Just before Xmas I ordered some stuff from a reputable *Australian* retailer. I usually use Paypal for online purchases as it means that my details (other than address of course) do not go near the actual seller. In this case though, they only accepted credit cards, but, as they were local, well known in their field, and used SSL, I used my Visa card.
Next day I got a call from ANZ Visa security wanting to know whether I had ordered $250 of perfume from Hong Kong and $150 of cigars from the US. I'm glad that their algorithms were on the ball, the transactions have been cancelled as has the card.
I don't suspect the retailer, but when I called them to report that their site may have been compromised, they didn't seem unduly bothered.
This is the only time that I have ever had any problems, but it shows that the pirates are out there.
My Dontronics merchant account is with the CBA bank, and the transaction is always between the customer and the CBA bank for credit card sales.
We don't see the customers credit card numbers. In fact the CBA insist that all transactions are done this way. The merchant doesn't get involved in obtaining or recording numbers at all. Any merchant that collects numbers these days is doing it wrong, and asking for trouble.
I'm surprised any Australian bank would still allow this method. Perhaps they aren't aware that the merchant is collecting numbers, if this is the case.
It is really a matter of the CC number being stolen from the bank's data base, or the retailer's data base. I would be asking some serious questions.
Recently added security for credit card transactions on the internet:
--------------------------------------------------------------------- Visa and MasterCard have a security measure that you need to follow up with your Bank to get the password. It is called "Verify By Visa" and "SecureCode" respectively. To read more about this security measure go to:
formatting link
Cheers Don...
--
Don McKenzie
Site Map: http://www.dontronics.com/sitemap
E-Mail Contact Page: http://www.dontronics.com/email
Web Camera Page: http://www.dontronics.com/webcam
No More Damn Spam: http://www.dontronics.com/spam
These products will reduce in price by 5% every month:
http://www.dontronics-shop.com/minus-5-every-month.html
One reason to keep the credit card rather than convert to debit cards. At least the credit card covers losses if you report bogus transactions.
The only fraud I came across happened a couple years back. I'd done business with a small outfit in Montreal, Canada, and all had gone well.
But a few months later I bought something from them again. After about 1 wk with no word about the order they claimed my address "wasn't verified" and I had to send them faxes of old bills and bank transactions.
I went over the obvious reasons why their request wouldn't achieve anything about verifying my address -- bits of paper can be created easy as anything. In any case, the "verified" part of the problem was associated with any address outside the US -- even their own address as it turned out was marked "unverified" by Paypal.
Anyway... they held my payment to random for several weeks, refusing to give in. The initial story my order would "go faster" if I supplied the docs moved on to "the papers are required for the order to go through" and then to "this has always has been company policy".
Anyway, after I raised a complaint with Paypal (as usual, no help at all) the credit card company (yes, they were interested and wanted all details, but I never heard back from them), my bank (where it promptly went into the bitbucket) and the better business bureau in Monreal (similar response to talking to the business) they cancelled the order without notice, meaning I lost a couple hundred AUD because of currency fluctionations in the intervening 2-3 months.
A few weeks after this my card was seen paying student fees and paying for cable TV in suburban Montreal -- by co-incidence about 10 km from the registered address of the business.
Even there, I lost out a little. While the actual amount was corrected credited back, my bank (NAB) insisted I had to pay the interest and various fees (international purchase, etc) on it. Paypal also took a non-refundable nibble for converting $A->$C and back again.
Some months later (after nothing seemed to happen about getting anything back for all the fees and losses on the cancelled transaction) I was contacted by someone at the business in Canada who identified themselves as some kind of "supervisor" and he was (as in your case) not at all fussed about the actual problems. Just re-emphasised that everthing they had done, including the primitive phishing attempt, was their standard business practice.
--
>My sig lines fall into 2 broad categories: either wise or silly.
>I rely on the reader understanding which is which.
Congratulations. You must be a very special boy or girl.
-- tg , 1 Dec 2010 12:35:45 PST
You should have told them both to go play in the traffic. Credit card fraud is perpetrated against the card issuer, not the card holder. You were not liable for any part of the cost.
And remember, a credit card account is merely the card issuer's view about how much you owe. You don't have to agree with their view.
In this case, the CC number and the security number had to be entered into the checkout form. Whether this data stayed on the merchant's system I don't know, but it at least passed through it. With Paypal you are redirected to Paypal's own site and the data does not pass through the merchant site at all. I have never seen a checkout where I was redirected to a bank site to enter my CC details.
It doesn't matter what site served up the form for you to fill, what matters is where the form is submitted to. Did you check that (in the HTML source code, look at the form tag)?
Of course if you try the URL, it will give errors because the transaction details are not provided on entry, but Mastercard's secure Australian gateway is the path for all of my credit card payments, no matter what brand.
If you click on the security key in your browser, you will see that the secure certificate is owned by Mastercard Worldwide.
The CC data is entered on the Mastercard site, and not on my site.
So if you have an ANZ Visa card, and purchased from Dontronics, it would go through the Mastercard secure site, and end up in my CBA account, and I would never see or record your CC numbers.
Clifford mentions this type of "protection" in the following message also.
Cheers Don...
--
Don McKenzie
Site Map: http://www.dontronics.com/sitemap
E-Mail Contact Page: http://www.dontronics.com/email
Web Camera Page: http://www.dontronics.com/webcam
No More Damn Spam: http://www.dontronics.com/spam
These products will reduce in price by 5% every month:
http://www.dontronics-shop.com/minus-5-every-month.html
http://www.dontronics-shop.com/ics.html
**They're EVERYWHERE. I have three credit cards. One is for business use only. One is for personal purchases and one (with a low limit) is reserved for internet transactions. Last year, I travelled to Canberra for a few days. I purchased fuel at a Shell servo somewhere in the city. I pretty much buy my fuel from only one outlet here in Sydney. I NEVER use that card for internet transactions. Within a week of my fuel purchase in Canberra, I received a call from my credit card issuer about an attempted purchase in The Netherlands. Naturally, it was not me. My card was immediately cancelled, the overseas transaction reversed and a new card issued. Funnily enough, I recall overhearing the conversation between the servo attendent and a young woman at the front of the queue. He was saying how he was looking forward to his impending holiday and leaving the job he was not happy with. I put two and two together.
Obviously my card was 'skimmed' at the servo. I now take MUCH greater care when paying by credit card and I watch the people handling my card.
We were on hols in EnZed recently, using an ANZ Travel Card (which are a good idea btw). At one POS transaction the card was declined by the EFTPOS machine. Puzzled, we later checked it in an ATM and couldn't even get a balance. Went into the bank and they couldn't shed any light, but put us on the phone to ANZ Card Services in Oz.
Turned out we had used our card two nights earlier in a restaurant which had a flag against it because of a dodgy prior transaction - not by the restaurant but a card holder - so "the Falcon" had locked OUR card. We established that the previous block of transactions on our card account were genuine and it was unlocked.
Annoying, inconvenient at the time, but I guess I'd rather have the Falcon trigger-happy than asleep at the wheel.
Ever tried going the FOS route to sort out a claim, after months of arguing with your bank? Just goes on and on and on.
Another time when I tried to cancel a transaction because it looked like Internet fraud, the bank said they could do nothing until the transaction went trough and I put in a dispute form. The banks are uninterested in preventing fraud from happening. They charge the high interest rate on CCs to cover the fraud, the consumers pay, not the banks. As it happened, the company concerned fixed their order confirmation email that triggered my contacting the bank, cancelled the order and all ended well.
Another thing is that Paypal are a financial institution in .au subject to the FOS, take them to FOS if they make an unfair decision, as long as you have the documentation to prove your case. Faster then trying to get them reopen case closed in the other side's favour. Paypal were a lot more responsive to a FOS complaint than my bank is. My bank will say anything over the phone to quiet a customer's concerns, but they refuse to put it in writing. Too many lies.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.