless you change it. If you just ask for a re-issue, the fraudster then only has to guess the new 'Valid To' date, which isn't too difficult.

[Rambo John J]

nothing untoward's gone on with my credit card so far

[Paul Williams]

Placed an order last week, which has been charged OK - but if you do use internet retailers you should always make regular checks on you account. Wouldn't dream of using an account the didn't allow me internet access to monitor transactions. More importantly, if you use suppliers infrequently and they hold details perhaps you should change the card number or put alphas in the number, until you use the company again. Most allow you to manage your own details.

Paul

[Ger]

Is this specifically to do with DVDPacific, or for CC's in general. I read the following on Tom's Hardware:

http://www.tomshardware.com/hardnews...22_052350.html

Might be a connection here.

[anephric]

It actually isn't hard to get hold of credit card numbers: until only recently if you were a legitimate company you could send off for lists (from the CC issuers) of credit card numbers to use for authorising purposes, etc. One of the biggest CC scams in history was pulled off in this way (with each number only being charged a couple of dollars so that the owner was unlikely to notice/care).

The idea of changing your CC number in between orders and filling with Alphas etc is actually a really, really good one. I've never thought of that. Jolly good idea, sir! Unfortunately with some types of e-commerce software (old versions of actinic) multiple copies would be made of your account details, so that even if you changed the CC details in your account online, they'd still be the correct CC details in past order history etc available offline to the retailer (and hence thief).

Dodgy as ****.

[Simon6776]

I e-mailed DVD Pacific with my concerns, and this was their reply. I should mention that the forum they refer to is not AV Forums:

Hi Simon,

We are aware of this and our IT department have been actively investigating. It has been determined that our system was not hacked externally and latest update posted last night to a DVD forum is below for your reference.


A further update for everyone.

Firstly I would like to thank the owners/moderators of this forum allowing us to post the information that we have to date. I wanted to write to you directly but was unable to locate exactly where I could do that and your forum has become a center for information to all and filtering through from here to other forums. So again thank you.

We have now almost exhausted our efforts to locate who is behind these fraudulent transactions and unfortunately I can report that the number of countries it involves has widened. What we have discovered though is that it appears much more elaborate than we initially realized and involves more people than just customers of DVD Pacific. With that knowledge we have now lodged a formal complaint with the FBI's Internet Fraud Complaint Center (www.ifccfbi.gov/) and obviously there resources far outreach what we have available to us and we now entrust them to continue this investigation.

The whole scam does appear to be a "not for profit" venture and for those of you that have expressed reservations concerning Lip Inc. and that they are the beneficiaries here I would at this time state that this is not the case and they truly are victims also.

My direct advice for now would be to carefully monitor your incoming credit card transactions and report anything suspicious immediately to your card issuer.

Obviously this has made us look long and hard at our own security and the only "flaw" we located was that we had card numbers visible to customers when logged into there account. If your browser was hijacked then this could lead to a problem so we have "masked" card numbers now. Many of you have shown though that you are very diligent in maintaining your own personal security on line with having software running regularly to alert you to these types of attacks so we feel that combined with the numerous different operating platforms and browsers involved with those that suffered fraudulent charges was not at issue here.

Lastly I would genuinely like to thank on behalf of all of us at DVD Pacific those that took time to e-mail in with details we requested and many of you also expressed support for us at that same time. It was sincerely appreciated.

Regards,

Brad S.

DVD Pacific Inc.
IT Management

Am I the only one who doesn't quite understand that? Is it just their customers or not?

[Simon6776]

I just asked for further clarification, as to whether it was just DVD Pacific customers who have been victims, or if it was merely a co-incidence that they also just happened to be DVD Pacific account holders, and got this reply:

Hi Simon,

You have read correctly. We have since this started heard from people who are not DVD Pacific customers and have also been subjected to the same fraudulent charges processed through Lip Inc. and we have been unsuccessful in locating where the information may have been leaked from and hence reported to IFCC.

Regards,

James S.

I wonder if it's worth giving them a link to this thread, to see if they want to respond - Mods / Admin, would that be OK?

[Lex]

Not my decision - I will refer this thread to Spectre...

[Stuart Wright]

Yeah if you want to tell DVD Pacific about this thread, that's fine.