Jump to content

Fradulent Credit Card Transactions


Recommended Posts

Two three or four are coincidence - Steve look back at the thread - do you think we all buy gas in the same station - there are well over double digit situations that occurred. It’s happens - not your fault but to blow it all is insulting.  My purchase was in either late dec or early January - i will have to look up the date.

 

there is a problem - look at he numbers.  

Link to comment
Share on other sites

Ps - I’m not worried due to protection i have in place - but i am insulted by the answers. You make a great ame. I will continue to play, but until you change your pay method - dump payp[al if you think they are the problem. - i will not buy nor will i recommend people buy. (As i said - you make a great game - so i will never bad mouth it - i will just make sure people are aware. Then it’s heir choice.

Link to comment
Share on other sites

5 minutes ago, coachjohn said:

Two three or four are coincidence - Steve look back at the thread - do you think we all buy gas in the same station - there are well over double digit situations that occurred. It’s happens - not your fault but to blow it all is insulting.  My purchase was in either late dec or early January - i will have to look up the date.

 

there is a problem - look at he numbers.  

maybe, that is what we call looking from bias.  You need a baseline comparison.  How many BF customers experienced credit card fraud say sept - dec who did not purchase anything from BF or even how many people have experienced credit card fraud in this same time period (Jan) who haven't purchased from BF.

Edited by sburke
Link to comment
Share on other sites

38 minutes ago, sburke said:

You need a baseline comparison. 

The most relevant baseline would be to check what is the number of people posting on this thread raising this issue (or doing so privately via the helpdesk) that entered their credit card details on the provided form, versus the number of customers who didn't enter any credit card details and used directly Paypal (rather than having the website forward to Paypal the card details). If that info is being logged, of course.

I used Paypal directly to buy CMSF2 on 5th December 2018, and I didn't get any cards compromised.

Link to comment
Share on other sites

Had something similar last week $160 buck of postmates food delivery in 4 different cities.  3 in California and 1 in Ohio.  Did get my money back but I have wondered like Steve with his ATM fraud, how do their systems allow different accounts to process payments with a card number tied to a different account in very different geographic areas.  Then again no matter what changes are made, criminals will be criminals and adapt to beat it until the next obsticle comes along.  Rinse and repeat.

Link to comment
Share on other sites

9 minutes ago, coachjohn said:

Is it a coincidence that many young people wear nfl football juries yes. Is it a coincidence that everybody near Philadelphia wear eagles Jessie’s _ no.

 

it happens. Just be proactive. 

there are so many things wrong with that analogy.  So okay how many people above have actually reported this - 20.  How many people purchased CMSF or some other BF game in the past 6 weeks?  (and then how many of those frequent the forum to see this thread).  

So BF has gone to the folks who are responsible - they are being pro active.  What exactly are you asking for?

Link to comment
Share on other sites

I think we are reacting to things we do not truly understand here.

I have also noticed with my co-workers at work the same thing. Four out of 8 of us all have had fraudulent activity on some account in the month of January.

So this breach of information is way bigger than BF data. Because non of my co-workers own CM . 

So as Steve pointed out, it is just a result of averages that so many of us have been hit.

 

What is really mind blowing is the amount of activity that is going on. That is a lot of people doing corrupt activities.

Link to comment
Share on other sites

13 hours ago, coachjohn said:

Is it a coincidence that many young people wear nfl football juries yes. Is it a coincidence that everybody near Philadelphia wear eagles Jessie’s _ no.

 

it happens. Just be proactive. 

How I understand Steve is that they are being proactive about it.
While the samples on the forum do indeed give the impression of a pattern, it is far from a scientific study. Given the amount of credit cards out there and the number of leaks, all could just be random. 

One thing I think is odd is @JulianJ having his supposed to be new, unused, card hijacked. 

Personally I used my paypal account, no problems.

Link to comment
Share on other sites

I bought CM:SF 2 on it's release date in December with a visa debit card. At the beginning of January I got hit with three fraudulent purchases. The card is now cancelled and those transactions have been now refunded.

First time this has happened to me, as far as I can remember.

Link to comment
Share on other sites

This morning I had a chance to check, and it was not the first transaction, I'd activated it at the end of november, made 3 transactions with my website hosting provider online, then BF on 23rd Dec. The attempted frauds were on 8th Jan. So of course it could be my hosting provider, but it is still a "bit of a rum do". Strange.

Actually - my hosting provider does store the card numbers for repeat billing via a merchant gateway.  But it has my debit card and another credit card and neither have had fraud attempts, which does suggest that they somehow got hold of it via the BF transaction. I can't see any other possibility, although I do concede I am no cyber crime expert.

 

Edited by JulianJ
Link to comment
Share on other sites

15 hours ago, coachjohn said:

Two three or four are coincidence - Steve look back at the thread - do you think we all buy gas in the same station - there are well over double digit situations that occurred. It’s happens - not your fault but to blow it all is insulting.  My purchase was in either late dec or early January - i will have to look up the date.

 

there is a problem - look at he numbers.  

As others have pointed out, you don't understand how coincidences work.  Therefore, you are not understanding what I and others are saying about them.  You also make a claim that I'm trying to engage in some sort of cover up or blame shifting, yet here this thread is with people reporting BY MY REQUEST.  Frankly, if either of us should be insulted it should be me.

The notion that there's something specific tied to CMSF2 is a good example.  There's no way that someone with access to the credit card data stream would care about what game someone ordered.  Therefore, if someone intercepted credit card data they'd just as easily nail someone who bought CMBS Battle Pack as they would CMSF2.  Right?  Therefore, people responding that they bought CMSF2 and had a compromise IS ABSOLUTELY a coincidence.  And a very easily explainable one... we opened up sales for CMSF2 in December and it shouldn't be surprising that the vast bulk of our financial activity since then  has been for CMSF2. 

As others have pointed out, we've not heard from every person that ordered a product since December.  What we've heard from, in this thread, is probably less than 1% of the people who placed orders in the last 2 months.  It stands to reason if 100% of the credit card information was intercepted in this time period we'd see a higher % of the total customer base affected.

So on and so forth.

Notice that despite me keeping a clear head about this, I am not ruling out the possibility that there was some sort of data breach somewhere.  All I can say is that the vulnerabilities we have control over either do not exist (we do not store data!) or have been checked (scripts have not been hacked).  I don't know what more I can do, but I'm open to doing anything specific if there's a REAL vulnerability discovered.

Steve

Link to comment
Share on other sites

1 hour ago, IanL said:

Yeah wow. I wonder if in six months or so there will be reporting in the news about some big data breach.

Unfortunately, odds are it will happen.  Whether that has anything to do with what we see here or not, I can't say.  But in 2018 there was 1,000,000,000 accounts compromised THAT WE KNOW OF.  It's a problem that is only going to get worse until the financial services step up their game.

Steve

Link to comment
Share on other sites

Quote

It's a problem that is only going to get worse until the financial services step up their game.

Actually Steve, it is my impression that the financial services industry wants people to use their cards easily online, without putting users off and this makes fraud easier than it could be. IMO the banks take it in their stride as part of the costs of doing business.

Link to comment
Share on other sites

I always use a Paypal account, which I do not keep signed in.  This means that at the point of completing the transaction, I get taken off to Paypal's site and I am not entering data ie my username and password anywhere other than on Paypal's site.  I don't use debit cards for online payment, period.

When you use a form on a website which is not clearly an iframe from a payment gateway, it is difficult to tell where the data is being posted.  Or whether, indeed, javascript in your browser is quietly hoovering it up and firing it off somewhere in the background.

Link to comment
Share on other sites

11 minutes ago, JulianJ said:

This morning I had a chance to check, and it was not the first transaction, I'd activated it at the end of november, made 3 transactions with my website hosting provider online, then BF on 23rd Dec. The attempted frauds were on 8th Jan. So of course it could be my hosting provider, but it is still a "bit of a rum do". Strange.

Actually - my hosting provider does store the card numbers for repeat billing via a merchant gateway.  But it has my debit card and another credit card and neither have had fraud attempts, which does suggest that they somehow got hold of it via the BF transaction. I can't see any other possibility, although I do concede I am no cyber crime expert.

Of all the reports here, this is the one that makes me the most concerned.  There are breaches going on all the time, small and large scale, so any one individual could have their card compromised even after 1 use.  That's statistics for you!  However, the timing of the bulk of the fraud charges here does seem to indicate many (most?) came about as the result of a single breach.  So you'd have to have been a victim of a separate breach as most of us (none?) also use your ISP.  Also statistically possible, but a real outlier if that's the case.

Steve

Link to comment
Share on other sites

5 minutes ago, JulianJ said:

Actually Steve, it is my impression that the financial services industry wants people to use their cards easily online, without putting users off and this makes fraud easier than it could be. IMO the banks take it in their stride as part of the costs of doing business.

Yes, this has certainly been the case until recently.  The very, very, very slow introduction of chips into the US market is a prime example of the reluctance to adopt preventative measures.  However, as the breaches become bigger and more costlier the calculus will change.  Especially if a major card company views a better mechanism as a competitive advantage over other card providers.  As they say in Capitalism, it's rarely good to be first but it's even worse to be last.  Or something like that :D

I am getting the sense that the Marriott hack might have started us down a better road.

5 minutes ago, Jock Tamson said:

I always use a Paypal account, which I do not keep signed in.  This means that at the point of completing the transaction, I get taken off to Paypal's site and I am not entering data ie my username and password anywhere other than on Paypal's site.  I don't use debit cards for online payment, period.

Standard advice from cyber security experts is to never use a debit card for online transactions of any sort.  Probably not even a good idea for it to be used for recurring charges such as ISPs or utility bills. 

5 minutes ago, Jock Tamson said:

When you use a form on a website which is not clearly an iframe from a payment gateway, it is difficult to tell where the data is being posted.  Or whether, indeed, javascript in your browser is quietly hoovering it up and firing it off somewhere in the background.

This is why I use PayPal whenever it is an option.  It sucks to have the money drawn straight out of my checking account, but usually my online purchases are small enough that it doesn't create a problem.  The more times I can minimize my exposure to data theft the better.

Steve

Link to comment
Share on other sites

That's another reason I'm keeping this thread open.  It is a chance to open up some eyes to the dangers out there.  As I said earlier, I've had my ATM card physically skimmed and fraud on credit cards multiple times.  Heck, remember long distance call phone cards from a couple of decades ago?  I had thousands of Dollars of charges to calls in Egypt, Kazakhstan, and other "exotic" places.  That was my first experience with fraud (someone probably watched me at Grand Central Station, IIRC).

The world out there is hostile to our privacy in general :(

Steve

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...